{"id":13484404,"url":"https://github.com/lobaro/restic-backup-docker","last_synced_at":"2025-04-04T15:10:36.823Z","repository":{"id":40614145,"uuid":"73120421","full_name":"lobaro/restic-backup-docker","owner":"lobaro","description":"A docker container to automate backups with restic ","archived":false,"fork":false,"pushed_at":"2024-08-11T19:48:11.000Z","size":102,"stargazers_count":359,"open_issues_count":21,"forks_count":118,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-28T14:07:56.979Z","etag":null,"topics":["backup","backup-script","docker-container","nfs","restic","restic-backups","sftp"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lobaro.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-07T20:59:12.000Z","updated_at":"2025-03-27T12:16:22.000Z","dependencies_parsed_at":"2024-01-08T07:59:55.221Z","dependency_job_id":"fe9e0595-24e7-4b5f-8454-f800ab2b0157","html_url":"https://github.com/lobaro/restic-backup-docker","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobaro%2Frestic-backup-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobaro%2Frestic-backup-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobaro%2Frestic-backup-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lobaro%2Frestic-backup-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lobaro","download_url":"https://codeload.github.com/lobaro/restic-backup-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198463,"owners_count":20900080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup","backup-script","docker-container","nfs","restic","restic-backups","sftp"],"created_at":"2024-07-31T17:01:23.844Z","updated_at":"2025-04-04T15:10:36.806Z","avatar_url":"https://github.com/lobaro.png","language":"Shell","readme":"# Restic Backup Docker Container\nA docker container to automate [restic backups](https://restic.github.io/)\n\nThis container runs restic backups in regular intervals. \n\n* Easy setup and maintanance\n* Support for different targets (tested with: Local, NFS, SFTP, AWS)\n* Support `restic mount` inside the container to browse the backup files\n\n**Container**:\n* [ghcr.io/lobaro/restic-backup-docker](https://github.com/lobaro/restic-backup-docker/pkgs/container/restic-backup-docker)\n* Old: [lobaro/restic-backup-docker](https://hub.docker.com/r/lobaro/restic-backup-docker/)\n\nLatest master (experimental):\n```\ndocker pull ghcr.io/lobaro/restic-backup-docker:master\n```\n\nLatest release:\n```\ndocker pull ghcr.io/lobaro/restic-backup-docker:latest\n```\n\n# Contributing\nPull Requests to improve the image are always wellcome. Please create an issue about the PR first.\n\nWhen behaviour of the image changes (Features, Bugfixes, Changes in the API) please update the \"Unreleased\" section of the [CHANGELOG.md](https://github.com/lobaro/restic-backup-docker/blob/master/CHANGELOG.md)\n\n\n## Hooks\n\nIf you need to execute a script before or after each backup or check, you need to add your hook scripts in the container folder `/hooks`:\n```\n-v ~/home/user/hooks:/hooks\n```\n\nCall your pre-backup script `pre-backup.sh` and post-backup script `post-backup.sh`. You can also have separate scripts when running data verification checks `pre-check.sh` and `post-check.sh`.\n\nPlease don't hesitate to report any issues you find. **Thanks.**\n\n# Test the container\n\nClone this repository:\n```\ngit clone https://github.com/Lobaro/restic-backup-docker.git\ncd restic-backup-docker\n```\n\nBuild the container (the container is named `backup-test`):\n```\n./build.sh\n```\n\nRun the container:\n```\n./run.sh\n```\n\nThis will run the container `backup-test` with the name  `backup-test`. Existing containers with that name are completely removed automatically.\n\nThe container will back up `~/test-data` to a repository with password `test` at `~/test-repo` every minute. The repository is initialized automatically by the container. If you'd like to change the arguments passed to `restic init`, you can do so using the `RESTIC_INIT_ARGS` env variable.\n\nTo enter your container execute:\n```\ndocker exec -ti backup-test /bin/sh\n```\n\nNow you can use restic [as documented](https://restic.readthedocs.io/en/stable/), e.g. try to run `restic snapshots` to list all your snapshots.\n\n## Logfiles\nLogfiles are inside the container. If needed, you can create volumes for them.\n```\ndocker logs\n```\nShows `/var/log/cron.log`.\n\nAdditionally you can see the full log, including restic output, of the last execution in `/var/log/backup-last.log`. When the backup fails, the log is copied to `/var/log/restic-error-last.log`. If configured, you can find the full output of the mail notification in `/var/log/mail-last.log`.\n\n# Use the running container\n\nAssuming the container name is `restic-backup-var`, you can execute restic with:\n\n    docker exec -ti restic-backup-var restic\n\n## Backup\n\nTo execute a backup manually, independent of the CRON, run:\n\n    docker exec -ti restic-backup-var /bin/backup\n    \nBack up a single file or directory:\n\n    docker exec -ti restic-backup-var restic backup /data/path/to/dir --tag my-tag\n\n## Data verification check\n\nTo verify backup integrity and consistency manually, independent of the CRON, run:\n\n    docker exec -ti restic-backup-var /bin/check\n\n## Restore\n\nYou might want to mount a separate host volume at e.g. `/restore` to not override existing data while restoring. \n\nGet your snapshot ID with:\n\n    docker exec -ti restic-backup-var restic snapshots\n    \ne.g. `abcdef12`\n\n     docker exec -ti restic-backup-var restic restore --include /data/path/to/files --target / abcdef12\n\nThe target is `/` since all data backed up should be inside the host mounted `/data` dir. If you mount `/restore` you should set `--target /restore` and the data will end up in `/restore/data/path/to/files`.\n\n# Customize the Container\n\nThe container is set up by setting [environment variables](https://docs.docker.com/engine/reference/run/#/env-environment-variables) and [volumes](https://docs.docker.com/engine/reference/run/#volume-shared-filesystems).\n\n## Environment variables\n\n* `RESTIC_REPOSITORY` - the location of the restic repository. Default `/mnt/restic`. For S3: `s3:https://s3.amazonaws.com/BUCKET_NAME`\n* `RESTIC_PASSWORD` - the password for the restic repository. Will also be used for restic init during first start when the repository is not initialized.\n* `RESTIC_TAG` - Optional. To tag the images created by the container.\n* `NFS_TARGET` - Optional. If set, the given NFS is mounted, i.e. `mount -o nolock -v ${NFS_TARGET} /mnt/restic`. `RESTIC_REPOSITORY` must remain its default value!\n* `BACKUP_CRON` - A cron expression to run the backup. Note: The cron daemon uses UTC time zone. Default: `0 */6 * * *` aka every 6 hours.\n* `CHECK_CRON` - Optional. A cron expression to run data integrity check (`restic check`). If left unset, data will not be checked. Note: The cron daemon uses UTC time zone. Example: `0 23 * * 3` to run 11PM every Tuesday.\n* `RESTIC_FORGET_ARGS` - Optional. Only if specified, `restic forget` is run with the given arguments after each backup. Example value: `-e \"RESTIC_FORGET_ARGS=--prune --keep-last 10 --keep-hourly 24 --keep-daily 7 --keep-weekly 52 --keep-monthly 120 --keep-yearly 100\"`\n* `RESTIC_INIT_ARGS` - Optional. Allows specifying extra arguments to `restic init` such as a password file with `--password-file`.\n* `RESTIC_JOB_ARGS` - Optional. Allows specifying extra arguments to the backup job such as limiting bandwith with `--limit-upload` or excluding file masks with `--exclude`.\n* `RESTIC_DATA_SUBSET` - Optional. You can pass a value to `--read-data-subset` when a repository check is run. If left unset, only the structure of the repository is verified. Note: `CHECK_CRON` must be set for check to be run automatically.\n* `AWS_ACCESS_KEY_ID` - Optional. When using restic with AWS S3 storage.\n* `AWS_SECRET_ACCESS_KEY` - Optional. When using restic with AWS S3 storage.\n* `TEAMS_WEBHOOK_URL` - Optional. If specified, the content of `/var/log/backup-last.log` and `/var/log/check-last.log` is sent to your Microsoft Teams channel after each backup and data integrity check.\n* `MAILX_ARGS` - Optional. If specified, the content of `/var/log/backup-last.log` and `/var/log/check-last.log` is sent via mail after each backup and data integrity check using an *external SMTP*. To have maximum flexibility, you have to specify the mail/smtp parameters on your own. Have a look at the [mailx manpage](https://linux.die.net/man/1/mailx) for further information. Example value: `-e \"MAILX_ARGS=-r 'from@example.de' -s 'Result of the last restic run' -S smtp='smtp.example.com:587' -S smtp-use-starttls -S smtp-auth=login -S smtp-auth-user='username' -S smtp-auth-password='password' 'to@example.com'\"`.\n* `OS_AUTH_URL` - Optional. When using restic with OpenStack Swift container.\n* `OS_PROJECT_ID` - Optional. When using restic with OpenStack Swift container.\n* `OS_PROJECT_NAME` - Optional. When using restic with OpenStack Swift container.\n* `OS_USER_DOMAIN_NAME` - Optional. When using restic with OpenStack Swift container.\n* `OS_PROJECT_DOMAIN_ID` - Optional. When using restic with OpenStack Swift container.\n* `OS_USERNAME` - Optional. When using restic with OpenStack Swift container.\n* `OS_PASSWORD` - Optional. When using restic with OpenStack Swift container.\n* `OS_REGION_NAME` - Optional. When using restic with OpenStack Swift container.\n* `OS_INTERFACE` - Optional. When using restic with OpenStack Swift container.\n* `OS_IDENTITY_API_VERSION` - Optional. When using restic with OpenStack Swift container.\n\n## Volumes\n\n* `/data` - This is the data that gets backed up. Just [mount](https://docs.docker.com/engine/reference/run/#volume-shared-filesystems) it to wherever you want.\n\n## Set the hostname\n\nSince restic saves the hostname with each snapshot and the hostname of a docker container is derived from its id, you might want to customize this by setting the hostname of the container to another value.\n\nSet `--hostname` in the [network settings](https://docs.docker.com/engine/reference/run/#network-settings)\n\n## Backup via SFTP\n\nSince restic needs a **passwordless login** to the SFTP server, make sure you can do `sftp user@host` from inside the container. If you can do so from your host system, the easiest way is to just mount your `.ssh` folder containing the authorized cert into the container by specifying `-v ~/.ssh:/root/.ssh` as an argument for `docker run`.\n\nNow you can simply specify the restic repository to be an [SFTP repository](https://restic.readthedocs.io/en/stable/Manual/#create-an-sftp-repository).\n\n```\n-e \"RESTIC_REPOSITORY=sftp:user@host:/tmp/backup\"\n```\n\n## Backup via OpenStack Swift\n\nRestic can back up data to an OpenStack Swift container. Because Swift supports various authentication methods, credentials are passed through environment variables. In order to help integration with existing OpenStack installations, the naming convention of those variables follows the official Python Swift client.\n\nNow you can simply specify the restic repository to be a [Swift repository](https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#openstack-swift).\n\n```\n-e \"RESTIC_REPOSITORY=swift:backup:/\"\n-e \"RESTIC_PASSWORD=password\"\n-e \"OS_AUTH_URL=https://auth.cloud.ovh.net/v3\"\n-e \"OS_PROJECT_ID=xxxx\"\n-e \"OS_PROJECT_NAME=xxxx\"\n-e \"OS_USER_DOMAIN_NAME=Default\"\n-e \"OS_PROJECT_DOMAIN_ID=default\"\n-e \"OS_USERNAME=username\"\n-e \"OS_PASSWORD=password\"\n-e \"OS_REGION_NAME=SBG\"\n-e \"OS_INTERFACE=public\"\n-e \"OS_IDENTITY_API_VERSION=3\"\n```\n\n## Backup via rclone\n\nTo use rclone as a backend for restic, simply add the rclone config file as a volume with `-v /absolute/path/to/rclone.conf:/root/.config/rclone/rclone.conf`.\n\nNote that for some backends (Among them Google Drive and Microsoft OneDrive), rclone writes data back to the `rclone.conf` file. In this case it needs to be writable by Docker.\n\nIf the container fails to write the new `rclone.conf` file with the error message `Failed to save config after 10 tries: Failed to move previous config to backup location`, add the entire `rclone` directory as a volume: `-v /absolute/path/to/rclone-dir:/root/.config/rclone`.\n\n## Example docker-compose\n\nThis is an example `docker-compose.yml`. The container will back up two directories to an SFTP server and check data integrity once a week. \n\n```\nversion: '3'\n\nservices:\n  restic:\n    image: lobaro/restic-backup-docker:latest\n    hostname: nas                                     # This will be visible in restic snapshot list\n    restart: always\n    privileged: true\n    volumes:\n      - /volume1/Backup:/data/Backup:ro               # Backup /volume1/Backup from host\n      - /home/user:/data/home:ro                      # Backup /home/user from host\n      - ./post-backup.sh:/hooks/post-backup.sh:ro     # Run script post-backup.sh after every backup\n      - ./post-check.sh:/hooks/post-check.sh:ro       # Run script post-check.sh after every check\n      - ./ssh:/root/.ssh                              # SSH keys and config so we can login to \"storageserver\" without password\n    environment:\n      - RESTIC_REPOSITORY=sftp:storageserver:/storage/nas  # Backup to server \"storageserver\" \n      - RESTIC_PASSWORD=passwordForRestic                  # Password restic uses for encryption\n      - BACKUP_CRON=0 22 * * 0                             # Start backup every Sunday 22:00 UTC\n      - CHECK_CRON=0 22 * * 3                              # Start check every Wednesday 22:00 UTC\n      - RESTIC_DATA_SUBSET=50G                             # Download 50G of data from \"storageserver\" every Wednesday 22:00 UTC and check the data integrity\n      - RESTIC_FORGET_ARGS=--prune --keep-last 12          # Only keep the last 12 snapshots\n```\n\n# Versioning\nStarting from v1.3.0 versioning follows [Semantic versioning](http://semver.org/)\n\n","funding_links":[],"categories":["Shell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flobaro%2Frestic-backup-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flobaro%2Frestic-backup-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flobaro%2Frestic-backup-docker/lists"}