services: rustic_daemon: # IMPORTANT: Replace with the name of your custom built Rustic image image: git.kolspace.cc/victor.kolomin/docker-rustic-backup:latest # Use the Ansible variable for hostname hostname: "{{ inventory_hostname }}" container_name: rustic_backup_daemon # The container must run continuously for the Cron Daemon to execute scheduled jobs restart: "unless-stopped" environment: # --- 0. CONTAINER ROLE --- # "backup": Runs the cron daemon for scheduled backups (default) # "restore": Keeps the container alive to perform manual restores - CONTAINER_ROLE="backup" # --- 1. CRON SCHEDULING (for backup role) --- # Defines WHEN the entire backup script (backup, prune, check) will run. - CRON_SCHEDULE="0 */12 * * *" # --- 2. RUSTIC CORE SETTINGS --- # CRITICAL: Repository Encryption Password - RUSTIC_PASSWORD="YOUR_SUPER_SECRET_REPOSITORY_PASSWORD_HERE" # --- 3. S3 REPOSITORY CONFIGURATION --- # These variables are used to generate /etc/rustic/rustic.toml and to create the bucket. - S3_ENDPOINT="http://192.168.110.135:9000" - S3_BUCKET="mybucket" # Example: use hostname as bucket name - S3_REGION="us-east-1" # Can be any string for MinIO, but required by the S3 spec - AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY" - AWS_SECRET_ACCESS_KEY="YOUR_SECRET_KEY" # --- 4. EXECUTOR SETTINGS (for backup role) --- # Optional: Max random delay in seconds to wait before starting the backup. - RANDOM_DELAY_SECONDS=3600 # Optional: Cache cleanup configuration (days to keep cache files). # Files not accessed for longer than this period will be deleted. # Set to 0 or leave empty to disable cache cleanup. - CACHE_CLEANUP_DAYS=7 # Optional: Webhook URL for n8n to send notifications (for success and failure). - N8N_WEBHOOK_URL="http://your-n8n-instance/webhook/your-id" # Paths to backup (space-separated list). Must match the volume mount source. - BACKUP_PATHS="/data/volumes/" # --- 5. MOUNTED DATA --- volumes: # Mount the Docker data path from the host (read-only for safety) - /opt/docker:/data/volumes/:ro # Persistent Volume for the Rustic Cache (crucial for performance) - rustic_cache:/root/.cache/rustic # Include the .env file if it contains S3 secrets or other shared variables env_file: - .env rustic_restore: # This is a dedicated service for running the container in restore mode. image: git.kolspace.cc/victor.kolomin/docker-rustic-backup:latest hostname: rustic-restore-shell container_name: rustic_restore_shell # No restart policy, as this is a manual, one-off task. environment: # --- 0. CONTAINER ROLE --- - CONTAINER_ROLE="restore" # --- RUSTIC & S3 SETTINGS (must match the backup container) --- - RUSTIC_PASSWORD="YOUR_SUPER_SECRET_REPOSITORY_PASSWORD_HERE" - S3_ENDPOINT="http://192.168.110.135:9000" - S3_BUCKET="mybucket" - S3_REGION="us-east-1" - AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY" - AWS_SECRET_ACCESS_KEY="YOUR_SECRET_KEY" volumes: # Mount a local directory on the host to receive the restored files. - ./restore_output:/restore # Mount the same cache volume for performance - rustic_cache:/root/.cache/rustic env_file: - .env rustic_pruner: image: git.kolspace.cc/victor.kolomin/docker-rustic-backup:latest hostname: rustic-pruner container_name: rustic_pruner_daemon restart: "unless-stopped" environment: - CONTAINER_ROLE="prune" # Schedule maintenance at 03:00 daily by default - CRON_SCHEDULE="0 3 * * *" - RUSTIC_PASSWORD="YOUR_SUPER_SECRET_REPOSITORY_PASSWORD_HERE" - S3_ENDPOINT="http://192.168.110.135:9000" - S3_BUCKET="mybucket" - S3_REGION="us-east-1" - AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY" - AWS_SECRET_ACCESS_KEY="YOUR_SECRET_KEY" - RANDOM_DELAY_SECONDS=0 - PRUNE_POLICY="--keep-last 3 --keep-daily 7 --keep-weekly 4 --keep-monthly 6" - CHECK_ARGS="--read-data --read-data-subset 10%" - N8N_WEBHOOK_URL="http://your-n8n-instance/webhook/your-id" volumes: - rustic_cache:/root/.cache/rustic env_file: - .env volumes: # Define the named volume for the persistent cache rustic_cache: