added notes for the key

README.md

@@ -5,17 +5,40 @@ Purpose:
 - Wrap `restic` with the ability to start/stop Docker containers
 - Send updates to Loki server
 
-## Environment Variables
+## Installation
 
-Put these in a `.env` file in the directory that the backup will be run from.
+### Include in Repo
+
+From a parent repo, add this one as a submodule:
+
+```shell
+git submodule add https://gitea.john-stream.com/john/restic-scripts
+```
+
+Then add this to the `docker-compose.yml` file of the parent.
+
+```yaml
+include:
+  - restic-scripts/docker-compose.yml
+```
+
+### Environment Variables
+
+Put these in `./restic-scripts/.env`, which is on the `.gitignore` list.
 
 | Env Variable        | Description                                                                             |
-|---------------------|--------------------------------------------------------------------------------------------|
+| ------------------- | --------------------------------------------------------------------------------------- |
-| `HOSTNAME`          | Network hostname of where the backup is running. Used to tag the backups in restic         |
 | `BACKUP_DIR`        | Directory to back up                                                                    |
 | `RESTIC_REPOSITORY` | Directory for the restic repository. This is usually on a mount point made from Proxmox |
-| `RESTIC_PASSWORD`   | Password for the restic repository                                                         |
+| `TZ`                | Set to modify the timezone shown in the scheduler                                       |
-| `LOKI_URL`          | Push URL for Loki. Should include the port and end with something like `/loki/api/v1/push` |
+
+### Key file
+
+The password needs to be stored in `./restic-scripts/key`. Make sure it has the right (secure) permissions.
+
+```shell
+sudo chown root:root ./restic-scripts/key && sudo chmod 600 ./restic-scripts/key
+```
 
 ## Loki Updates
 
@@ -28,16 +51,14 @@ Updates sent to Loki will have the following labels:
 
 ## Usage
 
-```shell
+Check snapshots
-python -m restic.snapshots
-```
-
-To stop docker containers before the backup and start them again afterwards, use the `--project` and `--services` flags.
 
 ```shell
-python -m restic.backup --tag manual --project joplin --services app,db
+docker compose exec backup resticprofile snapshots
 ```
 
+Dry-run a backup
+
 ```shell
-python -m restic.prune
+docker compose exec backup resticprofile --dry-run backup
 ```

docker-compose.yml

@@ -0,0 +1,16 @@
+services:
+  backup:
+    image: creativeprojects/resticprofile
+    entrypoint: '/bin/sh'
+    command:
+      - -c
+      - 'crond && resticprofile-schedule.sh && inotifyd resticprofile-schedule.sh /etc/resticprofile:w'
+    env_file:
+      - .env
+    hostname: ${HOSTNAME}
+    volumes:
+      - ./restic-profile.yaml:/etc/resticprofile/profiles.yaml:ro
+      - ./resticprofile-schedule.sh:/usr/local/bin/resticprofile-schedule.sh:ro
+      - ./key:/etc/resticprofile/key:ro
+      - ${BACKUP_DIR}:${BACKUP_DIR}:ro
+      - ${RESTIC_REPOSITORY}:${RESTIC_REPOSITORY}:rw

pyproject.toml

@@ -12,4 +12,4 @@ authors = [
 license = { file = "LICENSE" }
 requires-python = ">=3.10"
 
-dependencies = ["rich", "requests", "click", "docker", "python-dotenv"]
+dependencies = ["rich", "requests", "click"]

requirements.txt

@@ -3,5 +3,3 @@ ruff
 rich
 requests
 click
-docker
-python-dotenv

restic-profile.yaml

@@ -0,0 +1,30 @@
+
+global:
+  scheduler: crond
+
+default:
+  base-dir: ${BACKUP_DIR}
+  repository: local:${RESTIC_REPOSITORY}
+  password-file: key
+  initialize: true
+  backup:
+    source: ./
+    exclude-caches: true
+    one-file-system: true
+    schedule: "*:00"
+    schedule-permission: system
+    check-before: true
+    tag:
+      - resticprofile
+  
+  retention:
+    after-backup: true
+    before-backup: false
+    prune: true
+    tag:
+      - resticprofile
+    keep-within: 3h
+    keep-hourly: 72
+    keep-daily: 14
+    keep-weekly: 8
+    keep-monthly: 6

resticprofile-schedule.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+resticprofile unschedule
+
+resticprofile schedule --all
+
+echo "Scheduled all restic profiles"

src/restic/backup.py

@@ -81,7 +81,6 @@ def main(
     logging.getLogger('urllib3.connectionpool').setLevel('WARNING')
 
     if project is not None and services is not None:
-        logger.debug(f'Using project {project} and stopping services: {services}')
         decorator = manage_containers(project=project, services=services.split(','))
         func = decorator(run)
     else:
@@ -97,10 +96,4 @@ def main(
 
 
 if __name__ == '__main__':
-    from dotenv import load_dotenv
-    from pathlib import Path
-
-    dotenv_file = Path.cwd() / '.env'
-    print(dotenv_file)
-    load_dotenv(dotenv_path=dotenv_file)
     main()

src/restic/docker.py

@@ -15,12 +15,11 @@ def manage_containers(project: str, services: list[str]):
             try:
                 project_containers = (
                     c
-                    for c in client.containers.list(all=True)
+                    for c in client.containers.list()
-                    if c.labels.get('com.docker.compose.project', False)
+                    if c.labels['com.docker.compose.project'] == project
                 )
                 service_dict: dict[str, Container] = {
-                    service: c for c in project_containers
+                    c.labels['com.docker.compose.service']: c for c in project_containers
-                    if (service := c.labels.get('com.docker.compose.service', False))
                 }
                 containers: list[Container] = [service_dict[s] for s in services]
             except Exception as e:

src/restic/forget.py

@@ -95,7 +95,4 @@ def main(loki_url: str, dry_run: bool, **kwargs):
 
 
 if __name__ == '__main__':
-    from dotenv import load_dotenv
-
-    load_dotenv()
     main()

src/restic/snapshots.py

@@ -35,7 +35,4 @@ def main(loki_url: str = None):
 
 
 if __name__ == '__main__':
-    from dotenv import load_dotenv
-    
-    load_dotenv()
     main()