contrib: schedule inside a container using a non-root user

[creativeprojects]

This PR adds this section to the documentation:

Scheduling inside a container with a non-root user

You can schedule your backups with resticprofile by running crond inside a container.
This version shows how to use supercronic to run the scheduled backups as a non-root user.

You can create a container with this modified version from the official image:

FROM alpine:latest

LABEL org.opencontainers.image.documentation="https://creativeprojects.github.io/resticprofile/"
LABEL org.opencontainers.image.source="https://github.com/creativeprojects/resticprofile"


ARG ARCH=amd64
ENV TZ=Etc/UTC

COPY build/restic-${ARCH} /usr/bin/restic
COPY build/rclone-${ARCH} /usr/bin/rclone
COPY resticprofile /usr/bin/resticprofile

RUN apk add --no-cache openssh-client-default curl tzdata ca-certificates supercronic && \
    chmod +x /usr/bin/restic /usr/bin/rclone /usr/bin/resticprofile && \
    adduser -D -h /resticprofile resticprofile && \
    mkdir -p /resticprofile && \
    touch /resticprofile/crontab && \
    chown -R resticprofile:resticprofile /resticprofile

VOLUME /resticprofile
WORKDIR /resticprofile

ENTRYPOINT ["resticprofile"]
CMD ["--help"]

Here's a docker-compose example loading configuration from a .env file:

version: '2'

services:
  scheduled-backup:
    image: creativeprojects/resticprofile:${RP_VERSION:-latest}
    container_name: backup_container
    hostname: backup_container
    user: resticprofile:resticprofile
    entrypoint: '/bin/sh'
    command:
      - '-c'
      - 'resticprofile schedule --all && supercronic /resticprofile/crontab'
    volumes:
      - '${RP_CONFIG}:/resticprofile/profiles.yaml:ro'
      - '${RP_KEYFILE}:/resticprofile/key:ro'
      - '${BACKUP_SOURCE}:/source:ro'
      - '${RP_REPOSITORY}:/restic_repo'
    environment:
      - TZ=${TIMEZONE:-Etc/UTC}

with the corresponding resticprofile configuration running a backup every 15 minutes:

global:
  scheduler: crontab:-:/resticprofile/crontab

default:
  password-file: key
  repository: "local:/restic_repo"
  initialize: true
  backup:
    source: /source
    exclude-caches: true
    one-file-system: true
    schedule: "*:00,05,10,15,20,25,30,35,40,45,50,55"
    schedule-permission: user
    check-before: true

More information

Discussion on Supersonic

Discussion on non-root container

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.51%. Comparing base (5739b13) to head (34295e6).
Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #348   +/-   ##
=======================================
  Coverage   71.51%   71.51%           
=======================================
  Files         121      121           
  Lines       12659    12659           
=======================================
  Hits         9053     9053           
  Misses       3201     3201           
  Partials      405      405           

Flag	Coverage Δ
unittests	71.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.