{"id":18537169,"url":"https://github.com/patrickap/docker-restic","last_synced_at":"2025-11-01T03:30:22.394Z","repository":{"id":170313204,"uuid":"646439849","full_name":"patrickap/docker-restic","owner":"patrickap","description":"Automated Docker Backups made easy. ☕️","archived":false,"fork":false,"pushed_at":"2024-12-23T19:29:03.000Z","size":195,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-09T01:09:09.625Z","etag":null,"topics":["automated","backup","docker","rclone","remote-sync","restic"],"latest_commit_sha":null,"homepage":"","language":"Just","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patrickap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-28T12:09:57.000Z","updated_at":"2024-12-23T19:29:07.000Z","dependencies_parsed_at":"2023-09-15T08:31:28.465Z","dependency_job_id":"629c29f4-9165-4344-9481-cbc0a71f1325","html_url":"https://github.com/patrickap/docker-restic","commit_stats":null,"previous_names":["patrickap/docker-restic"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickap%2Fdocker-restic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickap%2Fdocker-restic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickap%2Fdocker-restic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickap%2Fdocker-restic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickap","download_url":"https://codeload.github.com/patrickap/docker-restic/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239255292,"owners_count":19608253,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated","backup","docker","rclone","remote-sync","restic"],"created_at":"2024-11-06T19:37:18.946Z","updated_at":"2025-11-01T03:30:22.364Z","avatar_url":"https://github.com/patrickap.png","language":"Just","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker-Restic\n\nDocker-Restic is a lightweight wrapper designed to streamline the use of Restic, particularly for container backups. By parsing a configuration file, Docker-Restic exposes specified commands through the command-line interface (CLI).\n\n## Key Features\n\n- **User-Friendly CLI**: Offers a robust and intuitive command-line interface.\n- **Centralized Configuration**: Utilizes a central configuration file for all custom commands.\n- **Custom Commands**: Facilitates the creation of custom commands for maximum flexibility.\n- **Automation Capabilities**: Supports the scheduling of commands for automated backup operations.\n- **Non-root Container**: Operates as a non-root container by default, adhering to best security practices.\n- **Optional Capabilities**: Offers optional capabilities to read volumes from different owners if necessary.\n\n## Getting Started\n\nTo get started with Docker-Restic, follow these steps:\n\n1. Pull the Docker-Restic image from the official Docker Hub repository and run the container with the specified configurations:\n\n```bash\ndocker run -d \\\n  --name docker-restic \\\n  --restart always \\\n\n  # Optional: Add capabilities to read directories of different owners\n  # --cap-add DAC_READ_SEARCH \\\n\n  # Optional: Overwrite the default configuration\n  # -v $(pwd)/restic.conf:/srv/restic/config/restic.conf:ro \\\n  # -v $(pwd)/restic.cron:/srv/restic/config/restic.cron:ro \\\n\n  # Back up the named volume \"data\"\n  -v data:/source/data:ro \\\n  # Bind mount the backups to the host\n  -v ~/backups:/target \\\n  -v restic-config:/srv/restic \\\n  -v /etc/localtime:/etc/localtime:ro \\\n  -v /var/run/docker.sock:/var/run/docker.sock:ro \\\n  --secret restic-password \\\n  --secret rclone-password \\\n  patrickap/docker-restic:latest\n```\n\nAlternatively, you can use Docker Compose:\n\n```yml\nversion: \"3.7\"\n\nservices:\n  docker-restic:\n    image: patrickap/docker-restic:latest\n    restart: always\n    # Optional: Add capabilities to read directories of different owners\n    # cap_add:\n    # - DAC_READ_SEARCH\n    volumes:\n      # Optional: Overwrite the default configuration\n      # - ./restic.conf:/srv/restic/config/restic.conf:ro\n      # - ./restic.cron:/srv/restic/config/restic.cron:ro\n\n      # Back up the named volume \"data\"\n      - data:/source/data:ro\n      # Bind mount the backups to the host\n      - ~/backups:/target\n      - restic-config:/srv/restic\n      - /etc/localtime:/etc/localtime:ro\n      - /var/run/docker.sock:/var/run/docker.sock:ro\n    secrets:\n      - restic-password\n      - rclone-password\n\nvolumes:\n  restic-config:\n  data:\n    external: true\n\nsecrets:\n  restic-password:\n    file: /path/to/restic-password.txt\n  rclone-password:\n    file: /path/to/rclone-password.txt\n```\n\n**Notes:**\n\n- For security reasons, it is recommended to mount external volumes for backup as read-only using `:ro`.\n- Ensure to bind mount your container backups to a custom location on the host for accessibility.\n- The `DAC_READ_SEARCH` capability might be required when backing up multiple volumes with different owners or restricted permissions. This capability allows Docker-Restic to read all directories.\n\n2. **Configure the Docker-Restic Container**\n\nDocker-Restic provides default configurations to help you get started quickly. A lot of commands are supported out of the box. Run `docker-restic -l` to list all available commands. Run `docker-restic init` once manually. This will initialize a restic repository at `/srv/restic/data/repository` and creates an encrypted rclone configuration at `/srv/restic/config/rclone.conf`.\n\nThe entire backup process is scheduled once a day at 00:00. If this is not sufficient, the configurations can be modified or overwritten completely. Bind mount your custom configurations like this:\n\n- `restic.conf`: `/srv/restic/config/restic.conf`\n- `restic.cron`: `/srv/restic/config/restic.cron`\n\nDo not forget to restart the container.\n\n## Configuration Reference\n\nDocker-Restic utilizes Just under the hood, which is a powerful command runner. Make sure to checkout the [documentation](https://just.systems/man/en) on how to configure it. The configured commands should be executed using the `docker-restic` alias:\n\n```bash\ndocker-restic \u003ccommand-name\u003e\n```\n\n## Manual Backups\n\nFor manual backups, simply connect to the container. It's important to run the container as the user inside the container (by default `restic`) to prevent the container from writing files as root which the non-root user can't access afterwards. If it happened per accident, run `chown -R restic:restic \u003cdirectory\u003e` to fix the permissions:\n\n```bash\ndocker exec -u \u003cuser\u003e -it \u003ccontainer_name\u003e /bin/sh\n```\n\n## Restore from Backup\n\nTo restore a backup, a new Docker volume with the correct name must be created including the contents of the backup. After restarting the containers, the data should be mounted and restored:\n\n```bash\n# check restic repository\nrestic -r /path/to/repository check --read-data\n\n# dump restic backup\nrestic -r /path/to/repository dump latest / \u003e backup.tar\n\n# untar the backup\ntar -xvf backup.tar -C /tmp/backup\n\n# stop the containers\ndocker stop \u003ccontainer_name\u003e\n\n# use a temporary container to create the volume and copy the backup\ndocker volume create \u003cvolume_name\u003e\ndocker run --rm -it -v \u003cvolume_name\u003e:/to -v \u003cpath_to_backup\u003e:/from alpine /bin/sh -c 'cp -av /from/. /to'\n\n# restart the containers\ndocker restart \u003ccontainer_name\u003e\n```\n\n**Warning:**\nIf you're using Google Drive they may add back file extensions to encrypted files during the download or compression process which can result in a corrupted `restic` repository. To avoid this ensure to remove any added extensions inside the `repository/data` directory. An example of this would be a file at `respository/data/3f/3f0e4a8c5b71a0b9c7d38e29a87d5a1b23f69b08a5c06f1d2b539c846ee2a070b` being downloaded as `respository/data/3f/3f0e4a8c5b71a0b9c7d38e29a87d5a1b23f69b08a5c06f1d2b539c846ee2a070b.mp3`. In this example it is required to remove the automatically added extension `.mp3` to avoid repository corruption and be able to read the backup.\n\n## Contributing\n\nTo run Docker-Restic locally, you have two options: either build the Docker image from the provided Dockerfile and execute it, or use `docker compose`. To publish a release, use the command `just release \u003cpatch|minor|major\u003e`. This command will automatically increment the semantic version accordingly.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatrickap%2Fdocker-restic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpatrickap%2Fdocker-restic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatrickap%2Fdocker-restic/lists"}