jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions
mochi/nixos/hosts/shadowfax/config/borgmatic/borgmatic-template.yaml

1457 lines
54 KiB
YAML
Raw Normal View History

remove restic, add borgmatic. update template update config template update
2025-02-25 12:33:35 -06:00
# Constants to use in the configuration file. Within option values,
# all occurrences of the constant name in curly braces will be
# replaced with the constant value. For example, if you have a
# constant named "app_name" with the value "myapp", then the string
# "{app_name}" will be replaced with "myapp" in the configuration
# file.
# constants:
# app_name: myapp
# user: myuser
# List of source directories and files to back up. Globs and tildes
# are expanded. Do not backslash spaces in path names.
source_directories:
- /nahar/containers/volumes/plex
# A required list of local or remote repositories with paths and
# optional labels (which can be used with the --repository flag to
# select a repository). Tildes are expanded. Multiple repositories are
# backed up to in sequence. Borg placeholders can be used. See the
# output of "borg help placeholders" for details. See ssh_command for
# SSH options like identity file or port. If systemd service is used,
# then add local repository paths in the systemd service file to the
# ReadWritePaths list. Prior to borgmatic 1.7.10, repositories was a
# list of plain path strings.
repositories:
- path: /eru/borg/plex
label: local
# Working directory to use when running actions, useful for backing up
# using relative source directory paths. Does not currently apply to
# borgmatic configuration file paths or includes. Tildes are expanded.
# See http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to not set.
# working_directory: /path/to/working/directory
# Stay in same file system; do not cross mount points beyond the given
# source directories. Defaults to false.
# one_file_system: true
# Only store/extract numeric user and group identifiers. Defaults to
# false.
# numeric_ids: true
# Store atime into archive. Defaults to true in Borg < 1.2, false in
# Borg 1.2+.
# atime: false
# Store ctime into archive. Defaults to true.
# ctime: false
# Store birthtime (creation date) into archive. Defaults to true.
# birthtime: false
# Use Borg's --read-special flag to allow backup of block and other
# special devices. Use with caution, as it will lead to problems if
# used when backing up special devices such as /dev/zero. Defaults to
# false. But when a database hook is used, the setting here is ignored
# and read_special is considered true.
# read_special: false
# Record filesystem flags (e.g. NODUMP, IMMUTABLE) in archive.
# Defaults to true.
# flags: true
# Mode in which to operate the files cache. See
# http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to "ctime,size,inode".
# files_cache: ctime,size,inode
# Alternate Borg local executable. Defaults to "borg".
# local_path: borg1
# Alternate Borg remote executable. Defaults to "borg".
# remote_path: borg1
# Any paths matching these patterns are included/excluded from
# backups. Globs are expanded. (Tildes are not.) See the output of
# "borg help patterns" for more details. Quote any value if it
# contains leading punctuation, so it parses correctly.
# patterns:
# - R /
# - '- /home/*/.cache'
# - + /home/susan
# - '- /home/*'
# Read include/exclude patterns from one or more separate named files,
# one pattern per line. See the output of "borg help patterns" for
# more details.
# patterns_from:
# - /etc/borgmatic/patterns
# Any paths matching these patterns are excluded from backups. Globs
# and tildes are expanded. Note that a glob pattern must either start
# with a glob or be an absolute path. Do not backslash spaces in path
# names. See the output of "borg help patterns" for more details.
# exclude_patterns:
# - '*.pyc'
# - /home/*/.cache
# - '*/.vim*.tmp'
# - /etc/ssl
# - /home/user/path with spaces
# Read exclude patterns from one or more separate named files, one
# pattern per line. See the output of "borg help patterns" for more
# details.
# exclude_from:
# - /etc/borgmatic/excludes
# Exclude directories that contain a CACHEDIR.TAG file. See
# http://www.brynosaurus.com/cachedir/spec.html for details. Defaults
# to false.
# exclude_caches: true
# Exclude directories that contain a file with the given filenames.
# Defaults to not set.
# exclude_if_present:
# - .nobackup
# If true, the exclude_if_present filename is included in backups.
# Defaults to false, meaning that the exclude_if_present filename is
# omitted from backups.
# keep_exclude_tags: true
# Exclude files with the NODUMP flag. Defaults to false.
# exclude_nodump: true
# Deprecated. Only used for locating database dumps and bootstrap
# metadata within backup archives created prior to deprecation.
# Replaced by user_runtime_directory and user_state_directory.
# Defaults to ~/.borgmatic
# borgmatic_source_directory: /tmp/borgmatic
# Path for storing temporary runtime data like streaming database
# dumps and bootstrap metadata. borgmatic automatically creates and
# uses a "borgmatic" subdirectory here. Defaults to $XDG_RUNTIME_DIR
# or or $TMPDIR or $TEMP or /run/user/$UID.
# user_runtime_directory: /run/user/1001
# Path for storing borgmatic state files like records of when checks
# last ran. borgmatic automatically creates and uses a "borgmatic"
# subdirectory here. If you change this option, borgmatic must
# create the check records again (and therefore re-run checks).
# Defaults to $XDG_STATE_HOME or ~/.local/state.
# user_state_directory: /var/lib/borgmatic
# If true, then source directories (and root pattern paths) must
# exist. If they don't, an error is raised. Defaults to false.
# source_directories_must_exist: true
# The standard output of this command is used to unlock the encryption
# key. Only use on repositories that were initialized with
# passcommand/repokey/keyfile encryption. Note that if both
# encryption_passcommand and encryption_passphrase are set, then
# encryption_passphrase takes precedence. This can also be used to
# access encrypted systemd service credentials. Defaults to not set.
# For more details, see:
# https://torsion.org/borgmatic/docs/how-to/provide-your-passwords/
# encryption_passcommand: secret-tool lookup borg-repository repo-name
# Passphrase to unlock the encryption key with. Only use on
# repositories that were initialized with passphrase/repokey/keyfile
# encryption. Quote the value if it contains punctuation, so it parses
# correctly. And backslash any quote or backslash literals as well.
# Defaults to not set. Supports the "{credential ...}" syntax.
# encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
# Number of seconds between each checkpoint during a long-running
# backup. See https://borgbackup.readthedocs.io/en/stable/faq.html for
# details. Defaults to checkpoints every 1800 seconds (30 minutes).
# checkpoint_interval: 1800
# Number of backed up bytes between each checkpoint during a
# long-running backup. Only supported with Borg 2+. See
# https://borgbackup.readthedocs.io/en/stable/faq.html for details.
# Defaults to only time-based checkpointing (see
# "checkpoint_interval") instead of volume-based checkpointing.
# checkpoint_volume: 1048576
# Specify the parameters passed to the chunker (CHUNK_MIN_EXP,
# CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE). See
# https://borgbackup.readthedocs.io/en/stable/internals.html for
# details. Defaults to "19,23,21,4095".
# chunker_params: 19,23,21,4095
# Type of compression to use when creating archives. (Compression
# level can be added separated with a comma, like "zstd,7".) See
# http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to "lz4".
# compression: lz4
# Remote network upload rate limit in kiBytes/second. Defaults to
# unlimited.
# upload_rate_limit: 100
# Size of network upload buffer in MiB. Defaults to no buffer.
# upload_buffer_size: 160
# Number of times to retry a failing backup before giving up. Defaults
# to 0 (i.e., does not attempt retry).
# retries: 3
# Wait time between retries (in seconds) to allow transient issues
# to pass. Increases after each retry by that same wait time as a
# form of backoff. Defaults to 0 (no wait).
# retry_wait: 10
# Directory where temporary Borg files are stored. Defaults to
# $TMPDIR. See "Resource Usage" at
# https://borgbackup.readthedocs.io/en/stable/usage/general.html for
# details.
# temporary_directory: /path/to/tmpdir
# Command to use instead of "ssh". This can be used to specify ssh
# options. Defaults to not set.
# ssh_command: ssh -i /path/to/private/key
# Base path used for various Borg directories. Defaults to $HOME,
# ~$USER, or ~.
# borg_base_directory: /path/to/base
# Path for Borg configuration files. Defaults to
# $borg_base_directory/.config/borg
# borg_config_directory: /path/to/base/config
# Path for Borg cache files. Defaults to
# $borg_base_directory/.cache/borg
# borg_cache_directory: /path/to/base/cache
# Maximum time to live (ttl) for entries in the Borg files cache.
# borg_files_cache_ttl: 20
# Path for Borg security and encryption nonce files. Defaults to
# $borg_base_directory/.config/borg/security
# borg_security_directory: /path/to/base/config/security
# Path for Borg encryption key files. Defaults to
# $borg_base_directory/.config/borg/keys
# borg_keys_directory: /path/to/base/config/keys
# A list of Borg exit codes that should be elevated to errors or
# squashed to warnings as indicated. By default, Borg error exit codes
# (2 to 99) are treated as errors while warning exit codes (1 and
# 100+) are treated as warnings. Exit codes other than 1 and 2 are
# only present in Borg 1.4.0+.
# borg_exit_codes:
# - code: 13
# treat_as: warning
# - code: 100
# treat_as: error
# Umask used for when executing Borg or calling hooks. Defaults to
# 0077 for Borg or the umask that borgmatic is run with for hooks.
# umask: 77
# Maximum seconds to wait for acquiring a repository/cache lock.
# Defaults to 1.
# lock_wait: 5
# Name of the archive to create. Borg placeholders can be used. See
# the output of "borg help placeholders" for details. Defaults to
# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}" with Borg 1 and
# "{hostname}" with Borg 2, as Borg 2 does not require unique
# archive names; identical archive names form a common "series" that
# can be targeted together. When running actions like repo-list,
# info, or check, borgmatic automatically tries to match only
# archives created with this name format.
# archive_name_format: '{hostname}-documents-{now}'
# A Borg pattern for filtering down the archives used by borgmatic
# actions that operate on multiple archives. For Borg 1.x, use a shell
# pattern here and see the output of "borg help placeholders" for
# details. For Borg 2.x, see the output of "borg help match-archives".
# If match_archives is not specified, borgmatic defaults to deriving
# the match_archives value from archive_name_format.
# match_archives: sh:{hostname}-*
# Bypass Borg error about a repository that has been moved. Defaults
# to not bypassing.
# relocated_repo_access_is_ok: true
# Bypass Borg error about a previously unknown unencrypted repository.
# Defaults to not bypassing.
# unknown_unencrypted_repo_access_is_ok: true
# Bypass Borg confirmation about check with repair option. Defaults to
# an interactive prompt from Borg.
# check_i_know_what_i_am_doing: true
# Additional options to pass directly to particular Borg commands,
# handy for Borg options that borgmatic does not yet support natively.
# Note that borgmatic does not perform any validation on these
# options. Running borgmatic with "--verbosity 2" shows the exact Borg
# command-line invocation.
# extra_borg_options:
# Extra command-line options to pass to "borg init".
# init: --extra-option
# Extra command-line options to pass to "borg create".
# create: --extra-option
# Extra command-line options to pass to "borg prune".
# prune: --extra-option
# Extra command-line options to pass to "borg compact".
# compact: --extra-option
# Extra command-line options to pass to "borg check".
# check: --extra-option
# Keep all archives within this time interval. See "skip_actions" for
# disabling pruning altogether.
# keep_within: 3H
# Number of secondly archives to keep.
# keep_secondly: 60
# Number of minutely archives to keep.
# keep_minutely: 60
# Number of hourly archives to keep.
# keep_hourly: 24
# Number of daily archives to keep.
keep_daily: 7
# Number of weekly archives to keep.
# keep_weekly: 4
# Number of monthly archives to keep.
# keep_monthly: 6
# Number of yearly archives to keep.
# keep_yearly: 1
# Deprecated. When pruning or checking archives, only consider archive
# names starting with this prefix. Borg placeholders can be used. See
# the output of "borg help placeholders" for details. If a prefix is
# not specified, borgmatic defaults to matching archives based on the
# archive_name_format (see above).
# prefix: sourcehostname
# List of one or more consistency checks to run on a periodic basis
# (if "frequency" is set) or every time borgmatic runs checks (if
# "frequency" is omitted).
# checks:
# Name of the consistency check to run:
# * "repository" checks the consistency of the
# repository.
# * "archives" checks all of the archives.
# * "data" verifies the integrity of the data
# within the archives and implies the "archives"
# check as well.
# * "spot" checks that some percentage of source
# files are found in the most recent archive (with
# identical contents).
# * "extract" does an extraction dry-run of the
# most recent archive.
# * See "skip_actions" for disabling checks
# altogether.
# - name: spot
# How frequently to run this type of consistency
# check (as a best effort). The value is a number
# followed by a unit of time. E.g., "2 weeks" to
# run this consistency check no more than every
# two weeks for a given repository or "1 month" to
# run it no more than monthly. Defaults to
# "always": running this check every time checks
# are run.
# frequency: 2 weeks
# After the "frequency" duration has elapsed, only
# run this check if the current day of the week
# matches one of these values (the name of a day of
# the week in the current locale). "weekday" and
# "weekend" are also accepted. Defaults to running
# the check on any day of the week.
# only_run_on:
# - Saturday
# - Sunday
# The percentage delta between the source
# directories file count and the most recent backup
# archive file count that is allowed before the
# entire consistency check fails. This can catch
# problems like incorrect excludes, inadvertent
# deletes, etc. Required (and only valid) for the
# "spot" check.
# count_tolerance_percentage: 10
# The percentage of total files in the source
# directories to randomly sample and compare to
# their corresponding files in the most recent
# backup archive. Required (and only valid) for the
# "spot" check.
# data_sample_percentage: 1
# The percentage of total files in the source
# directories that can fail a spot check comparison
# without failing the entire consistency check. This
# can catch problems like source files that have
# been bulk-changed by malware, backups that have
# been tampered with, etc. The value must be lower
# than or equal to the "contents_sample_percentage".
# Required (and only valid) for the "spot" check.
# data_tolerance_percentage: 0.5
# Command to use instead of "xxh64sum" to hash
# source files, usually found in an OS package named
# "xxhash". Do not substitute with a different hash
# type (SHA, MD5, etc.) or the check will never
# succeed. Only valid for the "spot" check.
# xxh64sum_command: /usr/local/bin/xxh64sum
# How many seconds to check the repository before
# interrupting the check. Useful for splitting a
# long-running repository check into multiple
# partial checks. Defaults to no interruption. Only
# applies to the "repository" check, does not check
# the repository index and is not compatible with
# the "--repair" flag.
# max_duration: 3600
# Paths or labels for a subset of the configured "repositories" (see
# above) on which to run consistency checks. Handy in case some of
# your repositories are very large, and so running consistency checks
# on them would take too long. Defaults to running consistency checks
# on all configured repositories.
# check_repositories:
# - user@backupserver:sourcehostname.borg
# Restrict the number of checked archives to the last n. Applies only
# to the "archives" check. Defaults to checking all archives.
# check_last: 3
# Apply color to console output. Can be overridden with --no-color
# command-line flag. Defaults to true.
# color: false
# List of one or more actions to skip running for this configuration
# file, even if specified on the command-line (explicitly or
# implicitly). This is handy for append-only configurations where you
# never want to run "compact" or checkless configuration where you
# want to skip "check". Defaults to not skipping any actions.
# skip_actions:
# - compact
# List of one or more shell commands or scripts to execute before all
# the actions for each repository.
# before_actions:
# - echo Starting actions.
# List of one or more shell commands or scripts to execute before
# creating a backup, run once per repository.
# before_backup:
# - echo Starting a backup.
# List of one or more shell commands or scripts to execute before
# pruning, run once per repository.
# before_prune:
# - echo Starting pruning.
# List of one or more shell commands or scripts to execute before
# compaction, run once per repository.
# before_compact:
# - echo Starting compaction.
# List of one or more shell commands or scripts to execute before
# consistency checks, run once per repository.
# before_check:
# - echo Starting checks.
# List of one or more shell commands or scripts to execute before
# extracting a backup, run once per repository.
# before_extract:
# - echo Starting extracting.
# List of one or more shell commands or scripts to execute after
# creating a backup, run once per repository.
# after_backup:
# - echo Finished a backup.
# List of one or more shell commands or scripts to execute after
# compaction, run once per repository.
# after_compact:
# - echo Finished compaction.
# List of one or more shell commands or scripts to execute after
# pruning, run once per repository.
# after_prune:
# - echo Finished pruning.
# List of one or more shell commands or scripts to execute after
# consistency checks, run once per repository.
# after_check:
# - echo Finished checks.
# List of one or more shell commands or scripts to execute after
# extracting a backup, run once per repository.
# after_extract:
# - echo Finished extracting.
# List of one or more shell commands or scripts to execute after all
# actions for each repository.
# after_actions:
# - echo Finished actions.
# List of one or more shell commands or scripts to execute when an
# exception occurs during a "create", "prune", "compact", or "check"
# action or an associated before/after hook.
# on_error:
# - echo Error during create/prune/compact/check.
# List of one or more shell commands or scripts to execute before
# running all actions (if one of them is "create"). These are
# collected from all configuration files and then run once before all
# of them (prior to all actions).
# before_everything:
# - echo Starting actions.
# List of one or more shell commands or scripts to execute after
# running all actions (if one of them is "create"). These are
# collected from all configuration files and then run once after all
# of them (after any action).
# after_everything:
# - echo Completed actions.
# Support for the "borgmatic bootstrap" action, used to extract
# borgmatic configuration files from a backup archive.
# bootstrap:
# Store configuration files used to create a backup inside the
# backup itself. Defaults to true. Changing this to false
# prevents "borgmatic bootstrap" from extracting configuration
# files from the backup.
# store_config_files: false
# List of one or more PostgreSQL databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires pg_dump/pg_dumpall/pg_restore commands. See
# https://www.postgresql.org/docs/current/app-pgdump.html and
# https://www.postgresql.org/docs/current/libpq-ssl.html for
# details.
# postgresql_databases:
# Database name (required if using this hook). Or "all" to
# dump all databases on the host. (Also set the "format"
# to dump each database to a separate file instead of one
# combined file.) Note that using this database hook
# implicitly enables read_special (see above) to support
# dump and restore streaming.
# - name: users
# Database hostname to connect to. Defaults to connecting
# via local Unix socket.
# hostname: database.example.org
# Database hostname to restore to. Defaults to the
# "hostname" option.
# restore_hostname: database.example.org
# Port to connect to. Defaults to 5432.
# port: 5433
# Port to restore to. Defaults to the "port" option.
# restore_port: 5433
# Username with which to connect to the database. Defaults
# to the username of the current user. You probably want
# to specify the "postgres" superuser here when the
# database name is "all". Supports the "{credential ...}"
# syntax.
# username: dbuser
# Username with which to restore the database. Defaults to
# the "username" option. Supports the "{credential ...}"
# syntax.
# restore_username: dbuser
# Password with which to connect to the database. Omitting
# a password will only work if PostgreSQL is configured to
# trust the configured username without a password or you
# create a ~/.pgpass file. Supports the "{credential ...}"
# syntax.
# password: trustsome1
# Password with which to connect to the restore database.
# Defaults to the "password" option. Supports the
# "{credential ...}" syntax.
# restore_password: trustsome1
# Do not output commands to set ownership of objects to
# match the original database. By default, pg_dump and
# pg_restore issue ALTER OWNER or SET SESSION
# AUTHORIZATION statements to set ownership of created
# schema elements. These statements will fail unless the
# initial connection to the database is made by a
# superuser.
# no_owner: true
# Database dump output format. One of "plain", "custom",
# "directory", or "tar". Defaults to "custom" (unlike raw
# pg_dump) for a single database. Or, when database name
# is "all" and format is blank, dumps all databases to a
# single file. But if a format is specified with an "all"
# database name, dumps each database to a separate file of
# that format, allowing more convenient restores of
# individual databases. See the pg_dump documentation for
# more about formats.
# format: directory
# SSL mode to use to connect to the database server. One
# of "disable", "allow", "prefer", "require", "verify-ca"
# or "verify-full". Defaults to "disable".
# ssl_mode: require
# Path to a client certificate.
# ssl_cert: /root/.postgresql/postgresql.crt
# Path to a private client key.
# ssl_key: /root/.postgresql/postgresql.key
# Path to a root certificate containing a list of trusted
# certificate authorities.
# ssl_root_cert: /root/.postgresql/root.crt
# Path to a certificate revocation list.
# ssl_crl: /root/.postgresql/root.crl
# Command to use instead of "pg_dump" or "pg_dumpall".
# This can be used to run a specific pg_dump version
# (e.g., one inside a running container). If you run it
# from within a container, make sure to mount your
# host's ".borgmatic" folder into the container using
# the same directory structure. Defaults to "pg_dump"
# for single database dump or "pg_dumpall" to dump all
# databases.
# pg_dump_command: docker exec my_pg_container pg_dump
# Command to use instead of "pg_restore". This can be used
# to run a specific pg_restore version (e.g., one inside a
# running container). Defaults to "pg_restore".
# pg_restore_command: docker exec my_pg_container pg_restore
# Command to use instead of "psql". This can be used to
# run a specific psql version (e.g., one inside a running
# container). Defaults to "psql".
# psql_command: docker exec my_pg_container psql
# Additional pg_dump/pg_dumpall options to pass directly
# to the dump command, without performing any validation
# on them. See pg_dump documentation for details.
# options: --role=someone
# Additional psql options to pass directly to the psql
# command that lists available databases, without
# performing any validation on them. See psql
# documentation for details.
# list_options: --role=someone
# Additional pg_restore/psql options to pass directly to
# the restore command, without performing any validation
# on them. See pg_restore/psql documentation for details.
# restore_options: --role=someone
# Additional psql options to pass directly to the analyze
# command run after a restore, without performing any
# validation on them. See psql documentation for details.
# analyze_options: --role=someone
# List of one or more MariaDB databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mariadb-dump/mariadb commands. See
# https://mariadb.com/kb/en/library/mysqldump/ for details.
# mariadb_databases:
# Database name (required if using this hook). Or "all" to
# dump all databases on the host. Note that using this
# database hook implicitly enables read_special (see
# above) to support dump and restore streaming.
# - name: users
# Database hostname to connect to. Defaults to connecting
# via local Unix socket.
# hostname: database.example.org
# Database hostname to restore to. Defaults to the
# "hostname" option.
# restore_hostname: database.example.org
# Port to connect to. Defaults to 3306.
# port: 3307
# Port to restore to. Defaults to the "port" option.
# restore_port: 5433
# Username with which to connect to the database. Defaults
# to the username of the current user. Supports the
# "{credential ...}" syntax.
# username: dbuser
# Username with which to restore the database. Defaults to
# the "username" option. Supports the "{credential ...}"
# syntax.
# restore_username: dbuser
# Password with which to connect to the database. Omitting
# a password will only work if MariaDB is configured to
# trust the configured username without a password.
# Supports the "{credential ...}" syntax.
# password: trustsome1
# Password with which to connect to the restore database.
# Defaults to the "password" option. Supports the
# "{credential ...}" syntax.
# restore_password: trustsome1
# Command to use instead of "mariadb-dump". This can be
# used to run a specific mariadb_dump version (e.g., one
# inside a running container). If you run it from within
# a container, make sure to mount your host's
# ".borgmatic" folder into the container using the same
# directory structure. Defaults to "mariadb-dump".
# mariadb_dump_command: docker exec mariadb_container mariadb-dump
# Command to run instead of "mariadb". This can be used to
# run a specific mariadb version (e.g., one inside a
# running container). Defaults to "mariadb".
# mariadb_command: docker exec mariadb_container mariadb
# Database dump output format. Currently only "sql" is
# supported. Defaults to "sql" for a single database. Or,
# when database name is "all" and format is blank, dumps
# all databases to a single file. But if a format is
# specified with an "all" database name, dumps each
# database to a separate file of that format, allowing
# more convenient restores of individual databases.
# format: directory
# Use the "--add-drop-database" flag with mariadb-dump,
# causing the database to be dropped right before restore.
# Defaults to true.
# add_drop_database: false
# Additional mariadb-dump options to pass directly to the
# dump command, without performing any validation on them.
# See mariadb-dump documentation for details.
# options: --skip-comments
# Additional options to pass directly to the mariadb
# command that lists available databases, without
# performing any validation on them. See mariadb command
# documentation for details.
# list_options: --defaults-extra-file=mariadb.cnf
# Additional options to pass directly to the mariadb
# command that restores database dumps, without
# performing any validation on them. See mariadb command
# documentation for details.
# restore_options: --defaults-extra-file=mariadb.cnf
# List of one or more MySQL databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mysqldump/mysql commands. See
# https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html for
# details.
# mysql_databases:
# Database name (required if using this hook). Or "all" to
# dump all databases on the host. Note that using this
# database hook implicitly enables read_special (see
# above) to support dump and restore streaming.
# - name: users
# Database hostname to connect to. Defaults to connecting
# via local Unix socket.
# hostname: database.example.org
# Database hostname to restore to. Defaults to the
# "hostname" option.
# restore_hostname: database.example.org
# Port to connect to. Defaults to 3306.
# port: 3307
# Port to restore to. Defaults to the "port" option.
# restore_port: 5433
# Username with which to connect to the database. Defaults
# to the username of the current user. Supports the
# "{credential ...}" syntax.
# username: dbuser
# Username with which to restore the database. Defaults to
# the "username" option. Supports the "{credential ...}"
# syntax.
# restore_username: dbuser
# Password with which to connect to the database. Omitting
# a password will only work if MySQL is configured to
# trust the configured username without a password.
# Supports the "{credential ...}" syntax.
# password: trustsome1
# Password with which to connect to the restore database.
# Defaults to the "password" option. Supports the
# "{credential ...}" syntax.
# restore_password: trustsome1
# Command to use instead of "mysqldump". This can be
# used to run a specific mysql_dump version (e.g., one
# inside a running container). If you run it from within
# a container, make sure to mount your host's
# ".borgmatic" folder into the container using the same
# directory structure. Defaults to "mysqldump".
# mysql_dump_command: docker exec mysql_container mysqldump
# Command to run instead of "mysql". This can be used to
# run a specific mysql version (e.g., one inside a running
# container). Defaults to "mysql".
# mysql_command: docker exec mysql_container mysql
# Database dump output format. Currently only "sql" is
# supported. Defaults to "sql" for a single database. Or,
# when database name is "all" and format is blank, dumps
# all databases to a single file. But if a format is
# specified with an "all" database name, dumps each
# database to a separate file of that format, allowing
# more convenient restores of individual databases.
# format: directory
# Use the "--add-drop-database" flag with mysqldump,
# causing the database to be dropped right before restore.
# Defaults to true.
# add_drop_database: false
# Additional mysqldump options to pass directly to the
# dump command, without performing any validation on them.
# See mysqldump documentation for details.
# options: --skip-comments
# Additional options to pass directly to the mysql
# command that lists available databases, without
# performing any validation on them. See mysql command
# documentation for details.
# list_options: --defaults-extra-file=my.cnf
# Additional options to pass directly to the mysql
# command that restores database dumps, without
# performing any validation on them. See mysql command
# documentation for details.
# restore_options: --defaults-extra-file=my.cnf
# sqlite_databases:
# This is used to tag the database dump file with a name.
# It is not the path to the database file itself. The name
# "all" has no special meaning for SQLite databases.
# - name: users
# Path to the SQLite database file to dump. If relative,
# it is relative to the current working directory. Note
# that using this database hook implicitly enables
# read_special (see above) to support dump and restore
# streaming.
# path: /var/lib/sqlite/users.db
# Path to the SQLite database file to restore to. Defaults
# to the "path" option.
# restore_path: /var/lib/sqlite/users.db
# List of one or more MongoDB databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mongodump/mongorestore commands. See
# https://docs.mongodb.com/database-tools/mongodump/ and
# https://docs.mongodb.com/database-tools/mongorestore/ for details.
# mongodb_databases:
# Database name (required if using this hook). Or "all" to
# dump all databases on the host. Note that using this
# database hook implicitly enables read_special (see
# above) to support dump and restore streaming.
# - name: users
# Database hostname to connect to. Defaults to connecting
# to localhost.
# hostname: database.example.org
# Database hostname to restore to. Defaults to the
# "hostname" option.
# restore_hostname: database.example.org
# Port to connect to. Defaults to 27017.
# port: 27018
# Port to restore to. Defaults to the "port" option.
# restore_port: 5433
# Username with which to connect to the database. Skip it
# if no authentication is needed. Supports the
# "{credential ...}" syntax.
# username: dbuser
# Username with which to restore the database. Defaults to
# the "username" option. Supports the "{credential ...}"
# syntax.
# restore_username: dbuser
# Password with which to connect to the database. Skip it
# if no authentication is needed. Supports the
# "{credential ...}" syntax.
# password: trustsome1
# Password with which to connect to the restore database.
# Defaults to the "password" option. Supports the
# "{credential ...}" syntax.
# restore_password: trustsome1
# Authentication database where the specified username
# exists. If no authentication database is specified, the
# database provided in "name" is used. If "name" is "all",
# the "admin" database is used.
# authentication_database: admin
# Database dump output format. One of "archive", or
# "directory". Defaults to "archive". See mongodump
# documentation for details. Note that format is ignored
# when the database name is "all".
# format: directory
# Additional mongodump options to pass directly to the
# dump command, without performing any validation on them.
# See mongodump documentation for details.
# options: --dumpDbUsersAndRoles
# Additional mongorestore options to pass directly to the
# dump command, without performing any validation on them.
# See mongorestore documentation for details.
# restore_options: --restoreDbUsersAndRoles
# ntfy:
# The topic to publish to. See https://ntfy.sh/docs/publish/
# for details.
# topic: topic
# The address of your self-hosted ntfy.sh instance.
# server: https://ntfy.your-domain.com
# The username used for authentication. Supports the
# "{credential ...}" syntax.
# username: testuser
# The password used for authentication. Supports the
# "{credential ...}" syntax.
# password: fakepassword
# An ntfy access token to authenticate with instead of
# username/password. Supports the "{credential ...}" syntax.
# access_token: tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2
# start:
# The title of the message.
# title: Ping!
# The message body to publish.
# message: Your backups have failed.
# The priority to set.
# priority: urgent
# Tags to attach to the message.
# tags: incoming_envelope
# finish:
# The title of the message.
# title: Ping!
# The message body to publish.
# message: Your backups have failed.
# The priority to set.
# priority: urgent
# Tags to attach to the message.
# tags: incoming_envelope
# fail:
# The title of the message.
# title: Ping!
# The message body to publish.
# message: Your backups have failed.
# The priority to set.
# priority: urgent
# Tags to attach to the message.
# tags: incoming_envelope
# List of one or more monitoring states to ping for: "start",
# "finish", and/or "fail". Defaults to pinging for failure
# only.
# states:
# - start
# - finish
# pushover:
# Your application's API token. Supports the "{credential
# ...}" syntax.
# token: 7ms6TXHpTokTou2P6x4SodDeentHRa
# Your user/group key (or that of your target user), viewable
# when logged into your dashboard: often referred to as
# USER_KEY in Pushover documentation and code examples.
# Supports the "{credential ...}" syntax.
# user: hwRwoWsXMBWwgrSecfa9EfPey55WSN
# start:
# Message to be sent to the user or group. If omitted
# the default is the name of the state.
# message: A backup job has started.
# A value of -2, -1, 0 (default), 1 or 2 that
# indicates the message priority.
# priority: 0
# How many seconds your notification will continue
# to be retried (every retry seconds). Defaults to
# 600. This settings only applies to priority 2
# notifications.
# expire: 600
# The retry parameter specifies how often
# (in seconds) the Pushover servers will send the
# same notification to the user. Defaults to 30. This
# settings only applies to priority 2 notifications.
# retry: 30
# The name of one of your devices to send just to
# that device instead of all devices.
# device: pixel8
# Set to True to enable HTML parsing of the message.
# Set to False for plain text.
# html: true
# The name of a supported sound to override your
# default sound choice. All options can be found
# here: https://pushover.net/api#sounds
# sound: bike
# Your message's title, otherwise your app's name is
# used.
# title: A backup job has started.
# The number of seconds that the message will live,
# before being deleted automatically. The ttl
# parameter is ignored for messages with a priority.
# value of 2.
# ttl: 3600
# A supplementary URL to show with your message.
# url: https://pushover.net/apps/xxxxx-borgbackup
# A title for the URL specified as the url parameter,
# otherwise just the URL is shown.
# url_title: Pushover Link
# finish:
# Message to be sent to the user or group. If omitted
# the default is the name of the state.
# message: A backup job has finished.
# A value of -2, -1, 0 (default), 1 or 2 that
# indicates the message priority.
# priority: 0
# How many seconds your notification will continue
# to be retried (every retry seconds). Defaults to
# 600. This settings only applies to priority 2
# notifications.
# expire: 600
# The retry parameter specifies how often
# (in seconds) the Pushover servers will send the
# same notification to the user. Defaults to 30. This
# settings only applies to priority 2 notifications.
# retry: 30
# The name of one of your devices to send just to
# that device instead of all devices.
# device: pixel8
# Set to True to enable HTML parsing of the message.
# Set to False for plain text.
# html: true
# The name of a supported sound to override your
# default sound choice. All options can be found
# here: https://pushover.net/api#sounds
# sound: bike
# Your message's title, otherwise your app's name is
# used.
# title: A backup job has started.
# The number of seconds that the message will live,
# before being deleted automatically. The ttl
# parameter is ignored for messages with a priority.
# value of 2.
# ttl: 3600
# A supplementary URL to show with your message.
# url: https://pushover.net/apps/xxxxx-borgbackup
# A title for the URL specified as the url parameter,
# otherwise just the URL is shown.
# url_title: Pushover Link
# fail:
# Message to be sent to the user or group. If omitted
# the default is the name of the state.
# message: A backup job has failed.
# A value of -2, -1, 0 (default), 1 or 2 that
# indicates the message priority.
# priority: 0
# How many seconds your notification will continue
# to be retried (every retry seconds). Defaults to
# 600. This settings only applies to priority 2
# notifications.
# expire: 600
# The retry parameter specifies how often
# (in seconds) the Pushover servers will send the
# same notification to the user. Defaults to 30. This
# settings only applies to priority 2 notifications.
# retry: 30
# The name of one of your devices to send just to
# that device instead of all devices.
# device: pixel8
# Set to True to enable HTML parsing of the message.
# Set to False for plain text.
# html: true
# The name of a supported sound to override your
# default sound choice. All options can be found
# here: https://pushover.net/api#sounds
# sound: bike
# Your message's title, otherwise your app's name is
# used.
# title: A backup job has started.
# The number of seconds that the message will live,
# before being deleted automatically. The ttl
# parameter is ignored for messages with a priority.
# value of 2.
# ttl: 3600
# A supplementary URL to show with your message.
# url: https://pushover.net/apps/xxxxx-borgbackup
# A title for the URL specified as the url parameter,
# otherwise just the URL is shown.
# url_title: Pushover Link
# List of one or more monitoring states to ping for: "start",
# "finish", and/or "fail". Defaults to pinging for failure
# only.
# states:
# - start
# - finish
# zabbix:
# The ID of the Zabbix item used for collecting data.
# Unique across the entire Zabbix system.
# itemid: 55105
# Host name where the item is stored. Required if "itemid"
# is not set.
# host: borg-server
# Key of the host where the item is stored. Required if
# "itemid" is not set.
# key: borg.status
# The address of your Zabbix instance.
# server: https://zabbix.your-domain.com
# The username used for authentication. Not needed if using
# an API key. Supports the "{credential ...}" syntax.
# username: testuser
# The password used for authentication. Not needed if using
# an API key. Supports the "{credential ...}" syntax.
# password: fakepassword
# The API key used for authentication. Not needed if using an
# username/password. Supports the "{credential ...}" syntax.
# api_key: fakekey
# start:
# The value to set the item to on start.
# value: STARTED
# finish:
# The value to set the item to on finish.
# value: FINISH
# fail:
# The value to set the item to on fail.
# value: ERROR
# List of one or more monitoring states to ping for: "start",
# "finish", and/or "fail". Defaults to pinging for failure
# only.
# states:
# - start
# - finish
# apprise:
# A list of Apprise services to publish to with URLs and
# labels. The labels are used for logging. A full list of
# services and their configuration can be found at
# https://github.com/caronc/apprise/wiki.
# services:
# - url: kodi://user@hostname
# label: kodi
# - url: line://Token@User
# label: line
# Send borgmatic logs to Apprise services as part the
# "finish", "fail", and "log" states. Defaults to true.
# send_logs: false
# Number of bytes of borgmatic logs to send to Apprise
# services. Set to 0 to send all logs and disable this
# truncation. Defaults to 1500.
# logs_size_limit: 100000
# start:
# Specify the message title. If left unspecified, no
# title is sent.
# title: Ping!
# Specify the message body.
# body: Starting backup process.
# finish:
# Specify the message title. If left unspecified, no
# title is sent.
# title: Ping!
# Specify the message body.
# body: Backups successfully made.
# fail:
# Specify the message title. If left unspecified, no
# title is sent.
# title: Ping!
# Specify the message body.
# body: Your backups have failed.
# log:
# Specify the message title. If left unspecified, no
# title is sent.
# title: Ping!
# Specify the message body.
# body: Here is some info about your backups.
# List of one or more monitoring states to ping for:
# "start", "finish", "fail", and/or "log". Defaults to
# pinging for failure only. For each selected state,
# corresponding configuration for the message title and body
# should be given. If any is left unspecified, a generic
# message is emitted instead.
# states:
# - start
# - finish
# Configuration for a monitoring integration with Healthchecks. Create
# an account at https://healthchecks.io (or self-host Healthchecks) if
# you'd like to use this service. See borgmatic monitoring
# documentation for details.
# healthchecks:
# Healthchecks ping URL or UUID to notify when a backup
# begins, ends, errors, or to send only logs.
# ping_url: https://hc-ping.com/your-uuid-here
# Verify the TLS certificate of the ping URL host. Defaults to
# true.
# verify_tls: false
# Send borgmatic logs to Healthchecks as part the "finish",
# "fail", and "log" states. Defaults to true.
# send_logs: false
# Number of bytes of borgmatic logs to send to Healthchecks,
# ideally the same as PING_BODY_LIMIT configured on the
# Healthchecks server. Set to 0 to send all logs and disable
# this truncation. Defaults to 100000.
# ping_body_limit: 200000
# List of one or more monitoring states to ping for: "start",
# "finish", "fail", and/or "log". Defaults to pinging for all
# states.
# states:
# - finish
# Create the check if it does not exist. Only works with
# the slug URL scheme (https://hc-ping.com/<ping-key>/<slug>
# as opposed to https://hc-ping.com/<uuid>).
# Defaults to false.
# create_slug: true
# Configuration for a monitoring integration with Uptime Kuma using
# the Push monitor type.
# See more information here: https://uptime.kuma.pet
# uptime_kuma:
# Uptime Kuma push URL without query string (do not include the
# question mark or anything after it).
# push_url: https://example.uptime.kuma/api/push/abcd1234
# List of one or more monitoring states to push for: "start",
# "finish", and/or "fail". Defaults to pushing for all
# states.
# states:
# - start
# - finish
# - fail
# Configuration for a monitoring integration with Cronitor. Create an
# account at https://cronitor.io if you'd like to use this service.
# See borgmatic monitoring documentation for details.
# cronitor:
# Cronitor ping URL to notify when a backup begins,
# ends, or errors.
# ping_url: https://cronitor.link/d3x0c1
# Configuration for a monitoring integration with PagerDuty. Create an
# account at https://www.pagerduty.com if you'd like to use this
# service. See borgmatic monitoring documentation for details.
# pagerduty:
# PagerDuty integration key used to notify PagerDuty when a
# backup errors. Supports the "{credential ...}" syntax.
# integration_key: a177cad45bd374409f78906a810a3074
# Configuration for a monitoring integration with Cronhub. Create an
# account at https://cronhub.io if you'd like to use this service. See
# borgmatic monitoring documentation for details.
# cronhub:
# Cronhub ping URL to notify when a backup begins,
# ends, or errors.
# ping_url: https://cronhub.io/ping/1f5e3410-254c-5587
# Configuration for a monitoring integration with Grafana Loki. You
# can send the logs to a self-hosted instance or create an account at
# https://grafana.com/auth/sign-up/create-user. See borgmatic
# monitoring documentation for details.
# loki:
# Grafana loki log URL to notify when a backup begins,
# ends, or fails.
# url: http://localhost:3100/loki/api/v1/push
# Allows setting custom labels for the logging stream. At
# least one label is required. "__hostname" gets replaced by
# the machine hostname automatically. "__config" gets replaced
# by the name of the configuration file. "__config_path" gets
# replaced by the full path of the configuration file.
# labels:
# app: borgmatic
# config: __config
# hostname: __hostname
# Configuration for a monitoring integration with Sentry. You can use
# a self-hosted instance via https://develop.sentry.dev/self-hosted/
# or create a cloud-hosted account at https://sentry.io. See borgmatic
# monitoring documentation for details.
# sentry:
# Sentry Data Source Name (DSN) URL, associated with a
# particular Sentry project. Used to construct a cron URL,
# notified when a backup begins, ends, or errors.
# data_source_name_url: https://5f80ec@o294220.ingest.us.sentry.io/203069
# Sentry monitor slug, associated with a particular Sentry
# project monitor. Used along with the data source name URL to
# construct a cron URL.
# monitor_slug: mymonitor
# List of one or more monitoring states to ping for: "start",
# "finish", and/or "fail". Defaults to pinging for all states.
# states:
# - start
# - finish
# Configuration for integration with the ZFS filesystem.
# zfs:
# Command to use instead of "zfs".
# zfs_command: /usr/local/bin/zfs
# Command to use instead of "mount".
# mount_command: /usr/local/bin/mount
# Command to use instead of "umount".
# umount_command: /usr/local/bin/umount
# Configuration for integration with the Btrfs filesystem.
# btrfs:
# Command to use instead of "btrfs".
# btrfs_command: /usr/local/bin/btrfs
# Command to use instead of "findmnt".
# findmnt_command: /usr/local/bin/findmnt
# Configuration for integration with Linux LVM (Logical Volume
# Manager).
# lvm:
# Size to allocate for each snapshot taken, including the
# units to use for that size. Defaults to "10%ORIGIN" (10%
# of the size of logical volume being snapshotted). See the
# lvcreate "--size" and "--extents" documentation for more
# information:
# https://www.man7.org/linux/man-pages/man8/lvcreate.8.html
# snapshot_size: 5GB
# Command to use instead of "lvcreate".
# lvcreate_command: /usr/local/bin/lvcreate
# Command to use instead of "lvremove".
# lvremove_command: /usr/local/bin/lvremove
# Command to use instead of "lvs".
# lvs_command: /usr/local/bin/lvs
# Command to use instead of "lsblk".
# lsblk_command: /usr/local/bin/lsblk
# Command to use instead of "mount".
# mount_command: /usr/local/bin/mount
# Command to use instead of "umount".
# umount_command: /usr/local/bin/umount
# Configuration for integration with Docker or Podman secrets.
# container:
# Secrets directory to use instead of "/run/secrets".
# secrets_directory: /path/to/secrets
# Configuration for integration with the KeePassXC password manager.
# keepassxc:
# Command to use instead of "keepassxc-cli".
# keepassxc_cli_command: /usr/local/bin/keepassxc-cli
Reference in a new issue Copy permalink