diff --git a/Dockerfile b/Dockerfile index 23f0275..617bfb0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy +FROM ghcr.io/linuxserver/baseimage-ubuntu:noble # set version label ARG BUILD_DATE @@ -10,31 +10,33 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA LABEL maintainer="aptalca" # environment settings -ENV HOME="/config" -ENV DEBIAN_FRONTEND="noninteractive" +ARG DEBIAN_FRONTEND="noninteractive" +ENV HOME="/config" \ + TMPDIR=/run/duplicati-temp \ + DUPLICATI__REQUIRE_DB_ENCRYPTION_KEY=true \ + DUPLICATI__SERVER_DATAFOLDER=/config \ + DUPLICATI__WEBSERVICE_PORT=8200 \ + DUPLICATI__WEBSERVICE_INTERFACE=any \ + DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=* RUN \ - echo "**** add mono repository ****" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ - echo "deb http://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official.list && \ echo "**** install packages ****" && \ apt-get update && \ apt-get install -y \ - mono-devel \ - mono-vbnc \ + libicu74 \ unzip && \ echo "**** install duplicati ****" && \ if [ -z ${DUPLICATI_RELEASE+x} ]; then \ DUPLICATI_RELEASE=$(curl -sX GET "https://api.github.com/repos/duplicati/duplicati/releases" \ | jq -r 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name'); \ fi && \ - mkdir -p \ - /app/duplicati && \ - duplicati_url=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"${DUPLICATI_RELEASE}" |jq -r '.assets[].browser_download_url' |grep '.zip$' |grep -v signatures) && \ + duplicati_url=$(curl -s "https://api.github.com/repos/duplicati/duplicati/releases/tags/${DUPLICATI_RELEASE}" | jq -r '.assets[].browser_download_url' |grep 'linux-x64-gui.zip$') && \ curl -o \ /tmp/duplicati.zip -L \ "${duplicati_url}" && \ - unzip -q /tmp/duplicati.zip -d /app/duplicati && \ + unzip -q /tmp/duplicati.zip -d /app && \ + mv /app/duplicati* /app/duplicati && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apt-get clean && \ rm -rf \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 449cdfe..c062455 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy +FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-noble # set version label ARG BUILD_DATE @@ -10,31 +10,33 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA LABEL maintainer="aptalca" # environment settings -ENV HOME="/config" -ENV DEBIAN_FRONTEND="noninteractive" +ARG DEBIAN_FRONTEND="noninteractive" +ENV HOME="/config" \ + TMPDIR=/run/duplicati-temp \ + DUPLICATI__REQUIRE_DB_ENCRYPTION_KEY=true \ + DUPLICATI__SERVER_DATAFOLDER=/config \ + DUPLICATI__WEBSERVICE_PORT=8200 \ + DUPLICATI__WEBSERVICE_INTERFACE=any \ + DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=* RUN \ - echo "**** add mono repository ****" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ - echo "deb http://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official.list && \ echo "**** install pockages ****" && \ apt-get update && \ apt-get install -y \ - mono-devel \ - mono-vbnc \ + libicu74 \ unzip && \ echo "**** install duplicati ****" && \ if [ -z ${DUPLICATI_RELEASE+x} ]; then \ DUPLICATI_RELEASE=$(curl -sX GET "https://api.github.com/repos/duplicati/duplicati/releases" \ | jq -r 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name'); \ fi && \ - mkdir -p \ - /app/duplicati && \ - duplicati_url=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"${DUPLICATI_RELEASE}" |jq -r '.assets[].browser_download_url' |grep '.zip$' |grep -v signatures) && \ + duplicati_url=$(curl -s "https://api.github.com/repos/duplicati/duplicati/releases/tags/${DUPLICATI_RELEASE}" | jq -r '.assets[].browser_download_url' |grep 'linux-arm64-gui.zip$') && \ curl -o \ /tmp/duplicati.zip -L \ "${duplicati_url}" && \ - unzip -q /tmp/duplicati.zip -d /app/duplicati && \ + unzip -q /tmp/duplicati.zip -d /app && \ + mv /app/duplicati* /app/duplicati && \ + printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ echo "**** cleanup ****" && \ apt-get clean && \ rm -rf \ diff --git a/Jenkinsfile b/Jenkinsfile index 194d556..b9fb864 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -35,9 +35,9 @@ pipeline { CI_PORT='8200' CI_SSL='false' CI_DELAY='120' - CI_DOCKERENV='TZ=US/Pacific|ISCI=true' - CI_AUTH='user:password' - CI_WEBPATH='' + CI_DOCKERENV='SETTINGS_ENCRYPTION_KEY=abcde12345' + CI_AUTH='' + CI_WEBPATH='/login.html' } stages { stage("Set git config"){ @@ -543,7 +543,7 @@ pipeline { --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ --label \"org.opencontainers.image.title=Duplicati\" \ - --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \ + --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." @@ -575,7 +575,7 @@ pipeline { --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ --label \"org.opencontainers.image.title=Duplicati\" \ - --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \ + --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." @@ -604,7 +604,7 @@ pipeline { --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ --label \"org.opencontainers.image.title=Duplicati\" \ - --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \ + --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ --provenance=false --sbom=false \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." diff --git a/README.md b/README.md index 91e9a7b..0f3c8e4 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Find us at: [![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-duplicati%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-duplicati/job/master/) [![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fduplicati%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/duplicati/latest/index.html) -[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others. +[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others. [![duplicati](https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/duplicati-icon.png)](https://www.duplicati.com/) @@ -68,7 +68,9 @@ This image provides various versions that are available via tags. Please read th ## Application Setup -The webui is at `:8200` , create backup jobs etc via the webui, for local backups select `/backups` as the destination. For more information see [Duplicati](https://www.duplicati.com/). +The webui is at `:8200`. + +For local backups select `/backups` as the destination. For more information see [Duplicati](https://www.duplicati.com/). ## Usage @@ -87,9 +89,11 @@ services: - PUID=1000 - PGID=1000 - TZ=Etc/UTC + - SETTINGS_ENCRYPTION_KEY= - CLI_ARGS= #optional + - DUPLICATI__WEBSERVICE_PASSWORD= #optional volumes: - - /path/to/appdata/config:/config + - /path/to/duplicati/config:/config - /path/to/backups:/backups - /path/to/source:/source ports: @@ -105,9 +109,11 @@ docker run -d \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ + -e SETTINGS_ENCRYPTION_KEY= \ -e CLI_ARGS= `#optional` \ + -e DUPLICATI__WEBSERVICE_PASSWORD= `#optional` \ -p 8200:8200 \ - -v /path/to/appdata/config:/config \ + -v /path/to/duplicati/config:/config \ -v /path/to/backups:/backups \ -v /path/to/source:/source \ --restart unless-stopped \ @@ -124,7 +130,9 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | +| `-e SETTINGS_ENCRYPTION_KEY=` | Encryption key for settings database. Minimum 8 characters, alphanumeric. | | `-e CLI_ARGS=` | Optionally specify any [CLI variables](https://duplicati.readthedocs.io/en/latest/07-other-command-line-utilities/) you want to launch the app with | +| `-e DUPLICATI__WEBSERVICE_PASSWORD=` | Password for the webui. If left unset will default to `changeme` and can be changed from the webui settings. | | `-v /config` | Contains all relevant configuration files. | | `-v /backups` | Path to store local backups. | | `-v /source` | Path to source for files to backup. | @@ -291,7 +299,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **15.02.23:** - Deprecate armhf. +* **29.11.24:** - Rebase to Noble, add support for settings DB encryption. +* **15.02.23:** - Rebase to Jammy. * **03.08.22:** - Deprecate armhf. * **25.04.22:** - Rebase to mono:focal. * **01.08.19:** - Rebase to Linuxserver LTS mono version. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index a68c733..55fb411 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,7 +6,6 @@ external_type: custom_json release_type: stable release_tag: latest ls_branch: master -build_armhf: false repo_vars: - JSON_URL = 'https://api.github.com/repos/duplicati/duplicati/releases' - JSON_PATH = 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name' @@ -24,6 +23,6 @@ repo_vars: - CI_PORT='8200' - CI_SSL='false' - CI_DELAY='120' - - CI_DOCKERENV='TZ=US/Pacific|ISCI=true' - - CI_AUTH='user:password' - - CI_WEBPATH='' + - CI_DOCKERENV='SETTINGS_ENCRYPTION_KEY=abcde12345' + - CI_AUTH='' + - CI_WEBPATH='/login.html' diff --git a/readme-vars.yml b/readme-vars.yml index 25b4e50..bdd5916 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -4,7 +4,7 @@ project_name: duplicati project_url: "https://www.duplicati.com/" project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/duplicati-icon.png" -project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others." +project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others." project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" # supported architectures @@ -23,33 +23,34 @@ common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." } + - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Contains all relevant configuration files." } - { vol_path: "/backups", vol_host_path: "/path/to/backups", desc: "Path to store local backups." } - { vol_path: "/source", vol_host_path: "/path/to/source", desc: "Path to source for files to backup." } param_usage_include_ports: true param_ports: - { external_port: "8200", internal_port: "8200", port_desc: "http gui" } + param_usage_include_env: true param_env_vars: - - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} + - { env_var: "SETTINGS_ENCRYPTION_KEY", env_value: "", desc: "Encryption key for settings database. Minimum 8 characters, alphanumeric."} # optional container parameters opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "CLI_ARGS", env_value: "", desc: "Optionally specify any [CLI variables](https://duplicati.readthedocs.io/en/latest/07-other-command-line-utilities/) you want to launch the app with" } - -# optional parameters -optional_block_1: false -optional_block_1_items: "" + - { env_var: "DUPLICATI__WEBSERVICE_PASSWORD", env_value: "", desc: "Password for the webui. If left unset will default to `changeme` and can be changed from the webui settings."} # application setup block app_setup_block_enabled: true app_setup_block: | - The webui is at `:8200` , create backup jobs etc via the webui, for local backups select `/backups` as the destination. For more information see [Duplicati]({{project_url}}). + The webui is at `:8200`. + + For local backups select `/backups` as the destination. For more information see [Duplicati]({{project_url}}). # changelog changelogs: - - { date: "15.02.23:", desc: "Deprecate armhf." } + - { date: "29.11.24:", desc: "Rebase to Noble, add support for settings DB encryption." } + - { date: "15.02.23:", desc: "Rebase to Jammy." } - { date: "03.08.22:", desc: "Deprecate armhf." } - { date: "25.04.22:", desc: "Rebase to mono:focal." } - { date: "01.08.19:", desc: "Rebase to Linuxserver LTS mono version." } diff --git a/root/etc/s6-overlay/s6-rc.d/init-duplicati-config/run b/root/etc/s6-overlay/s6-rc.d/init-duplicati-config/run index efea851..e250138 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-duplicati-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-duplicati-config/run @@ -1,6 +1,36 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +mkdir -p /run/duplicati-temp + +if [[ -f "/config/Duplicati-server.sqlite" ]]; then + # Existing install + if [[ -n ${SETTINGS_ENCRYPTION_KEY} ]]; then + # Enable settings encryption + true + else + # Disable settings encryption + printf "true" > /run/s6/container_environment/DUPLICATI__DISABLE_DB_ENCRYPTION + echo "*** Missing encryption key, unable to encrypt your settings database ***" + echo "*** Please set a value for SETTINGS_ENCRYPTION_KEY and recreate the container ***" + fi +else + # New install + if [[ -z ${DUPLICATI__WEBSERVICE_PASSWORD} ]]; then + printf "changeme" > /run/s6/container_environment/DUPLICATI__WEBSERVICE_PASSWORD + fi + if [[ -n ${SETTINGS_ENCRYPTION_KEY} ]]; then + # Enable settings encryption + true + else + # Halt init + echo "*** Missing encryption key, unable to encrypt your settings database ***" + echo "*** Please set a value for SETTINGS_ENCRYPTION_KEY and recreate the container ***" + sleep infinity + fi +fi + # permissions lsiown -R abc:abc \ - /config + /config \ + /run/duplicati-temp diff --git a/root/etc/s6-overlay/s6-rc.d/svc-duplicati/run b/root/etc/s6-overlay/s6-rc.d/svc-duplicati/run index 23ca6b4..c423daa 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-duplicati/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-duplicati/run @@ -3,5 +3,4 @@ exec \ s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8200" \ - cd /app/duplicati s6-setuidgid abc mono Duplicati.Server.exe \ - --webservice-interface=any --server-datafolder=/config --webservice-allowed-hostnames=* $CLI_ARGS + cd /app/duplicati s6-setuidgid abc ./duplicati-server $CLI_ARGS