first steps dockerized

2021-11-08 16:58:25 +01:00 · 2021-11-08 16:58:25 +01:00 · a9128e8450
parent 49ed657084
commit a9128e8450
3 changed files with 55 additions and 12 deletions
--- a/14
+++ b/14
@ -0,0 +1,14 @@
+FROM alpine:3
+
+ENV RESTIC_PASSWORD_FILE=
+ENV RESTIC_REPOSITORY=
+ENV AWS_ACCESS_KEY_ID=
+ENV AWS_SECRET_ACCESS_KEY=
+
+RUN apk add --update --no-cache docker-cli bash jq restic
+
+RUN echo "*       *       *       *       *       /backup.sh" | crontab -
+RUN crontab -l
+COPY backup.sh /
+
+ENTRYPOINT ["crond", "-f", "-L", "/dev/stdout"]
--- a/backup.sh
+++ b/backup.sh
@ -1,15 +1,20 @@
 #!/bin/bash

-# FIXME: just for testing
-backup_path=backups
+### FIXME: just for testing
+echo $RESTIC_PASSWORD_FILE
+echo $RESTIC_REPOSITORY
+echo $AWS_ACCESS_KEY_ID
+echo $AWS_SECRET_ACCESS_KEY

-# FIXME: just for testing
-export DOCKER_CONTEXT=demo.coopcloud.tech
+export DOCKER_CONTEXT=default
+
+mkdir /tmp/backups
+backup_path=/tmp/backups

 mapfile -t services < <(docker service ls --format '{{ .Name }}')

 # FIXME: just for testing
-services=( "ghost_demo_app" "ghost_demo_db" )
+services=("cloud_local_db")

 for service in "${services[@]}"; do
 	echo "service: $service"
@ -18,17 +23,17 @@ for service in "${services[@]}"; do
 		pre=$(echo "$details" | jq -r '.["backupbot.backup.pre-hook"]')
 		post=$(echo "$details" | jq -r '.["backupbot.backup.post-hook"]')
 		path=$(echo "$details" | jq -r '.["backupbot.backup.path"]')
-		
+
 		if [ "$path" = "null" ]; then
 			echo "ERROR: missing 'path' for $service"
 			continue  # or maybe exit?
 		fi

 		container=$(docker container ls -f "name=$service" --format '{{ .ID }}')
-		
+
 		echo "backing up $service"
 		test -d "$backup_path/$service" || mkdir "$backup_path/$service"
-		
+
 		if [ "$pre" != "null" ]; then
 			# run the precommand
 			# shellcheck disable=SC2086
@ -36,7 +41,7 @@ for service in "${services[@]}"; do
 		fi

 		# run the backup
-		docker cp "$container:$path" "$backup_path/$service"
+		docker cp -a "$container:$path" "$backup_path/$service"

 		if [ "$post" != "null" ]; then
 			# run the postcommand
@ -44,7 +49,11 @@ for service in "${services[@]}"; do
 			docker exec "$container" $post
 		fi
 	fi
-	restic -p restic-password \
-		backup --quiet -r sftp:u272979@u272979.your-storagebox.de:/demo.coopcloud.tech \
-		--tag coop-cloud "$backup_path"
+
+	# Check if restic repo exists
+	if [ -z "$(restic cat config)" ] 2>/dev/null; then
+		echo "initializing restic repo"
+		restic init "$backup_path"
+	fi
+	restic backup --tag coop-cloud "$backup_path" # --quiet
 done
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,20 @@
+version: "3.8"
+
+services:
+  app:
+    build: .
+    environment:
+      RESTIC_PASSWORD_FILE: "/run/secrets/restic_password"
+      RESTIC_REPOSITORY:  "s3:http://172.20.0.2:9000/backup"  # https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html
+      AWS_ACCESS_KEY_ID: "root"
+      AWS_SECRET_ACCESS_KEY: "foobar"
+    secrets:
+      - restic_password
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+secrets:
+  restic_password:
+    #external: true
+    #name: restic_password
+    file: restic_password