Add license headers to vendored Dropbox swagger spec

Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.61 to 7.0.62.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.61...v7.0.62)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.circleci/config.yml

@@ -1,75 +0,0 @@
-version: 2.1
-
-jobs:
-  canary:
-    machine:
-      image: ubuntu-2004:202201-02
-    working_directory: ~/docker-volume-backup
-    resource_class: large
-    steps:
-      - checkout
-      - run:
-          name: Build
-          command: |
-            docker build . -t offen/docker-volume-backup:canary
-      - run:
-          name: Install gnupg
-          command: |
-            sudo apt-get install -y gnupg
-      - run:
-          name: Run tests
-          working_directory: ~/docker-volume-backup/test
-          command: |
-            export GPG_TTY=$(tty)
-            ./test.sh canary
-
-  build:
-    docker:
-      - image: cimg/base:2020.06
-        environment:
-          DOCKER_BUILDKIT: '1'
-          DOCKER_CLI_EXPERIMENTAL: enabled
-    working_directory: ~/docker-volume-backup
-    resource_class: large
-    steps:
-      - checkout
-      - setup_remote_docker:
-          version: 20.10.6
-      - docker/install-docker-credential-helper:
-          release-tag: v0.6.4
-      - docker/configure-docker-credentials-store
-      - run:
-          name: Push to Docker Hub
-          command: |
-            echo "$DOCKER_ACCESSTOKEN" | docker login --username offen --password-stdin
-            # This is required for building ARM: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12406
-            docker run --rm --privileged linuxkit/binfmt:v0.8
-            docker context create docker-volume-backup
-            docker buildx create docker-volume-backup --name docker-volume-backup --use
-            docker buildx inspect --bootstrap
-            tag_args="-t offen/docker-volume-backup:$CIRCLE_TAG"
-            if [[ "$CIRCLE_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-              # prerelease tags like `v2.0.0-alpha.1` should not be released as `latest`
-              tag_args="$tag_args -t offen/docker-volume-backup:latest"
-              tag_args="$tag_args -t offen/docker-volume-backup:$(echo "$CIRCLE_TAG" | cut -d. -f1)"
-            fi
-            docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 \
-               $tag_args . --push
-
-workflows:
-  version: 2
-  docker_image:
-    jobs:
-      - canary:
-          filters:
-            tags:
-              ignore: /^v.*/
-      - build:
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v.*/
-
-orbs:
-  docker: circleci/docker@2.1.4

.github/ISSUE_TEMPLATE/bug_report.md

@@ -8,7 +8,9 @@ assignees: ''
 ---
 
 **Describe the bug**
+<!--
 A clear and concise description of what the bug is.
+-->
 
 **To Reproduce**
 Steps to reproduce the behavior:
@@ -17,12 +19,16 @@ Steps to reproduce the behavior:
 3. ...
 
 **Expected behavior**
+<!--
 A clear and concise description of what you expected to happen.
+-->
 
-**Desktop (please complete the following information):**
- - Image Version: [e.g. v2.21.0]
- - Docker Version: [e.g. 20.10.17]
- - Docker Compose Version (if applicable): [e.g. 1.29.2]
+**Version (please complete the following information):**
+ - Image Version: <!-- e.g. v2.21.0 -->
+ - Docker Version: <!-- e.g. 20.10.17 -->
+ - Docker Compose Version (if applicable): <!-- e.g. 1.29.2 -->
 
 **Additional context**
+<!--
 Add any other context about the problem here.
+-->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -8,13 +8,21 @@ assignees: ''
 ---
 
 **Is your feature request related to a problem? Please describe.**
+<!--
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+-->
 
 **Describe the solution you'd like**
+<!--
 A clear and concise description of what you want to happen.
+-->
 
 **Describe alternatives you've considered**
+<!--
 A clear and concise description of any alternative solutions or features you've considered.
+-->
 
 **Additional context**
+<!--
 Add any other context or screenshots about the feature request here.
+-->

.github/ISSUE_TEMPLATE/support_request.md

@@ -8,13 +8,21 @@ assignees: ''
 ---
 
 **What are you trying to do?**
+<!--
 A clear and concise description of what you are trying to do, but cannot get working.
+-->
 
 **What is your current configuration?**
+<!--
 Add the full configuration you are using. Please redact out any real-world credentials.
+-->
 
 **Log output**
+<!--
 Provide the full log output of your setup.
+-->
 
 **Additional context**
+<!--
 Add any other context or screenshots about the support request here.
+-->

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly

.github/workflows/release.yml

@@ -0,0 +1,59 @@
+name: Release Docker Image
+
+on:
+  push:
+    tags: v**
+
+jobs:
+  push_to_registries:
+    name: Push Docker image to multiple registries
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker tags
+        id: meta
+        run: |
+          version_tag="${{github.ref_name}}"
+          tags=($version_tag)
+          if [[ "$version_tag" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            # prerelease tags like `v2.0.0-alpha.1` should not be released as `latest` nor `v2`
+            tags+=("latest")
+            tags+=($(echo "$version_tag" | cut -d. -f1))
+          fi
+          releases=""
+          for tag in "${tags[@]}"; do
+            releases="${releases:+$releases,}offen/docker-volume-backup:$tag,ghcr.io/offen/docker-volume-backup:$tag"
+          done
+          echo "releases=$releases" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: ${{ steps.meta.outputs.releases }}

.github/workflows/test.yml

@@ -0,0 +1,30 @@
+name: Run Integration Tests
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build Docker Image
+        env:
+          DOCKER_BUILDKIT: '1'
+        run: docker build . -t offen/docker-volume-backup:test
+
+      - name: Run Tests
+        working-directory: ./test
+        run: |
+          # Stop the buildx container so the tests can make assertions
+          # about the number of running containers
+          docker rm -f $(docker ps -aq)
+          export GPG_TTY=$(tty)
+          ./test.sh test

Dockerfile

@@ -1,7 +1,7 @@
 # Copyright 2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: MPL-2.0
 
-FROM golang:1.19-alpine as builder
+FROM golang:1.21-alpine as builder
 
 WORKDIR /app
 COPY . .
@@ -9,15 +9,13 @@ RUN go mod download
 WORKDIR /app/cmd/backup
 RUN go build -o backup .
 
-FROM alpine:3.16
+FROM alpine:3.18
 
 WORKDIR /root
 
 RUN apk add --no-cache ca-certificates
 
 COPY --from=builder /app/cmd/backup/backup /usr/bin/backup
-
-COPY ./entrypoint.sh /root/
-RUN chmod +x entrypoint.sh
+COPY --chmod=755 ./entrypoint.sh /root/
 
 ENTRYPOINT ["/root/entrypoint.sh"]

README.md

@@ -4,16 +4,17 @@
 
 # docker-volume-backup
 
-Backup Docker volumes locally or to any S3 compatible storage.
+Backup Docker volumes locally or to any S3, WebDAV, Azure Blob Storage, Dropbox or SSH compatible storage.
 
 The [offen/docker-volume-backup](https://hub.docker.com/r/offen/docker-volume-backup) Docker image can be used as a lightweight (below 15MB) sidecar container to an existing Docker setup.
-It handles __recurring or one-off backups of Docker volumes__ to a __local directory__, __any S3, WebDAV or SSH compatible storage (or any combination) and rotates away old backups__ if configured. It also supports __encrypting your backups using GPG__ and __sending notifications for failed backup runs__.
+It handles __recurring or one-off backups of Docker volumes__ to a __local directory__, __any S3, WebDAV, Azure Blob Storage, Dropbox or SSH compatible storage (or any combination) and rotates away old backups__ if configured. It also supports __encrypting your backups using GPG__ and __sending notifications for failed backup runs__.
 
 <!-- MarkdownTOC -->
 
 - [Quickstart](#quickstart)
   - [Recurring backups in a compose setup](#recurring-backups-in-a-compose-setup)
   - [One-off backups using Docker CLI](#one-off-backups-using-docker-cli)
+  - [Available image registries](#available-image-registries)
 - [Configuration reference](#configuration-reference)
 - [How to](#how-to)
   - [Stop containers during backup](#stop-containers-during-backup)
@@ -30,9 +31,12 @@ It handles __recurring or one-off backups of Docker volumes__ to a __local direc
   - [Replace deprecated `BACKUP_FROM_SNAPSHOT` usage](#replace-deprecated-backup_from_snapshot-usage)
   - [Replace deprecated `exec-pre` and `exec-post` labels](#replace-deprecated-exec-pre-and-exec-post-labels)
   - [Using a custom Docker host](#using-a-custom-docker-host)
+  - [Use with rootless Docker](#use-with-rootless-docker)
   - [Run multiple backup schedules in the same container](#run-multiple-backup-schedules-in-the-same-container)
   - [Define different retention schedules](#define-different-retention-schedules)
   - [Use special characters in notification URLs](#use-special-characters-in-notification-urls)
+  - [Handle file uploads using third party tools](#handle-file-uploads-using-third-party-tools)
+  - [Setup Dropbox storage backend](#setup-dropbox-storage-backend)
 - [Recipes](#recipes)
   - [Backing up to AWS S3](#backing-up-to-aws-s3)
   - [Backing up to Filebase](#backing-up-to-filebase)
@@ -40,6 +44,8 @@ It handles __recurring or one-off backups of Docker volumes__ to a __local direc
   - [Backing up to MinIO \(using Docker secrets\)](#backing-up-to-minio-using-docker-secrets)
   - [Backing up to WebDAV](#backing-up-to-webdav)
   - [Backing up to SSH](#backing-up-to-ssh)
+  - [Backing up to Azure Blob Storage](#backing-up-to-azure-blob-storage)
+  - [Backing up to Dropbox](#backing-up-to-dropbox)
   - [Backing up locally](#backing-up-locally)
   - [Backing up to AWS S3 as well as locally](#backing-up-to-aws-s3-as-well-as-locally)
   - [Running on a custom cron schedule](#running-on-a-custom-cron-schedule)
@@ -118,6 +124,18 @@ docker run --rm \
 
 Alternatively, pass a `--env-file` in order to use a full config as described below.
 
+### Available image registries
+
+This Docker image is published to both Docker Hub and the GitHub container registry.
+Depending on your preferences and needs, you can reference both `offen/docker-volume-backup` as well as `ghcr.io/offen/docker-volume-backup`:
+
+```
+docker pull offen/docker-volume-backup:v2
+docker pull ghcr.io/offen/docker-volume-backup:v2
+```
+
+Documentation references Docker Hub, but all examples will work using ghcr.io just as well.
+
 ## Configuration reference
 
 Backup targets, schedule and retention are configured in environment variables.
@@ -132,13 +150,22 @@ You can populate below template according to your requirements and use it as you
 
 # BACKUP_CRON_EXPRESSION="0 2 * * *"
 
-# The name of the backup file including the `.tar.gz` extension.
+# The compression algorithm used in conjunction with tar.
+# Valid options are: "gz" (Gzip) and "zst" (Zstd).
+# Note that the selection affects the file extension.
+
+# BACKUP_COMPRESSION="gz"
+
+# The name of the backup file including the extension.
 # Format verbs will be replaced as in `strftime`. Omitting them
 # will result in the same filename for every backup run, which means previous
-# versions will be overwritten on subsequent runs. The default results
-# in filenames like `backup-2021-08-29T04-00-00.tar.gz`.
+# versions will be overwritten on subsequent runs.
+# Extension can be defined literally or via "{{ .Extension }}" template,
+# in which case it will become either "tar.gz" or "tar.zst" (depending
+# on your BACKUP_COMPRESSION setting).
+# The default results in filenames like: `backup-2021-08-29T04-00-00.tar.gz`.
 
-# BACKUP_FILENAME="backup-%Y-%m-%dT%H-%M-%S.tar.gz"
+# BACKUP_FILENAME="backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}"
 
 # Setting BACKUP_FILENAME_EXPAND to true allows for environment variable
 # placeholders in BACKUP_FILENAME, BACKUP_LATEST_SYMLINK and in
@@ -244,6 +271,15 @@ You can populate below template according to your requirements and use it as you
 
 # AWS_STORAGE_CLASS="GLACIER"
 
+# Setting this variable will change the S3 default part size for the copy step.
+# This value is useful when you want to upload large files.
+# NB : While using Scaleway as S3 provider, be aware that the parts counter is set to 1.000.
+# While Minio uses a hard coded value to 10.000. As a workaround, try to set a higher value.
+# Defaults to "16" (MB) if unset (from minio), you can set this value according to your needs.
+# The unit is in MB and an integer.
+
+# AWS_PART_SIZE=16
+
 # You can also backup files to any WebDAV server:
 
 # The URL of the remote WebDAV server
@@ -303,6 +339,45 @@ You can populate below template according to your requirements and use it as you
 
 # SSH_IDENTITY_PASSPHRASE="pass"
 
+# The credential's account name when using Azure Blob Storage. This has to be
+# set when using Azure Blob Storage.
+
+# AZURE_STORAGE_ACCOUNT_NAME="account-name"
+
+# The credential's primary account key when using Azure Blob Storage. If this
+# is not given, the command tries to fall back to using a managed identity.
+
+# AZURE_STORAGE_PRIMARY_ACCOUNT_KEY="<xxx>"
+
+# The container name when using Azure Blob Storage.
+
+# AZURE_STORAGE_CONTAINER_NAME="container-name"
+
+# The service endpoint when using Azure Blob Storage. This is a template that
+# can be passed the account name as shown in the default value below.
+
+# AZURE_STORAGE_ENDPOINT="https://{{ .AccountName }}.blob.core.windows.net/"
+
+# Absolute remote path in your Dropbox where the backups shall be stored.
+# Note: Use your app's subpath in Dropbox, if it doesn't have global access.
+# Consulte the README for further information.
+
+# DROPBOX_REMOTE_PATH="/my/directory"
+
+# Number of concurrent chunked uploads for Dropbox.
+# Values above 6 usually result in no enhancements.
+
+# DROPBOX_CONCURRENCY_LEVEL="6"
+
+# App key and app secret from your app created at https://www.dropbox.com/developers/apps/info
+
+# DROPBOX_APP_KEY=""
+# DROPBOX_APP_SECRET=""
+
+# Refresh token to request new short-lived tokens (OAuth2). Consult README to see how to get one.
+
+# DROPBOX_REFRESH_TOKEN=""
+
 # In addition to storing backups remotely, you can also keep local copies.
 # Pass a container-local path to store your backups if needed. You also need to
 # mount a local folder or Docker volume into that location (`/archive`
@@ -389,7 +464,7 @@ You can populate below template according to your requirements and use it as you
 
 # Notifications (email, Slack, etc.) can be sent out when a backup run finishes.
 # Configuration is provided as a comma-separated list of URLs as consumed
-# by `shoutrrr`: https://containrrr.dev/shoutrrr/v0.5/services/overview/
+# by `shoutrrr`: https://containrrr.dev/shoutrrr/0.7/services/overview/
 # The content of such notifications can be customized. Dedicated documentation
 # on how to do this can be found in the README. When providing multiple URLs or
 # an URL that contains a comma, the values can be URL encoded to avoid ambiguities.
@@ -533,7 +608,7 @@ services:
 Notification backends other than email are also supported.
 Refer to the documentation of [shoutrrr][shoutrrr-docs] to find out about options and configuration.
 
-[shoutrrr-docs]: https://containrrr.dev/shoutrrr/v0.5/services/overview/
+[shoutrrr-docs]: https://containrrr.dev/shoutrrr/0.7/services/overview/
 
 ### Customize notifications
 
@@ -622,6 +697,24 @@ volumes:
 The backup procedure is guaranteed to wait for all `pre` or `post` commands to finish before proceeding.
 However there are no guarantees about the order in which they are run, which could also happen concurrently.
 
+By default the backup command is executed by the user provided by the container's image.
+It is possible to specify a custom user that is used to run commands in dedicated labels with the format `docker-volume-backup.[step]-[pre|post].user`:
+
+```yml
+version: '3'
+
+services:
+  gitea:
+    image: gitea/gitea
+    volumes:
+      - backup_data:/tmp
+    labels:
+      - docker-volume-backup.archive-pre.user=git
+      - docker-volume-backup.archive-pre=/bin/bash -c 'cd /tmp; /usr/local/bin/gitea dump -c /data/gitea/conf/app.ini -R -f dump.zip'
+```
+
+Make sure the user exists and is present in `passwd` inside the target container.
+
 ### Encrypting your backup using GPG
 
 The image supports encrypting backups using GPG out of the box.
@@ -761,7 +854,7 @@ services:
       - docker-volume-backup.archive-post=rm -rf /tmp/backup/my-app
 
   backup:
-    image: offen/docker-volume-backup:latest
+    image: offen/docker-volume-backup:v2
     environment:
       BACKUP_SOURCES: /tmp/backup
     volumes:
@@ -799,6 +892,23 @@ DOCKER_HOST=tcp://docker_socket_proxy:2375
 
 In case you are using a socket proxy, it must support `GET` and `POST` requests to the `/containers` endpoint. If you are using Docker Swarm, it must also support the `/services` endpoint. If you are using pre/post backup commands, it must also support the `/exec` endpoint.
 
+### Use with rootless Docker
+
+It's also possible to use this image with a [rootless Docker installation][rootless-docker].
+Instead of mounting `/var/run/docker.sock`, mount the user-specific socket into the container:
+
+```yml
+services:
+  backup:
+    image: offen/docker-volume-backup:v2
+    # ... configuration omitted
+    volumes:
+      - backup:/backup:ro
+      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
+```
+
+[rootless-docker]: https://docs.docker.com/engine/security/rootless/
+
 ### Run multiple backup schedules in the same container
 
 Multiple backup schedules with different configuration can be configured by mounting an arbitrary number of configuration files (using the `.env` format) into `/etc/dockervolumebackup/conf.d`:
@@ -849,7 +959,7 @@ BACKUP_SOURCES=/backup/app2_data
 
 If you want to manage backup retention on different schedules, the most straight forward approach is to define a dedicated configuration for retention rule using a different prefix in the `BACKUP_FILENAME` parameter and then run them on different cron schedules.
 
-For example, if you wanted to keep daily backups for 7 days, weekly backups for a month, and retain monthly backups forever, you could create three configuration files and mount them into `/etc/dockervolumebackup.d`:
+For example, if you wanted to keep daily backups for 7 days, weekly backups for a month, and retain monthly backups forever, you could create three configuration files and mount them into `/etc/dockervolumebackup/conf.d`:
 
 ```ini
 # 01daily.conf
@@ -894,6 +1004,75 @@ where service is any of the [supported services][shoutrrr-docs], e.g. for SMTP:
 docker run --rm -ti containrrr/shoutrrr generate smtp
 ```
 
+### Handle file uploads using third party tools
+
+If you want to use a non-supported storage backend, or want to use a third party (e.g. rsync, rclone) tool for file uploads, you can build a Docker image containing the required binaries off this one, and call through to these in lifecycle hooks.
+
+For example, if you wanted to use `rsync`, define your Docker image like this:
+
+```Dockerfile
+FROM offen/docker-volume-backup:v2
+
+RUN apk add rsync
+```
+
+Using this image, you can now omit configuring any of the supported storage backends, and instead define your own mechanism in a `docker-volume-backup.copy-post` label:
+
+```yml
+version: '3'
+
+services:
+  backup:
+    image: your-custom-image
+    restart: always
+    environment:
+      BACKUP_FILENAME: "daily-backup-%Y-%m-%dT%H-%M-%S.tar.gz"
+      BACKUP_CRON_EXPRESSION: "0 2 * * *"
+    labels:
+      - docker-volume-backup.copy-post=/bin/sh -c 'rsync $$COMMAND_RUNTIME_ARCHIVE_FILEPATH /destination'
+    volumes:
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  # other services defined here ...
+volumes:
+  app_data:
+```
+
+
+Commands will be invoked with the filepath of the tar archive passed as `COMMAND_RUNTIME_BACKUP_FILEPATH`.
+
+### Setup Dropbox storage backend
+
+#### Auth-Setup:
+
+1. Create a new Dropbox App in the [App Console](https://www.dropbox.com/developers/apps)
+2. Open your new Dropbox App and set `DROPBOX_APP_KEY` and `DROPBOX_APP_SECRET` in your environment (e.g. docker-compose.yml) accordingly
+3. Click on `Permissions` in your app and make sure, that the following permissions are cranted (or more):
+  - `files.metadata.write`
+  - `files.metadata.read`
+  - `files.content.write`
+  - `files.content.read`
+4. Replace APPKEY in `https://www.dropbox.com/oauth2/authorize?client_id=APPKEY&token_access_type=offline&response_type=code` with the app key from step 2
+5. Visit the URL and confirm the access of your app. This gives you an `auth code` -> save it somewhere!
+6. Replace AUTHCODE, APPKEY, APPSECRET accordingly and perform the request:
+```
+curl https://api.dropbox.com/oauth2/token \
+    -d code=AUTHCODE \
+    -d grant_type=authorization_code \
+    -d client_id=APPKEY \
+    -d client_secret=APPSECRET
+```
+7. Execute the request. You will get a JSON formatted reply. Use the value of the `refresh_token` for the last environment variable `DROPBOX_REFRESH_TOKEN`
+8. You should now have `DROPBOX_APP_KEY`, `DROPBOX_APP_SECRET` and `DROPBOX_REFRESH_TOKEN` set. These don't expire.
+
+Note: Using the "Generated access token" in the app console is not supported, as it is only very short lived and therefore not suitable for an automatic backup solution. The refresh token handles this automatically - the setup procedure above is only needed once.
+
+#### Other parameters
+
+Important: If you chose `App folder` access during the creation of your Dropbox app in step 1 above, you can only write in the app's directory!
+This means, that `DROPBOX_REMOTE_PATH` must start with e.g. `/Apps/YOUR_APP_NAME` or `/Apps/YOUR_APP_NAME/some_sub_dir`
+
 ## Recipes
 
 This section lists configuration for some real-world use cases that you can mix and match according to your needs.
@@ -1040,6 +1219,51 @@ volumes:
   data:
 ```
 
+### Backing up to Azure Blob Storage
+
+```yml
+version: '3'
+
+services:
+  # ... define other services using the `data` volume here
+  backup:
+    image: offen/docker-volume-backup:v2
+    environment:
+      AZURE_STORAGE_CONTAINER_NAME: backup-container
+      AZURE_STORAGE_ACCOUNT_NAME: account-name
+      AZURE_STORAGE_PRIMARY_ACCOUNT_KEY: Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==
+    volumes:
+      - data:/backup/my-app-backup:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+volumes:
+  data:
+```
+
+### Backing up to Dropbox
+
+See [Dropbox Setup](#setup-dropbox-storage-backend) on how to get the appropriate environment values.
+
+```yml
+version: '3'
+
+services:
+  # ... define other services using the `data` volume here
+  backup:
+    image: offen/docker-volume-backup:v2
+    environment:
+      DROPBOX_REFRESH_TOKEN: REFRESH_KEY  # replace
+      DROPBOX_APP_KEY: APP_KEY  # replace
+      DROPBOX_APP_SECRET: APP_SECRET  # replace
+      DROPBOX_REMOTE_PATH: /Apps/my-test-app/some_subdir  # replace
+    volumes:
+      - data:/backup/my-app-backup:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+volumes:
+  data:
+```
+
 ### Backing up locally
 
 ```yml

cmd/backup/archive.go

@@ -15,9 +15,11 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+
+	"github.com/klauspost/compress/zstd"
 )
 
-func createArchive(files []string, inputFilePath, outputFilePath string) error {
+func createArchive(files []string, inputFilePath, outputFilePath string, compression string) error {
 	inputFilePath = stripTrailingSlashes(inputFilePath)
 	inputFilePath, outputFilePath, err := makeAbsolute(inputFilePath, outputFilePath)
 	if err != nil {
@@ -27,7 +29,7 @@ func createArchive(files []string, inputFilePath, outputFilePath string) error {
 		return fmt.Errorf("createArchive: error creating output file path: %w", err)
 	}
 
-	if err := compress(files, outputFilePath, filepath.Dir(inputFilePath)); err != nil {
+	if err := compress(files, outputFilePath, filepath.Dir(inputFilePath), compression); err != nil {
 		return fmt.Errorf("createArchive: error creating archive: %w", err)
 	}
 
@@ -51,18 +53,30 @@ func makeAbsolute(inputFilePath, outputFilePath string) (string, string, error)
 	return inputFilePath, outputFilePath, err
 }
 
-func compress(paths []string, outFilePath, subPath string) error {
+func compress(paths []string, outFilePath, subPath string, algo string) error {
 	file, err := os.Create(outFilePath)
+	var compressWriter io.WriteCloser
 	if err != nil {
 		return fmt.Errorf("compress: error creating out file: %w", err)
 	}
 
 	prefix := path.Dir(outFilePath)
-	gzipWriter := gzip.NewWriter(file)
-	tarWriter := tar.NewWriter(gzipWriter)
+	switch algo {
+	case "gz":
+		compressWriter = gzip.NewWriter(file)
+	case "zst":
+		compressWriter, err = zstd.NewWriter(file)
+		if err != nil {
+			return fmt.Errorf("compress: zstd error: %w", err)
+		}
+	default:
+		return fmt.Errorf("compress: unsupported compression algorithm: %s", algo)
+	}
+
+	tarWriter := tar.NewWriter(compressWriter)
 
 	for _, p := range paths {
-		if err := writeTarGz(p, tarWriter, prefix); err != nil {
+		if err := writeTarball(p, tarWriter, prefix); err != nil {
 			return fmt.Errorf("compress: error writing %s to archive: %w", p, err)
 		}
 	}
@@ -72,9 +86,9 @@ func compress(paths []string, outFilePath, subPath string) error {
 		return fmt.Errorf("compress: error closing tar writer: %w", err)
 	}
 
-	err = gzipWriter.Close()
+	err = compressWriter.Close()
 	if err != nil {
-		return fmt.Errorf("compress: error closing gzip writer: %w", err)
+		return fmt.Errorf("compress: error closing compression writer: %w", err)
 	}
 
 	err = file.Close()
@@ -85,10 +99,10 @@ func compress(paths []string, outFilePath, subPath string) error {
 	return nil
 }
 
-func writeTarGz(path string, tarWriter *tar.Writer, prefix string) error {
+func writeTarball(path string, tarWriter *tar.Writer, prefix string) error {
 	fileInfo, err := os.Lstat(path)
 	if err != nil {
-		return fmt.Errorf("writeTarGz: error getting file infor for %s: %w", path, err)
+		return fmt.Errorf("writeTarball: error getting file infor for %s: %w", path, err)
 	}
 
 	if fileInfo.Mode()&os.ModeSocket == os.ModeSocket {
@@ -99,19 +113,19 @@ func writeTarGz(path string, tarWriter *tar.Writer, prefix string) error {
 	if fileInfo.Mode()&os.ModeSymlink == os.ModeSymlink {
 		var err error
 		if link, err = os.Readlink(path); err != nil {
-			return fmt.Errorf("writeTarGz: error resolving symlink %s: %w", path, err)
+			return fmt.Errorf("writeTarball: error resolving symlink %s: %w", path, err)
 		}
 	}
 
 	header, err := tar.FileInfoHeader(fileInfo, link)
 	if err != nil {
-		return fmt.Errorf("writeTarGz: error getting file info header: %w", err)
+		return fmt.Errorf("writeTarball: error getting file info header: %w", err)
 	}
 	header.Name = strings.TrimPrefix(path, prefix)
 
 	err = tarWriter.WriteHeader(header)
 	if err != nil {
-		return fmt.Errorf("writeTarGz: error writing file info header: %w", err)
+		return fmt.Errorf("writeTarball: error writing file info header: %w", err)
 	}
 
 	if !fileInfo.Mode().IsRegular() {
@@ -120,13 +134,13 @@ func writeTarGz(path string, tarWriter *tar.Writer, prefix string) error {
 
 	file, err := os.Open(path)
 	if err != nil {
-		return fmt.Errorf("writeTarGz: error opening %s: %w", path, err)
+		return fmt.Errorf("writeTarball: error opening %s: %w", path, err)
 	}
 	defer file.Close()
 
 	_, err = io.Copy(tarWriter, file)
 	if err != nil {
-		return fmt.Errorf("writeTarGz: error copying %s to tar writer: %w", path, err)
+		return fmt.Errorf("writeTarball: error copying %s to tar writer: %w", path, err)
 	}
 
 	return nil

cmd/backup/config.go

@@ -10,59 +10,74 @@ import (
 	"io/ioutil"
 	"os"
 	"regexp"
+	"strconv"
 	"time"
 )
 
 // Config holds all configuration values that are expected to be set
 // by users.
 type Config struct {
-	AwsS3BucketName            string        `split_words:"true"`
-	AwsS3Path                  string        `split_words:"true"`
-	AwsEndpoint                string        `split_words:"true" default:"s3.amazonaws.com"`
-	AwsEndpointProto           string        `split_words:"true" default:"https"`
-	AwsEndpointInsecure        bool          `split_words:"true"`
-	AwsEndpointCACert          CertDecoder   `envconfig:"AWS_ENDPOINT_CA_CERT"`
-	AwsStorageClass            string        `split_words:"true"`
-	AwsAccessKeyID             string        `envconfig:"AWS_ACCESS_KEY_ID"`
-	AwsAccessKeyIDFile         string        `envconfig:"AWS_ACCESS_KEY_ID_FILE"`
-	AwsSecretAccessKey         string        `split_words:"true"`
-	AwsSecretAccessKeyFile     string        `split_words:"true"`
-	AwsIamRoleEndpoint         string        `split_words:"true"`
-	BackupSources              string        `split_words:"true" default:"/backup"`
-	BackupFilename             string        `split_words:"true" default:"backup-%Y-%m-%dT%H-%M-%S.tar.gz"`
-	BackupFilenameExpand       bool          `split_words:"true"`
-	BackupLatestSymlink        string        `split_words:"true"`
-	BackupArchive              string        `split_words:"true" default:"/archive"`
-	BackupRetentionDays        int32         `split_words:"true" default:"-1"`
-	BackupPruningLeeway        time.Duration `split_words:"true" default:"1m"`
-	BackupPruningPrefix        string        `split_words:"true"`
-	BackupStopContainerLabel   string        `split_words:"true" default:"true"`
-	BackupFromSnapshot         bool          `split_words:"true"`
-	BackupExcludeRegexp        RegexpDecoder `split_words:"true"`
-	GpgPassphrase              string        `split_words:"true"`
-	NotificationURLs           []string      `envconfig:"NOTIFICATION_URLS"`
-	NotificationLevel          string        `split_words:"true" default:"error"`
-	EmailNotificationRecipient string        `split_words:"true"`
-	EmailNotificationSender    string        `split_words:"true" default:"noreply@nohost"`
-	EmailSMTPHost              string        `envconfig:"EMAIL_SMTP_HOST"`
-	EmailSMTPPort              int           `envconfig:"EMAIL_SMTP_PORT" default:"587"`
-	EmailSMTPUsername          string        `envconfig:"EMAIL_SMTP_USERNAME"`
-	EmailSMTPPassword          string        `envconfig:"EMAIL_SMTP_PASSWORD"`
-	WebdavUrl                  string        `split_words:"true"`
-	WebdavUrlInsecure          bool          `split_words:"true"`
-	WebdavPath                 string        `split_words:"true" default:"/"`
-	WebdavUsername             string        `split_words:"true"`
-	WebdavPassword             string        `split_words:"true"`
-	SSHHostName                string        `split_words:"true"`
-	SSHPort                    string        `split_words:"true" default:"22"`
-	SSHUser                    string        `split_words:"true"`
-	SSHPassword                string        `split_words:"true"`
-	SSHIdentityFile            string        `split_words:"true" default:"/root/.ssh/id_rsa"`
-	SSHIdentityPassphrase      string        `split_words:"true"`
-	SSHRemotePath              string        `split_words:"true"`
-	ExecLabel                  string        `split_words:"true"`
-	ExecForwardOutput          bool          `split_words:"true"`
-	LockTimeout                time.Duration `split_words:"true" default:"60m"`
+	AwsS3BucketName               string          `split_words:"true"`
+	AwsS3Path                     string          `split_words:"true"`
+	AwsEndpoint                   string          `split_words:"true" default:"s3.amazonaws.com"`
+	AwsEndpointProto              string          `split_words:"true" default:"https"`
+	AwsEndpointInsecure           bool            `split_words:"true"`
+	AwsEndpointCACert             CertDecoder     `envconfig:"AWS_ENDPOINT_CA_CERT"`
+	AwsStorageClass               string          `split_words:"true"`
+	AwsAccessKeyID                string          `envconfig:"AWS_ACCESS_KEY_ID"`
+	AwsAccessKeyIDFile            string          `envconfig:"AWS_ACCESS_KEY_ID_FILE"`
+	AwsSecretAccessKey            string          `split_words:"true"`
+	AwsSecretAccessKeyFile        string          `split_words:"true"`
+	AwsIamRoleEndpoint            string          `split_words:"true"`
+	AwsPartSize                   int64           `split_words:"true"`
+	BackupCompression             CompressionType `split_words:"true" default:"gz"`
+	BackupSources                 string          `split_words:"true" default:"/backup"`
+	BackupFilename                string          `split_words:"true" default:"backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}"`
+	BackupFilenameExpand          bool            `split_words:"true"`
+	BackupLatestSymlink           string          `split_words:"true"`
+	BackupArchive                 string          `split_words:"true" default:"/archive"`
+	BackupRetentionDays           int32           `split_words:"true" default:"-1"`
+	BackupPruningLeeway           time.Duration   `split_words:"true" default:"1m"`
+	BackupPruningPrefix           string          `split_words:"true"`
+	BackupStopContainerLabel      string          `split_words:"true" default:"true"`
+	BackupFromSnapshot            bool            `split_words:"true"`
+	BackupExcludeRegexp           RegexpDecoder   `split_words:"true"`
+	GpgPassphrase                 string          `split_words:"true"`
+	NotificationURLs              []string        `envconfig:"NOTIFICATION_URLS"`
+	NotificationLevel             string          `split_words:"true" default:"error"`
+	EmailNotificationRecipient    string          `split_words:"true"`
+	EmailNotificationSender       string          `split_words:"true" default:"noreply@nohost"`
+	EmailSMTPHost                 string          `envconfig:"EMAIL_SMTP_HOST"`
+	EmailSMTPPort                 int             `envconfig:"EMAIL_SMTP_PORT" default:"587"`
+	EmailSMTPUsername             string          `envconfig:"EMAIL_SMTP_USERNAME"`
+	EmailSMTPPassword             string          `envconfig:"EMAIL_SMTP_PASSWORD"`
+	WebdavUrl                     string          `split_words:"true"`
+	WebdavUrlInsecure             bool            `split_words:"true"`
+	WebdavPath                    string          `split_words:"true" default:"/"`
+	WebdavUsername                string          `split_words:"true"`
+	WebdavPassword                string          `split_words:"true"`
+	SSHHostName                   string          `split_words:"true"`
+	SSHPort                       string          `split_words:"true" default:"22"`
+	SSHUser                       string          `split_words:"true"`
+	SSHPassword                   string          `split_words:"true"`
+	SSHIdentityFile               string          `split_words:"true" default:"/root/.ssh/id_rsa"`
+	SSHIdentityPassphrase         string          `split_words:"true"`
+	SSHRemotePath                 string          `split_words:"true"`
+	ExecLabel                     string          `split_words:"true"`
+	ExecForwardOutput             bool            `split_words:"true"`
+	LockTimeout                   time.Duration   `split_words:"true" default:"60m"`
+	AzureStorageAccountName       string          `split_words:"true"`
+	AzureStoragePrimaryAccountKey string          `split_words:"true"`
+	AzureStorageContainerName     string          `split_words:"true"`
+	AzureStoragePath              string          `split_words:"true"`
+	AzureStorageEndpoint          string          `split_words:"true" default:"https://{{ .AccountName }}.blob.core.windows.net/"`
+	DropboxEndpoint               string          `split_words:"true" default:"https://api.dropbox.com/"`
+	DropboxOAuth2Endpoint         string          `envconfig:"DROPBOX_OAUTH2_ENDPOINT" default:"https://api.dropbox.com/"`
+	DropboxRefreshToken           string          `split_words:"true"`
+	DropboxAppKey                 string          `split_words:"true"`
+	DropboxAppSecret              string          `split_words:"true"`
+	DropboxRemotePath             string          `split_words:"true"`
+	DropboxConcurrencyLevel       NaturalNumber   `split_words:"true" default:"6"`
 }
 
 func (c *Config) resolveSecret(envVar string, secretPath string) (string, error) {
@@ -76,6 +91,22 @@ func (c *Config) resolveSecret(envVar string, secretPath string) (string, error)
 	return string(data), nil
 }
 
+type CompressionType string
+
+func (c *CompressionType) Decode(v string) error {
+	switch v {
+	case "gz", "zst":
+		*c = CompressionType(v)
+		return nil
+	default:
+		return fmt.Errorf("config: error decoding compression type %s", v)
+	}
+}
+
+func (c *CompressionType) String() string {
+	return string(*c)
+}
+
 type CertDecoder struct {
 	Cert *x509.Certificate
 }
@@ -112,3 +143,21 @@ func (r *RegexpDecoder) Decode(v string) error {
 	*r = RegexpDecoder{Re: re}
 	return nil
 }
+
+type NaturalNumber int
+
+func (n *NaturalNumber) Decode(v string) error {
+	asInt, err := strconv.Atoi(v)
+	if err != nil {
+		return fmt.Errorf("config: error converting %s to int", v)
+	}
+	if asInt <= 0 {
+		return fmt.Errorf("config: expected a natural number, got %d", asInt)
+	}
+	*n = NaturalNumber(asInt)
+	return nil
+}
+
+func (n *NaturalNumber) Int() int {
+	return int(*n)
+}

cmd/backup/exec.go

@@ -21,12 +21,17 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
-func (s *script) exec(containerRef string, command string) ([]byte, []byte, error) {
+func (s *script) exec(containerRef string, command string, user string) ([]byte, []byte, error) {
 	args, _ := argv.Argv(command, nil, nil)
+	commandEnv := []string{
+		fmt.Sprintf("COMMAND_RUNTIME_ARCHIVE_FILEPATH=%s", s.file),
+	}
 	execID, err := s.cli.ContainerExecCreate(context.Background(), containerRef, types.ExecConfig{
 		Cmd:          args[0],
 		AttachStdin:  true,
 		AttachStderr: true,
+		Env:          commandEnv,
+		User:         user,
 	})
 	if err != nil {
 		return nil, nil, fmt.Errorf("exec: error creating container exec: %w", err)
@@ -86,7 +91,6 @@ func (s *script) runLabeledCommands(label string) error {
 		})
 	}
 	containersWithCommand, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
-		Quiet:   true,
 		Filters: filters.NewArgs(f...),
 	})
 	if err != nil {
@@ -100,7 +104,6 @@ func (s *script) runLabeledCommands(label string) error {
 			Value: "docker-volume-backup.exec-pre",
 		}
 		deprecatedContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
-			Quiet:   true,
 			Filters: filters.NewArgs(f...),
 		})
 		if err != nil {
@@ -118,7 +121,6 @@ func (s *script) runLabeledCommands(label string) error {
 			Value: "docker-volume-backup.exec-post",
 		}
 		deprecatedContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
-			Quiet:   true,
 			Filters: filters.NewArgs(f...),
 		})
 		if err != nil {
@@ -155,8 +157,11 @@ func (s *script) runLabeledCommands(label string) error {
 				cmd, _ = c.Labels["docker-volume-backup.exec-post"]
 			}
 
-			s.logger.Infof("Running %s command %s for container %s", label, cmd, strings.TrimPrefix(c.Names[0], "/"))
-			stdout, stderr, err := s.exec(c.ID, cmd)
+			userLabelName := fmt.Sprintf("%s.user", label)
+			user := c.Labels[userLabelName]
+
+			s.logger.Info(fmt.Sprintf("Running %s command %s for container %s", label, cmd, strings.TrimPrefix(c.Names[0], "/")))
+			stdout, stderr, err := s.exec(c.ID, cmd, user)
 			if s.c.ExecForwardOutput {
 				os.Stderr.Write(stderr)
 				os.Stdout.Write(stdout)

cmd/backup/hooks.go

@@ -4,10 +4,9 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"sort"
-
-	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 // hook contains a queued action that can be trigger them when the script
@@ -52,7 +51,7 @@ func (s *script) runHooks(err error) error {
 		}
 	}
 	if len(actionErrors) != 0 {
-		return utilities.Join(actionErrors...)
+		return errors.Join(actionErrors...)
 	}
 	return nil
 }

cmd/backup/lock.go

@@ -41,9 +41,11 @@ func (s *script) lock(lockfile string) (func() error, error) {
 		}
 
 		if !s.encounteredLock {
-			s.logger.Infof(
-				"Exclusive lock was not available on first attempt. Will retry until it becomes available or the timeout of %s is exceeded.",
-				s.c.LockTimeout,
+			s.logger.Info(
+				fmt.Sprintf(
+					"Exclusive lock was not available on first attempt. Will retry until it becomes available or the timeout of %s is exceeded.",
+					s.c.LockTimeout,
+				),
 			)
 			s.encounteredLock = true
 		}

cmd/backup/main.go

@@ -4,6 +4,7 @@
 package main
 
 import (
+	"fmt"
 	"os"
 )
 
@@ -21,7 +22,9 @@ func main() {
 		if pArg := recover(); pArg != nil {
 			if err, ok := pArg.(error); ok {
 				if hookErr := s.runHooks(err); hookErr != nil {
-					s.logger.Errorf("An error occurred calling the registered hooks: %s", hookErr)
+					s.logger.Error(
+						fmt.Sprintf("An error occurred calling the registered hooks: %s", hookErr),
+					)
 				}
 				os.Exit(1)
 			}
@@ -29,9 +32,12 @@ func main() {
 		}
 
 		if err := s.runHooks(nil); err != nil {
-			s.logger.Errorf(
-				"Backup procedure ran successfully, but an error ocurred calling the registered hooks: %v",
-				err,
+			s.logger.Error(
+				fmt.Sprintf(
+
+					"Backup procedure ran successfully, but an error ocurred calling the registered hooks: %v",
+					err,
+				),
 			)
 			os.Exit(1)
 		}

cmd/backup/notifications.go

@@ -6,13 +6,13 @@ package main
 import (
 	"bytes"
 	_ "embed"
+	"errors"
 	"fmt"
 	"os"
 	"text/template"
 	"time"
 
 	sTypes "github.com/containrrr/shoutrrr/pkg/types"
-	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 //go:embed notifications.tmpl
@@ -69,7 +69,7 @@ func (s *script) sendNotification(title, body string) error {
 		}
 	}
 	if len(errs) != 0 {
-		return fmt.Errorf("sendNotification: error sending message: %w", utilities.Join(errs...))
+		return fmt.Errorf("sendNotification: error sending message: %w", errors.Join(errs...))
 	}
 	return nil
 }

cmd/backup/script.go

@@ -4,10 +4,13 @@
 package main
 
 import (
+	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"io/fs"
+	"log/slog"
 	"os"
 	"path"
 	"path/filepath"
@@ -15,22 +18,23 @@ import (
 	"time"
 
 	"github.com/offen/docker-volume-backup/internal/storage"
+	"github.com/offen/docker-volume-backup/internal/storage/azure"
+	"github.com/offen/docker-volume-backup/internal/storage/dropbox"
 	"github.com/offen/docker-volume-backup/internal/storage/local"
 	"github.com/offen/docker-volume-backup/internal/storage/s3"
 	"github.com/offen/docker-volume-backup/internal/storage/ssh"
 	"github.com/offen/docker-volume-backup/internal/storage/webdav"
-	"github.com/offen/docker-volume-backup/internal/utilities"
 
 	"github.com/containrrr/shoutrrr"
 	"github.com/containrrr/shoutrrr/pkg/router"
 	"github.com/docker/docker/api/types"
+	ctr "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/leekchan/timeutil"
 	"github.com/otiai10/copy"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/openpgp"
 	"golang.org/x/sync/errgroup"
 )
@@ -40,7 +44,7 @@ import (
 type script struct {
 	cli       *client.Client
 	storages  []storage.Backend
-	logger    *logrus.Logger
+	logger    *slog.Logger
 	sender    *router.ServiceRouter
 	template  *template.Template
 	hooks     []hook
@@ -61,21 +65,18 @@ type script struct {
 func newScript() (*script, error) {
 	stdOut, logBuffer := buffer(os.Stdout)
 	s := &script{
-		c: &Config{},
-		logger: &logrus.Logger{
-			Out:       stdOut,
-			Formatter: new(logrus.TextFormatter),
-			Hooks:     make(logrus.LevelHooks),
-			Level:     logrus.InfoLevel,
-		},
+		c:      &Config{},
+		logger: slog.New(slog.NewTextHandler(stdOut, nil)),
 		stats: &Stats{
 			StartTime: time.Now(),
 			LogOutput: logBuffer,
 			Storages: map[string]StorageStats{
-				"S3":     {},
-				"WebDAV": {},
-				"SSH":    {},
-				"Local":  {},
+				"S3":      {},
+				"WebDAV":  {},
+				"SSH":     {},
+				"Local":   {},
+				"Azure":   {},
+				"Dropbox": {},
 			},
 		},
 	}
@@ -91,6 +92,20 @@ func newScript() (*script, error) {
 	}
 
 	s.file = path.Join("/tmp", s.c.BackupFilename)
+
+	tmplFileName, tErr := template.New("extension").Parse(s.file)
+	if tErr != nil {
+		return nil, fmt.Errorf("newScript: unable to parse backup file extension template: %w", tErr)
+	}
+
+	var bf bytes.Buffer
+	if tErr := tmplFileName.Execute(&bf, map[string]string{
+		"Extension": fmt.Sprintf("tar.%s", s.c.BackupCompression),
+	}); tErr != nil {
+		return nil, fmt.Errorf("newScript: error executing backup file extension template: %w", tErr)
+	}
+	s.file = bf.String()
+
 	if s.c.BackupFilenameExpand {
 		s.file = os.ExpandEnv(s.file)
 		s.c.BackupLatestSymlink = os.ExpandEnv(s.c.BackupLatestSymlink)
@@ -108,15 +123,14 @@ func newScript() (*script, error) {
 		s.cli = cli
 	}
 
-	logFunc := func(logType storage.LogLevel, context string, msg string, params ...interface{}) {
+	logFunc := func(logType storage.LogLevel, context string, msg string, params ...any) {
 		switch logType {
 		case storage.LogLevelWarning:
-			s.logger.Warnf("["+context+"] "+msg, params...)
+			s.logger.Warn(fmt.Sprintf("["+context+"] "+msg, params...))
 		case storage.LogLevelError:
-			s.logger.Errorf("["+context+"] "+msg, params...)
-		case storage.LogLevelInfo:
+			s.logger.Error(fmt.Sprintf("["+context+"] "+msg, params...))
 		default:
-			s.logger.Infof("["+context+"] "+msg, params...)
+			s.logger.Info(fmt.Sprintf("["+context+"] "+msg, params...))
 		}
 	}
 
@@ -140,9 +154,10 @@ func newScript() (*script, error) {
 			BucketName:       s.c.AwsS3BucketName,
 			StorageClass:     s.c.AwsStorageClass,
 			CACert:           s.c.AwsEndpointCACert.Cert,
+			PartSize:         s.c.AwsPartSize,
 		}
 		if s3Backend, err := s3.NewStorageBackend(s3Config, logFunc); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("newScript: error creating s3 storage backend: %w", err)
 		} else {
 			s.storages = append(s.storages, s3Backend)
 		}
@@ -157,7 +172,7 @@ func newScript() (*script, error) {
 			RemotePath:  s.c.WebdavPath,
 		}
 		if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("newScript: error creating webdav storage backend: %w", err)
 		} else {
 			s.storages = append(s.storages, webdavBackend)
 		}
@@ -174,7 +189,7 @@ func newScript() (*script, error) {
 			RemotePath:         s.c.SSHRemotePath,
 		}
 		if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil {
-			return nil, err
+			return nil, fmt.Errorf("newScript: error creating ssh storage backend: %w", err)
 		} else {
 			s.storages = append(s.storages, sshBackend)
 		}
@@ -189,6 +204,38 @@ func newScript() (*script, error) {
 		s.storages = append(s.storages, localBackend)
 	}
 
+	if s.c.AzureStorageAccountName != "" {
+		azureConfig := azure.Config{
+			ContainerName:     s.c.AzureStorageContainerName,
+			AccountName:       s.c.AzureStorageAccountName,
+			PrimaryAccountKey: s.c.AzureStoragePrimaryAccountKey,
+			Endpoint:          s.c.AzureStorageEndpoint,
+			RemotePath:        s.c.AzureStoragePath,
+		}
+		azureBackend, err := azure.NewStorageBackend(azureConfig, logFunc)
+		if err != nil {
+			return nil, fmt.Errorf("newScript: error creating azure storage backend: %w", err)
+		}
+		s.storages = append(s.storages, azureBackend)
+	}
+
+	if s.c.DropboxRefreshToken != "" && s.c.DropboxAppKey != "" && s.c.DropboxAppSecret != "" {
+		dropboxConfig := dropbox.Config{
+			Endpoint:         s.c.DropboxEndpoint,
+			OAuth2Endpoint:   s.c.DropboxOAuth2Endpoint,
+			RefreshToken:     s.c.DropboxRefreshToken,
+			AppKey:           s.c.DropboxAppKey,
+			AppSecret:        s.c.DropboxAppSecret,
+			RemotePath:       s.c.DropboxRemotePath,
+			ConcurrencyLevel: s.c.DropboxConcurrencyLevel.Int(),
+		}
+		dropboxBackend, err := dropbox.NewStorageBackend(dropboxConfig, logFunc)
+		if err != nil {
+			return nil, fmt.Errorf("newScript: error creating dropbox storage backend: %w", err)
+		}
+		s.storages = append(s.storages, dropboxBackend)
+	}
+
 	if s.c.EmailNotificationRecipient != "" {
 		emailURL := fmt.Sprintf(
 			"smtp://%s:%s@%s:%d/?from=%s&to=%s",
@@ -263,9 +310,7 @@ func (s *script) stopContainers() (func() error, error) {
 		return noop, nil
 	}
 
-	allContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
-		Quiet: true,
-	})
+	allContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{})
 	if err != nil {
 		return noop, fmt.Errorf("stopContainers: error querying for containers: %w", err)
 	}
@@ -275,7 +320,6 @@ func (s *script) stopContainers() (func() error, error) {
 		s.c.BackupStopContainerLabel,
 	)
 	containersToStop, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
-		Quiet: true,
 		Filters: filters.NewArgs(filters.KeyValuePair{
 			Key:   "label",
 			Value: containerLabel,
@@ -290,17 +334,19 @@ func (s *script) stopContainers() (func() error, error) {
 		return noop, nil
 	}
 
-	s.logger.Infof(
-		"Stopping %d container(s) labeled `%s` out of %d running container(s).",
-		len(containersToStop),
-		containerLabel,
-		len(allContainers),
+	s.logger.Info(
+		fmt.Sprintf(
+			"Stopping %d container(s) labeled `%s` out of %d running container(s).",
+			len(containersToStop),
+			containerLabel,
+			len(allContainers),
+		),
 	)
 
 	var stoppedContainers []types.Container
 	var stopErrors []error
 	for _, container := range containersToStop {
-		if err := s.cli.ContainerStop(context.Background(), container.ID, nil); err != nil {
+		if err := s.cli.ContainerStop(context.Background(), container.ID, ctr.StopOptions{}); err != nil {
 			stopErrors = append(stopErrors, err)
 		} else {
 			stoppedContainers = append(stoppedContainers, container)
@@ -312,7 +358,7 @@ func (s *script) stopContainers() (func() error, error) {
 		stopError = fmt.Errorf(
 			"stopContainers: %d error(s) stopping containers: %w",
 			len(stopErrors),
-			utilities.Join(stopErrors...),
+			errors.Join(stopErrors...),
 		)
 	}
 
@@ -349,7 +395,7 @@ func (s *script) stopContainers() (func() error, error) {
 				if serviceMatch.ID == "" {
 					return fmt.Errorf("stopContainers: couldn't find service with name %s", serviceName)
 				}
-				serviceMatch.Spec.TaskTemplate.ForceUpdate = 1
+				serviceMatch.Spec.TaskTemplate.ForceUpdate += 1
 				if _, err := s.cli.ServiceUpdate(
 					context.Background(), serviceMatch.ID,
 					serviceMatch.Version, serviceMatch.Spec, types.ServiceUpdateOptions{},
@@ -363,12 +409,14 @@ func (s *script) stopContainers() (func() error, error) {
 			return fmt.Errorf(
 				"stopContainers: %d error(s) restarting containers and services: %w",
 				len(restartErrors),
-				utilities.Join(restartErrors...),
+				errors.Join(restartErrors...),
 			)
 		}
-		s.logger.Infof(
-			"Restarted %d container(s) and the matching service(s).",
-			len(stoppedContainers),
+		s.logger.Info(
+			fmt.Sprintf(
+				"Restarted %d container(s) and the matching service(s).",
+				len(stoppedContainers),
+			),
 		)
 		return nil
 	}, stopError
@@ -392,7 +440,9 @@ func (s *script) createArchive() error {
 			if err := remove(backupSources); err != nil {
 				return fmt.Errorf("createArchive: error removing snapshot: %w", err)
 			}
-			s.logger.Infof("Removed snapshot `%s`.", backupSources)
+			s.logger.Info(
+				fmt.Sprintf("Removed snapshot `%s`.", backupSources),
+			)
 			return nil
 		})
 		if err := copy.Copy(s.c.BackupSources, backupSources, copy.Options{
@@ -401,7 +451,9 @@ func (s *script) createArchive() error {
 		}); err != nil {
 			return fmt.Errorf("createArchive: error creating snapshot: %w", err)
 		}
-		s.logger.Infof("Created snapshot of `%s` at `%s`.", s.c.BackupSources, backupSources)
+		s.logger.Info(
+			fmt.Sprintf("Created snapshot of `%s` at `%s`.", s.c.BackupSources, backupSources),
+		)
 	}
 
 	tarFile := s.file
@@ -409,7 +461,9 @@ func (s *script) createArchive() error {
 		if err := remove(tarFile); err != nil {
 			return fmt.Errorf("createArchive: error removing tar file: %w", err)
 		}
-		s.logger.Infof("Removed tar file `%s`.", tarFile)
+		s.logger.Info(
+			fmt.Sprintf("Removed tar file `%s`.", tarFile),
+		)
 		return nil
 	})
 
@@ -433,11 +487,13 @@ func (s *script) createArchive() error {
 		return fmt.Errorf("createArchive: error walking filesystem tree: %w", err)
 	}
 
-	if err := createArchive(filesEligibleForBackup, backupSources, tarFile); err != nil {
+	if err := createArchive(filesEligibleForBackup, backupSources, tarFile, s.c.BackupCompression.String()); err != nil {
 		return fmt.Errorf("createArchive: error compressing backup folder: %w", err)
 	}
 
-	s.logger.Infof("Created backup of `%s` at `%s`.", backupSources, tarFile)
+	s.logger.Info(
+		fmt.Sprintf("Created backup of `%s` at `%s`.", backupSources, tarFile),
+	)
 	return nil
 }
 
@@ -454,7 +510,9 @@ func (s *script) encryptArchive() error {
 		if err := remove(gpgFile); err != nil {
 			return fmt.Errorf("encryptArchive: error removing gpg file: %w", err)
 		}
-		s.logger.Infof("Removed GPG file `%s`.", gpgFile)
+		s.logger.Info(
+			fmt.Sprintf("Removed GPG file `%s`.", gpgFile),
+		)
 		return nil
 	})
 
@@ -484,7 +542,9 @@ func (s *script) encryptArchive() error {
 	}
 
 	s.file = gpgFile
-	s.logger.Infof("Encrypted backup using given passphrase, saving as `%s`.", s.file)
+	s.logger.Info(
+		fmt.Sprintf("Encrypted backup using given passphrase, saving as `%s`.", s.file),
+	)
 	return nil
 }
 
@@ -556,7 +616,9 @@ func (s *script) pruneBackups() error {
 // is non-nil.
 func (s *script) must(err error) {
 	if err != nil {
-		s.logger.Errorf("Fatal error running backup: %s", err)
+		s.logger.Error(
+			fmt.Sprintf("Fatal error running backup: %s", err),
+		)
 		panic(err)
 	}
 }

docs/NOTIFICATION-TEMPLATES.md

@@ -25,7 +25,7 @@ Here is a list of all data passed to the template:
     * `FullPath`: full path of the backup file (e.g. `/archive/backup-2022-02-11T01-00-00.tar.gz`)
     * `Size`: size in bytes of the backup file
   * `Storages`: object that holds stats about each storage
-    * `Local`, `S3`, `WebDAV` or `SSH`:
+    * `Local`, `S3`, `WebDAV`, `Azure` or `SSH`:
       * `Total`: total number of backup files
       * `Pruned`: number of backup files that were deleted due to pruning rule
       * `PruneErrors`: number of backup files that were unable to be pruned

go.mod

@@ -1,66 +1,69 @@
 module github.com/offen/docker-volume-backup
 
-go 1.19
+go 1.21
 
 require (
-	github.com/containrrr/shoutrrr v0.5.2
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0
+	github.com/containrrr/shoutrrr v0.7.1
 	github.com/cosiner/argv v0.1.0
-	github.com/docker/docker v20.10.11+incompatible
+	github.com/docker/docker v24.0.5+incompatible
 	github.com/gofrs/flock v0.8.1
 	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/klauspost/compress v1.16.7
 	github.com/leekchan/timeutil v0.0.0-20150802142658-28917288c48d
-	github.com/minio/minio-go/v7 v7.0.44
-	github.com/otiai10/copy v1.7.0
-	github.com/pkg/sftp v1.13.5
-	github.com/sirupsen/logrus v1.9.0
-	github.com/studio-b12/gowebdav v0.0.0-20220128162035-c7b1ff8a5e62
-	golang.org/x/crypto v0.3.0
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
+	github.com/minio/minio-go/v7 v7.0.62
+	github.com/otiai10/copy v1.11.0
+	github.com/pkg/sftp v1.13.6
+	github.com/studio-b12/gowebdav v0.9.0
+	golang.org/x/crypto v0.12.0
+	golang.org/x/sync v0.3.0
 )
 
 require (
+	github.com/golang/protobuf v1.5.2 // indirect
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+)
+
+require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/containerd/containerd v1.6.6 // indirect
-	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
-	github.com/fatih/color v1.10.0 // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kr/fs v0.1.0 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/sha256-simd v1.0.0 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/moby/term v0.0.0-20200312100748-672ec06f55cd // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
-	github.com/nxadm/tail v1.4.6 // indirect
-	github.com/onsi/ginkgo v1.14.2 // indirect
-	github.com/onsi/gomega v1.10.3 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rs/xid v1.4.0 // indirect
-	golang.org/x/net v0.2.0 // indirect
-	golang.org/x/sys v0.2.0 // indirect
-	golang.org/x/text v0.4.0 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
-	google.golang.org/grpc v1.47.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	github.com/rs/xid v1.5.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gotest.tools/v3 v3.0.3 // indirect
 )

internal/storage/azure/azure.go

@@ -0,0 +1,160 @@
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package azure
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"text/template"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
+	"github.com/offen/docker-volume-backup/internal/storage"
+)
+
+type azureBlobStorage struct {
+	*storage.StorageBackend
+	client        *azblob.Client
+	containerName string
+}
+
+// Config contains values that define the configuration of an Azure Blob Storage.
+type Config struct {
+	AccountName       string
+	ContainerName     string
+	PrimaryAccountKey string
+	Endpoint          string
+	RemotePath        string
+}
+
+// NewStorageBackend creates and initializes a new Azure Blob Storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
+	endpointTemplate, err := template.New("endpoint").Parse(opts.Endpoint)
+	if err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: error parsing endpoint template: %w", err)
+	}
+	var ep bytes.Buffer
+	if err := endpointTemplate.Execute(&ep, opts); err != nil {
+		return nil, fmt.Errorf("NewStorageBackend: error executing endpoint template: %w", err)
+	}
+	normalizedEndpoint := fmt.Sprintf("%s/", strings.TrimSuffix(ep.String(), "/"))
+
+	var client *azblob.Client
+	if opts.PrimaryAccountKey != "" {
+		cred, err := azblob.NewSharedKeyCredential(opts.AccountName, opts.PrimaryAccountKey)
+		if err != nil {
+			return nil, fmt.Errorf("NewStorageBackend: error creating shared key Azure credential: %w", err)
+		}
+
+		client, err = azblob.NewClientWithSharedKeyCredential(normalizedEndpoint, cred, nil)
+		if err != nil {
+			return nil, fmt.Errorf("NewStorageBackend: error creating Azure client: %w", err)
+		}
+	} else {
+		cred, err := azidentity.NewManagedIdentityCredential(nil)
+		if err != nil {
+			return nil, fmt.Errorf("NewStorageBackend: error creating managed identity credential: %w", err)
+		}
+		client, err = azblob.NewClient(normalizedEndpoint, cred, nil)
+		if err != nil {
+			return nil, fmt.Errorf("NewStorageBackend: error creating Azure client: %w", err)
+		}
+	}
+
+	storage := azureBlobStorage{
+		client:        client,
+		containerName: opts.ContainerName,
+		StorageBackend: &storage.StorageBackend{
+			DestinationPath: opts.RemotePath,
+			Log:             logFunc,
+		},
+	}
+	return &storage, nil
+}
+
+// Name returns the name of the storage backend
+func (b *azureBlobStorage) Name() string {
+	return "Azure"
+}
+
+// Copy copies the given file to the storage backend.
+func (b *azureBlobStorage) Copy(file string) error {
+	fileReader, err := os.Open(file)
+	if err != nil {
+		return fmt.Errorf("(*azureBlobStorage).Copy: error opening file %s: %w", file, err)
+	}
+	_, err = b.client.UploadStream(
+		context.Background(),
+		b.containerName,
+		filepath.Join(b.DestinationPath, filepath.Base(file)),
+		fileReader,
+		nil,
+	)
+	if err != nil {
+		return fmt.Errorf("(*azureBlobStorage).Copy: error uploading file %s: %w", file, err)
+	}
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided
+// deadline for the Azure Blob storage backend.
+func (b *azureBlobStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	lookupPrefix := filepath.Join(b.DestinationPath, pruningPrefix)
+	pager := b.client.NewListBlobsFlatPager(b.containerName, &container.ListBlobsFlatOptions{
+		Prefix: &lookupPrefix,
+	})
+	var matches []string
+	var totalCount uint
+	for pager.More() {
+		resp, err := pager.NextPage(context.Background())
+		if err != nil {
+			return nil, fmt.Errorf("(*azureBlobStorage).Prune: error paging over blobs: %w", err)
+		}
+		for _, v := range resp.Segment.BlobItems {
+			totalCount++
+			if v.Properties.LastModified.Before(deadline) {
+				matches = append(matches, *v.Name)
+			}
+		}
+	}
+
+	stats := storage.PruneStats{
+		Total:  totalCount,
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), int(totalCount), "Azure Blob Storage backup(s)", func() error {
+		wg := sync.WaitGroup{}
+		wg.Add(len(matches))
+		var errs []error
+
+		for _, match := range matches {
+			name := match
+			go func() {
+				_, err := b.client.DeleteBlob(context.Background(), b.containerName, name, nil)
+				if err != nil {
+					errs = append(errs, err)
+				}
+				wg.Done()
+			}()
+		}
+		wg.Wait()
+		if len(errs) != 0 {
+			return errors.Join(errs...)
+		}
+		return nil
+	}); err != nil {
+		return &stats, err
+	}
+
+	return &stats, nil
+}

internal/storage/dropbox/dropbox.go

@@ -0,0 +1,260 @@
+package dropbox
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox"
+	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox/files"
+	"github.com/offen/docker-volume-backup/internal/storage"
+	"golang.org/x/oauth2"
+)
+
+type dropboxStorage struct {
+	*storage.StorageBackend
+	client           files.Client
+	concurrencyLevel int
+}
+
+// Config allows to configure a Dropbox storage backend.
+type Config struct {
+	Endpoint         string
+	OAuth2Endpoint   string
+	RefreshToken     string
+	AppKey           string
+	AppSecret        string
+	RemotePath       string
+	ConcurrencyLevel int
+}
+
+// NewStorageBackend creates and initializes a new Dropbox storage backend.
+func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
+	tokenUrl, _ := url.JoinPath(opts.OAuth2Endpoint, "oauth2/token")
+
+	conf := &oauth2.Config{
+		ClientID:     opts.AppKey,
+		ClientSecret: opts.AppSecret,
+		Endpoint: oauth2.Endpoint{
+			TokenURL: tokenUrl,
+		},
+	}
+
+	logFunc(storage.LogLevelInfo, "Dropbox", "Fetching fresh access token for Dropbox storage backend.")
+	tkSource := conf.TokenSource(context.Background(), &oauth2.Token{RefreshToken: opts.RefreshToken})
+	token, err := tkSource.Token()
+	if err != nil {
+		return nil, fmt.Errorf("(*dropboxStorage).NewStorageBackend: Error refreshing token: %w", err)
+	}
+
+	dbxConfig := dropbox.Config{
+		Token: token.AccessToken,
+	}
+
+	if opts.Endpoint != "https://api.dropbox.com/" {
+		dbxConfig.URLGenerator = func(hostType string, namespace string, route string) string {
+			return fmt.Sprintf("%s/%d/%s/%s", opts.Endpoint, 2, namespace, route)
+		}
+	}
+
+	client := files.New(dbxConfig)
+
+	if opts.ConcurrencyLevel < 1 {
+		logFunc(storage.LogLevelWarning, "Dropbox", "Concurrency level must be at least 1! Using 1 instead of %d.", opts.ConcurrencyLevel)
+		opts.ConcurrencyLevel = 1
+	}
+
+	return &dropboxStorage{
+		StorageBackend: &storage.StorageBackend{
+			DestinationPath: opts.RemotePath,
+			Log:             logFunc,
+		},
+		client:           client,
+		concurrencyLevel: opts.ConcurrencyLevel,
+	}, nil
+}
+
+// Name returns the name of the storage backend
+func (b *dropboxStorage) Name() string {
+	return "Dropbox"
+}
+
+// Copy copies the given file to the WebDav storage backend.
+func (b *dropboxStorage) Copy(file string) error {
+	_, name := path.Split(file)
+
+	folderArg := files.NewCreateFolderArg(b.DestinationPath)
+	if _, err := b.client.CreateFolderV2(folderArg); err != nil {
+		switch err := err.(type) {
+		case files.CreateFolderV2APIError:
+			if err.EndpointError.Path.Tag != files.WriteErrorConflict {
+				return fmt.Errorf("(*dropboxStorage).Copy: Error creating directory '%s' in Dropbox: %w", b.DestinationPath, err)
+			}
+			b.Log(storage.LogLevelInfo, b.Name(), "Destination path '%s' already exists in Dropbox, no new directory required.", b.DestinationPath)
+		default:
+			return fmt.Errorf("(*dropboxStorage).Copy: Error creating directory '%s' in Dropbox: %w", b.DestinationPath, err)
+		}
+	}
+
+	r, err := os.Open(file)
+	if err != nil {
+		return fmt.Errorf("(*dropboxStorage).Copy: Error opening the file to be uploaded: %w", err)
+	}
+	defer r.Close()
+
+	// Start new upload session and get session id
+
+	b.Log(storage.LogLevelInfo, b.Name(), "Starting upload session for backup '%s' to Dropbox at path '%s'.", file, b.DestinationPath)
+
+	var sessionId string
+	uploadSessionStartArg := files.NewUploadSessionStartArg()
+	uploadSessionStartArg.SessionType = &files.UploadSessionType{Tagged: dropbox.Tagged{Tag: files.UploadSessionTypeConcurrent}}
+	if res, err := b.client.UploadSessionStart(uploadSessionStartArg, nil); err != nil {
+		return fmt.Errorf("(*dropboxStorage).Copy: Error starting the upload session: %w", err)
+	} else {
+		sessionId = res.SessionId
+	}
+
+	// Send the file in 148MB chunks (Dropbox API limit is 150MB, concurrent upload requires a multiple of 4MB though)
+	// Last append can be any size <= 150MB with Close=True
+
+	const chunkSize = 148 * 1024 * 1024 // 148MB
+	var offset uint64 = 0
+	var guard = make(chan struct{}, b.concurrencyLevel)
+	var errorChn = make(chan error, b.concurrencyLevel)
+	var EOFChn = make(chan bool, b.concurrencyLevel)
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+
+loop:
+	for {
+		guard <- struct{}{} // limit concurrency
+		select {
+		case err := <-errorChn: // error from goroutine
+			return err
+		case <-EOFChn: // EOF from goroutine
+			wg.Wait() // wait for all goroutines to finish
+			break loop
+		default:
+		}
+
+		go func() {
+			defer func() {
+				wg.Done()
+				<-guard
+			}()
+			wg.Add(1)
+			chunk := make([]byte, chunkSize)
+
+			mu.Lock() // to preserve offset of chunks
+
+			select {
+			case <-EOFChn:
+				EOFChn <- true // put it back for outer loop
+				mu.Unlock()
+				return // already EOF
+			default:
+			}
+
+			bytesRead, err := r.Read(chunk)
+			if err != nil {
+				errorChn <- fmt.Errorf("(*dropboxStorage).Copy: Error reading the file to be uploaded: %w", err)
+				mu.Unlock()
+				return
+			}
+			chunk = chunk[:bytesRead]
+
+			uploadSessionAppendArg := files.NewUploadSessionAppendArg(
+				files.NewUploadSessionCursor(sessionId, offset),
+			)
+			isEOF := bytesRead < chunkSize
+			uploadSessionAppendArg.Close = isEOF
+			if isEOF {
+				EOFChn <- true
+			}
+			offset += uint64(bytesRead)
+
+			mu.Unlock()
+
+			if err := b.client.UploadSessionAppendV2(uploadSessionAppendArg, bytes.NewReader(chunk)); err != nil {
+				errorChn <- fmt.Errorf("(*dropboxStorage).Copy: Error appending the file to the upload session: %w", err)
+				return
+			}
+		}()
+	}
+
+	// Finish the upload session, commit the file (no new data added)
+
+	_, err = b.client.UploadSessionFinish(
+		files.NewUploadSessionFinishArg(
+			files.NewUploadSessionCursor(sessionId, 0),
+			files.NewCommitInfo(filepath.Join(b.DestinationPath, name)),
+		), nil)
+	if err != nil {
+		return fmt.Errorf("(*dropboxStorage).Copy: Error finishing the upload session: %w", err)
+	}
+
+	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup '%s' to Dropbox at path '%s'.", file, b.DestinationPath)
+
+	return nil
+}
+
+// Prune rotates away backups according to the configuration and provided deadline for the Dropbox storage backend.
+func (b *dropboxStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
+	var entries []files.IsMetadata
+	res, err := b.client.ListFolder(files.NewListFolderArg(b.DestinationPath))
+	if err != nil {
+		return nil, fmt.Errorf("(*webDavStorage).Prune: Error looking up candidates from remote storage: %w", err)
+	}
+	entries = append(entries, res.Entries...)
+
+	for res.HasMore {
+		res, err = b.client.ListFolderContinue(files.NewListFolderContinueArg(res.Cursor))
+		if err != nil {
+			return nil, fmt.Errorf("(*webDavStorage).Prune: Error looking up candidates from remote storage: %w", err)
+		}
+		entries = append(entries, res.Entries...)
+	}
+
+	var matches []*files.FileMetadata
+	var lenCandidates int
+	for _, candidate := range entries {
+		switch candidate := candidate.(type) {
+		case *files.FileMetadata:
+			if !strings.HasPrefix(candidate.Name, pruningPrefix) {
+				continue
+			}
+			lenCandidates++
+			if candidate.ServerModified.Before(deadline) {
+				matches = append(matches, candidate)
+			}
+		default:
+			continue
+		}
+	}
+
+	stats := &storage.PruneStats{
+		Total:  uint(lenCandidates),
+		Pruned: uint(len(matches)),
+	}
+
+	if err := b.DoPrune(b.Name(), len(matches), lenCandidates, "Dropbox backup(s)", func() error {
+		for _, match := range matches {
+			if _, err := b.client.DeleteV2(files.NewDeleteArg(filepath.Join(b.DestinationPath, match.Name))); err != nil {
+				return fmt.Errorf("(*dropboxStorage).Prune: Error removing file from Dropbox storage: %w", err)
+			}
+		}
+		return nil
+	}); err != nil {
+		return stats, err
+	}
+
+	return stats, nil
+}

internal/storage/local/local.go

@@ -4,6 +4,7 @@
 package local
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -12,7 +13,6 @@ import (
 	"time"
 
 	"github.com/offen/docker-volume-backup/internal/storage"
-	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 type localStorage struct {
@@ -127,7 +127,7 @@ func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage
 			return fmt.Errorf(
 				"(*localStorage).Prune: %d error(s) deleting local files, starting with: %w",
 				len(removeErrors),
-				utilities.Join(removeErrors...),
+				errors.Join(removeErrors...),
 			)
 		}
 		return nil

internal/storage/s3/s3.go

@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"os"
 	"path"
 	"path/filepath"
 	"time"
@@ -15,7 +16,6 @@ import (
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/offen/docker-volume-backup/internal/storage"
-	"github.com/offen/docker-volume-backup/internal/utilities"
 )
 
 type s3Storage struct {
@@ -23,6 +23,7 @@ type s3Storage struct {
 	client       *minio.Client
 	bucket       string
 	storageClass string
+	partSize     int64
 }
 
 // Config contains values that define the configuration of a S3 backend.
@@ -36,6 +37,7 @@ type Config struct {
 	RemotePath       string
 	BucketName       string
 	StorageClass     string
+	PartSize         int64
 	CACert           *x509.Certificate
 }
 
@@ -90,6 +92,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 		client:       mc,
 		bucket:       opts.BucketName,
 		storageClass: opts.StorageClass,
+		partSize:     opts.PartSize,
 	}, nil
 }
 
@@ -101,16 +104,32 @@ func (v *s3Storage) Name() string {
 // Copy copies the given file to the S3/Minio storage backend.
 func (b *s3Storage) Copy(file string) error {
 	_, name := path.Split(file)
-
-	if _, err := b.client.FPutObject(context.Background(), b.bucket, filepath.Join(b.DestinationPath, name), file, minio.PutObjectOptions{
+	putObjectOptions := minio.PutObjectOptions{
 		ContentType:  "application/tar+gzip",
 		StorageClass: b.storageClass,
-	}); err != nil {
+	}
+
+	if b.partSize > 0 {
+		srcFileInfo, err := os.Stat(file)
+		if err != nil {
+			return fmt.Errorf("(*s3Storage).Copy: error reading the local file: %w", err)
+		}
+
+		_, partSize, _, err := minio.OptimalPartInfo(srcFileInfo.Size(), uint64(b.partSize*1024*1024))
+		if err != nil {
+			return fmt.Errorf("(*s3Storage).Copy: error computing the optimal s3 part size: %w", err)
+		}
+
+		putObjectOptions.PartSize = uint64(partSize)
+	}
+
+	if _, err := b.client.FPutObject(context.Background(), b.bucket, filepath.Join(b.DestinationPath, name), file, putObjectOptions); err != nil {
 		if errResp := minio.ToErrorResponse(err); errResp.Message != "" {
 			return fmt.Errorf("(*s3Storage).Copy: error uploading backup to remote storage: [Message]: '%s', [Code]: %s, [StatusCode]: %d", errResp.Message, errResp.Code, errResp.StatusCode)
 		}
 		return fmt.Errorf("(*s3Storage).Copy: error uploading backup to remote storage: %w", err)
 	}
+
 	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup `%s` to bucket `%s`.", file, b.bucket)
 
 	return nil
@@ -159,7 +178,7 @@ func (b *s3Storage) Prune(deadline time.Time, pruningPrefix string) (*storage.Pr
 			}
 		}
 		if len(removeErrors) != 0 {
-			return utilities.Join(removeErrors...)
+			return errors.Join(removeErrors...)
 		}
 		return nil
 	}); err != nil {

internal/storage/storage.go

@@ -29,7 +29,7 @@ const (
 	LogLevelError
 )
 
-type Log func(logType LogLevel, context string, msg string, params ...interface{})
+type Log func(logType LogLevel, context string, msg string, params ...any)
 
 // PruneStats is a wrapper struct for returning stats after pruning
 type PruneStats struct {

internal/storage/webdav/webdav.go

@@ -67,15 +67,17 @@ func (b *webDavStorage) Name() string {
 
 // Copy copies the given file to the WebDav storage backend.
 func (b *webDavStorage) Copy(file string) error {
-	bytes, err := os.ReadFile(file)
 	_, name := path.Split(file)
-	if err != nil {
-		return fmt.Errorf("(*webDavStorage).Copy: Error reading the file to be uploaded: %w", err)
-	}
 	if err := b.client.MkdirAll(b.DestinationPath, 0644); err != nil {
 		return fmt.Errorf("(*webDavStorage).Copy: Error creating directory '%s' on WebDAV server: %w", b.DestinationPath, err)
 	}
-	if err := b.client.Write(filepath.Join(b.DestinationPath, name), bytes, 0644); err != nil {
+
+	r, err := os.Open(file)
+	if err != nil {
+		return fmt.Errorf("(*webDavStorage).Copy: Error opening the file to be uploaded: %w", err)
+	}
+
+	if err := b.client.WriteStream(filepath.Join(b.DestinationPath, name), r, 0644); err != nil {
 		return fmt.Errorf("(*webDavStorage).Copy: Error uploading the file to WebDAV server: %w", err)
 	}
 	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup '%s' to WebDAV URL '%s' at path '%s'.", file, b.url, b.DestinationPath)

internal/utilities/util.go

@@ -1,24 +0,0 @@
-// Copyright 2022 - Offen Authors <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package utilities
-
-import (
-	"errors"
-	"strings"
-)
-
-// Join takes a list of errors and joins them into a single error
-func Join(errs ...error) error {
-	if len(errs) == 1 {
-		return errs[0]
-	}
-	var msgs []string
-	for _, err := range errs {
-		if err == nil {
-			continue
-		}
-		msgs = append(msgs, err.Error())
-	}
-	return errors.New("[" + strings.Join(msgs, ", ") + "]")
-}

test/azure/docker-compose.yml

@@ -0,0 +1,58 @@
+version: '3'
+
+services:
+  storage:
+    image: mcr.microsoft.com/azure-storage/azurite
+    volumes:
+      - azurite_backup_data:/data
+    command: azurite-blob --blobHost 0.0.0.0 --blobPort 10000 --location /data
+    healthcheck:
+        test: nc 127.0.0.1 10000 -z
+        interval: 1s
+        retries: 30
+
+  az_cli:
+    image: mcr.microsoft.com/azure-cli
+    volumes:
+      - ./local:/dump
+    command:
+      - /bin/sh
+      - -c
+      - |
+          az storage container create --name test-container
+    depends_on:
+      storage:
+        condition: service_healthy
+    environment:
+      AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://storage:10000/devstoreaccount1;
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    hostname: hostnametoken
+    restart: always
+    environment:
+      AZURE_STORAGE_ACCOUNT_NAME: devstoreaccount1
+      AZURE_STORAGE_PRIMARY_ACCOUNT_KEY: Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==
+      AZURE_STORAGE_CONTAINER_NAME: test-container
+      AZURE_STORAGE_ENDPOINT: http://storage:10000/{{ .AccountName }}/
+      AZURE_STORAGE_PATH: 'path/to/backup'
+      BACKUP_FILENAME: test.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
+      BACKUP_PRUNING_LEEWAY: 5s
+      BACKUP_PRUNING_PREFIX: test
+    volumes:
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  azurite_backup_data:
+    name: azurite_backup_data
+  app_data:

test/azure/run.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+docker compose up -d
+sleep 5
+
+# A symlink for a known file in the volume is created so the test can check
+# whether symlinks are preserved on backup.
+docker compose exec backup backup
+
+sleep 5
+
+expect_running_containers "3"
+
+docker compose run --rm az_cli \
+  az storage blob download -f /dump/test.tar.gz -c test-container -n path/to/backup/test.tar.gz
+tar -xvf ./local/test.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db
+
+pass "Found relevant files in untared remote backups."
+
+# The second part of this test checks if backups get deleted when the retention
+# is set to 0 days (which it should not as it would mean all backups get deleted)
+# TODO: find out if we can test actual deletion without having to wait for a day
+BACKUP_RETENTION_DAYS="0" docker compose up -d
+sleep 5
+
+docker compose exec backup backup
+
+docker compose run --rm az_cli \
+  az storage blob download -f /dump/test.tar.gz -c test-container -n path/to/backup/test.tar.gz
+test -f ./local/test.tar.gz
+
+pass "Remote backups have not been deleted."
+
+docker compose down --volumes

test/certs/run.sh

@@ -24,20 +24,20 @@ openssl x509 -req -passin pass:test \
 
 openssl x509 -in minio.crt -noout -text
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 sleep 5
 
 expect_running_containers "3"
 
-docker run --rm -it \
+docker run --rm \
   -v minio_backup_data:/minio_data \
   alpine \
   ash -c 'tar -xvf /minio_data/backup/test.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
 
 pass "Found relevant files in untared remote backups."
 
-docker-compose down --volumes
+docker compose down --volumes

test/cli-zstd/run.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+. ../util.sh
+current_test=$(basename $(pwd))
+
+docker network create test_network
+docker volume create backup_data
+docker volume create app_data
+# This volume is created to test whether empty directories are handled
+# correctly. It is not supposed to hold any data.
+docker volume create empty_data
+
+docker run -d \
+  --name minio \
+  --network test_network \
+  --env MINIO_ROOT_USER=test \
+  --env MINIO_ROOT_PASSWORD=test \
+  --env MINIO_ACCESS_KEY=test \
+  --env MINIO_SECRET_KEY=GMusLtUmILge2by+z890kQ \
+  -v backup_data:/data \
+  minio/minio:RELEASE.2020-08-04T23-10-51Z server /data
+
+docker exec minio mkdir -p /data/backup
+
+docker run -d \
+  --name offen \
+  --network test_network \
+  -v app_data:/var/opt/offen/ \
+  offen/offen:latest
+
+sleep 10
+
+docker run --rm \
+  --network test_network \
+  -v app_data:/backup/app_data \
+  -v empty_data:/backup/empty_data \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  --env AWS_ACCESS_KEY_ID=test \
+  --env AWS_SECRET_ACCESS_KEY=GMusLtUmILge2by+z890kQ \
+  --env AWS_ENDPOINT=minio:9000 \
+  --env AWS_ENDPOINT_PROTO=http \
+  --env AWS_S3_BUCKET_NAME=backup \
+  --env BACKUP_COMPRESSION=zst \
+  --env BACKUP_FILENAME='test.{{ .Extension }}' \
+  --env "BACKUP_FROM_SNAPSHOT=true" \
+  --entrypoint backup \
+  offen/docker-volume-backup:${TEST_VERSION:-canary}
+
+# Have to install tar and zstd on Alpine because the plain image comes with very
+# basic tar from busybox and it does not seem to support zstd
+docker run --rm \
+  -v backup_data:/data alpine \
+  ash -c 'apk add --no-cache zstd tar && tar -xvf /data/backup/test.tar.zst --zstd && test -f /backup/app_data/offen.db && test -d /backup/empty_data'
+
+pass "Found relevant files in untared remote backup."
+
+# This test does not stop containers during backup. This is happening on
+# purpose in order to cover this setup as well.
+expect_running_containers "2"
+
+docker rm $(docker stop minio offen)
+docker volume rm backup_data app_data
+docker network rm test_network

test/cli/run.sh

@@ -48,7 +48,7 @@ docker run --rm \
   --entrypoint backup \
   offen/docker-volume-backup:${TEST_VERSION:-canary}
 
-docker run --rm -it \
+docker run --rm \
   -v backup_data:/data alpine \
   ash -c 'tar -xvf /data/backup/test.tar.gz && test -f /backup/app_data/offen.db && test -d /backup/empty_data'
 

test/commands/docker-compose.yml

@@ -42,10 +42,9 @@ services:
       EXEC_LABEL: test
       EXEC_FORWARD_OUTPUT: "true"
     volumes:
-      - archive:/archive
+      - ./local:/archive
       - app_data:/backup/data:ro
       - /var/run/docker.sock:/var/run/docker.sock
 
 volumes:
   app_data:
-  archive:

test/commands/run.sh

@@ -6,11 +6,12 @@ cd $(dirname $0)
 . ../util.sh
 current_test=$(basename $(pwd))
 
-docker-compose up -d
+mkdir -p ./local
+
+docker compose up -d
 sleep 30 # mariadb likes to take a bit before responding
 
-docker-compose exec backup backup
-sudo cp -r $(docker volume inspect --format='{{ .Mountpoint }}' commands_archive) ./local
+docker compose exec backup backup
 
 tar -xvf ./local/test.tar.gz
 if [ ! -f ./backup/data/dump.sql ]; then
@@ -28,12 +29,13 @@ if [ -f ./backup/data/post.txt ]; then
 fi
 pass "Did not find unexpected file."
 
-docker-compose down --volumes
+docker compose down --volumes
 sudo rm -rf ./local
 
 
 info "Running commands test in swarm mode next."
 
+mkdir -p ./local
 docker swarm init
 
 docker stack deploy --compose-file=docker-compose.yml test_stack
@@ -47,8 +49,6 @@ sleep 20
 
 docker exec $(docker ps -q -f name=backup) backup
 
-sudo cp -r $(docker volume inspect --format='{{ .Mountpoint }}' test_stack_archive) ./local
-
 tar -xvf ./local/test.tar.gz
 if [ ! -f ./backup/data/dump.sql ]; then
   fail "Could not find file written by pre command."

test/confd/run.sh

@@ -8,12 +8,12 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 
 # sleep until a backup is guaranteed to have happened on the 1 minute schedule
 sleep 100
 
-docker-compose down --volumes
+docker compose down --volumes
 
 if [ ! -f ./local/conf.tar.gz ]; then
   fail "Config from file was not used."

test/dropbox/docker-compose.yml

@@ -0,0 +1,57 @@
+version: '3'
+
+services:
+  openapi_mock:
+    image: muonsoft/openapi-mock
+    environment:
+      OPENAPI_MOCK_USE_EXAMPLES: if_present
+      OPENAPI_MOCK_SPECIFICATION_URL: '/etc/openapi/user_v2.yaml'
+    ports:
+      - 8080:8080
+    volumes:
+      - ./user_v2.yaml:/etc/openapi/user_v2.yaml
+
+  oauth2_mock:
+    image: ghcr.io/navikt/mock-oauth2-server:1.0.0
+    ports:
+      - 8090:8090
+    environment:
+      PORT: 8090
+      JSON_CONFIG_PATH: '/etc/oauth2/config.json'
+    volumes:
+      - ./oauth2_config.json:/etc/oauth2/config.json
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    hostname: hostnametoken
+    depends_on:
+      - openapi_mock
+      - oauth2_mock
+    restart: always
+    environment:
+      BACKUP_FILENAME_EXPAND: 'true'
+      BACKUP_FILENAME: test-$$HOSTNAME.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
+      BACKUP_PRUNING_LEEWAY: 5s
+      BACKUP_PRUNING_PREFIX: test
+      DROPBOX_ENDPOINT: http://openapi_mock:8080
+      DROPBOX_OAUTH2_ENDPOINT: http://oauth2_mock:8090
+      DROPBOX_REFRESH_TOKEN: test
+      DROPBOX_APP_KEY: test
+      DROPBOX_APP_SECRET: test
+      DROPBOX_REMOTE_PATH: /test
+      DROPBOX_CONCURRENCY_LEVEL: 6
+    volumes:
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  app_data:

test/dropbox/oauth2_config.json

@@ -0,0 +1,37 @@
+{
+   "interactiveLogin": true,
+   "httpServer": "NettyWrapper",
+   "tokenCallbacks": [
+       {
+           "issuerId": "issuer1",
+           "tokenExpiry": 120,
+           "requestMappings": [
+               {
+                   "requestParam": "scope",
+                   "match": "scope1",
+                   "claims": {
+                       "sub": "subByScope",
+                       "aud": [
+                           "audByScope"
+                       ]
+                   }
+               }
+           ]
+       },
+       {
+           "issuerId": "issuer2",
+           "requestMappings": [
+               {
+                   "requestParam": "someparam",
+                   "match": "somevalue",
+                   "claims": {
+                       "sub": "subBySomeParam",
+                       "aud": [
+                           "audBySomeParam"
+                       ]
+                   }
+               }
+           ]
+       }
+   ]
+}

test/dropbox/run.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+docker compose up -d
+sleep 5
+
+logs=$(docker compose exec -T backup backup)
+
+sleep 5
+
+expect_running_containers "4"
+
+echo "$logs"
+if echo "$logs" | grep -q "ERROR"; then
+  fail "Backup failed, errors reported: $dvb_logs"
+else
+  pass "Backup succeeded, no errors reported."
+fi
+
+# The second part of this test checks if backups get deleted when the retention
+# is set to 0 days (which it should not as it would mean all backups get deleted)
+# TODO: find out if we can test actual deletion without having to wait for a day
+BACKUP_RETENTION_DAYS="0" docker compose up -d
+sleep 5
+
+logs=$(docker compose exec -T backup backup)
+
+echo "$logs"
+if echo "$logs" | grep -q "Refusing to do so, please check your configuration"; then
+  pass "Remote backups have not been deleted."
+else
+  fail "Remote backups would have been deleted: $dvb_logs"
+fi
+
+docker compose down --volumes

test/extend/Dockerfile

@@ -0,0 +1,4 @@
+ARG version=canary
+FROM offen/docker-volume-backup:$version
+
+RUN apk add rsync

test/extend/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3'
+
+services:
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    restart: always
+    labels:
+      - docker-volume-backup.copy-post=/bin/sh -c 'mkdir -p /tmp/unpack && tar -xvf $$COMMAND_RUNTIME_ARCHIVE_FILEPATH -C /tmp/unpack && rsync -r /tmp/unpack/backup/app_data /local'
+    environment:
+      BACKUP_FILENAME: test.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      EXEC_FORWARD_OUTPUT: "true"
+    volumes:
+      - ./local:/local
+      - app_data:/backup/app_data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  app_data:

test/extend/run.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+mkdir -p local
+
+export BASE_VERSION="${TEST_VERSION:-canary}"
+export TEST_VERSION="${TEST_VERSION:-canary}-with-rsync"
+
+docker build . -t offen/docker-volume-backup:$TEST_VERSION --build-arg version=$BASE_VERSION
+
+docker compose up -d
+sleep 5
+
+docker compose exec backup backup
+
+sleep 5
+
+expect_running_containers "2"
+
+if [ ! -f "./local/app_data/offen.db" ]; then
+  fail "Could not find expected file in untared archive."
+fi
+
+docker compose down --volumes

test/gpg/run.sh

@@ -8,10 +8,10 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 expect_running_containers "2"
 
@@ -30,4 +30,4 @@ if [ ! -L ./local/test-latest.tar.gz.gpg ]; then
   fail "Could not find local symlink to latest encrypted backup."
 fi
 
-docker-compose down --volumes
+docker compose down --volumes

test/ignore/run.sh

@@ -8,11 +8,11 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 sleep 5
-docker-compose exec backup backup
+docker compose exec backup backup
 
-docker-compose down --volumes
+docker compose down --volumes
 
 out=$(mktemp -d)
 sudo tar --same-owner -xvf ./local/test.tar.gz -C "$out"

test/local/run.sh

@@ -8,13 +8,13 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
 # A symlink for a known file in the volume is created so the test can check
 # whether symlinks are preserved on backup.
-docker-compose exec offen ln -s /var/opt/offen/offen.db /var/opt/offen/db.link
-docker-compose exec backup backup
+docker compose exec offen ln -s /var/opt/offen/offen.db /var/opt/offen/db.link
+docker compose exec backup backup
 
 sleep 5
 
@@ -42,14 +42,14 @@ pass "Found symlink to latest version in local backup."
 # The second part of this test checks if backups get deleted when the retention
 # is set to 0 days (which it should not as it would mean all backups get deleted)
 # TODO: find out if we can test actual deletion without having to wait for a day
-BACKUP_RETENTION_DAYS="0" docker-compose up -d
+BACKUP_RETENTION_DAYS="0" docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 if [ "$(find ./local -type f | wc -l)" != "1" ]; then
   fail "Backups should not have been deleted, instead seen: "$(find ./local -type f)""
 fi
 pass "Local backups have not been deleted."
 
-docker-compose down --volumes
+docker compose down --volumes

test/notifications/run.sh

@@ -8,13 +8,13 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
 GOTIFY_TOKEN=$(curl -sSLX POST -H 'Content-Type: application/json' -d '{"name":"test"}' http://admin:custom@localhost:8080/application | jq -r '.token')
 info "Set up Gotify application using token $GOTIFY_TOKEN"
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 NUM_MESSAGES=$(curl -sSL http://admin:custom@localhost:8080/message | jq -r '.messages | length')
 if [ "$NUM_MESSAGES" != 0 ]; then
@@ -22,11 +22,11 @@ if [ "$NUM_MESSAGES" != 0 ]; then
 fi
 pass "No notifications were sent when not configured."
 
-docker-compose down
+docker compose down
 
-NOTIFICATION_URLS="gotify://gotify/${GOTIFY_TOKEN}?disableTLS=true" docker-compose up -d
+NOTIFICATION_URLS="gotify://gotify/${GOTIFY_TOKEN}?disableTLS=true" docker compose up -d
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 NUM_MESSAGES=$(curl -sSL http://admin:custom@localhost:8080/message | jq -r '.messages | length')
 if [ "$NUM_MESSAGES" != 1 ]; then
@@ -47,4 +47,4 @@ if [ "$MESSAGE_BODY" != "Backing up /tmp/test.tar.gz succeeded." ]; then
 fi
 pass "Custom notification body was used."
 
-docker-compose down --volumes
+docker compose down --volumes

test/ownership/run.sh

@@ -9,10 +9,10 @@ current_test=$(basename $(pwd))
 
 mkdir -p local
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 tmp_dir=$(mktemp -d)
 sudo tar --same-owner -xvf ./local/backup.tar.gz -C $tmp_dir
@@ -27,4 +27,4 @@ for file in $(sudo find $tmp_dir/backup/postgres); do
 done
 pass "All files and directories in backup preserved their ownership."
 
-docker-compose down --volumes
+docker compose down --volumes

test/s3/run.sh

@@ -6,18 +6,18 @@ cd "$(dirname "$0")"
 . ../util.sh
 current_test=$(basename $(pwd))
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
 # A symlink for a known file in the volume is created so the test can check
 # whether symlinks are preserved on backup.
-docker-compose exec backup backup
+docker compose exec backup backup
 
 sleep 5
 
 expect_running_containers "3"
 
-docker run --rm -it \
+docker run --rm \
   -v minio_backup_data:/minio_data \
   alpine \
   ash -c 'tar -xvf /minio_data/backup/test-hostnametoken.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
@@ -27,16 +27,16 @@ pass "Found relevant files in untared remote backups."
 # The second part of this test checks if backups get deleted when the retention
 # is set to 0 days (which it should not as it would mean all backups get deleted)
 # TODO: find out if we can test actual deletion without having to wait for a day
-BACKUP_RETENTION_DAYS="0" docker-compose up -d
+BACKUP_RETENTION_DAYS="0" docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
-docker run --rm -it \
+docker run --rm \
   -v minio_backup_data:/minio_data \
   alpine \
   ash -c '[ $(find /minio_data/backup/ -type f | wc -l) = "1" ]'
 
 pass "Remote backups have not been deleted."
 
-docker-compose down --volumes
+docker compose down --volumes

test/secrets/run.sh

@@ -22,7 +22,7 @@ sleep 20
 
 docker exec $(docker ps -q -f name=backup) backup
 
-docker run --rm -it \
+docker run --rm \
   -v backup_data:/data alpine \
   ash -c 'tar -xf /data/backup/test.tar.gz && test -f /backup/pg_data/PG_VERSION'
 

test/ssh/run.sh

@@ -8,16 +8,16 @@ current_test=$(basename $(pwd))
 
 ssh-keygen -t rsa -m pem -b 4096 -N "test1234" -f id_rsa -C "docker-volume-backup@local"
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 sleep 5
 
 expect_running_containers 3
 
-docker run --rm -it \
+docker run --rm \
   -v ssh_backup_data:/ssh_data \
   alpine \
   ash -c 'tar -xvf /ssh_data/test-hostnametoken.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
@@ -27,17 +27,17 @@ pass "Found relevant files in decrypted and untared remote backups."
 # The second part of this test checks if backups get deleted when the retention
 # is set to 0 days (which it should not as it would mean all backups get deleted)
 # TODO: find out if we can test actual deletion without having to wait for a day
-BACKUP_RETENTION_DAYS="0" docker-compose up -d
+BACKUP_RETENTION_DAYS="0" docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
-docker run --rm -it \
+docker run --rm \
   -v ssh_backup_data:/ssh_data \
   alpine \
   ash -c '[ $(find /ssh_data/ -type f | wc -l) = "1" ]'
 
 pass "Remote backups have not been deleted."
 
-docker-compose down --volumes
+docker compose down --volumes
 rm -f id_rsa id_rsa.pub

test/swarm/run.sh

@@ -19,7 +19,7 @@ sleep 20
 
 docker exec $(docker ps -q -f name=backup) backup
 
-docker run --rm -it \
+docker run --rm \
   -v backup_data:/data alpine \
   ash -c 'tar -xf /data/backup/test.tar.gz && test -f /backup/pg_data/PG_VERSION'
 

test/user/.gitignore

@@ -0,0 +1,2 @@
+local
+backup

test/user/docker-compose.yml

@@ -0,0 +1,30 @@
+version: '2.4'
+
+services:
+  alpine:
+    image: alpine:3.17.3
+    tty: true 
+    volumes:
+      - app_data:/tmp
+    labels:
+      - docker-volume-backup.archive-pre.user=testuser
+      - docker-volume-backup.archive-pre=/bin/sh -c 'whoami > /tmp/whoami.txt'
+
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    deploy:
+      restart_policy:
+        condition: on-failure
+    environment:
+      BACKUP_FILENAME: test.tar.gz
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      EXEC_FORWARD_OUTPUT: "true"
+    volumes:
+      - ./local:/archive
+      - app_data:/backup/data:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  app_data:
+  archive:

test/user/run.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+. ../util.sh
+current_test=$(basename $(pwd))
+
+docker compose up -d
+
+user_name=testuser
+docker exec user-alpine-1 adduser --disabled-password "$user_name"
+
+docker compose exec backup backup
+
+tar -xvf ./local/test.tar.gz
+if [ ! -f ./backup/data/whoami.txt ]; then
+  fail "Could not find file written by pre command."
+fi
+pass "Found expected file."
+
+tar -xvf ./local/test.tar.gz
+if [ "$(cat ./backup/data/whoami.txt)" != "$user_name" ]; then
+  fail "Could not find expected user name."
+fi
+pass "Found expected user."
+
+docker compose down --volumes
+sudo rm -rf ./local
+

test/webdav/run.sh

@@ -6,16 +6,16 @@ cd "$(dirname "$0")"
 . ../util.sh
 current_test=$(basename $(pwd))
 
-docker-compose up -d
+docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
 sleep 5
 
 expect_running_containers "3"
 
-docker run --rm -it \
+docker run --rm \
   -v webdav_backup_data:/webdav_data \
   alpine \
   ash -c 'tar -xvf /webdav_data/data/my/new/path/test-hostnametoken.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db'
@@ -25,16 +25,16 @@ pass "Found relevant files in untared remote backup."
 # The second part of this test checks if backups get deleted when the retention
 # is set to 0 days (which it should not as it would mean all backups get deleted)
 # TODO: find out if we can test actual deletion without having to wait for a day
-BACKUP_RETENTION_DAYS="0" docker-compose up -d
+BACKUP_RETENTION_DAYS="0" docker compose up -d
 sleep 5
 
-docker-compose exec backup backup
+docker compose exec backup backup
 
-docker run --rm -it \
+docker run --rm \
   -v webdav_backup_data:/webdav_data \
   alpine \
   ash -c '[ $(find /webdav_data/data/my/new/path/ -type f | wc -l) = "1" ]'
 
 pass "Remote backups have not been deleted."
 
-docker-compose down --volumes
+docker compose down --volumes