Initial commit

Author: msteinhoff

Dockerfile

@@ -0,0 +1,15 @@
+FROM alpine:latest
+RUN apk add --no-cache postgresql-client gnupg openssh-client
+
+COPY bin/backup /usr/bin/backup
+
+#ENV PGHOST
+#ENV PGUSER
+#ENV PGPASSWORD
+#ENV BACKUP_NAME
+ENV BACKUP_INTERVAL 1h
+ENV BACKUP_GPG_KEY_ID 796F7DAA1D643B75
+ENV BACKUP_SSH_DESTINATION chaosdorf@backup.finalrewind.org
+ENV BACKUP_SSH_REMOTE_DIRECTORY backup
+
+ENTRYPOINT ["/usr/bin/backup"]

README.md

@@ -0,0 +1,54 @@
+# backup postgres instances from within docker
+
+This image includes postgres-client, openssh-client and GnuPG.
+Inspired by [nomaster/postgres-backup-docker](https://github.com/nomaster/postgres-backup-docker).
+
+To encrypt backups, the script first retrieves a GPG key from default keyservers.
+Every hour, a full postgres backup is created, compressed, encrypted and pushed to a remote SSH server.
+The container can run beneath a postgres database within the same docker network.
+
+Required environment variables:
+
+- `PGHOST`, `PGUSER`, `PGPASSWORD`: Postgres credentials
+- `BACKUP_NAME`: To identify the backup on the remote host
+
+Optional variables:
+
+- `BACKUP_INTERVAL` (default: `1h`)
+- `BACKUP_GPG_KEY_ID` (chaosdorf default)
+- `BACKUP_SSH_DESTINATION` (chaosdorf default, should be `user@host`)
+- `BACKUP_SSH_REMOTE_DIRECTORY` (chaosdorf default, directory must exist on remote host)
+
+# Example
+
+Add service to `docker-compose.yml` and provide `id_rsa` to allow ssh to connect to the remote host:
+
+```yml
+version: '3.7'
+
+services:
+  db:
+    image: postgres:latest
+    networks:
+      - internal
+    [...]
+  backup:
+    image: chaosdorf/postgres-gpg-backup:latest
+    environment:
+      - PGHOST=db
+      - PGUSER=postgres
+      - PGPASSWORD=postgres
+      - BACKUP_NAME=db-backup
+    configs:
+      - source: backup_ssh_key
+        target: /root/.ssh/id_rsa
+        uid: '0'
+        gid: '0'
+        mode: 0600
+    networks:
+      - internal
+
+configs:
+  backup_ssh_key:
+    [...]
+```

bin/backup

@@ -0,0 +1,24 @@
+#!/bin/sh
+set -e
+[ -z "${BACKUP_NAME}" ] && { echo "error: BACKUP_NAME not set"; exit 1; }
+[ -z "${BACKUP_GPG_KEY_ID}" ] && { echo "error: BACKUP_GPG_KEY_ID not set"; exit 1; }
+[ -z "${BACKUP_SSH_DESTINATION}" ] && { echo "error: BACKUP_SSH_DESTINATION not set"; exit 1; }
+BACKUP_INTERVAL=${BACKUP_INTERVAL:-1h}
+BACKUP_SSH_REMOTE_DIRECTORY=${BACKUP_SSH_REMOTE_DIRECTORY:-backup}
+
+echo "Retrieving GPG key ${BACKUP_GPG_KEY_ID}"
+gpg --receive-keys "${BACKUP_GPG_KEY_ID}"
+
+echo "Creating postgres SQL dump every ${BACKUP_INTERVAL}..."
+while true
+do
+    DATE=$(date +%y%m%d-%H%M%S)
+    REMOTE_FILE=${BACKUP_SSH_REMOTE_DIRECTORY}/${BACKUP_NAME}_${DATE}.sql.gz.gpg
+    echo "[${DATE}] Creating postgres SQL dump ${REMOTE_FILE}"
+    pg_dumpall \
+        | gzip \
+        | gpg --encrypt --always-trust -r "${BACKUP_GPG_KEY_ID}" \
+        | ssh -q ${BACKUP_SSH_DESTINATION} "cat > ${REMOTE_FILE}"
+    echo "Done, waiting ${BACKUP_INTERVAL}"
+    sleep "${BACKUP_INTERVAL}"
+done

build-image.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker build -t chaosdorf/postgres-gpg-backup:latest .