Public Repository

Last pushed: 2 years ago
Short Description
RaspberryPi volume container which restores & backs-up data to S3 w/ encryption
Full Description

This is an RaspberryPi port that also adds a few features to yaronr's excellent yaronr/backup-volume-container image. So a lots of credit goes to Yaron for this, really.

It functions in basically the same way:

  • when started it will restore the volume
  • it then watches for filesystem changes
  • when filesystem changes occur, it will wait for a quiet period (configurable) and then perform a backup.

The differences are basically:

  • runs on Raspberry Pi
  • uses GPG encryption for backups
  • allow specifying file regex pattern that doesn't trigger incremental backups
  • waits a bit before setting up watches on subsequent disk activity since this is potentially expensive on deep filesystems

Running this container:

  1. Create a volume with a GPG trust store containing the key you want to use at /gpg/, make sure you know the key ID and it's passphrase.
  2. Go to your AWS account and set up an S3 bucket with appropriate access key and secret key via IAM.
  3. Run the container like so:
docker run --rm -v VOLUME_TO_BACKUP:/var/backup \
  -v VOLUME_WITH_GPG_TRUST_STORE:/var/secrets \
  -e AWS_ACCESS_KEY_ID=<YOUR_S3BUCKET_ACCESS_KEY> \
  -e AWS_SECRET_ACCESS_KEY=<YOUR_S3BUCKET_SECRET_ACCESS_KEY> \
  -e PASSPHRASE=<YOUR_GPG_PRIVATE_KEY_PASSPHRASE> \
  -e EXCLUDE_REGEX='./(gogs-log|gogs/data/sessions)/' \
  --privileged idoru/rpi-docker-encrypted-volume-backup s3://s3.amazonaws.com/<BUCKETNAME>/<BACKUP_PATH> <YOUR_GPG_KEY_ID> 300

300 is the quiet period I use (in seconds). It's really up to you how you want to set this, if you set it low then your backups will always be up to date, but you may have too many incremental backups.

EXCLUDE_REGEX is entirely optional. The value I'm using here is for my particular use case, because I'm using it to back up a data volume for gogs/gogs (GO Git Service) and it writes to these locations very frequently (every time a user accesses a page) and I'm more concerned with backing up the repository data and care less about having fresh backups of session data and server logs.

I also have a built RPI image from gogs' own Dockerfile.rpi at idoru/rpi-gogs

Docker Pull Command
Owner
idoru