# gpg encryption settings, simple settings: # GPG_KEY='disabled' - disables encryption alltogether # GPG_KEY='[,]'; GPG_PW='pass' - encrypt with keys, # sign if secret key of key1 is available use GPG_PW for sign & decrypt # Note: you can specify keys via all methods described in gpg manpage, # section "How to specify a user ID", escape commas (,) via backslash (\) # e.g. 'Mueller, Horst', 'Bernd' -> 'Mueller\, Horst, Bernd' # as they are used to separate the entries # GPG_PW='passphrase' - symmetric encryption using passphrase only #GPG_KEY='_KEY_ID_' GPG_PW='{{ duplicity_passphrase }}' # gpg encryption settings in detail (extended settings) # the above settings translate to the following more specific settings # GPG_KEYS_ENC='[,,...]' - list of pubkeys to encrypt to # GPG_KEY_SIGN='|disabled' - a secret key for signing # GPG_PW='' - needed for signing, decryption and symmetric # encryption. If you want to deliver different passphrases for e.g. # several keys or symmetric encryption plus key signing you can use # gpg-agent. Simply make sure that GPG_AGENT_INFO is set in environment. # also see "A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING" in duplicity manpage # notes on en/decryption # private key and passphrase will only be needed for decryption or signing. # decryption happens on restore and incrementals (compare archdir contents). # for security reasons it makes sense to separate the signing key from the # encryption keys. https://answers.launchpad.net/duplicity/+question/107216 #GPG_KEYS_ENC=',,...' #GPG_KEY_SIGN='' # set if signing key passphrase differs from encryption (key) passphrase # NOTE: available since duplicity 0.6.14, translates to SIGN_PASSPHRASE #GPG_PW_SIGN='' # gpg options passed from duplicity to gpg process (default='') # e.g. "--trust-model pgp|classic|direct|always" # or "--compress-algo=bzip2 --bzip2-compress-level=9" # or "--personal-cipher-preferences AES256,AES192,AES..." # or "--homedir ~/.duply" - keep keyring and gpg settings duply specific #GPG_OPTS='' # disable preliminary tests with the following setting #GPG_TEST='disabled' # credentials & server address of the backup target (URL-Format) # syntax is # scheme://[user:password@]host[:port]/[/]path # for details see duplicity manpage, section URL Format # http://duplicity.nongnu.org/duplicity.1.html#sect8 # probably one out of # # for cloudfiles backend user id is CLOUDFILES_USERNAME, password is # # CLOUDFILES_APIKEY, you might need to set CLOUDFILES_AUTHURL manually # cf+http://[user:password@]container_name # dpbx:///some_dir # file://[relative|/absolute]/local/path # ftp[s]://user[:password]@other.host[:port]/some_dir # gdocs://user[:password]@other.host/some_dir # # for the google cloud storage (since duplicity 0.6.22) # # user/password are GS_ACCESS_KEY_ID/GS_SECRET_ACCESS_KEY # gs://bucket[/prefix] # hsi://user[:password]@other.host/some_dir # imap[s]://user[:password]@host.com[/from_address_prefix] # mega://user[:password]@mega.co.nz/some_dir # rsync://user[:password]@host.com[:port]::[/]module/some_dir # # rsync over ssh (only keyauth) # rsync://user@host.com[:port]/[relative|/absolute]_path # # for the s3 user/password are AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY # s3://[user:password@]host/bucket_name[/prefix] # s3+http://[user:password@]bucket_name[/prefix] # # scp and sftp are aliases for the ssh backend # ssh://user[:password]@other.host[:port]/[/]some_dir # # for authenticated swift define TARGET_USER or SWIFT_USERNAME, # # TARGET_PASS or SWIFT_PASSWORD, SWIFT_AUTHURL (mandatory, the path to # # your identity service, omitting leads to an error with swift), # # optionally SWIFT_AUTHVERSION (which defaults to "1") # swift://container_name # tahoe://alias/directory # webdav[s]://user[:password]@other.host/some_dir # ATTENTION: characters other than A-Za-z0-9.-_.~ in the URL have # to be replaced by their url encoded pendants, see # http://en.wikipedia.org/wiki/Url_encoding # if you define the credentials as TARGET_USER, TARGET_PASS below # duply will try to url_encode them for you if the need arises {% if duplicity_use_ftps %} TARGET='ftps://{{ duplicity_backup_server }}/{{ duplicity_backup_dest_dir }}' {% else %} TARGET='{{ duplicity_target_protocol }}://{{ duplicity_backup_server }}/{{ duplicity_backup_dest_dir }}' {% endif %} # optionally the username/password can be defined as extra variables # setting them here _and_ in TARGET results in an error {% if not duplicity_use_ssh_keys %} TARGET_USER='{{ duplicity_backup_user }}' TARGET_PASS='{{ duplicity_ftp_password }}' {% endif %} # base directory to backup SOURCE='/' # a command that runs duplicity e.g. # shape bandwidth use via trickle # "trickle -s -u 640 -d 5120" # 5Mb up, 40Mb down" #DUPL_PRECMD="" # exclude folders containing exclusion file (since duplicity 0.5.14) # Uncomment the following two lines to enable this setting. #FILENAME='.duplicity-ignore' #DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" # Time frame for old backups to keep, Used for the "purge" command. # see duplicity man page, chapter TIME_FORMATS) MAX_AGE={{ duplicity_max_backup_age }} # Number of full backups to keep. Used for the "purge-full" command. # See duplicity man page, action "remove-all-but-n-full". MAX_FULL_BACKUPS={{ duplicity_max_full_backups }} # Number of full backups for which incrementals will be kept for. # Used for the "purge-incr" command. # See duplicity man page, action "remove-all-inc-of-but-n-full". MAX_FULLS_WITH_INCRS={{ duplicity_max_full_with_incrs }} # activates duplicity --full-if-older-than option (since duplicity v0.4.4.RC3) # forces a full backup if last full backup reaches a specified age, for the # format of MAX_FULLBKP_AGE see duplicity man page, chapter TIME_FORMATS # Uncomment the following two lines to enable this setting. #MAX_FULLBKP_AGE=1M #DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " # sets duplicity --volsize option (available since v0.4.3.RC7) # set the size of backup chunks to VOLSIZE MB instead of the default 25MB. # VOLSIZE must be number of MB's to set the volume size to. # Uncomment the following two lines to enable this setting. VOLSIZE={{ duplicity_volsize }} DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE " # verbosity of output (error 0, warning 1-2, notice 3-4, info 5-8, debug 9) # default is 4, if not set VERBOSITY={{ duplicity_verbosity }} # temporary file space. at least the size of the biggest file in backup # for a successful restoration process. (default is '/tmp', if not set) TEMP_DIR={{ duplicity_temp_dir }} # Modifies archive-dir option (since 0.6.0) Defines a folder that holds # unencrypted meta data of the backup, enabling new incrementals without the # need to decrypt backend metadata first. If empty or deleted somehow, the # private key and it's password are needed. # NOTE: This is confidential data. Put it somewhere safe. It can grow quite # big over time so you might want to put it not in the home dir. # default '~/.cache/duplicity/duply_/' # if set '${ARCH_DIR}/' #ARCH_DIR=/some/space/safe/.duply-cache