version: '3'

services:
  backup:
    image: mazzolino/restic:1.7.1
    container_name: restic-backup
    restart: unless-stopped
    networks:
      - private
    hostname: docker
    volumes:
      - ${HOME}/services/nextcloud:/source/nextcloud:ro
      - /etc:/source/etc:ro
    environment:
      RUN_ON_STARTUP: 'true'
      BACKUP_CRON: '0 30 3 * * *' # backups run every day at 03:30
      RESTIC_PASSWORD: /run/secrets/restic_password
      RESTIC_REPOSITORY: /run/secrets/b2_bucket
      RESTIC_BACKUP_SOURCES: /source
      RESTIC_BACKUP_ARGS: >-
        --tag docker-volumes
        --verbose
      RESTIC_FORGET_ARGS: >-
        --keep-last 10
        --keep-daily 7
        --keep-weekly 5
        --keep-monthly 12
      B2_ACCOUNT_ID: /run/secrets/b2_account_id
      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
      TZ: 'Europe/Berlin'
    secrets:
      - b2_bucket
      - restic_password
      - b2_account_id
      - b2_account_key

  prune:
    image: mazzolino/restic:1.7.1
    container_name: restic-prune
    restart: unless-stopped
    hostname: docker
    environment:
      RUN_ON_STARTUP: 'false'
      PRUNE_CRON: '0 0 4 * * *' # prune runs every day at 04:00
      RESTIC_REPOSITORY: /run/secrets/b2_bucket
      RESTIC_PASSWORD: /run/secrets/restic_password
      B2_ACCOUNT_ID: /run/secrets/b2_account_id
      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
      TZ: 'Europe/Berlin'
    secrets:
      - b2_bucket
      - restic_password
      - b2_account_id
      - b2_account_key

  check:
    image: mazzolino/restic:1.7.1
    container_name: restic-check
    restart: unless-stopped
    hostname: docker
    environment:
      RUN_ON_STARTUP: 'false'
      CHECK_CRON: '0 30 4 * * *' # check runs every day at 04:30
      RESTIC_CHECK_ARGS: >-
        --read-data-subset=10%
      RESTIC_REPOSITORY: /run/secrets/b2_bucket
      RESTIC_PASSWORD: /run/secrets/restic_password
      B2_ACCOUNT_ID: /run/secrets/b2_account_id
      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
      TZ: 'Europe/Berlin'
    secrets:
      - b2_bucket
      - restic_password
      - b2_account_id
      - b2_account_key

networks:
  private: {}

secrets:
  restic_password:
    file: /etc/secure_config/.restic_password.txt
  b2_account_id:
    file: /etc/secure_config/.b2_account_id.txt
  b2_account_key:
    file: /etc/secure_config/.b2_account_key.txt
  b2_bucket:
    file: /etc/secure_config/.b2_bucket.txt