calahil/backupbot
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

added the official docker cli
All checks were successful
Build and Push Docker Image / build (push) Successful in 39s
Details

Browse Source 
-switched to user 1000 for security.
-added user to docker group
-properly mounted btrfs drive on host allows users to create snapshots
This commit is contained in:
Chris Cowan
2025-10-22 16:44:48 -07:00
parent 2e2211b26e
commit 733f5e2504
7 changed files with 139 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
Dockerfile
View File

@@ -1,34 +1,48 @@
# Use LinuxServer.io Duplicati base # Use LinuxServer.io Duplicati base
FROM linuxserver/duplicati:2.1.0 FROM linuxserver/duplicati:2.1.0
# Install Docker CLI, bash, python3 # Install Docker CLI, bash, python3, btrfs support and all the app directories
RUN apt-get update && \ RUN apt-get update \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gnupg \
lsb-release \
bash \ bash \
python3 \ python3 \
python3-pip \ python3-pip \
docker.io \
btrfs-progs \ btrfs-progs \
ca-certificates curl && \ && mkdir -p /etc/apt/keyrings \
rm -rf /var/lib/apt/lists/* && curl -fsSL "https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg" \
| gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
$(lsb_release -cs) stable" \
| tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
docker-ce-cli \
&& groupadd -f docker \
&& usermod -aG docker abc \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p /usr/local/bin /config /etc/services.d/backupbot
# Create directories for backup scripts and logs # Copy the backup script
RUN mkdir -p /usr/local/bin /config/log /config/web /etc/services.d/backupbot
# Copy backup script
COPY backup.sh /usr/local/bin/backup.sh COPY backup.sh /usr/local/bin/backup.sh
RUN chmod +x /usr/local/bin/backup.sh RUN chmod +x /usr/local/bin/backup.sh
# Copy the environment variables for the config # Copy the environment variables for backupbot
COPY backupbot.env /defaults/backupbot.env COPY backupbot.conf /defaults/backupbot.conf
RUN chown www-data:www-data /defaults/backupbot.conf \
&& chmod 644 /defaults/backupbot.conf
# Copy s6 service for backupbot # Copy s6 service for backupbot
COPY services/backupbot/run /etc/services.d/backupbot/run COPY services/backupbot/run /etc/services.d/backupbot/run
RUN chmod +x /etc/services.d/backupbot/run RUN chmod +x /etc/services.d/backupbot/run
# Copy web frontend # Copy web frontend
COPY web /defaults/web COPY web /app
RUN chmod +x /defaults/web/cgi-bin/backupbot.cgi RUN chmod +x /app/cgi-bin/backupbot.cgi
# Expose web frontend port # Expose web frontend port
EXPOSE 8080 EXPOSE 8080

17
backup.sh
View File

@@ -4,7 +4,6 @@
# Author: Calahil Studios # Author: Calahil Studios
# === CONFIGURATION === # === CONFIGURATION ===
LOG_FILE="$1"
BACKUP_DIR="/backups/postgres_dumps" BACKUP_DIR="/backups/postgres_dumps"
RETENTION_DAYS="${RETENTION_DAYS:-7}" # Keep 7 days of backups RETENTION_DAYS="${RETENTION_DAYS:-7}" # Keep 7 days of backups
@@ -19,12 +18,12 @@ ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
EOF EOF
) )
echo "[BACKUPBOT_INFO] Starting PostgreSQL backup service..." | tee -a "$LOG_FILE" echo "[BACKUPBOT_INFO] Starting PostgreSQL backup service..."
mkdir -p "$BACKUP_DIR" mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +'%Y-%m-%d_%H-%M-%S') TIMESTAMP=$(date +'%Y-%m-%d_%H-%M-%S')
echo "[BACKUPBOT_INFO] $(date) - Starting backup cycle ($TIMESTAMP)" | tee -a "$LOG_FILE" echo "[BACKUPBOT_INFO] $(date) - Starting backup cycle ($TIMESTAMP)"
echo "[BACKUPBOT_INFO] Checking for running Postgres containers..." | tee -a "$LOG_FILE" echo "[BACKUPBOT_INFO] Checking for running Postgres containers..."
# Find running containers matching known image names # Find running containers matching known image names
MATCHING_CONTAINERS=$( MATCHING_CONTAINERS=$(
@@ -41,7 +40,7 @@ MATCHING_CONTAINERS=$(
) )
if [ -z "$MATCHING_CONTAINERS" ]; then if [ -z "$MATCHING_CONTAINERS" ]; then
echo "[BACKUPBOT_WARN] No Postgres containers found." | tee -a "$LOG_FILE" echo "[BACKUPBOT_WARN] No Postgres containers found."
else else
for container in $MATCHING_CONTAINERS; do for container in $MATCHING_CONTAINERS; do
NAME=$(docker inspect --format '{{.Name}}' "$container" | sed 's#^/##') NAME=$(docker inspect --format '{{.Name}}' "$container" | sed 's#^/##')
@@ -54,16 +53,16 @@ else
PG_USER=$(docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' "$container" | grep POSTGRES_USER | cut -d= -f2) PG_USER=$(docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' "$container" | grep POSTGRES_USER | cut -d= -f2)
PG_PASS=$(docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' "$container" | grep POSTGRES_PASSWORD | cut -d= -f2) PG_PASS=$(docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' "$container" | grep POSTGRES_PASSWORD | cut -d= -f2)
if docker exec -e PGPASSWORD="$PG_PASS" "$container" pg_dumpall -U "$PG_USER" -h 127.0.0.1 >"$FILE" 2>/tmp/pg_backup_error.log; then if docker exec -e PGPASSWORD="$PG_PASS" "$container" pg_dumpall -U "$PG_USER" -h 127.0.0.1 >"$FILE" 2>/tmp/pg_backup_error.log; then
echo "[BACKUPBOT_SUCCESS] Backup complete for $NAME -> $FILE" | tee -a "$LOG_FILE" echo "[BACKUPBOT_SUCCESS] Backup complete for $NAME -> $FILE"
else else
echo "[BACKUPBOT_ERROR] Backup failed for $NAME (check /tmp/pg_backup_error.log)" | tee -a "$LOG_FILE" echo "[BACKUPBOT_ERROR] Backup failed for $NAME (check /tmp/pg_backup_error.log)"
fi fi
# Retention cleanup # Retention cleanup
find "$CONTAINER_BACKUP_DIR" -type f -mtime +$RETENTION_DAYS -name '*.sql' -delete find "$CONTAINER_BACKUP_DIR" -type f -mtime +$RETENTION_DAYS -name '*.sql' -delete
done done
fi fi
echo "[BACKUPBOT_INFO] Creating a snapshot of /srv/appdata" | tee -a "$LOG_FILE" echo "[BACKUPBOT_INFO] Creating a snapshot of /srv/appdata"
btrfs subvolume snapshot -r /source/appdata /backups/snapshots/$(hostname)-$(date +%F) btrfs subvolume snapshot -r /source/appdata /backups/snapshots/$(hostname)-$(date +%F)
echo "[BACKUPBOT_INFO] Backup cycle complete." | tee -a "$LOG_FILE" echo "[BACKUPBOT_INFO] Backup cycle complete."

1
backupbot.env → backupbot.conf
View File

@@ -6,3 +6,4 @@ GOTIFY_URL=http://gotify.example.com
GOTIFY_TOKEN=your_gotify_token_here GOTIFY_TOKEN=your_gotify_token_here
BACKUP_HOUR=03 BACKUP_HOUR=03
BACKUP_MINUTE=00 BACKUP_MINUTE=00
BACKUPBOT_WEB_LOGGING=DEBUG

4
docker-compose.yml
View File

@@ -4,8 +4,8 @@ services:
container_name: backupbot container_name: backupbot
privileged: true privileged: true
environment: environment:
- PUID=0 - PUID=1000
- PGID=0 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
- SETTINGS_ENCRYPTION_KEY=${KEY} - SETTINGS_ENCRYPTION_KEY=${KEY}
- CLI_ARGS= #optional - CLI_ARGS= #optional

28
services/backupbot/run
View File

@@ -1,37 +1,25 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
set -e set -e
# Source env if available # Source env if available
if [[ -f /config/backupbot.env ]]; then if [[ -f /config/backupbot.conf ]]; then
set -a set -a
source /config/backupbot.env source /config/backupbot.conf
set +a set +a
else else
echo "[INFO] copying env vars from defaults..." echo "[INFO] copying config vars from defaults..."
cp -r /defaults/backupbot.env /config/ cp -r /defaults/backupbot.conf /config/
set -a set -a
source /config/backupbot.env source /config/backupbot.conf
set +a set +a
fi fi
# Initialize default web interface if missing
if [ ! -d /config/web ]; then
echo "[INFO] Populating /config/web from defaults..."
cp -r /defaults/web /config/
fi
# Start Python HTTP server for web config in background # Start Python HTTP server for web config in background
cd /config/web cd /app
if [ ! -f /config/log/web.log ]; then nohup python3 -m http.server 8080 --cgi 2>&1 &
mkdir -p /config/log
touch /config/log/web.log
fi
nohup python3 -m http.server 8080 --cgi >/config/log/web.log 2>&1 &
# Start backup scheduler # Start backup scheduler
STATE_FILE="/config/last_backup_date" STATE_FILE="/config/last_backup_date"
LOG_FILE="/config/log/pgbackup.log"
mkdir -p "$(dirname "$STATE_FILE")" "$(dirname "$LOG_FILE")"
# TZ # TZ
: "${TZ:=UTC}" : "${TZ:=UTC}"
@@ -56,7 +44,7 @@ run_backup() {
local attempt=1 local attempt=1
while ((attempt <= RETRIES)); do while ((attempt <= RETRIES)); do
echo "[INFO] Backup attempt $attempt" echo "[INFO] Backup attempt $attempt"
if /usr/local/bin/backup.sh "$LOG_FILE"; then if /usr/local/bin/backup.sh; then
echo "[SUCCESS] Backup completed" echo "[SUCCESS] Backup completed"
return 0 return 0
else else

85
web/cgi-bin/backupbot.cgi
View File

@@ -3,41 +3,81 @@ import cgi
import cgitb import cgitb
import os import os
import json import json
import glob import sys
import traceback
import tempfile
cgitb.enable() cgitb.enable()
print("Content-Type: application/json\n") print("Content-Type: application/json\n")
ENV_FILE = "/config/backupbot.env" ENV_FILE = "/config/backupbot.conf"
ZONEINFO_DIR = "/usr/share/zoneinfo" ZONEINFO_DIR = "/usr/share/zoneinfo"
# Logging level from environment
LOG_LEVEL = os.environ.get("BACKUPBOT_WEB_LOGGING", "info").lower()
LOG_LEVELS = {"debug": 3, "info": 2, "warn": 1}
def log(level, message, exc=None):
"""
Docker-friendly logging.
level: "debug", "info", "warn"
exc: exception object (only used in debug)
"""
if LOG_LEVELS.get(level, 0) <= LOG_LEVELS.get(LOG_LEVEL, 0):
timestamp = (
__import__("datetime")
.datetime.now()
.strftime(
"%Y-%m-%d \
%H:%M:%S"
)
)
msg = f"[{timestamp}] [{level.upper()}] {message}"
print(msg, file=sys.stderr)
if exc and LOG_LEVEL == "debug":
traceback.print_exception(
type(exc), exc, exc.__traceback__, file=sys.stderr
)
def read_env(): def read_env():
env = {} env = {}
if os.path.exists(ENV_FILE): if os.path.exists(ENV_FILE):
try:
with open(ENV_FILE) as f: with open(ENV_FILE) as f:
for line in f: for line in f:
line = line.strip() line = line.strip()
if not line or line.startswith("#") or "=" not in line: if not line or "=" not in line:
continue continue
key, val = line.split("=", 1) key, val = line.split("=", 1)
key = key.strip() env[key.strip()] = val.strip()
val = val.strip().split("#")[0].strip() except Exception as e:
env[key] = val log("warn", f"Failed to read config: {e}", e)
return env return env
def write_env(env): def write_env(env):
with open(ENV_FILE, "w") as f: try:
dir_name = os.path.dirname(ENV_FILE)
os.makedirs(dir_name, exist_ok=True)
# Write atomically to temp file
with tempfile.NamedTemporaryFile("w", dir=dir_name, delete=False) as tmp:
for key, val in env.items(): for key, val in env.items():
f.write(f"{key}={val}\n") tmp.write(f"{key}={val}\n")
temp_name = tmp.name
os.replace(temp_name, ENV_FILE)
log("info", f"Configuration saved to {ENV_FILE}")
except Exception as e:
log("warn", f"Failed to write config: {e}", e)
raise
def list_timezones(): def list_timezones():
zones = [] zones = []
for root, _, files in os.walk(ZONEINFO_DIR): for root, _, files in os.walk(ZONEINFO_DIR):
rel_root = os.path.relpath(root, ZONEINFO_DIR) rel_root = os.path.relpath(root, ZONEINFO_DIR)
if rel_root.startswith("posix") or rel_root.startswith("right"): if rel_root.startswith(("posix", "right")):
continue continue
for file in files: for file in files:
if file.startswith(".") or file.endswith((".tab", ".zi")): if file.startswith(".") or file.endswith((".tab", ".zi")):
@@ -49,18 +89,27 @@ def list_timezones():
form = cgi.FieldStorage() form = cgi.FieldStorage()
action = form.getvalue("action") action = form.getvalue("action")
if action == "get":
print(json.dumps(read_env()))
elif action == "set":
try: try:
raw = os.environ.get("CONTENT_LENGTH") if action == "get":
length = int(raw) if raw else 0 env = read_env()
log("debug", f"Returning configuration: {env}")
print(json.dumps(env))
elif action == "set":
raw_len = os.environ.get("CONTENT_LENGTH")
length = int(raw_len) if raw_len else 0
data = json.loads(os.read(0, length)) data = json.loads(os.read(0, length))
write_env(data) log("debug", f"Received new configuration: {data}")
env = read_env()
env.update(data) # update existing keys, add new keys
write_env(env)
print(json.dumps({"status": "ok", "message": "Configuration saved."})) print(json.dumps({"status": "ok", "message": "Configuration saved."}))
except Exception as e:
print(json.dumps({"status": "error", "message": str(e)}))
elif action == "get_timezones": elif action == "get_timezones":
print(json.dumps({"timezones": list_timezones()})) zones = list_timezones()
log("debug", f"Returning {len(zones)} timezones")
print(json.dumps({"timezones": zones}))
else: else:
log("warn", f"Invalid action requested: {action}")
print(json.dumps({"status": "error", "message": "Invalid action"})) print(json.dumps({"status": "error", "message": "Invalid action"}))
except Exception as e:
log("warn", f"Unhandled exception: {e}", e)
print(json.dumps({"status": "error", "message": str(e)}))

18
web/index.html
View File

@@ -37,10 +37,12 @@
</select> </select>
</label> </label>
<label>Backup Directory: <label>Backup Directory:
<input type="text" name="BACKUP_DIR"> <input type="text" name="BACKUP_DIR" id="backupDir" placeholder="/backups">
<button type="button" onclick="chooseBackupDir()">Browse</button>
</label> </label>
<label>Log File: <label>Log File:
<input type="text" name="LOG_FILE"> <input type="text" name="LOG_FILE" id="logDir" placeholder="/config/log">
<button type="button" onclick="chooseLogDir()">Browse</button>
</label> </label>
<label>Backup Hour: <label>Backup Hour:
<input type="number" name="BACKUP_HOUR" min="0" max="23"> <input type="number" name="BACKUP_HOUR" min="0" max="23">
@@ -76,6 +78,16 @@
}); });
} }
function chooseBackupDir() {
const base = prompt("Enter or confirm your backup directory path:", "/backups");
if (base) document.getElementById('backupDir').value = base;
}
function chooseLogDir() {
const base = prompt("Enter or confirm your log directory path:", "/config/log");
if (base) document.getElementById('logDir').value = base;
}
async function loadConfig() { async function loadConfig() {
const res = await fetch('/cgi-bin/backupbot.cgi?action=get'); const res = await fetch('/cgi-bin/backupbot.cgi?action=get');
const data = await res.json(); const data = await res.json();
@@ -99,7 +111,7 @@
} }
document.getElementById('configForm').addEventListener('submit', saveConfig); document.getElementById('configForm').addEventListener('submit', saveConfig);
loadConfig(); loadTimezones().then(loadConfig);
</script> </script>
</body> </body>