# default is yes. set to no to skip the test if the remote host is alive
#testconnect = no
+# temporary directory used by duplicity
+# (default = /tmp or /usr/tmp, depending on the system)
+#tmpdir = /var/tmp/duplicity
+
######################################################
## gpg section
-## (how to encrypt and optionnally sign the backups)
+## (how to encrypt and optionally sign the backups)
+##
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
+## the way the following options are used. Please read the following
+## carefully.
+##
+## If the encryptkey variable is set:
+## - data is encrypted with the GnuPG public key specified by the encryptkey
+## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
+## If the encryptkey option is not set:
+## - data signing is not possible
+## - the password variable is used to encrypt the data with symmetric
+## encryption: no GnuPG key pair is needed
[gpg]
-# passphrase needed to unlock the GnuPG key
-# NB: do not quote it, and it should not contain any quote
-password = a_very_complicated_passphrase
-
-# default is no, for backward compatibility with backupninja <= 0.5.
-# when set to yes, either signkey or encryptkey option must be set below.
+# when set to yes, encryptkey variable must be set below; if you want to use
+# two different keys for encryption and signing, you must also set the signkey
+# variable below.
+# default is no, for backwards compatibility with backupninja <= 0.5.
sign = yes
-# key ID used for data encryption.
-# if not set, local root's default GnuPG key is used.
+# ID of the GnuPG public key used for data encryption.
+# if not set, symmetric encryption is used, and data signing is not possible.
encryptkey = 04D9EA79
-# key ID used for data signing.
+# ID of the GnuPG private key used for data signing.
# if not set, encryptkey will be used.
#signkey = 04D9EA79
+# password
+# NB: neither quote this, nor should it contain any quotes
+password = a_very_complicated_passphrase
+
######################################################
## source section
## (where the files to be backed up are coming from)
[source]
-# files to include in the backup
-# (supports globbing with '*')
-# BIG FAT WARNING
-# Symlinks are not dereferenced. Moreover, an include line whose path
-# contains, at any level, a symlink to a directory, will only have the
-# symlink backed-up, not the target directory's content. Yes, you have
-# to dereference yourself the symlinks, or to use 'mount --bind'
-# instead.
-# EXAMPLE
-# Let's say /home is a symlink to /mnt/crypt/home ; the following line
-# will only backup a "/home" symlink ; neither /home/user nor
-# /home/user/Mail will be backed-up :
-# include = /home/user/Mail
-# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
-# one is to write :
-# include = /mnt/crypt/home/user/Mail
+# A few notes about includes and excludes:
+# 1. include, exclude and vsinclude statements support globbing with '*'
+# 2. Symlinks are not dereferenced. Moreover, an include line whose path
+# contains, at any level, a symlink to a directory, will only have the
+# symlink backed-up, not the target directory's content. Yes, you have to
+# dereference yourself the symlinks, or to use 'mount --bind' instead.
+# Example: let's say /home is a symlink to /mnt/crypt/home ; the following
+# line will only backup a "/home" symlink ; neither /home/user nor
+# /home/user/Mail will be backed-up :
+# include = /home/user/Mail
+# A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
+# write :
+# include = /mnt/crypt/home/user/Mail
+# 3. All the excludes come after all the includes. The order is not otherwise
+# taken into account.
+# files to include in the backup
include = /var/spool/cron/crontabs
include = /var/backups
include = /etc
# be used:
# vsnames = all | <vserver1> <vserver2> ... (default = all)
# vsinclude = <path>
+# vsinclude = <path>
+# ...
# Any path specified in vsinclude is added to the include list for each vserver
-# listed in vsnames (or all if vsnames = all).
-# E.g. vsinclude = /home will backup the /home partition in every vserver
-# listed in vsnames. If you have vsnames = "foo bar baz", this vsinclude will
-# add to the include list /vservers/foo/home, /vservers/bar/home and
-# /vservers/baz/home.
+# listed in vsnames (or all if vsnames = all, which is the default).
+#
+# For example, vsinclude = /home will backup the /home directory in every
+# vserver listed in vsnames. If you have 'vsnames = foo bar baz', this
+# vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
+# and /vservers/baz/home.
# Vservers paths are derived from $VROOTDIR.
-# rdiff-backup specific comment, TO ADAPT
# files to exclude from the backup
-# (supports globbing with '*')
exclude = /home/*/.gnupg
######################################################
#keep = 60
#keep = yes
+# full destination URL, in duplicity format; if set, desturl overrides
+# sshoptions, destdir, desthost and destuser; it also disables testconnect and
+# bandwithlimit. For details, see duplicity manpage, section "URL FORMAT".
+#desturl = file:///usr/local/backup
+#desturl = rsync://user@other.host//var/backup/bla
+
# bandwith limit, in kbit/s ; default is 0, i.e. no limit
#bandwidthlimit = 128
-# passed directly to ssh and scp
-sshoptions = -i /root/.ssh/id_dsa_duplicity
+# passed directly to ssh, scp (and sftp in duplicity >=0.4.2)
+# warning: sftp does not support all scp options, especially -i; as
+# a workaround, you can use "-o <SSHOPTION>"
+sshoptions = -o IdentityFile=/root/.ssh/id_dsa_duplicity
# put the backups under this directory
destdir = /backups
projects / matthijs / upstream / backupninja.git / blobdiff