add sftp storage
This commit is contained in:
parent
d32337cf3a
commit
75a93c5456
12
README.md
12
README.md
|
@ -63,7 +63,7 @@ See [restic s3 docs](https://restic.readthedocs.io/en/latest/030_preparing_a_new
|
|||
|
||||
### SFTP Storage
|
||||
|
||||
> TODO
|
||||
> With sftp it is not possible to prevent the backupbot from deleting backups in case of a compromised machine. Therefore we recommend to use S3, REST or rclone server without delete permissions.
|
||||
|
||||
To use SFTP storage as backup location set the following envs:
|
||||
```
|
||||
|
@ -72,10 +72,16 @@ SECRET_SSH_KEY_VERSION=v1
|
|||
SSH_HOST_KEY="hostname ssh-rsa AAAAB3...
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
|
||||
```
|
||||
To get the `SSH_HOST_KEY` run the following command `ssh-keyscan <hostname>`
|
||||
|
||||
Generate an ssh keypair: `ssh-keygen -t ed25519 -f backupkey -P ''`
|
||||
and add your `SSH_KEY` as docker secret:
|
||||
`abra app secret insert <app_name> ssh_key v1 "$(cat backupkey)"`
|
||||
Add the key to your `authorized_keys`:
|
||||
`ssh-copy-id -i backupkey <user>@<hostname>`
|
||||
Add your `SSH_KEY` as docker secret:
|
||||
```
|
||||
abra app secret insert <app_name> ssh_key v1 """$(cat backupkey)
|
||||
"""
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
|
1
abra.sh
1
abra.sh
|
@ -1,2 +1,3 @@
|
|||
export ENTRYPOINT_VERSION=v1
|
||||
export BACKUPBOT_VERSION=v1
|
||||
export SSH_CONFIG_VERSION=v1
|
||||
|
|
|
@ -5,12 +5,19 @@ services:
|
|||
environment:
|
||||
- SSH_KEY_FILE=/run/secrets/ssh_key
|
||||
- SSH_HOST_KEY
|
||||
- SSH_HOST_KEY_DISABLE
|
||||
secrets:
|
||||
- source: ssh_key
|
||||
mode: 0400
|
||||
configs:
|
||||
- source: ssh_config
|
||||
target: /root/.ssh/config
|
||||
|
||||
secrets:
|
||||
ssh_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_ssh_key_${SECRET_SSH_KEY_VERSION}
|
||||
|
||||
configs:
|
||||
ssh_config:
|
||||
name: ${STACK_NAME}_ssh_config_${SSH_CONFIG_VERSION}
|
||||
file: ssh_config
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
set -eu -o pipefail
|
||||
|
||||
apk add --upgrade --no-cache bash restic python3 py3-pip
|
||||
|
||||
# Todo use requirements file with specific versions
|
||||
pip install click docker resticpy
|
||||
|
||||
if [ -n "$SSH_HOST_KEY" ]
|
||||
then
|
||||
echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
|
||||
fi
|
||||
|
||||
cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
|
||||
|
||||
echo "$cron_schedule backup create" | crontab -
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
Host *
|
||||
IdentityFile /run/secrets/ssh_key
|
||||
ServerAliveInterval 60
|
||||
ServerAliveCountMax 240
|
Loading…
Reference in New Issue