A custom Docker image to automate restic backups
This container runs restic backups in regular intervals.
- Easy setup and maintanance
- Support for different targets (tested with: Local, NFS, SFTP, AWS, B2)
- Support for
restic mount
inside the container to browse the backup files
Container: raylas/restic
If you need to execute a script before or after each backup,
you need to add your hook script in the container folder /hooks
:
-v ~/hooks:/hooks
Call your pre-backup script pre-backup.sh
and post backup script post-backup.sh
.
Test:
$ make test
Build for linux/amd64:
$ make build-amd64
Build for linux/arm64:
$ make build-arm64
Clean up:
$ make clean
To execute a backup manually independent of the CRON run:
docker exec -ti restic-backup /bin/backup
Backup a single file or directory:
docker exec -ti restic-backup restic backup /data/path/to/dir --tag my-tag
You might want to mount a separate hostvolume at e.g. /restore
to not override existing data while restoring.
Get your snapshot ID with:
docker exec -ti restic-backup restic snapshots
Restore:
docker exec -ti restic-backup-var restic restore --include /data/path/to/files --target / abcdef12
The target is /
since all data backed up should be inside the host mounted /data
dir. If you mount /restore
you should set --target /restore
and data will end up in /restore/data/path/to/files
.
RESTIC_REPOSITORY
- the location of the restic repository. Default/mnt/restic
. For S3:s3:https://s3.amazonaws.com/BUCKET_NAME
RESTIC_PASSWORD
- the password for the restic repository. Will also be used for restic init during first start when the repository is not initialized.RESTIC_TAG
- Optional. To tag the images created by the container.NFS_TARGET
- Optional. If set the given NFS is mounted, i.e.mount -o nolock -v ${NFS_TARGET} /mnt/restic
.RESTIC_REPOSITORY
must remain it's default value!BACKUP_CRON
- A cron expression to run the backup. Note: cron daemon uses UTC time zone. Default:0 */6 * * *
aka every 6 hours.RESTIC_FORGET_ARGS
- Optional. Only if specifiedrestic forget
is run with the given arguments after each backup. Example value:-e "RESTIC_FORGET_ARGS=--prune --keep-last 10 --keep-hourly 24 --keep-daily 7 --keep-weekly 52 --keep-monthly 120 --keep-yearly 100"
RESTIC_JOB_ARGS
- Optional. Allows to specify extra arguments to the back up job such as limiting bandwith with--limit-upload
or excluding file masks with--exclude
.AWS_ACCESS_KEY_ID
- Optional. When using restic with AWS S3 storage.AWS_SECRET_ACCESS_KEY
- Optional. When using restic with AWS S3 storage.B2_ACCOUNT_ID
- Optional. When using restic with Backblaze B2 storage.B2_ACCOUNT_KEY
- Optional. When using restic with Backblaze B2 storage.MAILX_ARGS
- Optional. If specified, the content of/var/log/backup-last.log
is sent via mail after each backup using an external SMTP. To have maximum flexibility, you have to specify the mail/smtp parameters by your own. Have a look at the mailx manpage for further information. Example value:-e "MAILX_ARGS=-r '[email protected]' -s 'Result of the last restic backup run' -S smtp='smtp.example.com:587' -S smtp-use-starttls -S smtp-auth=login -S smtp-auth-user='username' -S smtp-auth-password='password' '[email protected]'"
.
/data
- This is the data that gets backed up. Just mount it to wherever you want.
Since restic saves the hostname with each snapshot and the hostname of a docker container is derived from it's id you might want to customize this by setting the hostname of the container to another value.
Set --hostname
in the network settings
Since restic needs a password less login to the SFTP server make sure you can do sftp user@host
from inside the container. If you can do so from your host system, the easiest way is to just mount your .ssh
folder conaining the authorized cert into the container by specifying -v ~/.ssh:/root/.ssh
as argument for docker run
.
Now you can simply specify the restic repository to be an SFTP repository.
-e "RESTIC_REPOSITORY=sftp:user@host:/tmp/backup"