moritz/restic-backup-sidecar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Moritz Martinius 5e411b00e0 Remove domain reference from README.md
2026-02-15 15:28:45 +01:00
gitea/hooks
Initial commit
2026-02-15 15:16:36 +01:00
mailcow/hooks
Initial commit
2026-02-15 15:16:36 +01:00
ssh
Initial commit
2026-02-15 15:16:36 +01:00
vaultwarden/hooks
Initial commit
2026-02-15 15:16:36 +01:00
.gitignore
Initial commit
2026-02-15 15:16:36 +01:00
backup.sh
Initial commit
2026-02-15 15:16:36 +01:00
Dockerfile
Initial commit
2026-02-15 15:16:36 +01:00
entrypoint.sh
Initial commit
2026-02-15 15:16:36 +01:00
README.md
Remove domain reference from README.md
2026-02-15 15:28:45 +01:00

README.md

restic-backup-sidecar

Docker sidecar container for restic backups via SFTP. Runs on Alpine with restic, mariadb-client, and sqlite.

Structure

Dockerfile, entrypoint.sh, backup.sh   # Shared image (copy to each service's restic/ dir)
mailcow/hooks/                         # MariaDB dump via socket
vaultwarden/hooks/                     # SQLite .backup for vaultwarden
gitea/hooks/                           # SQLite .backup for gitea

Setup per service

  1. Copy Dockerfile, entrypoint.sh, backup.sh into <service>/restic/
  2. Copy the matching hooks/ directory
  3. Create secrets/restic_password with a strong passphrase
  4. Create ssh/config (see ssh/config.sample), add your private key as ssh/id_ed25519, populate known_hosts via ssh-keyscan
  5. Create the target directory on the NAS: mkdir -p /path/to/your/backup/<service>
  6. Add the sidecar service to the compose file (see compose snippets in each service dir)

Environment variables

Variable Default Description
RESTIC_REPOSITORY SFTP target (sftp:user@host:/path)
RESTIC_PASSWORD_FILE Path to password file (use Docker secrets)
BACKUP_CRON 20 7 * * * Cron schedule
BACKUP_SOURCE /mnt/source /mnt/staging Paths to back up
KEEP_DAILY 1 Daily snapshots to keep
KEEP_WEEKLY 3 Weekly snapshots to keep
KEEP_MONTHLY 4 Monthly snapshots to keep
KEEP_YEARLY 1 Yearly snapshots to keep
MYSQL_* MariaDB credentials (mailcow only)

Hooks

Mount scripts to /hooks/ in the container:

  • pre-backup.sh — runs before restic backup (e.g. database dump)
  • post-backup.sh — runs after restic forget --prune (e.g. cleanup)

Manual backup / check

docker exec <container> /usr/local/bin/backup.sh
docker exec <container> restic snapshots
Reference in New Issue View Git Blame Copy Permalink
Description
Backup your docker services via restic!
Readme 30 KiB
Languages
Shell 86.9%
Dockerfile 13.1%