1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# passed directly to duplicity
#options = --verbosity 8
# default is 0, but set to 19 if you want to lower the priority.
nicelevel = 19
# default is yes. set to no to skip the test if the remote host is alive
#testconnect = no
######################################################
## gpg section
## (how to encrypt and optionnally sign the backups)
##
## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
## the way the following options are used. Please read ahead
## carefully.
##
## If the encryptkey variable is set:
## - data is encrypted with the GnuPG public key specified by the encryptkey
## variable
## - if signing is enabled, the password variable is used to unlock the GnuPG
## private key used for signing; else, you do not need to set the password
## variable
## If the encryptkey option is not set:
## - data signing is not possible
## - the password variable is used to encrypt the data with symmetric
## encryption: no GnuPG key pair is needed
[gpg]
# when set to yes, encryptkey variable must be set bellow; if you want to use
# two different keys for encryption and signing, you must also set the signkey
# variable bellow.
# default is no, for backward compatibility with backupninja <= 0.5.
sign = yes
# ID of the GnuPG public key used for data encryption.
# if not set, symmetric encryption is used, and data signing is not possible.
encryptkey = 04D9EA79
# ID of the GnuPG private key used for data signing.
# if not set, encryptkey will be used.
#signkey = 04D9EA79
# password
# NB: do not quote it, and it should not contain any quote
password = a_very_complicated_passphrase
######################################################
## source section
## (where the files to be backed up are coming from)
[source]
# files to include in the backup
# (supports globbing with '*')
# BIG FAT WARNING
# Symlinks are not dereferenced. Moreover, an include line whose path
# contains, at any level, a symlink to a directory, will only have the
# symlink backed-up, not the target directory's content. Yes, you have
# to dereference yourself the symlinks, or to use 'mount --bind'
# instead.
# EXAMPLE
# Let's say /home is a symlink to /mnt/crypt/home ; the following line
# will only backup a "/home" symlink ; neither /home/user nor
# /home/user/Mail will be backed-up :
# include = /home/user/Mail
# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
# one is to write :
# include = /mnt/crypt/home/user/Mail
include = /var/spool/cron/crontabs
include = /var/backups
include = /etc
include = /root
include = /home
include = /usr/local/bin
include = /usr/local/sbin
include = /var/lib/dpkg/status
include = /var/lib/dpkg/status-old
# If vservers = yes in /etc/backupninja.conf then the following variables can
# be used:
# vsnames = all | <vserver1> <vserver2> ... (default = all)
# vsinclude = <path>
# vsinclude = <path>
# ...
# Any path specified in vsinclude is added to the include list for each vserver
# listed in vsnames (or all if vsnames = all).
#
# For example, vsinclude = /home will backup the /home directory in every
# vserver listed in vsnames. If you have 'vsnames = foo bar baz', this
# vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
# and /vservers/baz/home.
# Vservers paths are derived from $VROOTDIR.
# rdiff-backup specific comment, TO ADAPT
# files to exclude from the backup
# (supports globbing with '*')
exclude = /home/*/.gnupg
######################################################
## destination section
## (where the files are copied to)
[dest]
# perform an incremental backup? (default = yes)
# if incremental = no, perform a full backup in order to start a new backup set
#incremental = yes
# how many days of data to keep ; default is 60 days.
# (you can also use the time format of duplicity)
# 'keep = yes' means : do not delete old data, the remote host will take care of this
#keep = 60
#keep = yes
# bandwith limit, in kbit/s ; default is 0, i.e. no limit
#bandwidthlimit = 128
# passed directly to ssh and scp
sshoptions = -i /root/.ssh/id_dsa_duplicity
# put the backups under this directory
destdir = /backups
# the machine which will receive the backups
desthost = backuphost
# make the files owned by this user
# note: you must be able to ssh backupuser@backhost
# without specifying a password (if type = remote).
destuser = backupuser
|