Yavook.de/kiwi-backup
1
0
Fork 0
mirror of https://github.com/yavook/kiwi-backup.git synced 2024-11-21 22:43:01 +00:00
Code Packages Activity

kiwi-cron:0.2 base; don't drop privilege level

Browse source
This commit is contained in:
Jörn-Michael Miehe 2022-03-03 00:42:11 +01:00
parent 8e149bea06
commit 48d02483fb
2 changed files with 15 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
Dockerfile
View file

@ -1,8 +1,9 @@
FROM yavook/kiwi-cron:0.1 FROM yavook/kiwi-cron:0.2
LABEL maintainer="jmm@yavook.de" LABEL maintainer="jmm@yavook.de"
COPY requirements.txt /tmp/ COPY requirements.txt /tmp/
# full install of duplicity distribution
RUN set -ex; \ RUN set -ex; \
\ \
# duplicity software dependencies # duplicity software dependencies
@ -50,7 +51,7 @@ RUN set -ex; \
install duplicity \ install duplicity \
; \ ; \
\ \
# remove buildtime dependencies # cleanup
python3 -m pip --no-cache-dir \ python3 -m pip --no-cache-dir \
uninstall -y wheel \ uninstall -y wheel \
; \ ; \
@ -58,34 +59,30 @@ RUN set -ex; \
rm -f "/tmp/requirements.txt"; \ rm -f "/tmp/requirements.txt"; \
rm -rf "${HOME}/.cargo"; rm -rf "${HOME}/.cargo";
# start of kiwi additions here
RUN set -ex; \ RUN set -ex; \
\ \
# create /kiwi-backup directories tree # create /kiwi-backup directory structure
mkdir -m 777 /kiwi-backup; \ mkdir -m 777 /kiwi-backup; \
mkdir -m 777 /kiwi-backup/source; \ mkdir -m 777 /kiwi-backup/source; \
mkdir -m 777 /kiwi-backup/target; \ mkdir -m 777 /kiwi-backup/target; \
\ \
# create a non-root user # we need to run as root in container.
adduser -D -u 1368 kiwi-backup; # otherwise, we might miss directories in backup source!
mkdir -p "/root/.cache/duplicity"; \
USER kiwi-backup mkdir -pm 700 "/root/.gnupg"; \
RUN set -ex; \
\
mkdir -p "${HOME}/.cache/duplicity"; \
mkdir -pm 700 "${HOME}/.gnupg"; \
\ \
# confirm duplicity is working # confirm duplicity is working
duplicity --version; duplicity --version;
VOLUME [ "/home/kiwi-backup/.cache/duplicity" ] VOLUME [ "/root/.cache/duplicity" ]
ENV \ ENV \
################# #################
# BACKUP POLICY # # BACKUP POLICY #
################# #################
SCHEDULE_BACKUP="36 02 * * *" \ SCHEDULE_BACKUP="R 02 * * *" \
SCHEDULE_CLEANUP="36 04 * * *" \ SCHEDULE_CLEANUP="R 04 * * *" \
FULL_BACKUP_FREQUENCY=3M \ FULL_BACKUP_FREQUENCY=3M \
BACKUP_RETENTION_TIME=6M \ BACKUP_RETENTION_TIME=6M \
KEEP_NUM_FULL_CHAINS=2 \ KEEP_NUM_FULL_CHAINS=2 \
@ -93,8 +90,8 @@ ENV \
###################### ######################
# ADDITIONAL OPTIONS # # ADDITIONAL OPTIONS #
###################### ######################
SCHEDULE_RMFULL="36 05 * * SAT" \ SCHEDULE_RMFULL="R 05 * * SAT" \
SCHEDULE_RMINCR="36 05 * * SUN" \ SCHEDULE_RMINCR="R 05 * * SUN" \
BACKUP_VOLSIZE=1024 \ BACKUP_VOLSIZE=1024 \
BACKUP_SOURCE="/kiwi-backup/source" \ BACKUP_SOURCE="/kiwi-backup/source" \
BACKUP_TARGET="file:///kiwi-backup/target" \ BACKUP_TARGET="file:///kiwi-backup/target" \

2
libexec/kiwi-backup/build_command
View file

@ -9,7 +9,7 @@ ionice_exe="$(command -v ionice)"
duplicity_exe="$(command -v duplicity)" duplicity_exe="$(command -v duplicity)"
# files # files
duplicity_secrets_file="${HOME}/duplicity_secrets" duplicity_secrets_file="/root/duplicity_secrets"
######## ########
# MAIN # # MAIN #