Minimal functioning container and compose example

* Only run barman maintenance tasks on a schedule
* Backups can be run manually with `barman backup` inside the container

Dockerfile

@@ -0,0 +1,45 @@
+FROM debian:bookworm
+
+# Install tools necessary to setup PDGD apt repo
+RUN apt-get update && apt-get install -y --no-install-recommends \
+            ca-certificates \
+            curl \
+        && rm -rf /var/lib/apt/lists/*
+
+# Setup PDGD apt repo
+RUN curl -o /etc/apt/trusted.gpg.d/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc \
+        && bash -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
+
+# Create barman user
+ENV BARMAN_UID=999
+ENV BARMAN_GID=999
+
+RUN groupadd --system -g ${BARMAN_GID} barman && \
+    useradd --system \
+        -u ${BARMAN_UID} -g ${BARMAN_GID} \
+        --shell /bin/bash \
+        barman
+
+# Install barman
+RUN apt-get update && apt-get install -y --no-install-recommends \
+            barman \
+            barman-cli \
+            barman-cli-cloud \
+            cron \
+            postgresql-client-14 \
+            tini \
+        && rm -rf /var/lib/apt/lists/* \
+        && rm -f /etc/crontab /etc/cron.*/* \
+        && sed -i 's/\(.*pam_loginuid.so\)/#\1/' /etc/pam.d/cron
+
+ENV BARMAN_CONF_DIR=/etc/barman.d/
+ENV BARMAN_DATA_DIR=/var/lib/barman
+ENV BARMAN_CRON_SCHEDULE="* * * * *"
+
+VOLUME ${BARMAN_DATA_DIR}
+VOLUME ${BARMAN_CONF_DIR}
+
+COPY entrypoint.sh /
+ENTRYPOINT ["tini", "--", "/entrypoint.sh"]
+CMD ["cron", "-L", "3", "-f"]
+WORKDIR ${BARMAN_DATA_DIR}

entrypoint.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+find "${BARMAN_DATA_DIR}" \! -user barman -exec chown barman '{}' +
+find "${BARMAN_DATA_DIR}" \! -group barman -exec chgrp barman '{}' +
+
+echo "Generating barman.conf"
+sed -i -E \
+    -e "s,barman_home[[:space:]]*=.*$,barman_home = ${BARMAN_DATA_DIR}," \
+    -e "s,configuration_files_directory[[:space:]]*=.*$,configuration_files_directory = ${BARMAN_CONF_DIR}," \
+    /etc/barman.conf
+
+echo "Generating cron schedules"
+echo "${BARMAN_CRON_SCHEDULE} barman /usr/bin/barman cron" >> /etc/cron.d/barman-cron
+
+echo "Running barman maintenance tasks immediately"
+barman cron
+
+echo "Starting cron"
+exec "$@"

example-compose/barman.d/db.conf

@@ -0,0 +1,8 @@
+[db]
+backup_method = postgres
+archiver = off
+streaming_archiver = on
+conninfo = host=db user=barman dbname=postgres
+streaming_conninfo = host=db user=streaming_barman dbname=postgres
+slot_name = barman
+create_slot = auto

example-compose/docker-compose.yml

@@ -0,0 +1,34 @@
+version: 3
+
+services:
+  db:
+    restart: always
+    image: postgres:14.7-alpine
+    command: ['-c', 'wal_level=replica', '-c', 'synchronous_standby_names=barman_receive_wal']
+    shm_size: 256mb
+    networks:
+      - internal_network
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'postgres']
+    volumes:
+      - ./pg-data:/var/lib/postgresql/data:z
+      - ./initdb:/docker-entrypoint-initdb.d:z
+    environment:
+      - 'POSTGRES_HOST_AUTH_METHOD=trust'
+    mem_limit: 2G
+    memswap_limit: 2G
+
+  db-backup:
+    build: ..
+    networks:
+     - internal_network
+    configs:
+      - barman_d_db_conf
+    volumes:
+     - ./barman-data:/var/lib/barman:z
+     - ./barman.d:/etc/barman.d:z
+
+networks:
+  external_network:
+  internal_network:
+    internal: true

example-compose/initdb/setup_barman.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+createuser --username "${POSTGRES_USER}" barman
+psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" --dbname "${POSTGRES_DB}" <<-EOSQL
+    GRANT EXECUTE ON FUNCTION pg_start_backup(text, boolean, boolean) to barman;
+    GRANT EXECUTE ON FUNCTION pg_stop_backup() to barman;
+    GRANT EXECUTE ON FUNCTION pg_stop_backup(boolean, boolean) to barman;
+    GRANT EXECUTE ON FUNCTION pg_switch_wal() to barman;
+    GRANT EXECUTE ON FUNCTION pg_create_restore_point(text) to barman;
+    GRANT pg_read_all_settings TO barman;
+    GRANT pg_read_all_stats TO barman;
+EOSQL
+
+createuser --username "${POSTGRES_USER}" --replication streaming_barman
+
+{
+    echo "# allows barman access from all hosts"
+    echo "host  all             barman              all trust"
+    echo "host  replication     streaming_barman    all trust"
+} >> "${PGDATA}/pg_hba.conf"
+
+psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" --dbname "${POSTGRES_DB}" <<-EOSQL
+    SELECT pg_reload_conf();
+EOSQL