mirror of
https://0xacab.org/liberate/backupninja.git
synced 2024-11-08 20:02:32 +01:00
273 lines
8.7 KiB
Plaintext
273 lines
8.7 KiB
Plaintext
## This is an example duplicity configuration file.
|
|
##
|
|
## Here you can find all the possible duplicity options, details of
|
|
## what the options provide and possible settings. The defaults are set
|
|
## as the commented out option, uncomment and change when
|
|
## necessary. Options which are uncommented in this example do not have
|
|
## defaults, and the settings provided are recommended.
|
|
|
|
## passed directly to duplicity, e.g. to increase verbosity set this to:
|
|
## options = --verbosity 8
|
|
## when using the Amazon S3 backend to create buckets in Europe:
|
|
## options = --s3-european-buckets --s3-use-new-style
|
|
##
|
|
## Default:
|
|
# options =
|
|
|
|
## default is 0, but set to something like 19 if you want to lower the priority.
|
|
##
|
|
## Default:
|
|
# nicelevel = 0
|
|
|
|
## test the connection? set to no to skip the test if the remote host is alive.
|
|
## if 'desturl' is set below, 'testconnect' must be set to 'no' for now.
|
|
##
|
|
## Default:
|
|
# testconnect = yes
|
|
|
|
## temporary directory used by duplicity, set to some other location if your /tmp is small
|
|
## default is either /tmp or /usr/tmp, depending on the system
|
|
##
|
|
## Default:
|
|
# tmpdir = /tmp
|
|
|
|
######################################################
|
|
## gpg section
|
|
## (how to encrypt and optionally sign the backups)
|
|
##
|
|
## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
|
|
## the way the following options are used. Please read the following
|
|
## carefully.
|
|
##
|
|
## If the encryptkey variable is set:
|
|
## - data is encrypted with the GnuPG public key specified by the encryptkey
|
|
## variable
|
|
## - if signing is enabled, data is signed with the GnuPG private
|
|
## key specified by the signkey variable
|
|
## - the password variable is used to unlock the GnuPG key(s) used
|
|
## for encryption and (optionnal) signing
|
|
##
|
|
## If the encryptkey option is not set:
|
|
## - data signing is not possible
|
|
## - the password variable is used to encrypt the data with symmetric
|
|
## encryption: no GnuPG key pair is needed
|
|
|
|
[gpg]
|
|
|
|
## when set to yes, encryptkey variable must be set below; if you want to use
|
|
## two different keys for encryption and signing, you must also set the signkey
|
|
## variable (and probably signpassword) below.
|
|
## default is set to no, for backwards compatibility with backupninja <= 0.5.
|
|
##
|
|
## Default:
|
|
# sign = no
|
|
|
|
## ID of the GnuPG public key used for data encryption.
|
|
## if not set, symmetric encryption is used, and data signing is not possible.
|
|
## an example setting would be:
|
|
## encryptkey = 04D9EA79
|
|
##
|
|
## Default:
|
|
# encryptkey =
|
|
|
|
## ID of the GnuPG private key used for data signing.
|
|
## if not set, encryptkey will be used, an example setting would be:
|
|
## signkey = 04D9EA79
|
|
##
|
|
## Default:
|
|
# signkey =
|
|
|
|
## password used to unlock the encryption key
|
|
## NB: neither quote this, nor should it contain any quotes,
|
|
## an example setting would be:
|
|
## password = a_very_complicated_passphrase
|
|
##
|
|
## Default:
|
|
# password =
|
|
|
|
## password used to unlock the signature key, used only if
|
|
## it differs from the encryption key
|
|
## NB: neither quote this, nor should it contain any quotes,
|
|
## an example setting would be:
|
|
## signpassword = a_very_complicated_passphrase
|
|
##
|
|
## Default:
|
|
# signpassword =
|
|
|
|
######################################################
|
|
## source section
|
|
## (where the files to be backed up are coming from)
|
|
|
|
[source]
|
|
|
|
## A few notes about includes and excludes:
|
|
## 1. include, exclude and vsinclude statements support globbing with '*'
|
|
## 2. Symlinks are not dereferenced. Moreover, an include line whose path
|
|
## contains, at any level, a symlink to a directory, will only have the
|
|
## symlink backed-up, not the target directory's content. Yes, you have to
|
|
## dereference yourself the symlinks, or to use 'mount --bind' instead.
|
|
## Example: let's say /home is a symlink to /mnt/crypt/home ; the following
|
|
## line will only backup a "/home" symlink ; neither /home/user nor
|
|
## /home/user/Mail will be backed-up :
|
|
## include = /home/user/Mail
|
|
## A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
|
|
## write :
|
|
## include = /mnt/crypt/home/user/Mail
|
|
## 3. All the excludes come after all the includes. The order is not otherwise
|
|
## taken into account.
|
|
|
|
## files to include in the backup
|
|
include = /var/spool/cron/crontabs
|
|
include = /var/backups
|
|
include = /etc
|
|
include = /root
|
|
include = /home
|
|
include = /usr/local/bin
|
|
include = /usr/local/sbin
|
|
include = /var/lib/dpkg/status
|
|
include = /var/lib/dpkg/status-old
|
|
|
|
## If vservers = yes in /etc/backupninja.conf then the following variables can
|
|
## be used:
|
|
## vsnames = all | <vserver1> <vserver2> ... (default = all)
|
|
## vsinclude = <path>
|
|
## vsinclude = <path>
|
|
## ...
|
|
## Any path specified in vsinclude is added to the include list for each vserver
|
|
## listed in vsnames (or all if vsnames = all, which is the default).
|
|
##
|
|
## For example, vsinclude = /home will backup the /home directory in every
|
|
## vserver listed in vsnames. If you have 'vsnames = foo bar baz', this
|
|
## vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
|
|
## and /vservers/baz/home.
|
|
## Vservers paths are derived from $VROOTDIR.
|
|
|
|
# files to exclude from the backup
|
|
exclude = /home/*/.gnupg
|
|
exclude = /var/cache/backupninja/duplicity
|
|
|
|
######################################################
|
|
## destination section
|
|
## (where the files are copied to)
|
|
|
|
[dest]
|
|
|
|
## perform an incremental backup? (default = yes)
|
|
## if incremental = no, perform a full backup in order to start a new backup set
|
|
##
|
|
## Default:
|
|
# incremental = yes
|
|
|
|
## how many days of incremental backups before doing a full backup again ;
|
|
## default is 30 days (one can also use the time format of duplicity).
|
|
## if increments = keep, never automatically perform a new full backup ;
|
|
## only perform incremental backups.
|
|
##
|
|
## Default:
|
|
# increments = 30
|
|
|
|
## how many days of data to keep ; default is 60 days.
|
|
## (you can also use the time format of duplicity)
|
|
## 'keep = yes' means : do not delete old data, the remote host will take care of this
|
|
##
|
|
## Default:
|
|
# keep = 60
|
|
|
|
# for how many full backups do we keep their later increments ;
|
|
# default is all (keep all increments).
|
|
# increments for older full backups will be deleted : only the more
|
|
# recent ones (count provided) will be kept
|
|
#
|
|
## Default:
|
|
# keepincroffulls = all
|
|
|
|
## full destination URL, in duplicity format; if set, desturl overrides
|
|
## sshoptions, destdir, desthost and destuser; it also disables testconnect and
|
|
## bandwithlimit. For details, see duplicity manpage, section "URL FORMAT", some
|
|
## examples include:
|
|
## desturl = file:///usr/local/backup
|
|
## desturl = rsync://user@other.host//var/backup/bla
|
|
## desturl = s3+http://
|
|
## desturl = ftp://myftpuser@ftp.example.org/remote/ftp/path
|
|
## the default value of this configuration option is not set:
|
|
##
|
|
## Default:
|
|
# desturl =
|
|
|
|
## Amazon Web Services Access Key ID and Secret Access Key, needed for backups
|
|
## to S3 buckets.
|
|
## awsaccesskeyid = YOUR_AWS_ACCESS_KEY_ID
|
|
## awssecretaccesskey = YOUR_AWS_SECRET_KEY
|
|
##
|
|
## Default:
|
|
# awsaccesskeyid =
|
|
# awssecretaccesskey =
|
|
|
|
## RackSpace's CloudFiles username, API key, and authentication URL.
|
|
## cfusername = YOUR_CF_USERNAME
|
|
## cfapikey = YOUR_CF_API_KEY
|
|
## cfauthurl = YOUR_CF_AUTH_URL
|
|
##
|
|
## Default:
|
|
# cfusername =
|
|
# cfapikey =
|
|
# cfauthurl =
|
|
|
|
## FTP password, needed for backups using desturl = ftp://...
|
|
##
|
|
## Default:
|
|
# ftp_password =
|
|
|
|
## bandwith limit, in Kbit/s ; default is 0, i.e. no limit
|
|
## if using 'desturl' above, 'bandwidthlimit' must not be set
|
|
## an example setting of 128 Kbit/s would be:
|
|
## bandwidthlimit = 128
|
|
##
|
|
## Default:
|
|
# bandwidthlimit = 0
|
|
|
|
## duplicity < 0.6.17
|
|
## ------------------
|
|
## passed directly to ssh, scp (and sftp in duplicity >=0.4.2)
|
|
## warning: sftp does not support all scp options, especially -i; as
|
|
## a workaround, you can use "-o <SSHOPTION>"
|
|
## an example setting would be:
|
|
## sshoptions = -o IdentityFile=/root/.ssh/id_rsa_duplicity
|
|
##
|
|
## duplicity >= 0.6.17
|
|
## -------------------
|
|
## supports only "-oIdentityFile=..." since duplicity >=0.6.17 uses paramiko,
|
|
## a ssh python module.
|
|
## warning: requires no space beetween "-o" and "IdentityFile=...".
|
|
##
|
|
## Default:
|
|
# sshoptions =
|
|
|
|
## put the backups under this destination directory
|
|
## if using 'desturl' above, this must not be set
|
|
## in all other cases, this must be set!
|
|
## an example setting would be:
|
|
## destdir = /backups
|
|
##
|
|
## Default:
|
|
# destdir =
|
|
|
|
## the machine which will receive the backups
|
|
## if using 'desturl' above, this must not be set
|
|
## in all other cases, this must be set!
|
|
## an example setting would be:
|
|
## desthost = backuphost
|
|
##
|
|
## Default:
|
|
# desthost =
|
|
|
|
## make the files owned by this user
|
|
## if using 'desturl' above, this must not be set
|
|
## note: if using an SSH based transport and 'type' is set to 'remote', you must
|
|
## be able to 'ssh backupuser@backuphost' without specifying a password.
|
|
## an example setting would be:
|
|
## destuser = backupuser
|
|
##
|
|
## Default:
|
|
# destuser =
|