This is a simple little container that bundles s3fs and restic together with a script that combines them.
S3fs is used to mount an arbitrary S3 bucket as a fuse filesystem to /mnt
. Restic is then used to backup the containing files to an arbitrary restic repository.
All configuration is done through environment variables and file mounts.
For the s3fs mount:
SOURCE_S3_ENDPOINT
: The S3 server endpoint, e.g. for non-AWS S3 services (optional)SOURCE_BUCKETS
: The space separated list of buckets to mountSOURCE_S3_ACCESS_KEY
orSOURCE_S3_ACCESS_KEY_FILE
: The access key for authenticationSOURCE_S3_SECRET_KEY
orSOURCE_S3_SECRET_KEY_FILE
: The secret key for authentication
For restic:
- Any ENV variables listed here: https://restic.readthedocs.io/en/latest/040_backup.html#environment-variables
RESTIC_CACHE_DIR
: The cache dir, which should be on a volume/emptydir for optional performance. (optional, not specifying it disables caching)RESTIC_BACKUP_TAG
: The value for the--tag
option of the restic backup commandRESTIC_EXTRA_ARGS
: Extra arguments that are passed to any invocation of resticRESTIC_BACKUP_EXTRA_ARGS
: Extra arguments that are passed to the invocation of the restic backup commandRESTIC_INIT_REPOSITORY
: The script will attempt to initialized the restic repository, if this variable is set totrue
. Initialization failures will be ignored under the assumption that the usual reason would be, that the repo is already initialized. If that is not the reason, then the following backup command will fail anyway.
Since the container uses a fuse filesystem, it must either be executed with --privileged
or with the /dev/fuse
device and the SYS_ADMIN
capability.
podman run --rm -it --device /dev/fuse --cap-add SYS_ADMIN -e SOURCE_BUCKETS=some-bucket -e SOURCE_S3_ACCESS_KEY=some-access-key -e SOURCE_S3_SECRET_KEY=some-secret-key ghcr.io/pschichtel/s3-backup:main