add sftp storage
This commit is contained in:
parent
d32337cf3a
commit
75a93c5456
12
README.md
12
README.md
|
@ -63,7 +63,7 @@ See [restic s3 docs](https://restic.readthedocs.io/en/latest/030_preparing_a_new
|
||||||
|
|
||||||
### SFTP Storage
|
### SFTP Storage
|
||||||
|
|
||||||
> TODO
|
> With sftp it is not possible to prevent the backupbot from deleting backups in case of a compromised machine. Therefore we recommend to use S3, REST or rclone server without delete permissions.
|
||||||
|
|
||||||
To use SFTP storage as backup location set the following envs:
|
To use SFTP storage as backup location set the following envs:
|
||||||
```
|
```
|
||||||
|
@ -72,10 +72,16 @@ SECRET_SSH_KEY_VERSION=v1
|
||||||
SSH_HOST_KEY="hostname ssh-rsa AAAAB3...
|
SSH_HOST_KEY="hostname ssh-rsa AAAAB3...
|
||||||
COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
|
COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
|
||||||
```
|
```
|
||||||
|
To get the `SSH_HOST_KEY` run the following command `ssh-keyscan <hostname>`
|
||||||
|
|
||||||
Generate an ssh keypair: `ssh-keygen -t ed25519 -f backupkey -P ''`
|
Generate an ssh keypair: `ssh-keygen -t ed25519 -f backupkey -P ''`
|
||||||
and add your `SSH_KEY` as docker secret:
|
Add the key to your `authorized_keys`:
|
||||||
`abra app secret insert <app_name> ssh_key v1 "$(cat backupkey)"`
|
`ssh-copy-id -i backupkey <user>@<hostname>`
|
||||||
|
Add your `SSH_KEY` as docker secret:
|
||||||
|
```
|
||||||
|
abra app secret insert <app_name> ssh_key v1 """$(cat backupkey)
|
||||||
|
"""
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
1
abra.sh
1
abra.sh
|
@ -1,2 +1,3 @@
|
||||||
export ENTRYPOINT_VERSION=v1
|
export ENTRYPOINT_VERSION=v1
|
||||||
export BACKUPBOT_VERSION=v1
|
export BACKUPBOT_VERSION=v1
|
||||||
|
export SSH_CONFIG_VERSION=v1
|
||||||
|
|
|
@ -5,12 +5,19 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- SSH_KEY_FILE=/run/secrets/ssh_key
|
- SSH_KEY_FILE=/run/secrets/ssh_key
|
||||||
- SSH_HOST_KEY
|
- SSH_HOST_KEY
|
||||||
- SSH_HOST_KEY_DISABLE
|
|
||||||
secrets:
|
secrets:
|
||||||
- source: ssh_key
|
- source: ssh_key
|
||||||
mode: 0400
|
mode: 0400
|
||||||
|
configs:
|
||||||
|
- source: ssh_config
|
||||||
|
target: /root/.ssh/config
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
ssh_key:
|
ssh_key:
|
||||||
external: true
|
external: true
|
||||||
name: ${STACK_NAME}_ssh_key_${SECRET_SSH_KEY_VERSION}
|
name: ${STACK_NAME}_ssh_key_${SECRET_SSH_KEY_VERSION}
|
||||||
|
|
||||||
|
configs:
|
||||||
|
ssh_config:
|
||||||
|
name: ${STACK_NAME}_ssh_config_${SSH_CONFIG_VERSION}
|
||||||
|
file: ssh_config
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
set -eu
|
set -eu -o pipefail
|
||||||
|
|
||||||
apk add --upgrade --no-cache bash restic python3 py3-pip
|
apk add --upgrade --no-cache bash restic python3 py3-pip
|
||||||
|
|
||||||
# Todo use requirements file with specific versions
|
# Todo use requirements file with specific versions
|
||||||
pip install click docker resticpy
|
pip install click docker resticpy
|
||||||
|
|
||||||
|
if [ -n "$SSH_HOST_KEY" ]
|
||||||
|
then
|
||||||
|
echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
|
||||||
|
fi
|
||||||
|
|
||||||
cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
|
cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
|
||||||
|
|
||||||
echo "$cron_schedule backup create" | crontab -
|
echo "$cron_schedule backup create" | crontab -
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
Host *
|
||||||
|
IdentityFile /run/secrets/ssh_key
|
||||||
|
ServerAliveInterval 60
|
||||||
|
ServerAliveCountMax 240
|
Loading…
Reference in New Issue