| {%- from "backupninja/map.jinja" import client with context %} |
| {%- from "linux/map.jinja" import system with context %} |
| ## This is an example duplicity configuration file. |
| ## |
| ## Here you can find all the possible duplicity options, details of |
| ## what the options provide and possible settings. The defaults are set |
| ## as the commented out option, uncomment and change when |
| ## necessary. Options which are uncommented in this example do not have |
| ## defaults, and the settings provided are recommended. |
| |
| ## passed directly to duplicity, e.g. to increase verbosity set this to: |
| ## options = --verbosity 8 |
| ## when using the Amazon S3 backend to create buckets in Europe: |
| ## options = --s3-european-buckets --s3-use-new-style |
| ## |
| ## Default: |
| # options = |
| |
| ## default is 0, but set to something like 19 if you want to lower the priority. |
| ## |
| ## Default: |
| # nicelevel = 0 |
| |
| ## test the connection? set to no to skip the test if the remote host is alive. |
| ## if 'desturl' is set below, 'testconnect' must be set to 'no' for now. |
| ## |
| ## Default: |
| # testconnect = yes |
| |
| ## temporary directory used by duplicity, set to some other location if your /tmp is small |
| ## default is either /tmp or /usr/tmp, depending on the system |
| ## |
| ## Default: |
| # tmpdir = /tmp |
| |
| ###################################################### |
| ## gpg section |
| ## (how to encrypt and optionally sign the backups) |
| ## |
| ## WARNING: old (pre-0.9.4) example.dup used to give wrong information about |
| ## the way the following options are used. Please read the following |
| ## carefully. |
| ## |
| ## If the encryptkey variable is set: |
| ## - data is encrypted with the GnuPG public key specified by the encryptkey |
| ## variable |
| ## - if signing is enabled, data is signed with the GnuPG private |
| ## key specified by the signkey variable |
| ## - the password variable is used to unlock the GnuPG key(s) used |
| ## for encryption and (optionnal) signing |
| ## |
| ## If the encryptkey option is not set: |
| ## - data signing is not possible |
| ## - the password variable is used to encrypt the data with symmetric |
| ## encryption: no GnuPG key pair is needed |
| |
| [gpg] |
| |
| ## when set to yes, encryptkey variable must be set below; if you want to use |
| ## two different keys for encryption and signing, you must also set the signkey |
| ## variable below. |
| ## default is set to no, for backwards compatibility with backupninja <= 0.5. |
| ## |
| ## Default: |
| # sign = no |
| |
| ## ID of the GnuPG public key used for data encryption. |
| ## if not set, symmetric encryption is used, and data signing is not possible. |
| ## an example setting would be: |
| ## encryptkey = 04D9EA79 |
| ## |
| ## Default: |
| # encryptkey = |
| |
| ## ID of the GnuPG private key used for data signing. |
| ## if not set, encryptkey will be used, an example setting would be: |
| ## signkey = 04D9EA79 |
| ## |
| ## Default: |
| # signkey = |
| |
| ## password |
| ## NB: neither quote this, nor should it contain any quotes, |
| ## an example setting would be: |
| ## password = a_very_complicated_passphrase |
| ## |
| ## Default: |
| # password = |
| |
| ###################################################### |
| ## source section |
| ## (where the files to be backed up are coming from) |
| |
| [source] |
| |
| ## A few notes about includes and excludes: |
| ## 1. include, exclude and vsinclude statements support globbing with '*' |
| ## 2. Symlinks are not dereferenced. Moreover, an include line whose path |
| ## contains, at any level, a symlink to a directory, will only have the |
| ## symlink backed-up, not the target directory's content. Yes, you have to |
| ## dereference yourself the symlinks, or to use 'mount --bind' instead. |
| ## Example: let's say /home is a symlink to /mnt/crypt/home ; the following |
| ## line will only backup a "/home" symlink ; neither /home/user nor |
| ## /home/user/Mail will be backed-up : |
| ## include = /home/user/Mail |
| ## A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to |
| ## write : |
| ## include = /mnt/crypt/home/user/Mail |
| ## 3. All the excludes come after all the includes. The order is not otherwise |
| ## taken into account. |
| |
| ## files to include in the backup |
| |
| {%- for fs_include in backup.fs_includes %} |
| include = {{ fs_include }} |
| {%- endfor %} |
| |
| ## If vservers = yes in /etc/backupninja.conf then the following variables can |
| ## be used: |
| ## vsnames = all | <vserver1> <vserver2> ... (default = all) |
| ## vsinclude = <path> |
| ## vsinclude = <path> |
| ## ... |
| ## Any path specified in vsinclude is added to the include list for each vserver |
| ## listed in vsnames (or all if vsnames = all, which is the default). |
| ## |
| ## For example, vsinclude = /home will backup the /home directory in every |
| ## vserver listed in vsnames. If you have 'vsnames = foo bar baz', this |
| ## vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home |
| ## and /vservers/baz/home. |
| ## Vservers paths are derived from $VROOTDIR. |
| |
| # files to exclude from the backup |
| {%- for fs_exclude in backup.fs_excludes %} |
| exclude = {{ fs_exclude }} |
| {%- endfor %} |
| |
| |
| ###################################################### |
| ## destination section |
| ## (where the files are copied to) |
| |
| [dest] |
| |
| ## perform an incremental backup? (default = yes) |
| ## if incremental = no, perform a full backup in order to start a new backup set |
| ## |
| ## Default: |
| # incremental = yes |
| |
| ## how many days of incremental backups before doing a full backup again ; |
| ## default is 30 days (one can also use the time format of duplicity). |
| ## if increments = keep, never automatically perform a new full backup ; |
| ## only perform incremental backups. |
| ## |
| ## Default: |
| # increments = 30 |
| |
| ## how many days of data to keep ; default is 60 days. |
| ## (you can also use the time format of duplicity) |
| ## 'keep = yes' means : do not delete old data, the remote host will take care of this |
| ## |
| ## Default: |
| # keep = 60 |
| |
| # for how many full backups do we keep their later increments ; |
| # default is all (keep all increments). |
| # increments for older full backups will be deleted : only the more |
| # recent ones (count provided) will be kept |
| # |
| ## Default: |
| # keepincroffulls = all |
| |
| ## full destination URL, in duplicity format; if set, desturl overrides |
| ## sshoptions, destdir, desthost and destuser; it also disables testconnect and |
| ## bandwithlimit. For details, see duplicity manpage, section "URL FORMAT", some |
| ## examples include: |
| ## desturl = file:///usr/local/backup |
| ## desturl = rsync://user@other.host//var/backup/bla |
| ## desturl = s3+http:// |
| ## desturl = ftp://myftpuser@ftp.example.org/remote/ftp/path |
| ## the default value of this configuration option is not set: |
| ## |
| ## Default: |
| # desturl = |
| |
| ## Amazon Web Services Access Key ID and Secret Access Key, needed for backups |
| ## to S3 buckets. |
| ## awsaccesskeyid = YOUR_AWS_ACCESS_KEY_ID |
| ## awssecretaccesskey = YOUR_AWS_SECRET_KEY |
| ## |
| ## Default: |
| # awsaccesskeyid = |
| # awssecretaccesskey = |
| |
| ## RackSpace's CloudFiles username, API key, and authentication URL. |
| ## cfusername = YOUR_CF_USERNAME |
| ## cfapikey = YOUR_CF_API_KEY |
| ## cfauthurl = YOUR_CF_AUTH_URL |
| ## |
| ## Default: |
| # cfusername = |
| # cfapikey = |
| # cfauthurl = |
| |
| ## FTP password, needed for backups using desturl = ftp://... |
| ## |
| ## Default: |
| # ftp_password = |
| |
| ## bandwith limit, in Kbit/s ; default is 0, i.e. no limit |
| ## if using 'desturl' above, 'bandwidthlimit' must not be set |
| ## an example setting of 128 Kbit/s would be: |
| ## bandwidthlimit = 128 |
| ## |
| ## Default: |
| # bandwidthlimit = 0 |
| |
| ## duplicity < 0.6.17 |
| ## ------------------ |
| ## passed directly to ssh, scp (and sftp in duplicity >=0.4.2) |
| ## warning: sftp does not support all scp options, especially -i; as |
| ## a workaround, you can use "-o <SSHOPTION>" |
| ## an example setting would be: |
| ## sshoptions = -o IdentityFile=/root/.ssh/id_rsa_duplicity |
| ## |
| ## duplicity >= 0.6.17 |
| ## ------------------ |
| ## supports only "-o IdentityFile=..." |
| ## |
| ## Default: |
| # sshoptions = |
| |
| ## put the backups under this destination directory |
| ## if using 'desturl' above, this must not be set |
| ## in all other cases, this must be set! |
| ## an example setting would be: |
| ## destdir = /backups |
| ## |
| ## Default: |
| # destdir = |
| |
| ## the machine which will receive the backups |
| ## if using 'desturl' above, this must not be set |
| ## in all other cases, this must be set! |
| ## an example setting would be: |
| ## desthost = backuphost |
| ## |
| ## Default: |
| # desthost = |
| |
| ## make the files owned by this user |
| ## if using 'desturl' above, this must not be set |
| ## note: if using an SSH based transport and 'type' is set to 'remote', you must |
| ## be able to 'ssh backupuser@backuphost' without specifying a password. |
| ## an example setting would be: |
| ## destuser = backupuser |
| ## |
| ## Default: |
| # destuser = |