added notes for the key

.gitignore

@@ -1,3 +1,6 @@
 __pycache__
 *.egg-info
 build/
+
+.env
+key

README.md

@@ -5,17 +5,40 @@ Purpose:
 - Wrap `restic` with the ability to start/stop Docker containers
 - Send updates to Loki server
 
-## Environment Variables
+## Installation
 
-Recommended to put these in the relevant `~/.bashrc` file
+### Include in Repo
+
+From a parent repo, add this one as a submodule:
+
+```shell
+git submodule add https://gitea.john-stream.com/john/restic-scripts
+```
+
+Then add this to the `docker-compose.yml` file of the parent.
+
+```yaml
+include:
+  - restic-scripts/docker-compose.yml
+```
+
+### Environment Variables
+
+Put these in `./restic-scripts/.env`, which is on the `.gitignore` list.
 
 | Env Variable        | Description                                                                             |
-|---------------------|--------------------------------------------------------------------------------------------|
+| ------------------- | --------------------------------------------------------------------------------------- |
-| `HOSTNAME`          | Network hostname of where the backup is running. Used to tag the backups in restic         |
 | `BACKUP_DIR`        | Directory to back up                                                                    |
 | `RESTIC_REPOSITORY` | Directory for the restic repository. This is usually on a mount point made from Proxmox |
-| `RESTIC_PASSWORD`   | Password for the restic repository                                                         |
+| `TZ`                | Set to modify the timezone shown in the scheduler                                       |
-| `LOKI_URL`          | Push URL for Loki. Should include the port and end with something like `/loki/api/v1/push` |
+
+### Key file
+
+The password needs to be stored in `./restic-scripts/key`. Make sure it has the right (secure) permissions.
+
+```shell
+sudo chown root:root ./restic-scripts/key && sudo chmod 600 ./restic-scripts/key
+```
 
 ## Loki Updates
 
@@ -28,16 +51,14 @@ Updates sent to Loki will have the following labels:
 
 ## Usage
 
-```shell
+Check snapshots
-python -m restic.snapshots
-```
-
-To stop docker containers before the backup and start them again afterwards, use the `--project` and `--services` flags.
 
 ```shell
-python -m restic.backup --tag manual --project joplin --services app,db
+docker compose exec backup resticprofile snapshots
 ```
 
+Dry-run a backup
+
 ```shell
-python -m restic.prune
+docker compose exec backup resticprofile --dry-run backup
 ```

docker-compose.yml

@@ -0,0 +1,16 @@
+services:
+  backup:
+    image: creativeprojects/resticprofile
+    entrypoint: '/bin/sh'
+    command:
+      - -c
+      - 'crond && resticprofile-schedule.sh && inotifyd resticprofile-schedule.sh /etc/resticprofile:w'
+    env_file:
+      - .env
+    hostname: ${HOSTNAME}
+    volumes:
+      - ./restic-profile.yaml:/etc/resticprofile/profiles.yaml:ro
+      - ./resticprofile-schedule.sh:/usr/local/bin/resticprofile-schedule.sh:ro
+      - ./key:/etc/resticprofile/key:ro
+      - ${BACKUP_DIR}:${BACKUP_DIR}:ro
+      - ${RESTIC_REPOSITORY}:${RESTIC_REPOSITORY}:rw

restic-profile.yaml

@@ -0,0 +1,30 @@
+
+global:
+  scheduler: crond
+
+default:
+  base-dir: ${BACKUP_DIR}
+  repository: local:${RESTIC_REPOSITORY}
+  password-file: key
+  initialize: true
+  backup:
+    source: ./
+    exclude-caches: true
+    one-file-system: true
+    schedule: "*:00"
+    schedule-permission: system
+    check-before: true
+    tag:
+      - resticprofile
+  
+  retention:
+    after-backup: true
+    before-backup: false
+    prune: true
+    tag:
+      - resticprofile
+    keep-within: 3h
+    keep-hourly: 72
+    keep-daily: 14
+    keep-weekly: 8
+    keep-monthly: 6

resticprofile-schedule.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+resticprofile unschedule
+
+resticprofile schedule --all
+
+echo "Scheduled all restic profiles"