From 33c2361ab6f0d7bfc802d2fc10d2f29aef44867b Mon Sep 17 00:00:00 2001 From: Till Höppner Date: Wed, 31 May 2017 18:00:15 +0200 Subject: Add backup image --- images/backup/duplicity/Dockerfile | 16 ++++++++++++++ images/backup/duplicity/backup.sh | 39 ++++++++++++++++++++++++++++++++++ images/backup/duplicity/gpg-agent.conf | 1 + images/backup/duplicity/restore.sh | 26 +++++++++++++++++++++++ 4 files changed, 82 insertions(+) create mode 100644 images/backup/duplicity/Dockerfile create mode 100755 images/backup/duplicity/backup.sh create mode 100644 images/backup/duplicity/gpg-agent.conf create mode 100755 images/backup/duplicity/restore.sh (limited to 'images/backup/duplicity') diff --git a/images/backup/duplicity/Dockerfile b/images/backup/duplicity/Dockerfile new file mode 100644 index 0000000..9ce6d6b --- /dev/null +++ b/images/backup/duplicity/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:3.5 + +RUN apk add --update duplicity ca-certificates gnupg openssh-client py-paramiko py2-pip + +RUN pip install --upgrade setuptools +RUN pip install --upgrade distribute + +ADD backup.sh /backup.sh +ADD restore.sh /restore.sh + +RUN mkdir /root/.gnupg/ +ADD gpg-agent.conf /root/.gnupg/gpg-agent.conf +RUN chmod 600 /root/.gnupg + +RUN mkdir /root/.ssh +RUN chmod 600 /root/.ssh diff --git a/images/backup/duplicity/backup.sh b/images/backup/duplicity/backup.sh new file mode 100755 index 0000000..38223e3 --- /dev/null +++ b/images/backup/duplicity/backup.sh @@ -0,0 +1,39 @@ +#!/bin/sh -xe +set -x +set -e + +ls -lah /data + +CONNECTION_OPTIONS="--use-agent \ + --verbosity $LOG_LEVEL \ + --num-retries 3 \ + --encrypt-key $FINGERPRINT \ + --log-file /dev/stdout \ + --archive-dir /cache/archive \ + --ssh-options=-oIdentityFile=/ssh_keys/backup \ + --gpg-options --passphrase=$PASSPHRASE \ + --gpg-options --no-tty \ + --gpg-options --batch \ + --gpg-options --pinentry-mode=loopback" + +# Import and trust the GPG Keys +gpg --passphrase $PASSPHRASE --no-tty --batch --import /gpg_keys/*.priv.asc +echo "$FINGERPRINT:6:" | gpg --import-ownertrust + +mkdir -p /cache/archive + +# Make the actual backup +duplicity --asynchronous-upload \ + --volsize 250 \ + --full-if-older-than 1M \ + $CONNECTION_OPTIONS \ + $EXCLUDE_DIRS \ + /data/ "$BACKUP_STORAGE" + +# Clean up broken backups +duplicity cleanup $CONNECTION_OPTIONS \ + "$BACKUP_STORAGE" + +# Clean up old backups +duplicity remove-all-but-n-full 1 $CONNECTION_OPTIONS \ + "$BACKUP_STORAGE" diff --git a/images/backup/duplicity/gpg-agent.conf b/images/backup/duplicity/gpg-agent.conf new file mode 100644 index 0000000..d1b6ae3 --- /dev/null +++ b/images/backup/duplicity/gpg-agent.conf @@ -0,0 +1 @@ +allow-loopback-pinentry diff --git a/images/backup/duplicity/restore.sh b/images/backup/duplicity/restore.sh new file mode 100755 index 0000000..df3f9c9 --- /dev/null +++ b/images/backup/duplicity/restore.sh @@ -0,0 +1,26 @@ +#!/bin/sh -xe +set -x +set -e + +CONNECTION_OPTIONS="--use-agent \ + --verbosity $LOG_LEVEL \ + --num-retries 3 \ + --encrypt-key $FINGERPRINT \ + --log-file /dev/stdout \ + --archive-dir /cache/archive \ + --ssh-options=-oIdentityFile=/ssh_keys/backup \ + --gpg-options --passphrase=$PASSPHRASE \ + --gpg-options --no-tty \ + --gpg-options --batch \ + --gpg-options --pinentry-mode=loopback" + +# Import and trust the GPG Keys +gpg --passphrase $PASSPHRASE --no-tty --batch --import /gpg_keys/*.priv.asc +echo "$FINGERPRINT:6:" | gpg --import-ownertrust + +mkdir -p /cache/archive + +# Restore the Backup +duplicity restore \ + $CONNECTION_OPTIONS \ + "$BACKUP_STORAGE" /data/ -- cgit v1.2.3