# Copy to /etc/restic-backup.env on the host. Permissions: 0600 root:root. # RESTIC_PASSWORD lives in /etc/restic-backup.password (mode 0400 root:root) # — the backup script sets RESTIC_PASSWORD_FILE from there, so the password # never appears in the process listing or this env file. # ── Restic repositories ──────────────────────────────────────────────────── # Local NAS path (must be mounted before the timer fires; see runbook). RESTIC_REPO_NAS=/mnt/backup-server/restic/scrum4me-srv # Backblaze B2 repo, format: b2:: # Bucket must have Object Lock (Governance) with default retention >= 30 days. RESTIC_REPO_B2=b2:scrum4me-srv-backup:scrum4me-srv # ── Backblaze B2 server key ──────────────────────────────────────────────── # Capabilities REQUIRED: listBuckets, listFiles, readFiles, writeFiles # Capabilities FORBIDDEN: deleteFiles, deleteKeys, bypassGovernance # Create with: # b2 application-key create \ # --bucket scrum4me-srv-backup \ # --name-prefix scrum4me-srv \ # server-backup-key \ # listBuckets,listFiles,readFiles,writeFiles B2_ACCOUNT_ID=REPLACE_WITH_B2_KEY_ID B2_ACCOUNT_KEY=REPLACE_WITH_B2_APPLICATION_KEY # ── Forgejo backup target (optional — set to skip if Forgejo not deployed) ─ # Container name as it appears in `docker ps`. Set to "" or comment out to # skip the Forgejo phases entirely. FORGEJO_CONTAINER=forgejo # Path to app.ini INSIDE the Forgejo container (used by `forgejo dump -c`). FORGEJO_CONFIG=/data/gitea/conf/app.ini # Postgres database name for Forgejo (empty = use SQLite, skip forgejo_db_dump). FORGEJO_DB_NAME=forgejo # Postgres container + role for Forgejo's DB (defaults match scrum4me stack). FORGEJO_DB_CONTAINER=scrum4me-postgres FORGEJO_DB_USER=scrum4me # ── Scrum4Me Postgres (required for postgres_dump phase) ─────────────────── PG_CONTAINER=scrum4me-postgres PG_DUMPALL_USER=scrum4me # ── Optional bandwidth limit for restic B2 upload (KiB/s; 0 = unlimited) ── # Translated by the script into `restic --limit-upload "$BACKUP_LIMIT_UPLOAD_KIB"`. # BACKUP_LIMIT_UPLOAD_KIB=5000