obackup/host_backup.conf.example

#!/usr/bin/env bash

###### obackup - Local or Remote, push or pull backup script for files & mysql databases
###### (C) 2013-2019 by Orsiris de Jong (www.netpower.fr)

[GENERAL]
CONFIG_FILE_REVISION=2.1

## Backup identification string.
INSTANCE_ID="test-backup"

## Log file location. Leaving this empty will create log file at /var/log/obackup.INSTANCE_ID.log (or current directory if /var/log doesn't exist).
LOGFILE=""

## Elements to backup
SQL_BACKUP=true
FILE_BACKUP=true

## Backups can be done local, pulled from another server or pushed to a backup server. Available options are [local,pull,push].
## Pulled backups are the safest option, as the backup server contains the RSA key and cannot be compromised by another server.
BACKUP_TYPE=local

[BACKUP STORAGE]

## Storage paths of the backups (absolute paths of the local or remote system). Please use ${HOME} instead of ~ if needed.
SQL_STORAGE="/home/storage/backup/sql"
FILE_STORAGE="/home/storage/backup/files"

## Backup encryption using GPG and rsync.
## Push backups get encrypted locally in CRYPT_STORAGE before they are sent to the remote system
## Local and pull backups get encrypted after backup, in CRYPT_STORAGE
ENCRYPTION=false

## Backup encryption needs a temporary storage space in order to encrypt files before sending them (absolute paths of the local or remote system)
## In case of a pull backup, an encrypted copy of FILE_BACKUP goes here
CRYPT_STORAGE=/home/storage/backup/crpyt

## GPG recipient (pubkey for this recipient must exist, see gpg2 --list-keys or gpg --list-keys
GPG_RECIPIENT="John Doe"

## Use n CPUs for encryption / decryption where n is an integer. Defaults to 1
PARALLEL_ENCRYPTION_PROCESSES=

## Create backup directories if they do not exist
CREATE_DIRS=true

## Keep absolute source path in your backup, eg: /your/backup/storage/the/remote/server/files
## You should leave this enabled if you intend to use 'backup task division' functionality of oBackup, or everything will end up in the same directory.
KEEP_ABSOLUTE_PATHS=true

## Generate an alert if backup size is lower than given value in Kb (this can also help identifying empty mount dirs).
BACKUP_SIZE_MINIMUM=1024

## Check backup size before proceeding
GET_BACKUP_SIZE=true

## Generate an alert if storage free space is lower than given value in Kb.
## Keep in mind that disabling backup file size test will only test min space against SQL backup size.
SQL_WARN_MIN_SPACE=1048576
FILE_WARN_MIN_SPACE=1048576

[REMOTE_OPTIONS]

## In case of pulled or pushed backups, remote system URI needs to be supplied.
REMOTE_SYSTEM_URI="ssh://backupuser@remote.system.tld:22/"

## You can specify a RSA key (please use full path). If not defined, the default ~/.ssh/id_rsa will be used. See documentation for further information.
SSH_RSA_PRIVATE_KEY="${HOME}/.ssh/id_rsa"

## Alternatively, you may specify an SSH password file (less secure). Needs sshpass utility installed.
SSH_PASSWORD_FILE=""

## When using ssh filter, you must specify a remote token matching the one setup in authorized_keys
_REMOTE_TOKEN=SomeAlphaNumericToken9

## ssh compression should be used unless your remote connection is good enough (LAN)
SSH_COMPRESSION=true

## Ignore ssh known hosts verification. DANGER WILL ROBINSON DANGER: This can lead to security risks. Only enable if you know what you're doing.
## Works on Redhat / CentOS, doesn't work on Debian / Ubunutu
SSH_IGNORE_KNOWN_HOSTS=false

## Remote rsync executable path. Leave this empty in most cases
RSYNC_REMOTE_PATH=""

## Check for connectivity to remote host before launching remote backup tasks. Be sure the hosts responds to ping. Failing to ping will skip current task.
REMOTE_HOST_PING=true

## Check for internet access by pinging one or more 3rd party hosts before remote backup tasks. Leave empty if you don't want this check to be be performed. Failing to ping will skip current task.
REMOTE_3RD_PARTY_HOSTS="www.kernel.org www.google.com"

## If enabled, commands will be executed as superuser on remote side. See documentation for /etc/sudoers configuration ("find", "du", "tee" and "rsync" need to be allowed). Requiretty needs to be disabled.
SUDO_EXEC=false

[DATABASE BACKUP SETTINGS]

## Database backup user (should be the same you are running obackup with)
SQL_USER=root

## Enabling the following option will save all databases on local or remote given SQL instance except the ones specified in the exclude list.
## Every found database will be backed up as separate backup task.
DATABASES_ALL=true
DATABASES_ALL_EXCLUDE_LIST="test;mysql"
DATABASES_LIST=""

## Alternatively, if DATABASES_ALL=false, you can specify a list of databases to backup separated by semi-colons.
#DATABASES_LIST="somedatabase"

## Max backup execution time per Database task. Soft max exec time generates a warning only. Hard max exec time generates a warning and stops current backup task.
## If a task gets stopped, next one in the task list gets executed. Time is specified in seconds.
SOFT_MAX_EXEC_TIME_DB_TASK=3600
HARD_MAX_EXEC_TIME_DB_TASK=7200

## mysqldump options (ex: --extended-insert, --single-transaction, --quick...). See MySQL / MariaDB manual
## default option: --opt
MYSQLDUMP_OPTIONS="--opt --single-transaction"

## Preferred SQL dump compression. Compression methods can be xz, lzma, pigz or gzip (will fallback from xz to gzip depending if available)
## Generally, level 5 is a good compromise between cpu, memory hunger and compress ratio. Gzipped files are set to be rsyncable.
## If you use encryption, compression will only bring small benefits as GPG already has pretty good compression included
COMPRESSION_LEVEL=3

[FILE BACKUP SETTINGS]

## File backups are divided in tasks. Every directory in DIRECTORY_LIST will be processed as a unique task.
## Every subdirectory of each directory in RECURSIVE_DIRECTORY_LIST will be processed as a unique task.
## Example: RECURSIVE_DIRECTORY_LIST="/home;/var" will create backup tasks tasks "/home/dir1, "/home/dir2", ... "/home/dirN", "/var/log", "/var/lib"... "/var/something".
## You can exclude directories from the avove backup task creation, ex: avoid backing up "/home/dir2" by adding it to RECURSIVE_EXCLUDE_LIST.
## Note that since we recurse only by one level, excluding /home/dir2/somedir won't have any effect.
## Please use ${HOME} instead of ~ if needed.

## Directories backup list. List of semicolon separated directories that will be backed up.
DIRECTORY_LIST="/var/named"
RECURSIVE_DIRECTORY_LIST="/home"
RECURSIVE_EXCLUDE_LIST="/home/backupuser;/home/lost+found"

## Rsync exclude / include order (the option set here will be set first, eg: include will make include then exclude patterns)
RSYNC_PATTERN_FIRST=include

## List of files / directories to incldue / exclude from sync on both sides (see rsync patterns, wildcards work).
## Paths are relative to sync dirs. List elements are separated by a semicolon. Specifying "cache" will remove every found cache subdirectory.
RSYNC_INCLUDE_PATTERN=""
RSYNC_EXCLUDE_PATTERN=""
#RSYNC_EXCLUDE_PATTERN="tmp;archives;cache"

## Files that contains lists of files / directories to include / exclude from sync on both sides. Leave this empty if you don't want to use an exclusion file.
## This file has to be in the same directory as the config file
## Paths are relative to sync dirs. One element per line.
RSYNC_INCLUDE_FROM=""
RSYNC_EXCLUDE_FROM=""
#RSYNC_EXCLUDE_FROM="exclude.list"

## List separator char. You may set an alternative separator char for your directories lists above.
PATH_SEPARATOR_CHAR=";"

## Optional arguments passed to rsync executable. The following are already managed by the program and shoul never be passed here
## -rltD -n -P -o -g --executability -A -X -zz -L -K -H -8 -u -i --stats --checksum --bwlimit --partial --partial-dir --exclude --exclude-from --include--from --no-whole-file --whole-file --list-only
## When dealing with different filesystems for sync, or using SMB mountpoints, try adding --modify-window=2 --omit-dir-times as optional arguments
RSYNC_OPTIONAL_ARGS=""

## Preserve basic linux permissions
PRESERVE_PERMISSIONS=true
PRESERVE_OWNER=true
PRESERVE_GROUP=true
## On MACOS X, does not work and will be ignored 
PRESERVE_EXECUTABILITY=true

## Preserve ACLS. Make sure source and target FS can hold same ACLs or you'll get loads of errors.
PRESERVE_ACL=false
## Preserve Xattr. MAke sure source and target FS can hold same Xattr or you'll get loads of errors.
PRESERVE_XATTR=false

## Transforms symlinks into referent files/dirs
COPY_SYMLINKS=true
## Treat symlinked dirs as dirs. CAUTION: This also follows symlinks outside of the replica root.
KEEP_DIRLINKS=true
## Preserve hard links. Make sure source and target FS can manage hard links or you will lose them.
PRESERVE_HARDLINKS=false


## Let RSYNC compress file transfers. Do not use this on local-local backup schemes. Also, this is not useful if SSH compression is enabled.
RSYNC_COMPRESS=false

## Max execution time per file backup task. Soft is warning only. Hard is warning, stopping backup and processing next one one file list. Tilme is specified in seconds
SOFT_MAX_EXEC_TIME_FILE_TASK=3600
HARD_MAX_EXEC_TIME_FILE_TASK=7200

## Keep partial uploads that can be resumed on next run, experimental feature
PARTIAL=false

## Delete files on destination that vanished from source. Do not turn this on unless you enabled backup rotation  or a snapshotting FS like zfs to keep those vanished files on the destination.
DELETE_VANISHED_FILES=false

## Use delta copy algortithm (usefull when local paths are network drives), defaults to true
DELTA_COPIES=true

## Bandwidth limit Kbytes / second for file backups. Leave 0 to disable limitation.
BANDWIDTH=0

## Paranoia option. Don't change this unless you read the documentation.
RSYNC_EXECUTABLE=rsync

[ALERT_OPTIONS]

## Alert email addresses separated by a space character
DESTINATION_MAILS="your@mail.address"

## Optional change of mail body encoding (using iconv)
## By default, all mails are sent in UTF-8 format without header (because of maximum compatibility of all platforms)
## You may specify an optional encoding here (like "ISO-8859-1" or whatever iconv can handle)
MAIL_BODY_CHARSET=""

## Environment specific mail options (used with busybox sendemail, mailsend.exe from muquit, http://github.com/muquit/mailsend or sendemail.exe from Brandon Zehm, http://caspian.dotconf.net/menu/Software/SendEmail)
SENDER_MAIL="alert@your.system.tld"
SMTP_SERVER=smtp.your.isp.tld
SMTP_PORT=25
# encryption can be tls, ssl or none
SMTP_ENCRYPTION=none
SMTP_USER=
SMTP_PASSWORD=

[BACKUP SETTINGS]

## Max execution time of whole backup process. Soft max exec time generates a warning only.
## Hard max exec time generates a warning and stops the whole backup execution.
SOFT_MAX_EXEC_TIME_TOTAL=30000
HARD_MAX_EXEC_TIME_TOTAL=36000

## Log a message every KEEP_LOGGING seconds just to know the task is still alive
KEEP_LOGGING=1801

## Backup Rotation. You may rotate backups if you don't use snapshots on your backup server.
ROTATE_SQL_BACKUPS=false
ROTATE_SQL_COPIES=7
ROTATE_FILE_BACKUPS=false
ROTATE_FILE_COPIES=7

[EXECUTION_HOOKS]

## Commands can will be run before and / or after backup execution (remote execution will only happen if REMOTE_BACKUP is set).
## This is useful to make a snapshot before backing up data, or even handle snapshots of backed up data.
LOCAL_RUN_BEFORE_CMD=""
LOCAL_RUN_AFTER_CMD=""

REMOTE_RUN_BEFORE_CMD=""
REMOTE_RUN_AFTER_CMD=""

## Max execution time of commands before they get force killed. Leave 0 if you don't want this to happen. Time is specified in seconds.
MAX_EXEC_TIME_PER_CMD_BEFORE=0
MAX_EXEC_TIME_PER_CMD_AFTER=0

## Stops whole backup execution if one of the above commands fail
STOP_ON_CMD_ERROR=false

## Run local and remote after backup cmd's even on failure
RUN_AFTER_CMD_ON_ERROR=false