.gitignore | ||
.woodpecker.yml | ||
backup.sh | ||
Dockerfile | ||
entry.sh | ||
README.md |
Vaultwarden Backup
A simple script for backing up a Vaultwarden installation periodically and securely using Restic.
This script backs-up a vault to any Restic backend that you can configure using environment variables. It creates a new snapshot once per hour.
The script:
- Creates a backup of the SQLite database
- Syncs this, along with the entire Vaultwarden data directory, to a Restic repository
It keeps 24 hourly, 10 daily, 6 weekly, and 6 monthly backups, and prunes the rest.
Usage
Simply write a docker-compose.yml
along the following lines:
services:
vaultwardenbackup:
image: wilw/vaultwarden-backup
restart: always
volumes:
- /path/to/vaultwarden:/data
environment:
# ... Your Restic configuration. E.g.:
- AWS_ACCESS_KEY_ID=accesskey
- AWS_SECRET_ACCESS_KEY=secretaccesskey
- RESTIC_REPOSITORY=s3:endpoint/bucket
- RESTIC_PASSWORD=complexstring
- RESTIC_HOSTNAME=hostname
Before bringing the container up, please read the following:
Ensure that the root directory of the Vaultwarden installation is mounted to /data
in the container. This is where the script will look for the SQLite database and other data to back up.
Be sure change the variables in the environment
block to match what's needed for your chosen Restic backend. Refer to the documentation for more information.
At a minimum we recommend setting the following:
RESTIC_REPOSITORY
: The repository name. For a Linode Object Storage bucket you can uses3:eu-central-1.linodeobjects.com/bucket-name
. See below for other examples.RESTIC_PASSWORD
: The string used to encrypt/protect your data. Use a long complex string, and don't lose it (or you'll lose your backups)RESTIC_HOSTNAME
: Set this to an identifier for the machine. If you don't, the Docker container ID will be used, which changes on each startup, which isn't ideal.
You can now bring up the container: docker compose up -d
.
Important
After the container is launched for the first time, you'll need to initialize the repository. You only need to do this once for each repository. To do so, run the following:
docker compose exec -it filebackup /usr/bin/restic init