search

creativeprojects / resticprofile

Configuration profiles manager and scheduler for restic backup
https://creativeprojects.github.io/resticprofile/
GNU General Public License v3.0
604 stars 29 forks source link

contrib: schedule inside a container using a non-root user #348

Closed creativeprojects closed 3 months ago

creativeprojects commented 3 months ago

This PR adds this section to the documentation:

Scheduling inside a container with a non-root user

You can schedule your backups with resticprofile by running crond inside a container. This version shows how to use supercronic to run the scheduled backups as a non-root user.

You can create a container with this modified version from the official image:

FROM alpine:latest

LABEL org.opencontainers.image.documentation="https://creativeprojects.github.io/resticprofile/"
LABEL org.opencontainers.image.source="https://github.com/creativeprojects/resticprofile"

ARG ARCH=amd64
ENV TZ=Etc/UTC

COPY build/restic-${ARCH} /usr/bin/restic
COPY build/rclone-${ARCH} /usr/bin/rclone
COPY resticprofile /usr/bin/resticprofile

RUN apk add --no-cache openssh-client-default curl tzdata ca-certificates supercronic && \
    chmod +x /usr/bin/restic /usr/bin/rclone /usr/bin/resticprofile && \
    adduser -D -h /resticprofile resticprofile && \
    mkdir -p /resticprofile && \
    touch /resticprofile/crontab && \
    chown -R resticprofile:resticprofile /resticprofile

VOLUME /resticprofile
WORKDIR /resticprofile

ENTRYPOINT ["resticprofile"]
CMD ["--help"]

Here's a docker-compose example loading configuration from a .env file:

version: '2'

services:
  scheduled-backup:
    image: creativeprojects/resticprofile:${RP_VERSION:-latest}
    container_name: backup_container
    hostname: backup_container
    user: resticprofile:resticprofile
    entrypoint: '/bin/sh'
    command:
      - '-c'
      - 'resticprofile schedule --all && supercronic /resticprofile/crontab'
    volumes:
      - '${RP_CONFIG}:/resticprofile/profiles.yaml:ro'
      - '${RP_KEYFILE}:/resticprofile/key:ro'
      - '${BACKUP_SOURCE}:/source:ro'
      - '${RP_REPOSITORY}:/restic_repo'
    environment:
      - TZ=${TIMEZONE:-Etc/UTC}

with the corresponding resticprofile configuration running a backup every 15 minutes:


global:
  scheduler: crontab:-:/resticprofile/crontab

default:
  password-file: key
  repository: "local:/restic_repo"
  initialize: true
  backup:
    source: /source
    exclude-caches: true
    one-file-system: true
    schedule: "*:00,05,10,15,20,25,30,35,40,45,50,55"
    schedule-permission: user
    check-before: true

More information

Discussion on Supersonic

Discussion on non-root container

codecov[bot] commented 3 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 71.51%. Comparing base (5739b13) to head (34295e6). Report is 1 commits behind head on master.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #348 +/- ## ======================================= Coverage 71.51% 71.51% ======================================= Files 121 121 Lines 12659 12659 ======================================= Hits 9053 9053 Misses 3201 3201 Partials 405 405 ``` | [Flag](https://app.codecov.io/gh/creativeprojects/resticprofile/pull/348/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/creativeprojects/resticprofile/pull/348/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred) | `71.51% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.