forked from zertrin/duplicity-backup.sh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
duplicity-backup.conf.example
399 lines (346 loc) · 16.3 KB
/
duplicity-backup.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
#!/bin/bash
#
# Copyright (c) 2008-2010 Damon Timm.
# Copyright (c) 2010 Mario Santagiuliana.
# Copyright (c) 2012-2015 Marc Gallet.
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, see <http://www.gnu.org/licenses/>.
#
# MORE ABOUT THIS SCRIPT AVAILABLE IN THE README AND AT:
#
# http://zertrin.org/projects/duplicity-backup/ (for this version)
# http://damontimm.com/code/dt-s3-backup (for the original program by Damon Timm)
#
# Latest code available at:
# http://github.com/zertrin/duplicity-backup
#
# List of contributors:
# https://github.com/zertrin/duplicity-backup/graphs/contributors
#
# ---------------------------------------------------------------------------- #
# #############################################
# # DUPLICITY-BACKUP CONFIG FILE #
# #############################################
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# ! DO NOT edit this file! !
# ! (duplicity-backup.conf.example) !
# ! please copy it to anywhere you want !
# ! (typically duplicity-backup.conf) !
# ! and edit that copy instead !
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# .............
# . WARNING .
# .............
#
# duplicity-backup.sh IS NOT duplicity!
#
# It is only a wrapper script for duplicity written in bash!
#
# This means the following:
#
# * You need to install and configure duplicity BEFORE using duplicity-backup.sh
#
# * The official documentation of duplicity (http://duplicity.nongnu.org/duplicity.1.html)
# is relevant to duplicity-backup.sh too. Virtually any option supported
# by duplicity can be specified in the config file of duplicity-backup.sh.
# See the `STATIC_OPTIONS`, `CLEAN_UP_TYPE` and `CLEAN_UP_VARIABLE` parameters in particular.
#
# * Before asking something about duplicity-backup.sh, ensure that your question
# isn’t actually concerning duplicity ;)
# First, make sure you can perform a backup with duplicity without using this script.
# If you can't make the backup work with duplicity alone, the problem is probably
# concerning duplicity and not this script. If you manage to make a backup with duplicity
# alone but not with this script, then there is probably a problem with duplicity-backup.sh.
# ------------------------------------------------------------------------------
# BACKUP SOURCE INFORMATION
# ------------------------------------------------------------------------------
#
# The ROOT of your backup (where you want the backup to start);
# This can be / or somewhere else -- I use /home/ because all the
# directories that I want to backup start with /home/.
#
ROOT="/home"
# Set hostname for this duplicity instance, usefull for e-mail reports
#
HOSTNAME=$(hostname -f)
# ------------------------------------------------------------------------------
# BACKUP DESTINATION INFORMATION
# ------------------------------------------------------------------------------
# In my case, I use Amazon S3 use this - so I made up a unique
# bucket name (you don't have to have one created, it will do it
# for you). If you don't want to use Amazon S3, you can backup
# to a file or any of duplicity's supported outputs.
#
# The s3+http scheme uses the default aws s3 hostname.
# Use s3://host/bucket/[backup-folder/] if you want to specify the host name.
# If using the s3://... scheme and you have s3cmd installed, be sure to change
# 's3.amazonaws.com' to the appropriate host in your .s3cfg file so that the
# remote file size check will work.
#DEST="s3://host/backup-bucket/backup-folder/"
DEST="s3+http://foobar-backup-bucket/backup-folder/"
# Other possible locations
# Be sure to check duplicity's man page to know how to use them
# (http://duplicity.nongnu.org/duplicity.1.html)
#
#DEST="gs://foobar-backup-bucket/backup-folder/"
#DEST="ftp://user[:password]@other.host[:port]/some_dir"
#DEST="rsync://user@host.com[:port]//absolute_path"
#DEST="scp://user[:password]@other.host[:port]/[/]some_dir"
#DEST="ssh://user[:password]@other.host[:port]/[/]some_dir"
#DEST="sftp://user[:password]@other.host[:port]/[/]some_dir"
#DEST="file:///home/foobar_user_name/new-backup-test/"
#DEST="imap[s]://user[:password]@host.com[/from_address_prefix]"
#DEST="webdav[s]://user[:password]@other.host[:port]/some_dir"
#DEST="gdocs://foobar_google_account/some_dir"
#DEST="swift://foobar_swift_container/some_dir"
# ------------------------------------------------------------------------------
# DESTINATION BACKEND PASSWORD
# ------------------------------------------------------------------------------
# Instead of setting the password needed for the backup destination in the
# DEST url, you can supply it in the FTP_PASSWORD variable below, which is
# used by most, if not all backends, regardless of it’s name.
# Duplicity's official documentation states:
# "Supported by most backends which are password capable. More secure than
# setting it in the backend url (which might be readable in the operating
# systems process listing to other users on the same machine)."
#
#FTP_PASSWORD="password"
# ------------------------------------------------------------------------------
# AMAZON S3 INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using Amazon S3
#
#AWS_ACCESS_KEY_ID="foobar_aws_key_id"
#AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
#
# S3CMD INFORMATION
# Most people don't need this, but in some cases
# you may want to specify a custom configuration file
# to pass to s3cmd. If so, set the S3CMD_CONF_FILE variable
# to the full path of this custom config file.
# Per default s3cmd uses ${HOME}/.s3cfg
#
#S3CMD_CONF_FILE='/path/to/your/s3cmd/conf/file'
# ------------------------------------------------------------------------------
# GOOGLE CLOUD STORAGE INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using Google Cloud storage
#
#GS_ACCESS_KEY_ID="foobar_gcs_key_id"
#GS_SECRET_ACCESS_KEY="foobar_gcs_secret_id"
# ------------------------------------------------------------------------------
# OPENSTACK OBJECT STORAGE (SWIFT) INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using OpenStack Object Storage (Swift)
#
#SWIFT_USERNAME="foobar_swift_tenant:foobar_swift_username"
#SWIFT_PASSWORD="foobar_swift_password"
#SWIFT_AUTHURL="foobar_swift_authurl"
#SWIFT_AUTHVERSION="2"
# ------------------------------------------------------------------------------
# INCLUDE LIST OF DIRECTORIES
# ------------------------------------------------------------------------------
# Here is a list of directories to include; if you want to include
# everything that is in ROOT, leave this list empty.
#
# Here is an example with multiple locations:
#
#INCLIST=( "/home/*/Documents" \
# "/home/*/Projects" \
# "/home/*/logs" \
# "/home/www/mysql-backups" \
# )
#
# Simpler example with one location:
INCLIST=( "/home/foobar_user_name/Documents/" )
# ------------------------------------------------------------------------------
# EXCLUDE LIST OF DIRECTORIES
# ------------------------------------------------------------------------------
# Even though I am being specific about what I want to include,
# there is still a lot of stuff I don't need.
# If you don't want to exclude anything, leave this list empty.
#
# Here is an example with multiple locations:
#
#EXCLIST=( "/home/*/Trash" \
# "/home/*/Projects/Completed" \
# "/**.DS_Store" \
# "/**Icon?" \
# "/**.AppleDouble" \
# )
# Simpler example with one location. Adapt it to your needs.
EXCLIST=( "/home/foobar_user_name/Documents/foobar-to-exclude" )
# ------------------------------------------------------------------------------
# INCLUDE GLOBBING FILELIST
# ------------------------------------------------------------------------------
# Instead of using the INCLIST/EXCLIST variable you can also define a special
# (text-)file where each line in the filelist will be interpreted as
# a globbing pattern. By using the '+' or '-' sign at the beginning of each line
# you are able to specify if the folder should be included or excluded.
#
# Example:
# + /dir/foo
# - /dir/foob*
# + /dir/*
#
# From the duplicity manual:
# Lines starting with "+" are interpreted as include directives[...]Similarly, lines starting with "-" exclude files even if they are found within an include filelist.
# For more examples or information refer to http://duplicity.nongnu.org/duplicity.1.html#sect10
#
#INCEXCFILE=/path/to/file
# ------------------------------------------------------------------------------
# EXCLUDE DEVICE FILES
# ------------------------------------------------------------------------------
# Exclude all device files. This can be useful for security/permissions reasons
# or if device files are not handled correctly.
#
#EXDEVICEFILES=1
# ------------------------------------------------------------------------------
# ENCRYPTION INFORMATION
# ------------------------------------------------------------------------------
#
# Do you want your backup to be encrypted? yes/no
# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
ENCRYPTION='yes'
# If you are NOT running this from a cron, comment this line out
# and duplicity should prompt you for your password.
# Otherwise this password is either used for symmetric encryption
# (your backups will be encrypted with this password) or is used
# for the "GPG_SIGN_KEY" (see below).
# Comment out if you aren't using encryption
# Note: if you have a '$' in your passphrase, escape it with a '\'
PASSPHRASE="foobar_gpg_passphrase"
# Specify which GPG keys you would like to use (even if you have only one).
# If you are running this from a cron, it is highly recommended to create separate
# signature and encryption keys, because you have to specify the password for the
# GPG_SIGN_KEY via the above PASSPHRASE variable
# (see http://www.debian-administration.org/articles/209#d0e109).
# If you are not running the script from a cron, duplicity should prompt you for the
# GPG_SIGN_KEY password.
# If you choose to use the same GPG key for encryption and signature, set it both
# in GPG_ENC_KEY and GPG_SIGN_KEY.
# Comment out if you're using only PASSPHRASE (symmetric encryption) or not using
# encryption at all.
GPG_ENC_KEY="foobar_gpg_key"
GPG_SIGN_KEY="foobar_gpg_key"
# Do you want to hide the key id of the encrypted files? yes/no
# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
# On restore, gpg will automatically try all available secret keys in order to
# decrypt the backup. See gpg(1) for more details.
#
# HIDE_KEY_ID='yes'
# You can optionally specify the secret keyring file to use for the encryption and
# signing keys. If not specified, the default secret keyring is used which is
# usually located at ~/.gnupg/secring.gpg
#
#SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
# ------------------------------------------------------------------------------
# STATIC BACKUP OPTIONS
# ------------------------------------------------------------------------------
#
# Here you can define the static backup options that you want to run with
# duplicity. Reference is the manpage of duplicity (available at
# http://duplicity.nongnu.org/duplicity.1.html for example)
# Useful examples are `--full-if-older-than` option and (for those using
# Amazon S3 in Europe) `--s3-use-new-style` and `--s3-european-buckets` options
# Be sure to separate your options with appropriate spacing.
STATIC_OPTIONS="--full-if-older-than 14D --s3-use-new-style"
# ------------------------------------------------------------------------------
# FULL BACKUP & REMOVE OLDER THAN SETTINGS
# ------------------------------------------------------------------------------
#
# Because duplicity will continue to add to each backup as you go,
# it will eventually create a very large set of files. Also, incremental
# backups leave room for problems in the chain, so doing a "full"
# backup every so often is not a bad idea.
#
# You can remove older than a specific time period:
#
#CLEAN_UP_TYPE="remove-older-than"
#CLEAN_UP_VARIABLE="31D"
#
# Or, If you would rather keep a certain (n) number of full backups (rather
# than removing the files based on their age), you can use what I use:
CLEAN_UP_TYPE="remove-all-but-n-full"
CLEAN_UP_VARIABLE="4"
# The third option is to skip cleanup altogether, by:
#
#CLEAN_UP_TYPE="none"
#
# In combination with "remove-older-than" clean-up type, you may want
# to keep only the full backups older than (n) number backup sets. For example,
# let's say you set to CLEAN_UP_TYPE="remove-older-than", CLEAN_UP_VARIABLE
# to "6M" (six months), STATIC_OPTIONS to "--full-if-older-than 7D"
# (a full backup every 7 days), and you execute duplicity-backup once a day.
# After six months you'll have 25 full backups, each with daily incrementals
# in between. Perhaps you're keeping the backups past 1 month "just in case",
# and so the older incrementals are overkill – weekly full backups beyond
# one month backward would suffice. In this case you can set
# "REMOVE_INCREMENTALS_OLDER_THAN to, say, "4" which will delete the
# incrementals for backup sets beyond the four most recent, keeping
# only the full weekly backups for those backup sets. The incrementals
# for the four most recent backup sets remain untouched.
#
#REMOVE_INCREMENTALS_OLDER_THAN="4"
# ------------------------------------------------------------------------------
# LOGFILE INFORMATION DIRECTORY
# ------------------------------------------------------------------------------
#
# Provide directory for logfile, ownership of logfile & directory, and verbosity level.
# I run this script as root, but save the log files under my user name --
# just makes it easier for me to read them and delete them as needed.
LOGDIR="/home/foobar_user_name/logs/test2/"
LOG_FILE="duplicity-`date +%Y-%m-%d_%H-%M`.txt"
LOG_FILE_OWNER="foobar_user_name:foobar_user_name"
# Note that if the configured LOGDIR does not exist it will be created
# and its owner:group set to that of the configured LOG_FILE_OWNER.
# If the configured LOGDIR already exists no change to owner:group is attempted.
#
#REMOVE_LOGS_OLDER_THAN='30' # (days) uncomment to activate
VERBOSITY="-v3"
# Set the tmpdir for duplicity to use.
#TMPDIR="/tmp"
# ------------------------------------------------------------------------------
# EMAIL ALERT (*thanks: rmarescu*)
# ------------------------------------------------------------------------------
#
# Provide an email address to receive the logfile by email. If no email
# address is provided, no alert will be sent.
# You can set a custom from email address and a custom subject (both optionally)
# If no value is provided for the subject, the following value will be
# used by default: "duplicity-backup Alert ${LOG_FILE}"
# MTA used: mailx
#EMAIL="admin@example.com"
EMAIL_TO=
EMAIL_FROM=
EMAIL_SUBJECT=
EMAIL_FAILURE_ONLY="yes" # send e-mail only if there was an error while creating backup
# command to use to send mail
MAIL="mailx" # default command for Linux mail
#MAIL="mail" # for CentOS, if "mailx" fails try this one
#MAIL="ssmtp"
#MAIL="sendmail"
#MAIL="msmtp"
# ------------------------------------------------------------------------------
# TROUBLESHOOTING
# ------------------------------------------------------------------------------
#
# If you are having any problems running this script it is
# helpful to see the command output that is being generated to determine if the
# script is causing a problem or if it is an issue with duplicity (or your
# setup). Simply uncomment the ECHO line below and the commands will be
# printed to the logfile. This way, you can see if the problem is with the
# script or with duplicity.
#
#ECHO=$(which echo)