compose/backup/compose.yml

version: "3.8"

services:
  # kopia:
  #   image: kopia/kopia:latest
  #   container_name: kopia
  #   restart: unless-stopped
  #   # We explicitly run as root (0:0) to solve the CHDIR issue, 
  #   # OR we make sure the host folders match UID 1000.
  #   user: "0:0" 
  #   command:
  #     - server
  #     - start
  #     - --address=0.0.0.0:51515
  #     - --server-username=${KOPIA_SERVER_USER}
  #     - --server-password=${KOPIA_SERVER_PASSWORD}
  #     - --config-file=/app/config/repository.config
  #     - --disable-csrf-token-checks
  #     - --insecure
  #   environment:
  #     - TZ=America/Montreal
  #     - KOPIA_PASSWORD=${KOPIA_PASSWORD}
  #     - USER=${KOPIA_USER}
  #   volumes:
  #     - /mnt/HoardingCow_docker_data/Kopia/config:/app/config
  #     - /mnt/HoardingCow_docker_data/Kopia/cache:/app/cache
  #     - /mnt/HoardingCow_docker_data/Kopia/repository:/repository
  #     # Required if you want to use the 'Mount' feature later
  #     - /tmp:/tmp:shared
  #     # Required for mounting backups as drives
  #   cap_add:
  #     - SYS_ADMIN
  #   devices:
  #     - /dev/fuse:/dev/fuse
  #   networks:
  #     - traefik-net
  #   labels:
  #     - "traefik.enable=true"
  #     # 1. HTTP to HTTPS Redirect
  #     - "traefik.http.routers.kopia-http.rule=Host(`backup.lazyworkhorse.net`)"
  #     - "traefik.http.routers.kopia-http.entrypoints=web"
  #     - "traefik.http.routers.kopia-http.middlewares=redirect-to-https@docker"
  #     
  #     # 2. HTTPS Configuration
  #     - "traefik.http.routers.kopia.rule=Host(`backup.lazyworkhorse.net`)"
  #     - "traefik.http.routers.kopia.entrypoints=websecure"
  #     - "traefik.http.routers.kopia.tls=true"
  #     - "traefik.http.routers.kopia.tls.certresolver=njalla"
  #     
  #     # 3. Backend Service Config
  #     - "traefik.http.services.kopia.loadbalancer.server.port=51515"

  restic-server:
    image: restic/restic:latest
    container_name: restic-server
    restart: always 
    user: "0:0"
    command: ["server", "--listen", ":8080", "--repo", "/data", "--tls-cert", "", "--tls-key", ""]
    environment:
      - TZ=America/Montreal
      - RESTIC_PASSWORD=${RESTIC_PASSWORD}
    volumes:
      - /mnt/HoardingCow_docker_data/Restic/data:/data
      # Mount paths to backup (adjust as needed)
      - /mnt/HoardingCow_docker_data:/source:ro
    networks:
      - backup_net
    labels:
      - "traefik.enable=false" # Internal only, accessed by restic-browser

  restic-browser:
    image: embergarage/restic-browser:latest
    container_name: restic-browser
    restart: always 
    environment:
      - TZ=America/Montreal
      - RESTIC_REPOSITORY=http://restic-server:8080
      - RESTIC_PASSWORD=${RESTIC_PASSWORD}
    networks:
      - backup_net
    labels:
      - "traefik.enable=true"
      # 1. HTTP to HTTPS Redirect
      - "traefik.http.routers.restic-browser-http.rule=Host(`backup.lazyworkhorse.net`)"
      - "traefik.http.routers.restic-browser-http.entrypoints=web"
      - "traefik.http.routers.restic-browser-http.middlewares=redirect-to-https@docker"
      
      # 2. HTTPS Configuration
      - "traefik.http.routers.restic-browser.rule=Host(`backup.lazyworkhorse.net`)"
      - "traefik.http.routers.restic-browser.entrypoints=websecure"
      - "traefik.http.routers.restic-browser.tls=true"
      - "traefik.http.routers.restic-browser.tls.certresolver=njalla"
      
      # 3. Backend Service Config
      - "traefik.http.services.restic-browser.loadbalancer.server.port=8000"

networks:
  backup_net:
    driver: bridge
    name: backup_net
Progress dump before ai agent 2026-04-04 04:48:49 -04:00			`version: "3.8"`

			`services:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`# kopia:`
			`# image: kopia/kopia:latest`
			`# container_name: kopia`
			`# restart: unless-stopped`
			`# # We explicitly run as root (0:0) to solve the CHDIR issue,`
			`# # OR we make sure the host folders match UID 1000.`
			`# user: "0:0"`
			`# command:`
			`# - server`
			`# - start`
			`# - --address=0.0.0.0:51515`
			`# - --server-username=${KOPIA_SERVER_USER}`
			`# - --server-password=${KOPIA_SERVER_PASSWORD}`
			`# - --config-file=/app/config/repository.config`
			`# - --disable-csrf-token-checks`
			`# - --insecure`
			`# environment:`
			`# - TZ=America/Montreal`
			`# - KOPIA_PASSWORD=${KOPIA_PASSWORD}`
			`# - USER=${KOPIA_USER}`
			`# volumes:`
			`# - /mnt/HoardingCow_docker_data/Kopia/config:/app/config`
			`# - /mnt/HoardingCow_docker_data/Kopia/cache:/app/cache`
			`# - /mnt/HoardingCow_docker_data/Kopia/repository:/repository`
			`# # Required if you want to use the 'Mount' feature later`
			`# - /tmp:/tmp:shared`
			`# # Required for mounting backups as drives`
			`# cap_add:`
			`# - SYS_ADMIN`
			`# devices:`
			`# - /dev/fuse:/dev/fuse`
			`# networks:`
			`# - traefik-net`
			`# labels:`
			`# - "traefik.enable=true"`
			`# # 1. HTTP to HTTPS Redirect`
			# - "traefik.http.routers.kopia-http.rule=Host(`backup.lazyworkhorse.net`)"
			`# - "traefik.http.routers.kopia-http.entrypoints=web"`
			`# - "traefik.http.routers.kopia-http.middlewares=redirect-to-https@docker"`
			`#`
			`# # 2. HTTPS Configuration`
			# - "traefik.http.routers.kopia.rule=Host(`backup.lazyworkhorse.net`)"
			`# - "traefik.http.routers.kopia.entrypoints=websecure"`
			`# - "traefik.http.routers.kopia.tls=true"`
			`# - "traefik.http.routers.kopia.tls.certresolver=njalla"`
			`#`
			`# # 3. Backend Service Config`
			`# - "traefik.http.services.kopia.loadbalancer.server.port=51515"`

			`restic-server:`
			`image: restic/restic:latest`
			`container_name: restic-server`
			`restart: always`
			`user: "0:0"`
			`command: ["server", "--listen", ":8080", "--repo", "/data", "--tls-cert", "", "--tls-key", ""]`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00			`environment:`
			`- TZ=America/Montreal`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- RESTIC_PASSWORD=${RESTIC_PASSWORD}`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00			`volumes:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- /mnt/HoardingCow_docker_data/Restic/data:/data`
			`# Mount paths to backup (adjust as needed)`
			`- /mnt/HoardingCow_docker_data:/source:ro`
			`networks:`
			`- backup_net`
			`labels:`
			`- "traefik.enable=false" # Internal only, accessed by restic-browser`

			`restic-browser:`
			`image: embergarage/restic-browser:latest`
			`container_name: restic-browser`
			`restart: always`
			`environment:`
			`- TZ=America/Montreal`
			`- RESTIC_REPOSITORY=http://restic-server:8080`
			`- RESTIC_PASSWORD=${RESTIC_PASSWORD}`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00			`networks:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- backup_net`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00			`labels:`
			`- "traefik.enable=true"`
			`# 1. HTTP to HTTPS Redirect`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			- "traefik.http.routers.restic-browser-http.rule=Host(`backup.lazyworkhorse.net`)"
			`- "traefik.http.routers.restic-browser-http.entrypoints=web"`
			`- "traefik.http.routers.restic-browser-http.middlewares=redirect-to-https@docker"`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00
			`# 2. HTTPS Configuration`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			- "traefik.http.routers.restic-browser.rule=Host(`backup.lazyworkhorse.net`)"
			`- "traefik.http.routers.restic-browser.entrypoints=websecure"`
			`- "traefik.http.routers.restic-browser.tls=true"`
			`- "traefik.http.routers.restic-browser.tls.certresolver=njalla"`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00
			`# 3. Backend Service Config`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- "traefik.http.services.restic-browser.loadbalancer.server.port=8000"`
Progress dump before ai agent 2026-04-04 04:48:49 -04:00
			`networks:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`backup_net:`
fix: create networks as bridge instead of external - Changed all networks from external: true to driver: bridge - Fixes chicken-and-egg problem where networks must exist before stacks can start - backup_net, ai_net, auth_net, cloud_net, coms_net, finance_net, home_auto_net, homepage_net, passman_net, tak_net, vc_net now created automatically 2026-04-29 18:42:09 +00:00			`driver: bridge`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`name: backup_net`