asda?‰PNG  IHDR ? f ??C1 sRGB ??é gAMA ±? üa pHYs ? ??o¨d GIDATx^íüL”÷e÷Y?a?("Bh?_ò???¢§?q5k?*:t0A-o??¥]VkJ¢M??f?±8\k2íll£1]q?ù???T type: object required: - repositories additionalProperties: false properties: constants: type: object description: | Constants to use in the configuration file. Within option values, all occurrences of the constant name in curly braces will be replaced with the constant value. For example, if you have a constant named "app_name" with the value "myapp", then the string "{app_name}" will be replaced with "myapp" in the configuration file. example: app_name: myapp user: myuser source_directories: type: array items: type: string description: | List of source directories and files to back up. Globs and tildes are expanded. Do not backslash spaces in path names. example: - /home - /etc - /var/log/syslog* - /home/user/path with spaces repositories: type: array items: type: object required: - path additionalProperties: false properties: path: type: string description: The local path or Borg URL of the repository. example: ssh://user@backupserver/./sourcehostname.borg label: type: string description: | An optional label for the repository, used in logging and to make selecting the repository easier on the command-line. example: backupserver encryption: type: string description: | The encryption mode with which to create the repository, only used for the repo-create action. To see the available encryption modes, run "borg init --help" with Borg 1 or "borg repo-create --help" with Borg 2. example: repokey-blake2 append_only: type: boolean description: | Whether the repository should be created append-only, only used for the repo-create action. Defaults to false. example: true storage_quota: type: string description: | The storage quota with which to create the repository, only used for the repo-create action. Defaults to no quota. example: 5G make_parent_directories: type: boolean description: | Whether any missing parent directories of the repository path should be created, only used for the repo-create action. Defaults to false. example: true description: | A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository). Tildes are expanded. Multiple repositories are backed up to in sequence. Borg placeholders can be used. See the output of "borg help placeholders" for details. See ssh_command for SSH options like identity file or port. If systemd service is used, then add local repository paths in the systemd service file to the ReadWritePaths list. example: - path: ssh://user@backupserver/./sourcehostname.borg label: backupserver - path: /mnt/backup label: local working_directory: type: string description: | Working directory to use when running actions, useful for backing up using relative source directory paths. Does not currently apply to borgmatic configuration file paths or includes. Tildes are expanded. See http://borgbackup.readthedocs.io/en/stable/usage/create.html for details. Defaults to not set. example: /path/to/working/directory one_file_system: type: boolean description: | Stay in same file system; do not cross mount points beyond the given source directories. Defaults to false. example: true numeric_ids: type: boolean description: | Only store/extract numeric user and group identifiers. Defaults to false. example: true atime: type: boolean description: | Store atime into archive. Defaults to true in Borg < 1.2, false in Borg 1.2+. example: false ctime: type: boolean description: Store ctime into archive. Defaults to true. example: false birthtime: type: boolean description: | Store birthtime (creation date) into archive. Defaults to true. example: false read_special: type: boolean description: | Use Borg's --read-special flag to allow backup of block and other special devices. Use with caution, as it will lead to problems if used when backing up special devices such as /dev/zero. Defaults to false. But when a database hook is used, the setting here is ignored and read_special is considered true. example: true flags: type: boolean description: | Record filesystem flags (e.g. NODUMP, IMMUTABLE) in archive. Defaults to true. example: false files_cache: type: string description: | Mode in which to operate the files cache. See http://borgbackup.readthedocs.io/en/stable/usage/create.html for details. Defaults to "ctime,size,inode". example: ctime,size,inode local_path: type: string description: | Alternate Borg local executable. Defaults to "borg". example: borg1 remote_path: type: string description: | Alternate Borg remote executable. Defaults to "borg". example: borg1 patterns: type: array items: type: string description: | Any paths matching these patterns are included/excluded from backups. Globs are expanded. (Tildes are not.) See the output of "borg help patterns" for more details. Quote any value if it contains leading punctuation, so it parses correctly. example: - 'R /' - '- /home/*/.cache' - '+ /home/susan' - '- /home/*' patterns_from: type: array items: type: string description: | Read include/exclude patterns from one or more separate named files, one pattern per line. See the output of "borg help patterns" for more details. example: - /etc/borgmatic/patterns exclude_patterns: type: array items: type: string description: | Any paths matching these patterns are excluded from backups. Globs and tildes are expanded. Note that a glob pattern must either start with a glob or be an absolute path. Do not backslash spaces in path names. See the output of "borg help patterns" for more details. example: - '*.pyc' - /home/*/.cache - '*/.vim*.tmp' - /etc/ssl - /home/user/path with spaces exclude_from: type: array items: type: string description: | Read exclude patterns from one or more separate named files, one pattern per line. See the output of "borg help patterns" for more details. example: - /etc/borgmatic/excludes exclude_caches: type: boolean description: | Exclude directories that contain a CACHEDIR.TAG file. See http://www.brynosaurus.com/cachedir/spec.html for details. Defaults to false. example: true exclude_if_present: type: array items: type: string description: | Exclude directories that contain a file with the given filenames. Defaults to not set. example: - .nobackup keep_exclude_tags: type: boolean description: | If true, the exclude_if_present filename is included in backups. Defaults to false, meaning that the exclude_if_present filename is omitted from backups. example: true exclude_nodump: type: boolean description: | Exclude files with the NODUMP flag. Defaults to false. example: true borgmatic_source_directory: type: string description: | Deprecated. Only used for locating database dumps and bootstrap metadata within backup archives created prior to deprecation. Replaced by user_runtime_directory and user_state_directory. Defaults to ~/.borgmatic example: /tmp/borgmatic user_runtime_directory: type: string description: | Path for storing temporary runtime data like streaming database dumps and bootstrap metadata. borgmatic automatically creates and uses a "borgmatic" subdirectory here. Defaults to $XDG_RUNTIME_DIR or or $TMPDIR or $TEMP or /run/user/$UID. example: /run/user/1001 user_state_directory: type: string description: | Path for storing borgmatic state files like records of when checks last ran. borgmatic automatically creates and uses a "borgmatic" subdirectory here. If you change this option, borgmatic must create the check records again (and therefore re-run checks). Defaults to $XDG_STATE_HOME or ~/.local/state. example: /var/lib/borgmatic source_directories_must_exist: type: boolean description: | If true, then source directories (and root pattern paths) must exist. If they don't, an error is raised. Defaults to false. example: true encryption_passcommand: type: string description: | The standard output of this command is used to unlock the encryption key. Only use on repositories that were initialized with passcommand/repokey/keyfile encryption. Note that if both encryption_passcommand and encryption_passphrase are set, then encryption_passphrase takes precedence. This can also be used to access encrypted systemd service credentials. Defaults to not set. For more details, see: https://torsion.org/borgmatic/docs/how-to/provide-your-passwords/ example: "secret-tool lookup borg-repository repo-name" encryption_passphrase: type: string description: | Passphrase to unlock the encryption key with. Only use on repositories that were initialized with passphrase/repokey/keyfile encryption. Quote the value if it contains punctuation, so it parses correctly. And backslash any quote or backslash literals as well. Defaults to not set. Supports the "{credential ...}" syntax. example: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~" checkpoint_interval: type: integer description: | Number of seconds between each checkpoint during a long-running backup. See https://borgbackup.readthedocs.io/en/stable/faq.html for details. Defaults to checkpoints every 1800 seconds (30 minutes). example: 1800 checkpoint_volume: type: integer description: | Number of backed up bytes between each checkpoint during a long-running backup. Only supported with Borg 2+. See https://borgbackup.readthedocs.io/en/stable/faq.html for details. Defaults to only time-based checkpointing (see "checkpoint_interval") instead of volume-based checkpointing. example: 1048576 chunker_params: type: string description: | Specify the parameters passed to the chunker (CHUNK_MIN_EXP, CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE). See https://borgbackup.readthedocs.io/en/stable/internals.html for details. Defaults to "19,23,21,4095". example: 19,23,21,4095 compression: type: string description: | Type of compression to use when creating archives. (Compression level can be added separated with a comma, like "zstd,7".) See http://borgbackup.readthedocs.io/en/stable/usage/create.html for details. Defaults to "lz4". example: lz4 recompress: type: string enum: ['if-different', 'always', 'never'] description: | Mode for recompressing data chunks according to MODE. Possible modes are: * "if-different": Recompress if the current compression is with a different compression algorithm. * "always": Recompress even if the current compression is with the same compression algorithm. Use this to change the compression level. * "never": Do not recompress. Use this option to explicitly prevent recompression. See https://borgbackup.readthedocs.io/en/stable/usage/recreate.html for details. Defaults to "never". example: if-different upload_rate_limit: type: integer description: | Remote network upload rate limit in kiBytes/second. Defaults to unlimited. example: 100 upload_buffer_size: type: integer description: | Size of network upload buffer in MiB. Defaults to no buffer. example: 160 retries: type: integer description: | Number of times to retry a failing backup before giving up. Defaults to 0 (i.e., does not attempt retry). example: 3 retry_wait: type: integer description: | Wait time between retries (in seconds) to allow transient issues to pass. Increases after each retry by that same wait time as a form of backoff. Defaults to 0 (no wait). example: 10 temporary_directory: type: string description: | Directory where temporary Borg files are stored. Defaults to $TMPDIR. See "Resource Usage" at https://borgbackup.readthedocs.io/en/stable/usage/general.html for details. example: /path/to/tmpdir ssh_command: type: string description: | Command to use instead of "ssh". This can be used to specify ssh options. Defaults to not set. example: ssh -i /path/to/private/key borg_base_directory: type: string description: | Base path used for various Borg directories. Defaults to $HOME, ~$USER, or ~. example: /path/to/base borg_config_directory: type: string description: | Path for Borg configuration files. Defaults to $borg_base_directory/.config/borg example: /path/to/base/config borg_cache_directory: type: string description: | Path for Borg cache files. Defaults to $borg_base_directory/.cache/borg example: /path/to/base/cache use_chunks_archive: type: boolean description: | Enables or disables the use of chunks.archive.d for faster cache resyncs in Borg. If true, value is set to "yes" (default) else it's set to "no", reducing disk usage but slowing resyncs. example: true borg_files_cache_ttl: type: integer description: | Maximum time to live (ttl) for entries in the Borg files cache. example: 20 borg_security_directory: type: string description: | Path for Borg security and encryption nonce files. Defaults to $borg_base_directory/.config/borg/security example: /path/to/base/config/security borg_keys_directory: type: string description: | Path for Borg encryption key files. Defaults to $borg_base_directory/.config/borg/keys example: /path/to/base/config/keys borg_exit_codes: type: array items: type: object required: ['code', 'treat_as'] additionalProperties: false properties: code: type: integer not: {enum: [0]} description: | The exit code for an existing Borg warning or error. example: 100 treat_as: type: string enum: ['error', 'warning'] description: | Whether to consider the exit code as an error or as a warning in borgmatic. example: error description: | A list of Borg exit codes that should be elevated to errors or squashed to warnings as indicated. By default, Borg error exit codes (2 to 99) are treated as errors while warning exit codes (1 and 100+) are treated as warnings. Exit codes other than 1 and 2 are only present in Borg 1.4.0+. example: - code: 13 treat_as: warning - code: 100 treat_as: error umask: type: integer description: | Umask used for when executing Borg or calling hooks. Defaults to 0077 for Borg or the umask that borgmatic is run with for hooks. example: 0077 lock_wait: type: integer description: | Maximum seconds to wait for acquiring a repository/cache lock. Defaults to 1. example: 5 archive_name_format: type: string description: | Name of the archive to create. Borg placeholders can be used. See the output of "borg help placeholders" for details. Defaults to "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}" with Borg 1 and "{hostname}" with Borg 2, as Borg 2 does not require unique archive names; identical archive names form a common "series" that can be targeted together. When running actions like repo-list, info, or check, borgmatic automatically tries to match only archives created with this name format. example: "{hostname}-documents-{now}" match_archives: type: string description: | A Borg pattern for filtering down the archives used by borgmatic actions that operate on multiple archives. For Borg 1.x, use a shell pattern here and see the output of "borg help placeholders" for details. For Borg 2.x, see the output of "borg help match-archives". If match_archives is not specified, borgmatic defaults to deriving the match_archives value from archive_name_format. example: "sh:{hostname}-*" relocated_repo_access_is_ok: type: boolean description: | Bypass Borg error about a repository that has been moved. Defaults to false. example: true unknown_unencrypted_repo_access_is_ok: type: boolean description: | Bypass Borg error about a previously unknown unencrypted repository. Defaults to false. example: true check_i_know_what_i_am_doing: type: boolean description: | Bypass Borg confirmation about check with repair option. Defaults to false and an interactive prompt from Borg. example: true extra_borg_options: type: object additionalProperties: false properties: init: type: string description: | Extra command-line options to pass to "borg init". example: "--extra-option" create: type: string description: | Extra command-line options to pass to "borg create". example: "--extra-option" prune: type: string description: | Extra command-line options to pass to "borg prune". example: "--extra-option" compact: type: string description: | Extra command-line options to pass to "borg compact". example: "--extra-option" check: type: string description: | Extra command-line options to pass to "borg check". example: "--extra-option" description: | Additional options to pass directly to particular Borg commands, handy for Borg options that borgmatic does not yet support natively. Note that borgmatic does not perform any validation on these options. Running borgmatic with "--verbosity 2" shows the exact Borg command-line invocation. keep_within: type: string description: | Keep all archives within this time interval. See "skip_actions" for disabling pruning altogether. example: 3H keep_secondly: type: integer description: Number of secondly archives to keep. example: 60 keep_minutely: type: integer description: Number of minutely archives to keep. example: 60 keep_hourly: type: integer description: Number of hourly archives to keep. example: 24 keep_daily: type: integer description: Number of daily archives to keep. example: 7 keep_weekly: type: integer description: Number of weekly archives to keep. example: 4 keep_monthly: type: integer description: Number of monthly archives to keep. example: 6 keep_yearly: type: integer description: Number of yearly archives to keep. example: 1 keep_13weekly: type: integer description: Number of quarterly archives to keep (13 week strategy). example: 13 keep_3monthly: type: integer description: Number of quarterly archives to keep (3 month strategy). example: 3 prefix: type: string description: | Deprecated. When pruning or checking archives, only consider archive names starting with this prefix. Borg placeholders can be used. See the output of "borg help placeholders" for details. If a prefix is not specified, borgmatic defaults to matching archives based on the archive_name_format (see above). example: sourcehostname compact_threshold: type: integer description: | Minimum saved space percentage threshold for compacting a segment, defaults to 10. example: 20 checks: type: array items: type: object oneOf: - required: [name] additionalProperties: false properties: name: type: string enum: - archives - data - extract - disabled description: | Name of the consistency check to run: * "repository" checks the consistency of the repository. * "archives" checks all of the archives. * "data" verifies the integrity of the data within the archives and implies the "archives" check as well. * "spot" checks that some percentage of source files are found in the most recent archive (with identical contents). * "extract" does an extraction dry-run of the most recent archive. * See "skip_actions" for disabling checks altogether. example: spot frequency: type: string description: | How frequently to run this type of consistency check (as a best effort). The value is a number followed by a unit of time. E.g., "2 weeks" to run this consistency check no more than every two weeks for a given repository or "1 month" to run it no more than monthly. Defaults to "always": running this check every time checks are run. example: 2 weeks only_run_on: type: array items: type: string description: | After the "frequency" duration has elapsed, only run this check if the current day of the week matches one of these values (the name of a day of the week in the current locale). "weekday" and "weekend" are also accepted. Defaults to running the check on any day of the week. example: - Saturday - Sunday - required: [name] additionalProperties: false properties: name: type: string enum: - repository description: | Name of the consistency check to run: * "repository" checks the consistency of the repository. * "archives" checks all of the archives. * "data" verifies the integrity of the data within the archives and implies the "archives" check as well. * "spot" checks that some percentage of source files are found in the most recent archive (with identical contents). * "extract" does an extraction dry-run of the most recent archive. * See "skip_actions" for disabling checks altogether. example: spot frequency: type: string description: | How frequently to run this type of consistency check (as a best effort). The value is a number followed by a unit of time. E.g., "2 weeks" to run this consistency check no more than every two weeks for a given repository or "1 month" to run it no more than monthly. Defaults to "always": running this check every time checks are run. example: 2 weeks only_run_on: type: array items: type: string description: | After the "frequency" duration has elapsed, only run this check if the current day of the week matches one of these values (the name of a day of the week in the current locale). "weekday" and "weekend" are also accepted. Defaults to running the check on any day of the week. example: - Saturday - Sunday max_duration: type: integer description: | How many seconds to check the repository before interrupting the check. Useful for splitting a long-running repository check into multiple partial checks. Defaults to no interruption. Only applies to the "repository" check, does not check the repository index and is not compatible with the "--repair" flag. example: 3600 - required: - name - count_tolerance_percentage - data_sample_percentage - data_tolerance_percentage additionalProperties: false properties: name: type: string enum: - spot description: | Name of the consistency check to run: * "repository" checks the consistency of the repository. * "archives" checks all of the archives. * "data" verifies the integrity of the data within the archives and implies the "archives" check as well. * "spot" checks that some percentage of source files are found in the most recent archive (with identical contents). * "extract" does an extraction dry-run of the most recent archive. * See "skip_actions" for disabling checks altogether. example: repository frequency: type: string description: | How frequently to run this type of consistency check (as a best effort). The value is a number followed by a unit of time. E.g., "2 weeks" to run this consistency check no more than every two weeks for a given repository or "1 month" to run it no more than monthly. Defaults to "always": running this check every time checks are run. example: 2 weeks only_run_on: type: array items: type: string description: | After the "frequency" duration has elapsed, only run this check if the current day of the week matches one of these values (the name of a day of the week in the current locale). "weekday" and "weekend" are also accepted. Defaults to running the check on any day of the week. example: - Saturday - Sunday count_tolerance_percentage: type: number description: | The percentage delta between the source directories file count and the most recent backup archive file count that is allowed before the entire consistency check fails. This can catch problems like incorrect excludes, inadvertent deletes, etc. Required (and only valid) for the "spot" check. example: 10 data_sample_percentage: type: number description: | The percentage of total files in the source directories to randomly sample and compare to their corresponding files in the most recent backup archive. Required (and only valid) for the "spot" check. example: 1 data_tolerance_percentage: type: number description: | The percentage of total files in the source directories that can fail a spot check comparison without failing the entire consistency check. This can catch problems like source files that have been bulk-changed by malware, backups that have been tampered with, etc. The value must be lower than or equal to the "contents_sample_percentage". Required (and only valid) for the "spot" check. example: 0.5 xxh64sum_command: type: string description: | Command to use instead of "xxh64sum" to hash source files, usually found in an OS package named "xxhash". Do not substitute with a different hash type (SHA, MD5, etc.) or the check will never succeed. Only valid for the "spot" check. example: /usr/local/bin/xxh64sum description: | List of one or more consistency checks to run on a periodic basis (if "frequency" is set) or every time borgmatic runs checks (if "frequency" is omitted). example: - name: archives frequency: 2 weeks - name: repository check_repositories: type: array items: type: string description: | Paths or labels for a subset of the configured "repositories" (see above) on which to run consistency checks. Handy in case some of your repositories are very large, and so running consistency checks on them would take too long. Defaults to running consistency checks on all configured repositories. example: - user@backupserver:sourcehostname.borg check_last: type: integer description: | Restrict the number of checked archives to the last n. Applies only to the "archives" check. Defaults to checking all archives. example: 3 color: type: boolean description: | Apply color to console output. Defaults to true. example: false verbosity: type: integer enum: - -2 - -1 - 0 - 1 - 2 description: | Display verbose output to the console: -2 (disabled), -1 (errors only), 0 (warnings and responses to actions, the default), 1 (info about steps borgmatic is taking), or 2 (debug). example: 2 syslog_verbosity: type: integer enum: - -2 - -1 - 0 - 1 - 2 description: | Log verbose output to syslog: -2 (disabled, the default), -1 (errors only), 0 (warnings and responses to actions), 1 (info about steps borgmatic is taking), or 2 (debug). example: 2 log_file_verbosity: type: integer enum: - -2 - -1 - 0 - 1 - 2 description: | Log verbose output to file: -2 (disabled), -1 (errors only), 0 (warnings and responses to actions), 1 (info about steps borgmatic is taking, the default), or 2 (debug). example: 2 log_file: type: string description: | Write log messages to the file at this path. example: /var/log/borgmatic/logfile.txt log_file_format: type: string description: | Python format string used for log messages written to the log file. example: "[{asctime}] {levelname}: {prefix}{message}" monitoring_verbosity: type: integer enum: - -2 - -1 - 0 - 1 - 2 description: | When a monitoring integration supporting logging is configured, log verbose output to it: -2 (disabled), -1 (errors only), 0 (warnings and responses to actions), 1 (info about steps borgmatic is taking, the default), or 2 (debug). example: 2 log_json: type: boolean description: | Write Borg log messages and console output as one JSON object per log line instead of formatted text. Defaults to false. example: true progress: type: boolean description: | Display progress as each file or archive is processed when running supported actions. Corresponds to the "--progress" flag on those actions. Defaults to false. example: true statistics: type: boolean description: | Display statistics for an archive when running supported actions. Corresponds to the "--stats" flag on those actions. Defaults to false. example: true list_details: type: boolean description: | Display details for each file or archive as it is processed when running supported actions. Corresponds to the "--list" flag on those actions. Defaults to false. example: true default_actions: type: boolean description: | Whether to apply default actions (create, prune, compact and check) when no arguments are supplied to the borgmatic command. If set to false, borgmatic displays the help message instead. example: true skip_actions: type: array items: type: string enum: - repo-create - transfer - prune - compact - create - recreate - check - delete - extract - config - export-tar - mount - umount - repo-delete - restore - repo-list - list - repo-info - info - break-lock - key - borg description: | List of one or more actions to skip running for this configuration file, even if specified on the command-line (explicitly or implicitly). This is handy for append-only configurations where you never want to run "compact" or checkless configuration where you want to skip "check". Defaults to not skipping any actions. example: - compact before_actions: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before all the actions for each repository. example: - "echo Starting actions." before_backup: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before creating a backup, run once per repository. example: - "echo Starting a backup." before_prune: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before pruning, run once per repository. example: - "echo Starting pruning." before_compact: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before compaction, run once per repository. example: - "echo Starting compaction." before_check: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before consistency checks, run once per repository. example: - "echo Starting checks." before_extract: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before extracting a backup, run once per repository. example: - "echo Starting extracting." after_backup: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after creating a backup, run once per repository. example: - "echo Finished a backup." after_compact: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after compaction, run once per repository. example: - "echo Finished compaction." after_prune: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after pruning, run once per repository. example: - "echo Finished pruning." after_check: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after consistency checks, run once per repository. example: - "echo Finished checks." after_extract: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after extracting a backup, run once per repository. example: - "echo Finished extracting." after_actions: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after all actions for each repository. example: - "echo Finished actions." on_error: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute when an exception occurs during a "create", "prune", "compact", or "check" action or an associated before/after hook. example: - "echo Error during create/prune/compact/check." before_everything: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute before running all actions (if one of them is "create"). These are collected from all configuration files and then run once before all of them (prior to all actions). example: - "echo Starting actions." after_everything: type: array items: type: string description: | Deprecated. Use "commands:" instead. List of one or more shell commands or scripts to execute after running all actions (if one of them is "create"). These are collected from all configuration files and then run once after all of them (after any action). example: - "echo Completed actions." commands: type: array items: type: object oneOf: - required: [before, run] additionalProperties: false properties: before: type: string enum: - action - repository - configuration - everything description: | Name for the point in borgmatic's execution that the commands should be run before (required if "after" isn't set): * "action" runs before each action for each repository. * "repository" runs before all actions for each repository. * "configuration" runs before all actions and repositories in the current configuration file. * "everything" runs before all configuration files. example: action when: type: array items: type: string enum: - repo-create - transfer - prune - compact - create - recreate - check - delete - extract - config - export-tar - mount - umount - repo-delete - restore - repo-list - list - repo-info - info - break-lock - key - borg description: | List of actions for which the commands will be run. Defaults to running for all actions. example: [create, prune, compact, check] run: type: array items: type: string description: | List of one or more shell commands or scripts to run when this command hook is triggered. Required. example: - "echo Doing stuff." - required: [after, run] additionalProperties: false properties: after: type: string enum: - action - repository - configuration - everything - error description: | Name for the point in borgmatic's execution that the commands should be run after (required if "before" isn't set): * "action" runs after each action for each repository. * "repository" runs after all actions for each repository. * "configuration" runs after all actions and repositories in the current configuration file. * "everything" runs after all configuration files. * "error" runs after an error occurs. example: action when: type: array items: type: string enum: - repo-create - transfer - prune - compact - create - recreate - check - delete - extract - config - export-tar - mount - umount - repo-delete - restore - repo-list - list - repo-info - info - break-lock - key - borg description: | Only trigger the hook when borgmatic is run with particular actions listed here. Defaults to running for all actions. example: [create, prune, compact, check] states: type: array items: type: string enum: - finish - fail description: | Only trigger the hook if borgmatic encounters one of the states (execution results) listed here, where: * "finish": No errors occurred. * "fail": An error occurred. This state is evaluated only for the scope of the configured "action", "repository", etc., rather than for the entire borgmatic run. Only available for "after" hooks. Defaults to running the hook for all states. example: - finish run: type: array items: type: string description: | List of one or more shell commands or scripts to run when this command hook is triggered. Required. example: - "echo Doing stuff." description: | List of one or more command hooks to execute, triggered at particular points during borgmatic's execution. For each command hook, specify one of "before" or "after", not both. example: - before: action when: [create] run: [echo Backing up.] bootstrap: type: object additionalProperties: false properties: store_config_files: type: boolean description: | Store configuration files used to create a backup inside the backup itself. Defaults to true. Changing this to false prevents "borgmatic bootstrap" from extracting configuration files from the backup. example: false description: | Support for the "borgmatic bootstrap" action, used to extract borgmatic configuration files from a backup archive. postgresql_databases: type: array items: type: object required: ['name'] additionalProperties: false properties: name: type: string description: | Database name (required if using this hook). Or "all" to dump all databases on the host. (Also set the "format" to dump each database to a separate file instead of one combined file.) Note that using this database hook implicitly enables read_special (see above) to support dump and restore streaming. example: users hostname: type: string description: | Database hostname to connect to. Defaults to connecting via local Unix socket. example: database.example.org restore_hostname: type: string description: | Database hostname to restore to. Defaults to the "hostname" option. example: database.example.org port: type: integer description: Port to connect to. Defaults to 5432. example: 5433 restore_port: type: integer description: | Port to restore to. Defaults to the "port" option. example: 5433 username: type: string description: | Username with which to connect to the database. Defaults to the username of the current user. You probably want to specify the "postgres" superuser here when the database name is "all". Supports the "{credential ...}" syntax. example: dbuser restore_username: type: string description: | Username with which to restore the database. Defaults to the "username" option. Supports the "{credential ...}" syntax. example: dbuser password: type: string description: | Password with which to connect to the database. Omitting a password will only work if PostgreSQL is configured to trust the configured username without a password or you create a ~/.pgpass file. Supports the "{credential ...}" syntax. example: trustsome1 restore_password: type: string description: | Password with which to connect to the restore database. Defaults to the "password" option. Supports the "{credential ...}" syntax. example: trustsome1 no_owner: type: boolean description: | Do not output commands to set ownership of objects to match the original database. By default, pg_dump and pg_restore issue ALTER OWNER or SET SESSION AUTHORIZATION statements to set ownership of created schema elements. These statements will fail unless the initial connection to the database is made by a superuser. example: true format: type: string enum: ['plain', 'custom', 'directory', 'tar'] description: | Database dump output format. One of "plain", "custom", "directory", or "tar". Defaults to "custom" (unlike raw pg_dump) for a single database. Or, when database name is "all" and format is blank, dumps all databases to a single file. But if a format is specified with an "all" database name, dumps each database to a separate file of that format, allowing more convenient restores of individual databases. See the pg_dump documentation for more about formats. example: directory compression: type: ["string", "integer"] description: | Database dump compression level (integer) or method ("gzip", "lz4", "zstd", or "none") and optional colon-separated detail. Defaults to moderate "gzip" for "custom" and "directory" formats and no compression for the "plain" format. Compression is not supported for the "tar" format. Be aware that Borg does its own compression as well, so you may not need it in both places. example: none ssl_mode: type: string enum: ['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full'] description: | SSL mode to use to connect to the database server. One of "disable", "allow", "prefer", "require", "verify-ca" or "verify-full". Defaults to "disable". example: require ssl_cert: type: string description: | Path to a client certificate. example: "/root/.postgresql/postgresql.crt" ssl_key: type: string description: | Path to a private client key. example: "/root/.postgresql/postgresql.key" ssl_root_cert: type: string description: | Path to a root certificate containing a list of trusted certificate authorities. example: "/root/.postgresql/root.crt" ssl_crl: type: string description: | Path to a certificate revocation list. example: "/root/.postgresql/root.crl" pg_dump_command: type: string description: | Command to use instead of "pg_dump" or "pg_dumpall". This can be used to run a specific pg_dump version (e.g., one inside a running container). If you run it from within a container, make sure to mount the path in the "user_runtime_directory" option from the host into the container at the same location. Defaults to "pg_dump" for single database dump or "pg_dumpall" to dump all databases. example: docker exec my_pg_container pg_dump pg_restore_command: type: string description: | Command to use instead of "pg_restore". This can be used to run a specific pg_restore version (e.g., one inside a running container). Defaults to "pg_restore". example: docker exec my_pg_container pg_restore psql_command: type: string description: | Command to use instead of "psql". This can be used to run a specific psql version (e.g., one inside a running container). Defaults to "psql". example: docker exec my_pg_container psql options: type: string description: | Additional pg_dump/pg_dumpall options to pass directly to the dump command, without performing any validation on them. See pg_dump documentation for details. example: --role=someone list_options: type: string description: | Additional psql options to pass directly to the psql command that lists available databases, without performing any validation on them. See psql documentation for details. example: --role=someone restore_options: type: string description: | Additional pg_restore/psql options to pass directly to the restore command, without performing any validation on them. See pg_restore/psql documentation for details. example: --role=someone analyze_options: type: string description: | Additional psql options to pass directly to the analyze command run after a restore, without performing any validation on them. See psql documentation for details. example: --role=someone description: | List of one or more PostgreSQL databases to dump before creating a backup, run once per configuration file. The database dumps are added to your source directories at runtime and streamed directly to Borg. Requires pg_dump/pg_dumpall/pg_restore commands. See https://www.postgresql.org/docs/current/app-pgdump.html and https://www.postgresql.org/docs/current/libpq-ssl.html for details. example: - name: users hostname: database.example.org mariadb_databases: type: array items: type: object required: ['name'] additionalProperties: false properties: name: type: string description: | Database name (required if using this hook). Or "all" to dump all databases on the host. Note that using this database hook implicitly enables read_special (see above) to support dump and restore streaming. example: users hostname: type: string description: | Database hostname to connect to. Defaults to connecting via local Unix socket. example: database.example.org restore_hostname: type: string description: | Database hostname to restore to. Defaults to the "hostname" option. example: database.example.org port: type: integer description: Port to connect to. Defaults to 3306. example: 3307 restore_port: type: integer description: | Port to restore to. Defaults to the "port" option. example: 5433 username: type: string description: | Username with which to connect to the database. Defaults to the username of the current user. Supports the "{credential ...}" syntax. example: dbuser restore_username: type: string description: | Username with which to restore the database. Defaults to the "username" option. Supports the "{credential ...}" syntax. example: dbuser password: type: string description: | Password with which to connect to the database. Omitting a password will only work if MariaDB is configured to trust the configured username without a password. Supports the "{credential ...}" syntax. example: trustsome1 restore_password: type: string description: | Password with which to connect to the restore database. Defaults to the "password" option. Supports the "{credential ...}" syntax. example: trustsome1 password_transport: type: string enum: - pipe - environment description: | How to transmit database passwords from borgmatic to the MariaDB client, one of: * "pipe": Securely transmit passwords via anonymous pipe. Only works if the database client is on the same host as borgmatic. (The server can be somewhere else.) This is the default value. * "environment": Transmit passwords via environment variable. Potentially less secure than a pipe, but necessary when the database client is elsewhere, e.g. when "mariadb_dump_command" is configured to "exec" into a container and run a client there. tls: type: boolean description: | Whether to TLS-encrypt data transmitted between the client and server. The default varies based on the MariaDB version. example: false restore_tls: type: boolean description: | Whether to TLS-encrypt data transmitted between the client and restore server. The default varies based on the MariaDB version. example: false mariadb_dump_command: type: string description: | Command to use instead of "mariadb-dump". This can be used to run a specific mariadb_dump version (e.g., one inside a running container). If you run it from within a container, make sure to mount the path in the "user_runtime_directory" option from the host into the container at the same location. Defaults to "mariadb-dump". example: docker exec mariadb_container mariadb-dump mariadb_command: type: string description: | Command to run instead of "mariadb". This can be used to run a specific mariadb version (e.g., one inside a running container). Defaults to "mariadb". example: docker exec mariadb_container mariadb format: type: string enum: ['sql'] description: | Database dump output format. Currently only "sql" is supported. Defaults to "sql" for a single database. Or, when database name is "all" and format is blank, dumps all databases to a single file. But if a format is specified with an "all" database name, dumps each database to a separate file of that format, allowing more convenient restores of individual databases. example: directory add_drop_database: type: boolean description: | Use the "--add-drop-database" flag with mariadb-dump, causing the database to be dropped right before restore. Defaults to true. example: false options: type: string description: | Additional mariadb-dump options to pass directly to the dump command, without performing any validation on them. See mariadb-dump documentation for details. example: --skip-comments list_options: type: string description: | Additional options to pass directly to the mariadb command that lists available databases, without performing any validation on them. See mariadb command documentation for details. example: --defaults-extra-file=mariadb.cnf restore_options: type: string description: | Additional options to pass directly to the mariadb command that restores database dumps, without performing any validation on them. See mariadb command documentation for details. example: --defaults-extra-file=mariadb.cnf description: | List of one or more MariaDB databases to dump before creating a backup, run once per configuration file. The database dumps are added to your source directories at runtime and streamed directly to Borg. Requires mariadb-dump/mariadb commands. See https://mariadb.com/kb/en/library/mysqldump/ for details. example: - name: users hostname: database.example.org mysql_databases: type: array items: type: object required: ['name'] additionalProperties: false properties: name: type: string description: | Database name (required if using this hook). Or "all" to dump all databases on the host. Note that using this database hook implicitly enables read_special (see above) to support dump and restore streaming. example: users hostname: type: string description: | Database hostname to connect to. Defaults to connecting via local Unix socket. example: database.example.org restore_hostname: type: string description: | Database hostname to restore to. Defaults to the "hostname" option. example: database.example.org port: type: integer description: Port to connect to. Defaults to 3306. example: 3307 restore_port: type: integer description: | Port to restore to. Defaults to the "port" option. example: 5433 username: type: string description: | Username with which to connect to the database. Defaults to the username of the current user. Supports the "{credential ...}" syntax. example: dbuser restore_username: type: string description: | Username with which to restore the database. Defaults to the "username" option. Supports the "{credential ...}" syntax. example: dbuser password: type: string description: | Password with which to connect to the database. Omitting a password will only work if MySQL is configured to trust the configured username without a password. Supports the "{credential ...}" syntax. example: trustsome1 restore_password: type: string description: | Password with which to connect to the restore database. Defaults to the "password" option. Supports the "{credential ...}" syntax. example: trustsome1 password_transport: type: string enum: - pipe - environment description: | How to transmit database passwords from borgmatic to the MySQL client, one of: * "pipe": Securely transmit passwords via anonymous pipe. Only works if the database client is on the same host as borgmatic. (The server can be somewhere else.) This is the default value. * "environment": Transmit passwords via environment variable. Potentially less secure than a pipe, but necessary when the database client is elsewhere, e.g. when "mysql_dump_command" is configured to "exec" into a container and run a client there. tls: type: boolean description: | Whether to TLS-encrypt data transmitted between the client and server. The default varies based on the MySQL installation. example: false restore_tls: type: boolean description: | Whether to TLS-encrypt data transmitted between the client and restore server. The default varies based on the MySQL installation. example: false mysql_dump_command: type: string description: | Command to use instead of "mysqldump". This can be used to run a specific mysql_dump version (e.g., one inside a running container). If you run it from within a container, make sure to mount the path in the "user_runtime_directory" option from the host into the container at the same location. Defaults to "mysqldump". example: docker exec mysql_container mysqldump mysql_command: type: string description: | Command to run instead of "mysql". This can be used to run a specific mysql version (e.g., one inside a running container). Defaults to "mysql". example: docker exec mysql_container mysql format: type: string enum: ['sql'] description: | Database dump output format. Currently only "sql" is supported. Defaults to "sql" for a single database. Or, when database name is "all" and format is blank, dumps all databases to a single file. But if a format is specified with an "all" database name, dumps each database to a separate file of that format, allowing more convenient restores of individual databases. example: directory add_drop_database: type: boolean description: | Use the "--add-drop-database" flag with mysqldump, causing the database to be dropped right before restore. Defaults to true. example: false options: type: string description: | Additional mysqldump options to pass directly to the dump command, without performing any validation on them. See mysqldump documentation for details. example: --skip-comments list_options: type: string description: | Additional options to pass directly to the mysql command that lists available databases, without performing any validation on them. See mysql command documentation for details. example: --defaults-extra-file=my.cnf restore_options: type: string description: | Additional options to pass directly to the mysql command that restores database dumps, without performing any validation on them. See mysql command documentation for details. example: --defaults-extra-file=my.cnf description: | List of one or more MySQL databases to dump before creating a backup, run once per configuration file. The database dumps are added to your source directories at runtime and streamed directly to Borg. Requires mysqldump/mysql commands. See https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html for details. example: - name: users hostname: database.example.org sqlite_databases: type: array items: type: object required: ['path','name'] additionalProperties: false properties: name: type: string description: | This is used to tag the database dump file with a name. It is not the path to the database file itself. The name "all" has no special meaning for SQLite databases. example: users path: type: string description: | Path to the SQLite database file to dump. If relative, it is relative to the current working directory. Note that using this database hook implicitly enables read_special (see above) to support dump and restore streaming. example: /var/lib/sqlite/users.db restore_path: type: string description: | Path to the SQLite database file to restore to. Defaults to the "path" option. example: /var/lib/sqlite/users.db sqlite_command: type: string description: | Command to use instead of "sqlite3". This can be used to run a specific sqlite3 version (e.g., one inside a running container). If you run it from within a container, make sure to mount the path in the "user_runtime_directory" option from the host into the container at the same location. Defaults to "sqlite3". example: docker exec sqlite_container sqlite3 sqlite_restore_command: type: string description: | Command to run when restoring a database instead of "sqlite3". This can be used to run a specific sqlite3 version (e.g., one inside a running container). Defaults to "sqlite3". example: docker exec sqlite_container sqlite3 description: | List of one or more SQLite databases to dump before creating a backup, run once per configuration file. The database dumps are added to your source directories at runtime and streamed directly to Borg. Requires the sqlite3 command. See https://sqlite.org/cli.html for details. example: - name: users path: /var/lib/db.sqlite mongodb_databases: type: array items: type: object required: ['name'] additionalProperties: false properties: name: type: string description: | Database name (required if using this hook). Or "all" to dump all databases on the host. Note that using this database hook implicitly enables read_special (see above) to support dump and restore streaming. example: users hostname: type: string description: | Database hostname to connect to. Defaults to connecting to localhost. example: database.example.org restore_hostname: type: string description: | Database hostname to restore to. Defaults to the "hostname" option. example: database.example.org port: type: integer description: Port to connect to. Defaults to 27017. example: 27018 restore_port: type: integer description: | Port to restore to. Defaults to the "port" option. example: 5433 username: type: string description: | Username with which to connect to the database. Skip it if no authentication is needed. Supports the "{credential ...}" syntax. example: dbuser restore_username: type: string description: | Username with which to restore the database. Defaults to the "username" option. Supports the "{credential ...}" syntax. example: dbuser password: type: string description: | Password with which to connect to the database. Skip it if no authentication is needed. Supports the "{credential ...}" syntax. example: trustsome1 restore_password: type: string description: | Password with which to connect to the restore database. Defaults to the "password" option. Supports the "{credential ...}" syntax. example: trustsome1 authentication_database: type: string description: | Authentication database where the specified username exists. If no authentication database is specified, the database provided in "name" is used. If "name" is "all", the "admin" database is used. example: admin format: type: string enum: ['archive', 'directory'] description: | Database dump output format. One of "archive", or "directory". Defaults to "archive". See mongodump documentation for details. Note that format is ignored when the database name is "all". example: directory options: type: string description: | Additional mongodump options to pass directly to the dump command, without performing any validation on them. See mongodump documentation for details. example: --dumpDbUsersAndRoles restore_options: type: string description: | Additional mongorestore options to pass directly to the dump command, without performing any validation on them. See mongorestore documentation for details. example: --restoreDbUsersAndRoles mongodump_command: type: string description: | Command to use instead of "mongodump". This can be used to run a specific mongodump version (e.g., one inside a running container). If you run it from within a container, make sure to mount the path in the "user_runtime_directory" option from the host into the container at the same location. Defaults to "mongodump". example: docker exec mongodb_container mongodump mongorestore_command: type: string description: | Command to run when restoring a database instead of "mongorestore". This can be used to run a specific mongorestore version (e.g., one inside a running container). Defaults to "mongorestore". example: docker exec mongodb_container mongorestore description: | List of one or more MongoDB databases to dump before creating a backup, run once per configuration file. The database dumps are added to your source directories at runtime and streamed directly to Borg. Requires mongodump/mongorestore commands. See https://docs.mongodb.com/database-tools/mongodump/ and https://docs.mongodb.com/database-tools/mongorestore/ for details. example: - name: users hostname: database.example.org ntfy: type: object required: ['topic'] additionalProperties: false properties: topic: type: string description: | The topic to publish to. See https://ntfy.sh/docs/publish/ for details. example: topic server: type: string description: | The address of your self-hosted ntfy.sh instance. example: https://ntfy.your-domain.com username: type: string description: | The username used for authentication. Supports the "{credential ...}" syntax. example: testuser password: type: string description: | The password used for authentication. Supports the "{credential ...}" syntax. example: fakepassword access_token: type: string description: | An ntfy access token to authenticate with instead of username/password. Supports the "{credential ...}" syntax. example: tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2 start: type: object additionalProperties: false properties: title: type: string description: | The title of the message. example: Ping! message: type: string description: | The message body to publish. example: Your backups have failed. priority: type: string description: | The priority to set. example: urgent tags: type: string description: | Tags to attach to the message. example: incoming_envelope finish: type: object additionalProperties: false properties: title: type: string description: | The title of the message. example: Ping! message: type: string description: | The message body to publish. example: Your backups have failed. priority: type: string description: | The priority to set. example: urgent tags: type: string description: | Tags to attach to the message. example: incoming_envelope fail: type: object additionalProperties: false properties: title: type: string description: | The title of the message. example: Ping! message: type: string description: | The message body to publish. example: Your backups have failed. priority: type: string description: | The priority to set. example: urgent tags: type: string description: | Tags to attach to the message. example: incoming_envelope states: type: array items: type: string enum: - start - finish - fail uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", and/or "fail". Defaults to pinging for failure only. example: - start - finish pushover: type: object required: ['token', 'user'] additionalProperties: false properties: token: type: string description: | Your application's API token. Supports the "{credential ...}" syntax. example: 7ms6TXHpTokTou2P6x4SodDeentHRa user: type: string description: | Your user/group key (or that of your target user), viewable when logged into your dashboard: often referred to as USER_KEY in Pushover documentation and code examples. Supports the "{credential ...}" syntax. example: hwRwoWsXMBWwgrSecfa9EfPey55WSN start: type: object additionalProperties: false properties: message: type: string description: | Message to be sent to the user or group. If omitted the default is the name of the state. example: A backup job has started. priority: type: integer description: | A value of -2, -1, 0 (default), 1 or 2 that indicates the message priority. example: 0 expire: type: integer description: | How many seconds your notification will continue to be retried (every retry seconds). Defaults to 600. This settings only applies to priority 2 notifications. example: 600 retry: type: integer description: | The retry parameter specifies how often (in seconds) the Pushover servers will send the same notification to the user. Defaults to 30. This settings only applies to priority 2 notifications. example: 30 device: type: string description: | The name of one of your devices to send just to that device instead of all devices. example: pixel8 html: type: boolean description: | Set to True to enable HTML parsing of the message. Set to false for plain text. example: true sound: type: string description: | The name of a supported sound to override your default sound choice. All options can be found here: https://pushover.net/api#sounds example: bike title: type: string description: | Your message's title, otherwise your app's name is used. example: A backup job has started. ttl: type: integer description: | The number of seconds that the message will live, before being deleted automatically. The ttl parameter is ignored for messages with a priority. value of 2. example: 3600 url: type: string description: | A supplementary URL to show with your message. example: https://pushover.net/apps/xxxxx-borgbackup url_title: type: string description: | A title for the URL specified as the url parameter, otherwise just the URL is shown. example: Pushover Link finish: type: object additionalProperties: false properties: message: type: string description: | Message to be sent to the user or group. If omitted the default is the name of the state. example: A backup job has finished. priority: type: integer description: | A value of -2, -1, 0 (default), 1 or 2 that indicates the message priority. example: 0 expire: type: integer description: | How many seconds your notification will continue to be retried (every retry seconds). Defaults to 600. This settings only applies to priority 2 notifications. example: 600 retry: type: integer description: | The retry parameter specifies how often (in seconds) the Pushover servers will send the same notification to the user. Defaults to 30. This settings only applies to priority 2 notifications. example: 30 device: type: string description: | The name of one of your devices to send just to that device instead of all devices. example: pixel8 html: type: boolean description: | Set to True to enable HTML parsing of the message. Set to false for plain text. example: true sound: type: string description: | The name of a supported sound to override your default sound choice. All options can be found here: https://pushover.net/api#sounds example: bike title: type: string description: | Your message's title, otherwise your app's name is used. example: A backup job has started. ttl: type: integer description: | The number of seconds that the message will live, before being deleted automatically. The ttl parameter is ignored for messages with a priority. value of 2. example: 3600 url: type: string description: | A supplementary URL to show with your message. example: https://pushover.net/apps/xxxxx-borgbackup url_title: type: string description: | A title for the URL specified as the url parameter, otherwise just the URL is shown. example: Pushover Link fail: type: object additionalProperties: false properties: message: type: string description: | Message to be sent to the user or group. If omitted the default is the name of the state. example: A backup job has failed. priority: type: integer description: | A value of -2, -1, 0 (default), 1 or 2 that indicates the message priority. example: 0 expire: type: integer description: | How many seconds your notification will continue to be retried (every retry seconds). Defaults to 600. This settings only applies to priority 2 notifications. example: 600 retry: type: integer description: | The retry parameter specifies how often (in seconds) the Pushover servers will send the same notification to the user. Defaults to 30. This settings only applies to priority 2 notifications. example: 30 device: type: string description: | The name of one of your devices to send just to that device instead of all devices. example: pixel8 html: type: boolean description: | Set to True to enable HTML parsing of the message. Set to false for plain text. example: true sound: type: string description: | The name of a supported sound to override your default sound choice. All options can be found here: https://pushover.net/api#sounds example: bike title: type: string description: | Your message's title, otherwise your app's name is used. example: A backup job has started. ttl: type: integer description: | The number of seconds that the message will live, before being deleted automatically. The ttl parameter is ignored for messages with a priority. value of 2. example: 3600 url: type: string description: | A supplementary URL to show with your message. example: https://pushover.net/apps/xxxxx-borgbackup url_title: type: string description: | A title for the URL specified as the url parameter, otherwise just the URL is shown. example: Pushover Link states: type: array items: type: string enum: - start - finish - fail uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", and/or "fail". Defaults to pinging for failure only. example: - start - finish zabbix: type: object additionalProperties: false required: - server properties: itemid: type: integer description: | The ID of the Zabbix item used for collecting data. Unique across the entire Zabbix system. example: 55105 host: type: string description: | Host name where the item is stored. Required if "itemid" is not set. example: borg-server key: type: string description: | Key of the host where the item is stored. Required if "itemid" is not set. example: borg.status server: type: string description: | The API endpoint URL of your Zabbix instance, usually ending with "/api_jsonrpc.php". Required. example: https://zabbix.your-domain.com username: type: string description: | The username used for authentication. Not needed if using an API key. Supports the "{credential ...}" syntax. example: testuser password: type: string description: | The password used for authentication. Not needed if using an API key. Supports the "{credential ...}" syntax. example: fakepassword api_key: type: string description: | The API key used for authentication. Not needed if using an username/password. Supports the "{credential ...}" syntax. example: fakekey start: type: object additionalProperties: false properties: value: type: ["integer", "string"] description: | The value to set the item to on start. example: STARTED finish: type: object additionalProperties: false properties: value: type: ["integer", "string"] description: | The value to set the item to on finish. example: FINISH fail: type: object additionalProperties: false properties: value: type: ["integer", "string"] description: | The value to set the item to on fail. example: ERROR states: type: array items: type: string enum: - start - finish - fail uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", and/or "fail". Defaults to pinging for failure only. example: - start - finish apprise: type: object required: ['services'] additionalProperties: false properties: services: type: array items: type: object additionalProperties: false required: - url - label properties: url: type: string description: URL of this Apprise service. example: "gotify://hostname/token" label: type: string description: | Label used in borgmatic logs for this Apprise service. example: gotify description: | A list of Apprise services to publish to with URLs and labels. The labels are used for logging. A full list of services and their configuration can be found at https://github.com/caronc/apprise/wiki. example: - url: "kodi://user@hostname" label: kodi - url: "line://Token@User" label: line send_logs: type: boolean description: | Send borgmatic logs to Apprise services as part of the "finish", "fail", and "log" states. Defaults to true. example: false logs_size_limit: type: integer description: | Number of bytes of borgmatic logs to send to Apprise services. Set to 0 to send all logs and disable this truncation. Defaults to 1500. example: 100000 start: type: object required: ['body'] additionalProperties: false properties: title: type: string description: | Specify the message title. If left unspecified, no title is sent. example: Ping! body: type: string description: | Specify the message body. example: Starting backup process. finish: type: object required: ['body'] additionalProperties: false properties: title: type: string description: | Specify the message title. If left unspecified, no title is sent. example: Ping! body: type: string description: | Specify the message body. example: Backups successfully made. fail: type: object required: ['body'] additionalProperties: false properties: title: type: string description: | Specify the message title. If left unspecified, no title is sent. example: Ping! body: type: string description: | Specify the message body. example: Your backups have failed. log: type: object required: ['body'] additionalProperties: false properties: title: type: string description: | Specify the message title. If left unspecified, no title is sent. example: Ping! body: type: string description: | Specify the message body. example: Here is some info about your backups. states: type: array items: type: string enum: - start - finish - fail - log uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", "fail", and/or "log". Defaults to pinging for failure only. For each selected state, corresponding configuration for the message title and body should be given. If any is left unspecified, a generic message is emitted instead. example: - start - finish healthchecks: type: object required: ['ping_url'] additionalProperties: false properties: ping_url: type: string description: | Healthchecks ping URL or UUID to notify when a backup begins, ends, errors, or to send only logs. example: https://hc-ping.com/your-uuid-here verify_tls: type: boolean description: | Verify the TLS certificate of the ping URL host. Defaults to true. example: false send_logs: type: boolean description: | Send borgmatic logs to Healthchecks as part of the "finish", "fail", and "log" states. Defaults to true. example: false ping_body_limit: type: integer description: | Number of bytes of borgmatic logs to send to Healthchecks, ideally the same as PING_BODY_LIMIT configured on the Healthchecks server. Set to 0 to send all logs and disable this truncation. Defaults to 100000. example: 200000 states: type: array items: type: string enum: - start - finish - fail - log uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", "fail", and/or "log". Defaults to pinging for all states. example: - finish create_slug: type: boolean description: | Create the check if it does not exist. Only works with the slug URL scheme (https://hc-ping.com// as opposed to https://hc-ping.com/). Defaults to false. example: true description: | Configuration for a monitoring integration with Healthchecks. Create an account at https://healthchecks.io (or self-host Healthchecks) if you'd like to use this service. See borgmatic monitoring documentation for details. uptime_kuma: type: object required: ['push_url'] additionalProperties: false properties: push_url: type: string description: | Uptime Kuma push URL without query string (do not include the question mark or anything after it). example: https://example.uptime.kuma/api/push/abcd1234 states: type: array items: type: string enum: - start - finish - fail uniqueItems: true description: | List of one or more monitoring states to push for: "start", "finish", and/or "fail". Defaults to pushing for all states. example: - start - finish - fail verify_tls: type: boolean description: | Verify the TLS certificate of the push URL host. Defaults to true. example: false description: | Configuration for a monitoring integration with Uptime Kuma using the Push monitor type. See more information here: https://uptime.kuma.pet cronitor: type: object required: ['ping_url'] additionalProperties: false properties: ping_url: type: string description: | Cronitor ping URL to notify when a backup begins, ends, or errors. example: https://cronitor.link/d3x0c1 description: | Configuration for a monitoring integration with Cronitor. Create an account at https://cronitor.io if you'd like to use this service. See borgmatic monitoring documentation for details. pagerduty: type: object required: ['integration_key'] additionalProperties: false properties: integration_key: type: string description: | PagerDuty integration key used to notify PagerDuty when a backup errors. Supports the "{credential ...}" syntax. example: a177cad45bd374409f78906a810a3074 send_logs: type: boolean description: | Send borgmatic logs to PagerDuty when a backup errors. Defaults to true. example: false description: | Configuration for a monitoring integration with PagerDuty. Create an account at https://www.pagerduty.com if you'd like to use this service. See borgmatic monitoring documentation for details. cronhub: type: object required: ['ping_url'] additionalProperties: false properties: ping_url: type: string description: | Cronhub ping URL to notify when a backup begins, ends, or errors. example: https://cronhub.io/ping/1f5e3410-254c-5587 description: | Configuration for a monitoring integration with Cronhub. Create an account at https://cronhub.io if you'd like to use this service. See borgmatic monitoring documentation for details. loki: type: object required: ['url', 'labels'] additionalProperties: false properties: url: type: string description: | Grafana loki log URL to notify when a backup begins, ends, or fails. example: "http://localhost:3100/loki/api/v1/push" labels: type: object additionalProperties: type: string description: | Allows setting custom labels for the logging stream. At least one label is required. "__hostname" gets replaced by the machine hostname automatically. "__config" gets replaced by the name of the configuration file. "__config_path" gets replaced by the full path of the configuration file. example: app: "borgmatic" config: "__config" hostname: "__hostname" description: | Configuration for a monitoring integration with Grafana Loki. You can send the logs to a self-hosted instance or create an account at https://grafana.com/auth/sign-up/create-user. See borgmatic monitoring documentation for details. sentry: type: object required: ['data_source_name_url', 'monitor_slug'] additionalProperties: false properties: data_source_name_url: type: string description: | Sentry Data Source Name (DSN) URL, associated with a particular Sentry project. Used to construct a cron URL, notified when a backup begins, ends, or errors. example: https://5f80ec@o294220.ingest.us.sentry.io/203069 monitor_slug: type: string description: | Sentry monitor slug, associated with a particular Sentry project monitor. Used along with the data source name URL to construct a cron URL. example: mymonitor states: type: array items: type: string enum: - start - finish - fail uniqueItems: true description: | List of one or more monitoring states to ping for: "start", "finish", and/or "fail". Defaults to pinging for all states. example: - start - finish description: | Configuration for a monitoring integration with Sentry. You can use a self-hosted instance via https://develop.sentry.dev/self-hosted/ or create a cloud-hosted account at https://sentry.io. See borgmatic monitoring documentation for details. zfs: type: ["object", "null"] additionalProperties: false properties: zfs_command: type: string description: | Command to use instead of "zfs". example: /usr/local/bin/zfs mount_command: type: string description: | Command to use instead of "mount". example: /usr/local/bin/mount umount_command: type: string description: | Command to use instead of "umount". example: /usr/local/bin/umount description: | Configuration for integration with the ZFS filesystem. btrfs: type: ["object", "null"] additionalProperties: false properties: btrfs_command: type: string description: | Command to use instead of "btrfs". example: /usr/local/bin/btrfs findmnt_command: type: string description: | Command to use instead of "findmnt". example: /usr/local/bin/findmnt description: | Configuration for integration with the Btrfs filesystem. lvm: type: ["object", "null"] additionalProperties: false properties: snapshot_size: type: string description: | Size to allocate for each snapshot taken, including the units to use for that size. Defaults to "10%ORIGIN" (10% of the size of logical volume being snapshotted). See the lvcreate "--size" and "--extents" documentation for more information: https://www.man7.org/linux/man-pages/man8/lvcreate.8.html example: 5GB lvcreate_command: type: string description: | Command to use instead of "lvcreate". example: /usr/local/bin/lvcreate lvremove_command: type: string description: | Command to use instead of "lvremove". example: /usr/local/bin/lvremove lvs_command: type: string description: | Command to use instead of "lvs". example: /usr/local/bin/lvs lsblk_command: type: string description: | Command to use instead of "lsblk". example: /usr/local/bin/lsblk mount_command: type: string description: | Command to use instead of "mount". example: /usr/local/bin/mount umount_command: type: string description: | Command to use instead of "umount". example: /usr/local/bin/umount description: | Configuration for integration with Linux LVM (Logical Volume Manager). container: type: object additionalProperties: false properties: secrets_directory: type: string description: | Secrets directory to use instead of "/run/secrets". example: /path/to/secrets description: | Configuration for integration with Docker or Podman secrets. keepassxc: type: object additionalProperties: false properties: keepassxc_cli_command: type: string description: | Command to use instead of "keepassxc-cli". example: /usr/local/bin/keepassxc-cli key_file: type: string description: | Path to a key file for unlocking the KeePassXC database. example: /path/to/keyfile yubikey: type: string description: | YubiKey slot and optional serial number used to access the KeePassXC database. The format is "", where: * is the YubiKey slot number (e.g., `1` or `2`). * (optional) is the YubiKey's serial number (e.g., `7370001`). example: "1:7370001" description: | Configuration for integration with the KeePassXC password manager.