Skip to content
/ ogion Public

A tool for performing scheduled database backups and transferring encrypted data to secure clouds, for home labs, hobby projects, etc., in environments such as k8s, docker, vms.

License

Notifications You must be signed in to change notification settings

rafsaf/ogion

Repository files navigation

License Python 3.13 Ruff Tests Type check Dev build Release build Update of db versions

Ogion

A tool for performing scheduled database backups and transferring encrypted data to secure public clouds, for home labs, hobby projects, etc., in environments such as k8s, docker, vms.

Backups are in age format using age, with strong encryption under the hood. Why age? it's modern replacement for GnuPG, available for most architectures and systems.

This project is more or less well tested cron-like runtime with predefined supported providers and backup targets (see below) with sensible defaults for backup commands. It has rich integration tests using providers container replacements: fake gcs, azurite, minio. Goal was to make 100% sure it will work in the wild.

There is no compression before age encryption step whatsoever. This is intentional, prepare for large backups size (compared to ogion 6.0 where 7zip was used, some backups that were 300MB now are 2.2GB). There are known exploits when mixing compression with encryption, and for small systems compression this just seems unnecessary. See:

Documentation

Alternatives

There are better tools for big corporate databases and systems:

Supported backup targets

Supported upload providers

  • Google Cloud Storage bucket
  • S3 storage compatibile bucket (AWS, Minio)
  • Azure Blob Storage
  • Debug (local)

Notifications

  • Discord
  • Email (SMTP)
  • Slack

Deployment strategies

Using docker image: rafsaf/ogion:latest, see all tags on dockerhub

  • docker (docker compose) container
  • kubernetes deployment

Architectures

  • linux/amd64
  • linux/arm64

Example

Everyday 5am backup of PostgreSQL database defined in the same file and running in docker container.

# docker-compose.yml

services:
  db:
    image: postgres:17
    environment:
      - POSTGRES_PASSWORD=pwd
  ogion:
    image: rafsaf/ogion:latest
    environment:
      - POSTGRESQL_DB_README=host=db password=pwd cron_rule=0 0 5 * * port=5432
      - AGE_RECIPIENTS=age1q5g88krfjgty48thtctz22h5ja85grufdm0jly3wll6pr9f30qsszmxzm2
      - BACKUP_PROVIDER=name=debug

(NOTE this will use provider debug that store backups locally in the container).

Real world usage

The author actively uses ogion (with GCS) for one production project plemiona-planer.pl postgres database (both PRD and STG) and for bunch of homelab projects including self hosted Firefly III mariadb, Grafana postgres, KeyCloak postgres, Nextcloud postgres and configuration file, Minecraft server files, and two other postgres dbs for some demo projects.

See how it looks for ~2GB size database:

ogion_gcp_example_twp-min.jpg