Swarm backup bot
Go to file
Luke Murphy f4601de44d
Some checks failed
continuous-integration/drone Build is failing
Fix link to CI
2020-10-25 20:48:18 +01:00
.drone.yml Use latest tags 2020-09-25 13:19:06 +02:00
Dockerfile Add verbosity 2020-09-21 15:03:20 +02:00
LICENSE Add first stab at backup-bot 2020-09-18 09:18:39 +02:00
Makefile Use latest tags 2020-09-25 13:19:06 +02:00
README.md Fix link to CI 2020-10-25 20:48:18 +01:00
renovate.json Add renovate.json 2020-09-23 07:00:38 +00:00

backup-bot

Build Status

A robot who does backups in the swarm.

Publishing

If you push a commit to master, the Drone config will publish to Docker Hub.

Usage

docker stack deploy -c compose.yml -c compose.backup.yml mycoolapp

compose.backup.yml

backupbot:
  image: "decentral1se/backup-bot:latest"
  networks:
    - backend
  volumes:
    - "wordpress_content:/var/www/html/wp-content/"
  secrets:
    - source: backup_bot_ssh_key
      mode: 0400
    - backup_bot_password
    - db_password
  configs:
    - source: borgmatic_config_yml
      target: /etc/borgmatic/config.yaml
  environment:
    - BORGBASE_REPO="foo@bar.repo.borgbase.com:repo"
    - DB_HOST=mariadb
    - DB_TABLE=wordpress
    - DB_USER=wordpress
  deploy:
    mode: replicated
    replicas: 0
    labels:
      - "swarm.cronjob.enable=true"
      - "swarm.cronjob.schedule=0 2 * * *" # At 02:00
    restart_policy:
      condition: none

borgmatic.yml

location:
  source_directories:
    - /var/www/html/wp-content
  repositories:
    - { { env "BORGBASE_REPO" } }

storage:
  compression: auto,zstd
  encryption_passphrase: { { secret "backup_bot_password" } }
  archive_name_format: "{hostname}-{now}"
  ssh_command: "ssh -o 'StrictHostKeyChecking no' -i /run/secrets/backup_bot_ssh_key"

retention:
  keep_daily: 3
  keep_weekly: 4
  keep_monthly: 12
  keep_yearly: 2
  prefix: "{hostname}-"

consistency:
  checks:
    - disabled
  check_last: 3
  prefix: "{hostname}-"

hooks:
  before_backup:
    - echo "`date` - Starting backup"
  after_backup:
    - echo "`date` - Finished backup"
  mysql_databases:
    - name: { { env "DB_TABLE" } }
      hostname: { { env "DB_HOST" } }
      port: 3306
      username: { { env "DB_USER" } }
      password: { { secret "db_password" } }