-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy path.env-dist
408 lines (337 loc) · 17.8 KB
/
.env-dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
BACKUP_VOLUME_GIT_REPO=https://github.com/EnigmaCurry/docker-volume-backup.git
BACKUP_VOLUME_GIT_REF=master
# The name of this instance. If there is only one instance, use 'default'.
BACKUP_INSTANCE=
## Enable Docker socket access (recommended!)
## With this enabled, the
## backup service will be able to stop your containers before backing
## up, which is essential for maintaining file integrity of live
## writes to e.g., databases.
## This is a security concern, as this grants root access to your
## host, so you may want to turn this off, but only if you know you
## won't be writing to the files just before the backup starts.
BACKUP_USE_DOCKER=true
## Comma separated list of Docker volumes to backup:
BACKUP_VOLUMES=
## Memory for the config script to remember which storage type was selected:
BACKUP_STORAGE_TYPE=local
#### Upstream docker-volume-backup env vars appear after here:
########### BACKUP SCHEDULE
# A cron expression represents a set of times, using 5 or 6 space-separated fields.
#
# Field name | Mandatory? | Allowed values | Allowed special characters
# ---------- | ---------- | -------------- | --------------------------
# Seconds | No | 0-59 | * / , -
# Minutes | Yes | 0-59 | * / , -
# Hours | Yes | 0-23 | * / , -
# Day of month | Yes | 1-31 | * / , - ?
# Month | Yes | 1-12 or JAN-DEC | * / , -
# Day of week | Yes | 0-6 or SUN-SAT | * / , - ?
#
# Month and Day-of-week field values are case insensitive.
# "SUN", "Sun", and "sun" are equally accepted.
# If no value is set, `@daily` will be used.
# If you do not want the cron to ever run, use `0 0 5 31 2 ?`.
## Daily (all equivalent):
# BACKUP_CRON_EXPRESSION=@daily
# BACKUP_CRON_EXPRESSION=@every 24h
# BACKUP_CRON_EXPRESSION=0 0 * * *
## Hourly (all equivalent):
# BACKUP_CRON_EXPRESSION=@hourly
# BACKUP_CRON_EXPRESSION=@every 1h
# BACKUP_CRON_EXPRESSION=0 * * * *
## Every five hours at half past the hour:
# BACKUP_CRON_EXPRESSION=30 */5 * * *
## Every five and a half hours:
# BACKUP_CRON_EXPRESSION=@every 5h30m
## Every five minutes:
# BACKUP_CRON_EXPRESSION=*/5 * * * *
# BACKUP_CRON_EXPRESSION=@every 5m
## Every weekday at 3AM:
# BACKUP_CRON_EXPRESSION=0 3 * * MON-FRI
## Every other day at 05:00am
# BACKUP_CRON_EXPRESSION=0 5 * * */2
BACKUP_CRON_EXPRESSION=@daily
# The compression algorithm used in conjunction with tar.
# Valid options are: "gz" (Gzip), "zst" (Zstd) or "none" (tar only).
# Default is "gz". Note that the selection affects the file extension.
BACKUP_COMPRESSION=gz
# Parallelism level for "gz" (Gzip) compression.
# Defines how many blocks of data are concurrently processed.
# Higher values result in faster compression. No effect on decompression
# Default = 1. Setting this to 0 will use all available threads.
BACKUP_GZIP_PARALLELISM=2
# The name of the backup file including the extension.
# Format verbs will be replaced as in `strftime`. Omitting them
# will result in the same filename for every backup run, which means previous
# versions will be overwritten on subsequent runs.
# Extension can be defined literally or via "{{ .Extension }}" template,
# in which case it will become either "tar.gz", "tar.zst" or ".tar" (depending
# on your BACKUP_COMPRESSION setting).
# The default results in filenames like: `backup-2021-08-29T04-00-00.tar.gz`.
BACKUP_FILENAME="backup-$${INSTANCE}-%Y-%m-%dT%H-%M-%S.{{ .Extension }}"
# Setting BACKUP_FILENAME_EXPAND to true allows for environment variable
# placeholders in BACKUP_FILENAME, BACKUP_LATEST_SYMLINK and in
# BACKUP_PRUNING_PREFIX that will get expanded at runtime,
# e.g. `backup-$HOSTNAME-%Y-%m-%dT%H-%M-%S.tar.gz`. Expansion happens before
# interpolating strftime tokens. It is disabled by default.
# Please note that you will need to escape the `$` when providing the value
# in a docker-compose.yml file, i.e. using $$VAR instead of $VAR.
BACKUP_FILENAME_EXPAND=true
# When storing local backups, a symlink to the latest backup can be created
# in case a value is given for this key. This has no effect on remote backups.
BACKUP_LATEST_SYMLINK="backup-$${INSTANCE}.latest.tar.gz"
# ************************************************************************
# The BACKUP_FROM_SNAPSHOT option has been deprecated and will be removed
# in the next major version. Please use exec-pre and exec-post
# as documented below instead.
# ************************************************************************
# Whether to copy the content of backup folder before creating the tar archive.
# In the rare scenario where the content of the source backup volume is continuously
# updating, but we do not wish to stop the container while performing the backup,
# this setting can be used to ensure the integrity of the tar.gz file.
BACKUP_FROM_SNAPSHOT=false
# By default, the `/backup` directory inside the container will be backed up.
# In case you need to use a custom location, set `BACKUP_SOURCES`.
BACKUP_SOURCES=/backup
# When given, all files in BACKUP_SOURCES whose full path matches the given
# regular expression will be excluded from the archive. Regular Expressions
# can be used as from the Go standard library https://pkg.go.dev/regexp
BACKUP_EXCLUDE_REGEXP=
# Exclude one or many storage backends from the pruning process.
# E.g. with one backend excluded: BACKUP_SKIP_BACKENDS_FROM_PRUNE=s3
# E.g. with multiple backends excluded: BACKUP_SKIP_BACKENDS_FROM_PRUNE=s3,webdav
# Available backends are: S3, WebDAV, SSH, Local, Dropbox, Azure
# Note: The name of the backends is case insensitive.
# Default: All backends get pruned.
BACKUP_SKIP_BACKENDS_FROM_PRUNE=
########### BACKUP STORAGE
# The name of the remote bucket that should be used for storing backups. If
# this is not set, no remote backups will be stored.
BACKUP_AWS_S3_BUCKET_NAME=
# If you want to store the backup in a non-root location on your bucket
# you can provide a path. The path must not contain a leading slash.
BACKUP_AWS_S3_PATH=
# Define credentials for authenticating against the backup storage and a bucket
# name. Although all of these keys are `AWS`-prefixed, the setup can be used
# with any S3 compatible storage.
BACKUP_AWS_ACCESS_KEY_ID=
BACKUP_AWS_SECRET_ACCESS_KEY=
# Instead of providing static credentials, you can also use IAM instance profiles
# or similar to provide authentication. Some possible configuration options on AWS:
# - EC2: http://169.254.169.254
# - ECS: http://169.254.170.2
BACKUP_AWS_IAM_ROLE_ENDPOINT=
# This is the FQDN of your storage server, e.g. `storage.example.com`.
# Do not set this when working against AWS S3 (the default value is
# `s3.amazonaws.com`). If you need to set a specific (non-https) protocol, you
# will need to use the option below.
BACKUP_AWS_ENDPOINT=
# The protocol to be used when communicating with your storage server.
# Defaults to "https". You can set this to "http" when communicating with
# a different Docker container on the same host for example.
BACKUP_AWS_ENDPOINT_PROTO=https
# Setting this variable to `true` will disable verification of
# SSL certificates for BACKUP_AWS_ENDPOINT. You shouldn't use this unless you use
# self-signed certificates for your remote storage backend. This can only be
# used when BACKUP_AWS_ENDPOINT_PROTO is set to `https`.
BACKUP_AWS_ENDPOINT_INSECURE=false
# If you wish to use self signed certificates your S3 server, you can pass
# the location of a PEM encoded CA certificate and it will be used for
# validating your certificates.
# Alternatively, pass a PEM encoded string containing the certificate.
### BACKUP_AWS_ENDPOINT_CA_CERT=/path/to/cert.pem
BACKUP_AWS_ENDPOINT_CA_CERT=
# Setting this variable will change the S3 storage class header.
# Defaults to "STANDARD", you can set this value according to your needs.
### BACKUP_AWS_STORAGE_CLASS=GLACIER
BACKUP_AWS_STORAGE_CLASS=STANDARD
# Setting this variable will change the S3 default part size for the copy step.
# This value is useful when you want to upload large files.
# NB : While using Scaleway as S3 provider, be aware that the parts counter is set to 1.000.
# While Minio uses a hard coded value to 10.000. As a workaround, try to set a higher value.
# Defaults to "16" (MB) if unset (from minio), you can set this value according to your needs.
# The unit is in MB and an integer.
BACKUP_AWS_PART_SIZE=
# You can also backup files to any WebDAV server:
# The URL of the remote WebDAV server
### BACKUP_WEBDAV_URL=https://webdav.example.com
BACKUP_WEBDAV_URL=
# The Directory to place the backups to on the WebDAV server.
# If the path is not present on the server it will be created.
### BACKUP_WEBDAV_PATH=/my/directory/
BACKUP_WEBDAV_PATH=
# The username for the WebDAV server
BACKUP_WEBDAV_USERNAME=
# The password for the WebDAV server
BACKUP_WEBDAV_PASSWORD=
# Setting this variable to `true` will disable verification of
# SSL certificates for BACKUP_WEBDAV_URL. You shouldn't use this unless you use
# self-signed certificates for your remote storage backend.
BACKUP_WEBDAV_URL_INSECURE=false
# You can also backup files to any SSH server:
# The URL of the remote SSH server
BACKUP_SSH_HOST_NAME=
# The port of the remote SSH server
# Optional variable default value is `22`
BACKUP_SSH_PORT=22
# The Directory to place the backups to on the SSH server.
BACKUP_SSH_REMOTE_PATH=
# The username for the SSH server
BACKUP_SSH_USER=
# The password for the SSH server
BACKUP_SSH_PASSWORD=
# The private key path in container for SSH server
# Default value: /root/.ssh/id_rsa
# If file is mounted to /root/.ssh/id_rsa path it will be used. Non-RSA keys will
# also work.
BACKUP_SSH_IDENTITY_FILE=
# The passphrase for the identity file
BACKUP_SSH_IDENTITY_PASSPHRASE=
# The credential's account name when using Azure Blob Storage. This has to be
# set when using Azure Blob Storage.
BACKUP_AZURE_STORAGE_ACCOUNT_NAME=
# The credential's primary account key when using Azure Blob Storage. If this
# is not given, the command tries to fall back to using a connection string
# (if given) or a managed identity (if nothing is given).
BACKUP_AZURE_STORAGE_PRIMARY_ACCOUNT_KEY=
# A connection string for accessing Azure Blob Storage. If this
# is not given, the command tries to fall back to using a primary account key
# (if given) or a managed identity (if nothing is given).
BACKUP_AZURE_STORAGE_CONNECTION_STRING=
# The container name when using Azure Blob Storage.
BACKUP_AZURE_STORAGE_CONTAINER_NAME=
# The service endpoint when using Azure Blob Storage. This is a template that
# can be passed the account name as shown in the default value below.
### BACKUP_AZURE_STORAGE_ENDPOINT="https://{{ .AccountName }}.blob.core.windows.net/"
BACKUP_AZURE_STORAGE_ENDPOINT=
# The access tier when using Azure Blob Storage. Possible values are
# https://github.com/Azure/azure-sdk-for-go/blob/sdk/storage/azblob/v1.3.2/sdk/storage/azblob/internal/generated/zz_constants.go#L14-L30
# BACKUP_AZURE_STORAGE_ACCESS_TIER="Cold"
BACKUP_AZURE_STORAGE_ACCESS_TIER=
# Absolute remote path in your Dropbox where the backups shall be stored.
# Note: Use your app's subpath in Dropbox, if it doesn't have global access.
# Consult the README for further information.
BACKUP_DROPBOX_REMOTE_PATH=
# Number of concurrent chunked uploads for Dropbox.
# Values above 6 usually result in no enhancements.
BACKUP_DROPBOX_CONCURRENCY_LEVEL="6"
# App key and app secret from your app created at https://www.dropbox.com/developers/apps/info
BACKUP_DROPBOX_APP_KEY=
BACKUP_DROPBOX_APP_SECRET=
# Refresh token to request new short-lived tokens (OAuth2). Consult README to see how to get one.
BACKUP_DROPBOX_REFRESH_TOKEN=
# In addition to storing backups remotely, you can also keep local copies.
# Pass a container-local path to store your backups if needed. You also need to
# mount a local folder or Docker volume into that location (`/archive`
# by default) when running the container. In case the specified directory does
# not exist (nothing is mounted) in the container when the backup is running,
# local backups will be skipped. Local paths are also be subject to pruning of
# old backups as defined below.
### BACKUP_ARCHIVE=/archive
BACKUP_ARCHIVE=
########### BACKUP PRUNING
# **IMPORTANT, PLEASE READ THIS BEFORE USING THIS FEATURE**:
# The mechanism used for pruning old backups is not very sophisticated
# and applies its rules to **all files in the target directory** by default,
# which means that if you are storing your backups next to other files,
# these might become subject to deletion too. When using this option
# make sure the backup files are stored in a directory used exclusively
# for such files, or to configure BACKUP_PRUNING_PREFIX to limit
# removal to certain files.
# Define this value to enable automatic rotation of old backups. The value
# declares the number of days for which a backup is kept.
BACKUP_RETENTION_DAYS=30
# In case the duration a backup takes fluctuates noticeably in your setup
# you can adjust this setting to make sure there are no race conditions
# between the backup finishing and the rotation not deleting backups that
# sit on the edge of the time window. Set this value to a duration
# that is expected to be bigger than the maximum difference of backups.
# Valid values have a suffix of (s)econds, (m)inutes or (h)ours. By default,
# one minute is used.
BACKUP_PRUNING_LEEWAY=1m
# In case your target bucket or directory contains other files than the ones
# managed by this container, you can limit the scope of rotation by setting
# a prefix value. This would usually be the non-parametrized part of your
# BACKUP_FILENAME. E.g. if BACKUP_FILENAME is `db-backup-%Y-%m-%dT%H-%M-%S.tar.gz`,
# you can set BACKUP_PRUNING_PREFIX to `db-backup-` and make sure
# unrelated files are not affected by the rotation mechanism.
BACKUP_PRUNING_PREFIX=backup-
########### BACKUP ENCRYPTION
# Backups can be encrypted symmetrically using gpg in case a passphrase is given.
BACKUP_GPG_PASSPHRASE=
# Backups can be encrypted asymmetrically using gpg in case public keys are given.
# BACKUP_GPG_PUBLIC_KEY_RING= |
#-----BEGIN PGP PUBLIC KEY BLOCK-----
#
#D/cIHu6GH/0ghlcUVSbgMg5RRI5QKNNKh04uLAPxr75mKwUg0xPUaWgyyrAChVBi
#...
#-----END PGP PUBLIC KEY BLOCK-----
BACKUP_GPG_PUBLIC_KEY_RING=
########### STOPPING CONTAINERS AND SERVICES DURING BACKUP
# Containers or services can be stopped by applying a
# `docker-volume-backup.stop-during-backup` label. By default, all containers and
# services that are labeled with `true` will be stopped. If you need more fine
# grained control (e.g. when running multiple containers based on this image),
# you can override this default by specifying a different value here.
# BACKUP_STOP_DURING_BACKUP_LABEL="service1"
BACKUP_STOP_DURING_BACKUP_LABEL=
# When trying to scale down Docker Swarm services, give up after
# the specified amount of time in case the service has not converged yet.
# In case you need to adjust this timeout, supply a duration
# value as per https://pkg.go.dev/time#ParseDuration to `BACKUP_STOP_SERVICE_TIMEOUT`.
# Defaults to 5 minutes.
BACKUP_STOP_SERVICE_TIMEOUT="5m"
########### EXECUTING COMMANDS IN CONTAINERS PRE/POST BACKUP
# It is possible to define commands to be run in any container before and after
# a backup is conducted. The commands themselves are defined in labels like
# `docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump [options] > dump.sql'.
# Several options exist for controlling this feature:
# By default, any output of such a command is suppressed. If this value
# is configured to be "true", command execution output will be forwarded to
# the backup container's stdout and stderr.
BACKUP_EXEC_FORWARD_OUTPUT=true
# Without any further configuration, all commands defined in labels will be
# run before and after a backup. If you need more fine grained control, you
# can use this option to set a label that will be used for narrowing down
# the set of eligible containers. When set, an eligible container will also need
# to be labeled as `docker-volume-backup.exec-label=database`.
# BACKUP_EXEC_LABEL="database"
BACKUP_EXEC_LABEL=
########### NOTIFICATIONS
# Notifications (email, Slack, etc.) can be sent out when a backup run finishes.
# Configuration is provided as a comma-separated list of URLs as consumed
# by `shoutrrr`: https://containrrr.dev/shoutrrr/v0.8/services/overview/
# The content of such notifications can be customized. Dedicated documentation
# on how to do this can be found in the README. When providing multiple URLs or
# an URL that contains a comma, the values can be URL encoded to avoid ambiguities.
## cache the notification choice for the config tool:
BACKUP_NOTIFICATION_TYPE=none
# The below URL demonstrates how to send an email using the provided SMTP
# configuration and credentials.
# BACKUP_NOTIFICATION_URLS=smtp://username:password@host:587/[email protected]&[email protected]
BACKUP_NOTIFICATION_URLS=
# By default, notifications would only be sent out when a backup run fails
# To receive notifications for every run, set `BACKUP_NOTIFICATION_LEVEL` to `info`
# instead of the default `error`.
BACKUP_NOTIFICATION_LEVEL=error
# You can use the optional postfix SMTP relay server and bind the
# postfix-relay docker network:
BACKUP_NOTIFICATION_USE_POSTFIX_RELAY=false
########### DOCKER HOST
# If you are interfacing with Docker via TCP you can set the Docker host here
# instead of mounting the Docker socket as a volume. This is unset by default.
# BACKUP_DOCKER_HOST="tcp://docker_socket_proxy:2375"
BACKUP_DOCKER_HOST=
########### LOCK_TIMEOUT
# In the case of overlapping cron schedules run by the same container,
# subsequent invocations will wait for previous runs to finish before starting.
# By default, this will time out and fail in case the lock could not be acquired
# after 60 minutes. In case you need to adjust this timeout, supply a duration
# value as per https://pkg.go.dev/time#ParseDuration to `BACKUP_LOCK_TIMEOUT`
BACKUP_LOCK_TIMEOUT=60m
## Enable or disable certain phases of the backup lifecycle:
BACKUP_LIFECYCLE_PHASE_ARCHIVE=true
BACKUP_LIFECYCLE_PHASE_PROCESS=true
BACKUP_LIFECYCLE_PHASE_COPY=true
BACKUP_LIFECYCLE_PHASE_PRUNE=true