From 33c2361ab6f0d7bfc802d2fc10d2f29aef44867b Mon Sep 17 00:00:00 2001
From: Till Höppner
Date: Wed, 31 May 2017 18:00:15 +0200
Subject: Add backup image

---
 images/backup/duplicity/Dockerfile     | 16 ++++++++++++++
 images/backup/duplicity/backup.sh      | 39 ++++++++++++++++++++++++++++++++++
 images/backup/duplicity/gpg-agent.conf |  1 +
 images/backup/duplicity/restore.sh     | 26 +++++++++++++++++++++++
 4 files changed, 82 insertions(+)
 create mode 100644 images/backup/duplicity/Dockerfile
 create mode 100755 images/backup/duplicity/backup.sh
 create mode 100644 images/backup/duplicity/gpg-agent.conf
 create mode 100755 images/backup/duplicity/restore.sh

(limited to 'images/backup/duplicity')

diff --git a/images/backup/duplicity/Dockerfile b/images/backup/duplicity/Dockerfile
new file mode 100644
index 0000000..9ce6d6b
--- /dev/null
+++ b/images/backup/duplicity/Dockerfile
@@ -0,0 +1,16 @@
+FROM alpine:3.5
+
+RUN apk add --update duplicity ca-certificates gnupg openssh-client py-paramiko py2-pip
+
+RUN pip install --upgrade setuptools
+RUN pip install --upgrade distribute
+
+ADD backup.sh /backup.sh
+ADD restore.sh /restore.sh
+
+RUN mkdir /root/.gnupg/
+ADD gpg-agent.conf /root/.gnupg/gpg-agent.conf
+RUN chmod 600 /root/.gnupg
+
+RUN mkdir /root/.ssh
+RUN chmod 600 /root/.ssh
diff --git a/images/backup/duplicity/backup.sh b/images/backup/duplicity/backup.sh
new file mode 100755
index 0000000..38223e3
--- /dev/null
+++ b/images/backup/duplicity/backup.sh
@@ -0,0 +1,39 @@
+#!/bin/sh -xe
+set -x
+set -e
+
+ls -lah /data
+
+CONNECTION_OPTIONS="--use-agent \
+          --verbosity $LOG_LEVEL \
+          --num-retries 3 \
+          --encrypt-key $FINGERPRINT \
+          --log-file /dev/stdout \
+          --archive-dir /cache/archive \
+          --ssh-options=-oIdentityFile=/ssh_keys/backup \
+          --gpg-options --passphrase=$PASSPHRASE \
+          --gpg-options --no-tty \
+          --gpg-options --batch \
+          --gpg-options --pinentry-mode=loopback"
+
+# Import and trust the GPG Keys
+gpg --passphrase $PASSPHRASE --no-tty --batch --import /gpg_keys/*.priv.asc
+echo "$FINGERPRINT:6:" | gpg --import-ownertrust
+
+mkdir -p /cache/archive
+
+# Make the actual backup
+duplicity --asynchronous-upload \
+          --volsize 250 \
+          --full-if-older-than 1M \
+          $CONNECTION_OPTIONS \
+	        $EXCLUDE_DIRS \
+	        /data/ "$BACKUP_STORAGE"
+
+# Clean up broken backups
+duplicity cleanup $CONNECTION_OPTIONS \
+          "$BACKUP_STORAGE"
+
+# Clean up old backups
+duplicity remove-all-but-n-full 1 $CONNECTION_OPTIONS \
+          "$BACKUP_STORAGE"
diff --git a/images/backup/duplicity/gpg-agent.conf b/images/backup/duplicity/gpg-agent.conf
new file mode 100644
index 0000000..d1b6ae3
--- /dev/null
+++ b/images/backup/duplicity/gpg-agent.conf
@@ -0,0 +1 @@
+allow-loopback-pinentry
diff --git a/images/backup/duplicity/restore.sh b/images/backup/duplicity/restore.sh
new file mode 100755
index 0000000..df3f9c9
--- /dev/null
+++ b/images/backup/duplicity/restore.sh
@@ -0,0 +1,26 @@
+#!/bin/sh -xe
+set -x
+set -e
+
+CONNECTION_OPTIONS="--use-agent \
+          --verbosity $LOG_LEVEL \
+          --num-retries 3 \
+          --encrypt-key $FINGERPRINT \
+          --log-file /dev/stdout \
+          --archive-dir /cache/archive \
+          --ssh-options=-oIdentityFile=/ssh_keys/backup \
+          --gpg-options --passphrase=$PASSPHRASE \
+          --gpg-options --no-tty \
+          --gpg-options --batch \
+          --gpg-options --pinentry-mode=loopback"
+
+# Import and trust the GPG Keys
+gpg --passphrase $PASSPHRASE --no-tty --batch --import /gpg_keys/*.priv.asc
+echo "$FINGERPRINT:6:" | gpg --import-ownertrust
+
+mkdir -p /cache/archive
+
+# Restore the Backup
+duplicity restore \
+    $CONNECTION_OPTIONS \
+    "$BACKUP_STORAGE" /data/
-- 
cgit v1.2.3