borgmatic/borgmatic/config/schema.yaml

type: object
required:
    - repositories
additionalProperties: false
properties:
    constants:
        type: object
        description: |
            Constants to use in the configuration file. Within option values,
            all occurrences of the constant name in curly braces will be
            replaced with the constant value. For example, if you have a
            constant named "app_name" with the value "myapp", then the string
            "{app_name}" will be replaced with "myapp" in the configuration
            file.
        example:
            app_name: myapp
            user: myuser
    source_directories:
        type: array
        items:
            type: string
        description: |
            List of source directories and files to back up. Globs and tildes
            are expanded. Do not backslash spaces in path names.
        example:
            - /home
            - /etc
            - /var/log/syslog*
            - /home/user/path with spaces
    repositories:
        type: array
        items:
            type: object
            required:
                - path
            additionalProperties: false
            properties:
                path:
                    type: string
                    description: The local path or Borg URL of the repository.
                    example: ssh://user@backupserver/./sourcehostname.borg
                label:
                    type: string
                    description: |
                        An optional label for the repository, used in logging
                        and to make selecting the repository easier on the
                        command-line.
                    example: backupserver
                encryption:
                    type: string
                    description: |
                        The encryption mode with which to create the repository,
                        only used for the repo-create action. To see the
                        available encryption modes, run "borg init --help" with
                        Borg 1 or "borg repo-create --help" with Borg 2.
                    example: repokey-blake2
                append_only:
                    type: boolean
                    description: |
                        Whether the repository should be created append-only,
                        only used for the repo-create action. Defaults to false.
                    example: true
                storage_quota:
                    type: string
                    description: |
                        The storage quota with which to create the repository,
                        only used for the repo-create action. Defaults to no
                        quota.
                    example: 5G
                make_parent_directories:
                    type: boolean
                    description: |
                        Whether any missing parent directories of the repository
                        path should be created, only used for the repo-create
                        action. Defaults to false.
                    example: true
        description: |
            A required list of local or remote repositories with paths and
            optional labels (which can be used with the --repository flag to
            select a repository). Tildes are expanded. Multiple repositories are
            backed up to in sequence. Borg placeholders can be used. See the
            output of "borg help placeholders" for details. See ssh_command for
            SSH options like identity file or port. If systemd service is used,
            then add local repository paths in the systemd service file to the
            ReadWritePaths list.
        example:
            - path: ssh://user@backupserver/./sourcehostname.borg
              label: backupserver
            - path: /mnt/backup
              label: local
    working_directory:
        type: string
        description: |
            Working directory to use when running actions, useful for backing up
            using relative source directory paths. Does not currently apply to
            borgmatic configuration file paths or includes. Tildes are expanded.
            See http://borgbackup.readthedocs.io/en/stable/usage/create.html for
            details. Defaults to not set.
        example: /path/to/working/directory
    one_file_system:
        type: boolean
        description: |
            Stay in same file system; do not cross mount points beyond the given
            source directories. Defaults to false.
        example: true
    numeric_ids:
        type: boolean
        description: |
            Only store/extract numeric user and group identifiers. Defaults to
            false.
        example: true
    atime:
        type: boolean
        description: |
            Store atime into archive. Defaults to true in Borg < 1.2, false in
            Borg 1.2+.
        example: false
    ctime:
        type: boolean
        description: Store ctime into archive. Defaults to true.
        example: false
    birthtime:
        type: boolean
        description: |
            Store birthtime (creation date) into archive. Defaults to true.
        example: false
    read_special:
        type: boolean
        description: |
            Use Borg's --read-special flag to allow backup of block and other
            special devices. Use with caution, as it will lead to problems if
            used when backing up special devices such as /dev/zero. Defaults to
            false. But when a database hook is used, the setting here is ignored
            and read_special is considered true.
        example: true
    flags:
        type: boolean
        description: |
            Record filesystem flags (e.g. NODUMP, IMMUTABLE) in archive.
            Defaults to true.
        example: false
    files_cache:
        type: string
        description: |
            Mode in which to operate the files cache. See
            http://borgbackup.readthedocs.io/en/stable/usage/create.html for
            details. Defaults to "ctime,size,inode".
        example: ctime,size,inode
    local_path:
        type: string
        description: |
            Alternate Borg local executable. Defaults to "borg".
        example: borg1
    remote_path:
        type: string
        description: |
            Alternate Borg remote executable. Defaults to "borg".
        example: borg1
    patterns:
        type: array
        items:
            type: string
        description: |
            Any paths matching these patterns are included/excluded from
            backups. Globs are expanded. (Tildes are not.) See the output of
            "borg help patterns" for more details. Quote any value if it
            contains leading punctuation, so it parses correctly.
        example:
            - 'R /'
            - '- /home/*/.cache'
            - '+ /home/susan'
            - '- /home/*'
    patterns_from:
        type: array
        items:
            type: string
        description: |
            Read include/exclude patterns from one or more separate named files,
            one pattern per line. See the output of "borg help patterns" for
            more details.
        example:
            - /etc/borgmatic/patterns
    exclude_patterns:
        type: array
        items:
            type: string
        description: |
            Any paths matching these patterns are excluded from backups. Globs
            and tildes are expanded. Note that a glob pattern must either start
            with a glob or be an absolute path. Do not backslash spaces in path
            names. See the output of "borg help patterns" for more details.
        example:
            - '*.pyc'
            - /home/*/.cache
            - '*/.vim*.tmp'
            - /etc/ssl
            - /home/user/path with spaces
    exclude_from:
        type: array
        items:
            type: string
        description: |
            Read exclude patterns from one or more separate named files, one
            pattern per line. See the output of "borg help patterns" for more
            details.
        example:
            - /etc/borgmatic/excludes
    exclude_caches:
        type: boolean
        description: |
            Exclude directories that contain a CACHEDIR.TAG file. See
            http://www.brynosaurus.com/cachedir/spec.html for details. Defaults
            to false.
        example: true
    exclude_if_present:
        type: array
        items:
            type: string
        description: |
            Exclude directories that contain a file with the given filenames.
            Defaults to not set.
        example:
            - .nobackup
    keep_exclude_tags:
        type: boolean
        description: |
            If true, the exclude_if_present filename is included in backups.
            Defaults to false, meaning that the exclude_if_present filename is
            omitted from backups.
        example: true
    exclude_nodump:
        type: boolean
        description: |
            Exclude files with the NODUMP flag. Defaults to false.
        example: true
    borgmatic_source_directory:
        type: string
        description: |
            Deprecated. Only used for locating database dumps and bootstrap
            metadata within backup archives created prior to deprecation.
            Replaced by user_runtime_directory and user_state_directory.
            Defaults to ~/.borgmatic
        example: /tmp/borgmatic
    user_runtime_directory:
        type: string
        description: |
            Path for storing temporary runtime data like streaming database
            dumps and bootstrap metadata. borgmatic automatically creates and
            uses a "borgmatic" subdirectory here. Defaults to $XDG_RUNTIME_DIR
            or or $TMPDIR or $TEMP or /run/user/$UID.
        example: /run/user/1001
    user_state_directory:
        type: string
        description: |
            Path for storing borgmatic state files like records of when checks
            last ran. borgmatic automatically creates and uses a "borgmatic"
            subdirectory here. If you change this option, borgmatic must
            create the check records again (and therefore re-run checks).
            Defaults to $XDG_STATE_HOME or ~/.local/state.
        example: /var/lib/borgmatic
    source_directories_must_exist:
        type: boolean
        description: |
            If true, then source directories (and root pattern paths) must
            exist. If they don't, an error is raised. Defaults to false.
        example: true
    encryption_passcommand:
        type: string
        description: |
            The standard output of this command is used to unlock the encryption
            key. Only use on repositories that were initialized with
            passcommand/repokey/keyfile encryption. Note that if both
            encryption_passcommand and encryption_passphrase are set, then
            encryption_passphrase takes precedence. This can also be used to
            access encrypted systemd service credentials. Defaults to not set.
            For more details, see:
            https://torsion.org/borgmatic/docs/how-to/provide-your-passwords/
        example: "secret-tool lookup borg-repository repo-name"
    encryption_passphrase:
        type: string
        description: |
            Passphrase to unlock the encryption key with. Only use on
            repositories that were initialized with passphrase/repokey/keyfile
            encryption. Quote the value if it contains punctuation, so it parses
            correctly. And backslash any quote or backslash literals as well.
            Defaults to not set. Supports the "{credential ...}" syntax.
        example: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
    checkpoint_interval:
        type: integer
        description: |
            Number of seconds between each checkpoint during a long-running
            backup. See https://borgbackup.readthedocs.io/en/stable/faq.html for
            details. Defaults to checkpoints every 1800 seconds (30 minutes).
        example: 1800
    checkpoint_volume:
        type: integer
        description: |
            Number of backed up bytes between each checkpoint during a
            long-running backup. Only supported with Borg 2+. See
            https://borgbackup.readthedocs.io/en/stable/faq.html for details.
            Defaults to only time-based checkpointing (see
            "checkpoint_interval") instead of volume-based checkpointing.
        example: 1048576
    chunker_params:
        type: string
        description: |
            Specify the parameters passed to the chunker (CHUNK_MIN_EXP,
            CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE). See
            https://borgbackup.readthedocs.io/en/stable/internals.html for
            details. Defaults to "19,23,21,4095".
        example: 19,23,21,4095
    compression:
        type: string
        description: |
            Type of compression to use when creating archives. (Compression
            level can be added separated with a comma, like "zstd,7".) See
            http://borgbackup.readthedocs.io/en/stable/usage/create.html for
            details. Defaults to "lz4".
        example: lz4
    recompress:
        type: string
        enum: ['if-different', 'always', 'never']
        description: |
            Mode for recompressing data chunks according to MODE. 
            Possible modes are:
             * "if-different": Recompress if the current compression
            is with a different compression algorithm.
             * "always": Recompress even if the current compression
            is with the same compression algorithm. Use this to change
            the compression level.
             * "never": Do not recompress. Use this option to explicitly
            prevent recompression.
            See https://borgbackup.readthedocs.io/en/stable/usage/recreate.html
            for details. Defaults to "never".
        example: if-different
    upload_rate_limit:
        type: integer
        description: |
            Remote network upload rate limit in kiBytes/second. Defaults to
            unlimited.
        example: 100
    upload_buffer_size:
        type: integer
        description: |
            Size of network upload buffer in MiB. Defaults to no buffer.
        example: 160
    retries:
        type: integer
        description: |
            Number of times to retry a failing backup before giving up. Defaults
            to 0 (i.e., does not attempt retry).
        example: 3
    retry_wait:
        type: integer
        description: |
            Wait time between retries (in seconds) to allow transient issues
            to pass. Increases after each retry by that same wait time as a
            form of backoff. Defaults to 0 (no wait).
        example: 10
    temporary_directory:
        type: string
        description: |
            Directory where temporary Borg files are stored. Defaults to
            $TMPDIR. See "Resource Usage" at
            https://borgbackup.readthedocs.io/en/stable/usage/general.html for
            details.
        example: /path/to/tmpdir
    ssh_command:
        type: string
        description: |
            Command to use instead of "ssh". This can be used to specify ssh
            options. Defaults to not set.
        example: ssh -i /path/to/private/key
    borg_base_directory:
        type: string
        description: |
            Base path used for various Borg directories. Defaults to $HOME,
            ~$USER, or ~.
        example: /path/to/base
    borg_config_directory:
        type: string
        description: |
            Path for Borg configuration files. Defaults to
            $borg_base_directory/.config/borg
        example: /path/to/base/config
    borg_cache_directory:
        type: string
        description: |
            Path for Borg cache files. Defaults to
            $borg_base_directory/.cache/borg
        example: /path/to/base/cache
    use_chunks_archive:
        type: boolean
        description: |
            Enables or disables the use of chunks.archive.d for faster cache
            resyncs in Borg. If true, value is set to "yes" (default) else
            it's set to "no", reducing disk usage but slowing resyncs.
        example: true
    borg_files_cache_ttl:
        type: integer
        description: |
            Maximum time to live (ttl) for entries in the Borg files cache.
        example: 20
    borg_security_directory:
        type: string
        description: |
            Path for Borg security and encryption nonce files. Defaults to
            $borg_base_directory/.config/borg/security
        example: /path/to/base/config/security
    borg_keys_directory:
        type: string
        description: |
            Path for Borg encryption key files. Defaults to
            $borg_base_directory/.config/borg/keys
        example: /path/to/base/config/keys
    borg_exit_codes:
        type: array
        items:
            type: object
            required: ['code', 'treat_as']
            additionalProperties: false
            properties:
                code:
                    type: integer
                    not: {enum: [0]}
                    description: |
                        The exit code for an existing Borg warning or error.
                    example: 100
                treat_as:
                    type: string
                    enum: ['error', 'warning']
                    description: |
                        Whether to consider the exit code as an error or as a
                        warning in borgmatic.
                    example: error
        description: |
            A list of Borg exit codes that should be elevated to errors or
            squashed to warnings as indicated. By default, Borg error exit codes
            (2 to 99) are treated as errors while warning exit codes (1 and
            100+) are treated as warnings. Exit codes other than 1 and 2 are
            only present in Borg 1.4.0+.
        example:
            - code: 13
              treat_as: warning
            - code: 100
              treat_as: error
    umask:
        type: integer
        description: |
            Umask used for when executing Borg or calling hooks. Defaults to
            0077 for Borg or the umask that borgmatic is run with for hooks.
        example: 0077
    lock_wait:
        type: integer
        description: |
            Maximum seconds to wait for acquiring a repository/cache lock.
            Defaults to 1.
        example: 5
    archive_name_format:
        type: string
        description: |
            Name of the archive to create. Borg placeholders can be used. See
            the output of "borg help placeholders" for details. Defaults to
            "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}" with Borg 1 and
            "{hostname}" with Borg 2, as Borg 2 does not require unique
            archive names; identical archive names form a common "series" that
            can be targeted together. When running actions like repo-list,
            info, or check, borgmatic automatically tries to match only
            archives created with this name format.
        example: "{hostname}-documents-{now}"
    match_archives:
        type: string
        description: |
            A Borg pattern for filtering down the archives used by borgmatic
            actions that operate on multiple archives. For Borg 1.x, use a shell
            pattern here and see the output of "borg help placeholders" for
            details. For Borg 2.x, see the output of "borg help match-archives".
            If match_archives is not specified, borgmatic defaults to deriving
            the match_archives value from archive_name_format.
        example: "sh:{hostname}-*"
    relocated_repo_access_is_ok:
        type: boolean
        description: |
            Bypass Borg error about a repository that has been moved. Defaults
            to false.
        example: true
    unknown_unencrypted_repo_access_is_ok:
        type: boolean
        description: |
            Bypass Borg error about a previously unknown unencrypted repository.
            Defaults to false.
        example: true
    check_i_know_what_i_am_doing:
        type: boolean
        description: |
            Bypass Borg confirmation about check with repair option. Defaults to
            false and an interactive prompt from Borg.
        example: true
    extra_borg_options:
        type: object
        additionalProperties: false
        properties:
            init:
                type: string
                description: |
                  Extra command-line options to pass to "borg init".
                example: "--extra-option"
            create:
                type: string
                description: |
                  Extra command-line options to pass to "borg create".
                example: "--extra-option"
            prune:
                type: string
                description: |
                  Extra command-line options to pass to "borg prune".
                example: "--extra-option"
            compact:
                type: string
                description: |
                  Extra command-line options to pass to "borg compact".
                example: "--extra-option"
            check:
                type: string
                description: |
                  Extra command-line options to pass to "borg check".
                example: "--extra-option"
        description: |
            Additional options to pass directly to particular Borg commands,
            handy for Borg options that borgmatic does not yet support natively.
            Note that borgmatic does not perform any validation on these
            options. Running borgmatic with "--verbosity 2" shows the exact Borg
            command-line invocation.
    keep_within:
        type: string
        description: |
            Keep all archives within this time interval. See "skip_actions" for
            disabling pruning altogether.
        example: 3H
    keep_secondly:
        type: integer
        description: Number of secondly archives to keep.
        example: 60
    keep_minutely:
        type: integer
        description: Number of minutely archives to keep.
        example: 60
    keep_hourly:
        type: integer
        description: Number of hourly archives to keep.
        example: 24
    keep_daily:
        type: integer
        description: Number of daily archives to keep.
        example: 7
    keep_weekly:
        type: integer
        description: Number of weekly archives to keep.
        example: 4
    keep_monthly:
        type: integer
        description: Number of monthly archives to keep.
        example: 6
    keep_yearly:
        type: integer
        description: Number of yearly archives to keep.
        example: 1
    keep_13weekly:
        type: integer
        description: Number of quarterly archives to keep (13 week strategy).
        example: 13
    keep_3monthly:
        type: integer
        description: Number of quarterly archives to keep (3 month strategy).
        example: 3
    prefix:
        type: string
        description: |
            Deprecated. When pruning or checking archives, only consider archive
            names starting with this prefix. Borg placeholders can be used. See
            the output of "borg help placeholders" for details. If a prefix is
            not specified, borgmatic defaults to matching archives based on the
            archive_name_format (see above).
        example: sourcehostname
    compact_threshold:
        type: integer
        description: |
            Minimum saved space percentage threshold for compacting a segment,
            defaults to 10.
        example: 20
    checks:
        type: array
        items:
            type: object
            oneOf:
                - required: [name]
                  additionalProperties: false
                  properties:
                      name:
                          type: string
                          enum:
                              - archives
                              - data
                              - extract
                              - disabled
                          description: |
                              Name of the consistency check to run:
                               * "repository" checks the consistency of the
                              repository.
                               * "archives" checks all of the archives.
                               * "data" verifies the integrity of the data
                              within the archives and implies the "archives"
                              check as well.
                               * "spot" checks that some percentage of source
                              files are found in the most recent archive (with
                              identical contents).
                               * "extract" does an extraction dry-run of the
                              most recent archive.
                               * See "skip_actions" for disabling checks
                              altogether.
                          example: spot
                      frequency:
                          type: string
                          description: |
                              How frequently to run this type of consistency
                              check (as a best effort). The value is a number
                              followed by a unit of time. E.g., "2 weeks" to
                              run this consistency check no more than every
                              two weeks for a given repository or "1 month" to
                              run it no more than monthly. Defaults to
                              "always": running this check every time checks
                              are run.
                          example: 2 weeks
                      only_run_on:
                          type: array
                          items:
                              type: string
                          description: |
                              After the "frequency" duration has elapsed, only
                              run this check if the current day of the week
                              matches one of these values (the name of a day of
                              the week in the current locale). "weekday" and
                              "weekend" are also accepted. Defaults to running
                              the check on any day of the week.
                          example:
                              - Saturday
                              - Sunday
                - required: [name]
                  additionalProperties: false
                  properties:
                      name:
                          type: string
                          enum:
                              - repository
                          description: |
                              Name of the consistency check to run:
                               * "repository" checks the consistency of the
                              repository.
                               * "archives" checks all of the archives.
                               * "data" verifies the integrity of the data
                              within the archives and implies the "archives"
                              check as well.
                               * "spot" checks that some percentage of source
                              files are found in the most recent archive (with
                              identical contents).
                               * "extract" does an extraction dry-run of the
                              most recent archive.
                               * See "skip_actions" for disabling checks
                              altogether.
                          example: spot
                      frequency:
                          type: string
                          description: |
                              How frequently to run this type of consistency
                              check (as a best effort). The value is a number
                              followed by a unit of time. E.g., "2 weeks" to
                              run this consistency check no more than every
                              two weeks for a given repository or "1 month" to
                              run it no more than monthly. Defaults to
                              "always": running this check every time checks
                              are run.
                          example: 2 weeks
                      only_run_on:
                          type: array
                          items:
                              type: string
                          description: |
                              After the "frequency" duration has elapsed, only
                              run this check if the current day of the week
                              matches one of these values (the name of a day of
                              the week in the current locale). "weekday" and
                              "weekend" are also accepted. Defaults to running
                              the check on any day of the week.
                          example:
                              - Saturday
                              - Sunday
                      max_duration:
                          type: integer
                          description: |
                              How many seconds to check the repository before
                              interrupting the check. Useful for splitting a
                              long-running repository check into multiple
                              partial checks. Defaults to no interruption. Only
                              applies to the "repository" check, does not check
                              the repository index and is not compatible with
                              the "--repair" flag.
                          example: 3600
                - required:
                    - name
                    - count_tolerance_percentage
                    - data_sample_percentage
                    - data_tolerance_percentage
                  additionalProperties: false
                  properties:
                      name:
                          type: string
                          enum:
                              - spot
                          description: |
                              Name of the consistency check to run:
                               * "repository" checks the consistency of the
                              repository.
                               * "archives" checks all of the archives.
                               * "data" verifies the integrity of the data
                              within the archives and implies the "archives"
                              check as well.
                               * "spot" checks that some percentage of source
                              files are found in the most recent archive (with
                              identical contents).
                               * "extract" does an extraction dry-run of the
                              most recent archive.
                               * See "skip_actions" for disabling checks
                              altogether.
                          example: repository
                      frequency:
                          type: string
                          description: |
                              How frequently to run this type of consistency
                              check (as a best effort). The value is a number
                              followed by a unit of time. E.g., "2 weeks" to
                              run this consistency check no more than every
                              two weeks for a given repository or "1 month" to
                              run it no more than monthly. Defaults to
                              "always": running this check every time checks
                              are run.
                          example: 2 weeks
                      only_run_on:
                          type: array
                          items:
                              type: string
                          description: |
                              After the "frequency" duration has elapsed, only
                              run this check if the current day of the week
                              matches one of these values (the name of a day of
                              the week in the current locale). "weekday" and
                              "weekend" are also accepted. Defaults to running
                              the check on any day of the week.
                          example:
                              - Saturday
                              - Sunday
                      count_tolerance_percentage:
                          type: number
                          description: |
                              The percentage delta between the source
                              directories file count and the most recent backup
                              archive file count that is allowed before the
                              entire consistency check fails. This can catch
                              problems like incorrect excludes, inadvertent
                              deletes, etc. Required (and only valid) for the
                              "spot" check.
                          example: 10
                      data_sample_percentage:
                          type: number
                          description: |
                              The percentage of total files in the source
                              directories to randomly sample and compare to
                              their corresponding files in the most recent
                              backup archive. Required (and only valid) for the
                              "spot" check.
                          example: 1
                      data_tolerance_percentage:
                          type: number
                          description: |
                              The percentage of total files in the source
                              directories that can fail a spot check comparison
                              without failing the entire consistency check. This
                              can catch problems like source files that have
                              been bulk-changed by malware, backups that have
                              been tampered with, etc. The value must be lower
                              than or equal to the "contents_sample_percentage".
                              Required (and only valid) for the "spot" check.
                          example: 0.5
                      xxh64sum_command:
                          type: string
                          description: |
                              Command to use instead of "xxh64sum" to hash
                              source files, usually found in an OS package named
                              "xxhash". Do not substitute with a different hash
                              type (SHA, MD5, etc.) or the check will never
                              succeed. Only valid for the "spot" check.
                          example: /usr/local/bin/xxh64sum
        description: |
            List of one or more consistency checks to run on a periodic basis
            (if "frequency" is set) or every time borgmatic runs checks (if
            "frequency" is omitted).
        example:
          - name: archives
            frequency: 2 weeks
          - name: repository
    check_repositories:
        type: array
        items:
            type: string
        description: |
            Paths or labels for a subset of the configured "repositories" (see
            above) on which to run consistency checks. Handy in case some of
            your repositories are very large, and so running consistency checks
            on them would take too long. Defaults to running consistency checks
            on all configured repositories.
        example:
            - user@backupserver:sourcehostname.borg
    check_last:
        type: integer
        description: |
            Restrict the number of checked archives to the last n. Applies only
            to the "archives" check. Defaults to checking all archives.
        example: 3
    color:
        type: boolean
        description: |
            Apply color to console output. Defaults to true.
        example: false
    verbosity:
        type: integer
        enum:
            - -2
            - -1
            - 0
            - 1
            - 2
        description: |
            Display verbose output to the console: -2 (disabled), -1 (errors
            only), 0 (warnings and responses to actions, the default), 1 (info
            about steps borgmatic is taking), or 2 (debug).
        example: 2
    syslog_verbosity:
        type: integer
        enum:
            - -2
            - -1
            - 0
            - 1
            - 2
        description: |
            Log verbose output to syslog: -2 (disabled, the default), -1 (errors
            only), 0 (warnings and responses to actions), 1 (info about steps
            borgmatic is taking), or 2 (debug).
        example: 2
    log_file_verbosity:
        type: integer
        enum:
            - -2
            - -1
            - 0
            - 1
            - 2
        description: |
            Log verbose output to file: -2 (disabled), -1 (errors only), 0
            (warnings and responses to actions), 1 (info about steps borgmatic
            is taking, the default), or 2 (debug).
        example: 2
    log_file:
        type: string
        description: |
            Write log messages to the file at this path.
        example: /var/log/borgmatic/logfile.txt
    log_file_format:
        type: string
        description: |
            Python format string used for log messages written to the log file.
        example: "[{asctime}] {levelname}: {prefix}{message}"
    monitoring_verbosity:
        type: integer
        enum:
            - -2
            - -1
            - 0
            - 1
            - 2
        description: |
            When a monitoring integration supporting logging is configured, log
            verbose output to it: -2 (disabled), -1 (errors only), 0 (warnings
            and responses to actions), 1 (info about steps borgmatic is taking,
            the default), or 2 (debug).
        example: 2
    log_json:
        type: boolean
        description: |
            Write Borg log messages and console output as one JSON object per
            log line instead of formatted text. Defaults to false.
        example: true
    progress:
        type: boolean
        description: |
            Display progress as each file or archive is processed when running
            supported actions. Corresponds to the "--progress" flag on those
            actions. Defaults to false.
        example: true
    statistics:
        type: boolean
        description: |
            Display statistics for an archive when running supported actions.
            Corresponds to the "--stats" flag on those actions. Defaults to
            false.
        example: true
    list_details:
        type: boolean
        description: |
            Display details for each file or archive as it is processed when
            running supported actions. Corresponds to the "--list" flag on those
            actions. Defaults to false.
        example: true
    default_actions:
        type: boolean
        description: |
            Whether to apply default actions (create, prune, compact and check)
            when no arguments are supplied to the borgmatic command. If set to
            false, borgmatic displays the help message instead.
        example: true
    skip_actions:
        type: array
        items:
            type: string
            enum:
                - repo-create
                - transfer
                - prune
                - compact
                - create
                - recreate
                - check
                - delete
                - extract
                - config
                - export-tar
                - mount
                - umount
                - repo-delete
                - restore
                - repo-list
                - list
                - repo-info
                - info
                - break-lock
                - key
                - borg
        description: |
            List of one or more actions to skip running for this configuration
            file, even if specified on the command-line (explicitly or
            implicitly). This is handy for append-only configurations where you
            never want to run "compact" or checkless configuration where you
            want to skip "check". Defaults to not skipping any actions.
        example:
          - compact
    before_actions:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before all the actions for each
            repository.
        example:
            - "echo Starting actions."
    before_backup:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before creating a backup, run once
            per repository.
        example:
            - "echo Starting a backup."
    before_prune:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before pruning, run once per
            repository.
        example:
            - "echo Starting pruning."
    before_compact:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before compaction, run once per
            repository.
        example:
            - "echo Starting compaction."
    before_check:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before consistency checks, run once
            per repository.
        example:
            - "echo Starting checks."
    before_extract:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before extracting a backup, run once
            per repository.
        example:
            - "echo Starting extracting."
    after_backup:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after creating a backup, run once per
            repository.
        example:
            - "echo Finished a backup."
    after_compact:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after compaction, run once per
            repository.
        example:
            - "echo Finished compaction."
    after_prune:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after pruning, run once per
            repository.
        example:
            - "echo Finished pruning."
    after_check:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after consistency checks, run once
            per repository.
        example:
            - "echo Finished checks."
    after_extract:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after extracting a backup, run once
            per repository.
        example:
            - "echo Finished extracting."
    after_actions:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after all actions for each
            repository.
        example:
            - "echo Finished actions."
    on_error:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute when an exception occurs during a
            "create", "prune", "compact", or "check" action or an associated
            before/after hook.
        example:
            - "echo Error during create/prune/compact/check."
    before_everything:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute before running all actions (if one of
            them is "create"). These are collected from all configuration files
            and then run once before all of them (prior to all actions).
        example:
            - "echo Starting actions."
    after_everything:
        type: array
        items:
            type: string
        description: |
            Deprecated. Use "commands:" instead. List of one or more shell
            commands or scripts to execute after running all actions (if one of
            them is "create"). These are collected from all configuration files
            and then run once after all of them (after any action).
        example:
            - "echo Completed actions."
    commands:
        type: array
        items:
            type: object
            oneOf:
                - required: [before, run]
                  additionalProperties: false
                  properties:
                      before:
                          type: string
                          enum:
                              - action
                              - repository
                              - configuration
                              - everything
                          description: |
                              Name for the point in borgmatic's execution that
                              the commands should be run before (required if
                              "after" isn't set):
                               * "action" runs before each action for each
                              repository.
                               * "repository" runs before all actions for each
                              repository.
                               * "configuration" runs before all actions and
                              repositories in the current configuration file.
                               * "everything" runs before all configuration
                              files.
                          example: action
                      when:
                          type: array
                          items:
                              type: string
                              enum:
                                  - repo-create
                                  - transfer
                                  - prune
                                  - compact
                                  - create
                                  - recreate
                                  - check
                                  - delete
                                  - extract
                                  - config
                                  - export-tar
                                  - mount
                                  - umount
                                  - repo-delete
                                  - restore
                                  - repo-list
                                  - list
                                  - repo-info
                                  - info
                                  - break-lock
                                  - key
                                  - borg
                          description: |
                              List of actions for which the commands will be
                              run. Defaults to running for all actions.
                          example: [create, prune, compact, check]
                      run:
                          type: array
                          items:
                              type: string
                          description: |
                              List of one or more shell commands or scripts to
                              run when this command hook is triggered. Required.
                          example:
                              - "echo Doing stuff."
                - required: [after, run]
                  additionalProperties: false
                  properties:
                      after:
                          type: string
                          enum:
                              - action
                              - repository
                              - configuration
                              - everything
                              - error
                          description: |
                              Name for the point in borgmatic's execution that
                              the commands should be run after (required if
                              "before" isn't set):
                               * "action" runs after each action for each
                              repository.
                               * "repository" runs after all actions for each
                              repository.
                               * "configuration" runs after all actions and
                              repositories in the current configuration file.
                               * "everything" runs after all configuration
                              files.
                               * "error" runs after an error occurs.
                          example: action
                      when:
                          type: array
                          items:
                              type: string
                              enum:
                                  - repo-create
                                  - transfer
                                  - prune
                                  - compact
                                  - create
                                  - recreate
                                  - check
                                  - delete
                                  - extract
                                  - config
                                  - export-tar
                                  - mount
                                  - umount
                                  - repo-delete
                                  - restore
                                  - repo-list
                                  - list
                                  - repo-info
                                  - info
                                  - break-lock
                                  - key
                                  - borg
                          description: |
                              Only trigger the hook when borgmatic is run with
                              particular actions listed here. Defaults to
                              running for all actions.
                          example: [create, prune, compact, check]
                      states:
                          type: array
                          items:
                              type: string
                              enum:
                                  - finish
                                  - fail
                          description: |
                              Only trigger the hook if borgmatic encounters one
                              of the states (execution results) listed here,
                              where:
                               * "finish": No errors occurred.
                               * "fail": An error occurred.
                              This state is evaluated only for the scope of the
                              configured "action", "repository", etc., rather
                              than for the entire borgmatic run. Only available
                              for "after" hooks. Defaults to running the hook
                              for all states.
                          example:
                              - finish
                      run:
                          type: array
                          items:
                              type: string
                          description: |
                              List of one or more shell commands or scripts to
                              run when this command hook is triggered. Required.
                          example:
                              - "echo Doing stuff."
        description: |
            List of one or more command hooks to execute, triggered at
            particular points during borgmatic's execution. For each command
            hook, specify one of "before" or "after", not both.
        example:
            - before: action
              when: [create]
              run: [echo Backing up.]
    bootstrap:
        type: object
        additionalProperties: false
        properties:
            store_config_files:
                type: boolean
                description: |
                    Store configuration files used to create a backup inside the
                    backup itself. Defaults to true. Changing this to false
                    prevents "borgmatic bootstrap" from extracting configuration
                    files from the backup.
                example: false
        description: |
            Support for the "borgmatic bootstrap" action, used to extract
            borgmatic configuration files from a backup archive.
    postgresql_databases:
        type: array
        items:
            type: object
            required: ['name']
            additionalProperties: false
            properties:
                name:
                    type: string
                    description: |
                        Database name (required if using this hook). Or "all" to
                        dump all databases on the host. (Also set the "format"
                        to dump each database to a separate file instead of one
                        combined file.) Note that using this database hook
                        implicitly enables read_special (see above) to support
                        dump and restore streaming.
                    example: users
                hostname:
                    type: string
                    description: |
                        Database hostname to connect to. Defaults to connecting
                        via local Unix socket.
                    example: database.example.org
                restore_hostname:
                    type: string
                    description: |
                        Database hostname to restore to. Defaults to the
                        "hostname" option.
                    example: database.example.org
                port:
                    type: integer
                    description: Port to connect to. Defaults to 5432.
                    example: 5433
                restore_port:
                    type: integer
                    description: |
                        Port to restore to. Defaults to the "port" option.
                    example: 5433
                username:
                    type: string
                    description: |
                        Username with which to connect to the database. Defaults
                        to the username of the current user. You probably want
                        to specify the "postgres" superuser here when the
                        database name is "all". Supports the "{credential ...}"
                        syntax.
                    example: dbuser
                restore_username:
                    type: string
                    description: |
                        Username with which to restore the database. Defaults to
                        the "username" option. Supports the "{credential ...}"
                        syntax.
                    example: dbuser
                password:
                    type: string
                    description: |
                        Password with which to connect to the database. Omitting
                        a password will only work if PostgreSQL is configured to
                        trust the configured username without a password or you
                        create a ~/.pgpass file. Supports the "{credential ...}"
                        syntax.
                    example: trustsome1
                restore_password:
                    type: string
                    description: |
                        Password with which to connect to the restore database.
                        Defaults to the "password" option. Supports the
                        "{credential ...}" syntax.
                    example: trustsome1
                no_owner:
                    type: boolean
                    description: |
                        Do not output commands to set ownership of objects to
                        match the original database. By default, pg_dump and
                        pg_restore issue ALTER OWNER or SET SESSION
                        AUTHORIZATION statements to set ownership of created
                        schema elements. These statements will fail unless the
                        initial connection to the database is made by a
                        superuser.
                    example: true
                format:
                    type: string
                    enum: ['plain', 'custom', 'directory', 'tar']
                    description: |
                        Database dump output format. One of "plain", "custom",
                        "directory", or "tar". Defaults to "custom" (unlike raw
                        pg_dump) for a single database. Or, when database name
                        is "all" and format is blank, dumps all databases to a
                        single file. But if a format is specified with an "all"
                        database name, dumps each database to a separate file of
                        that format, allowing more convenient restores of
                        individual databases. See the pg_dump documentation for
                        more about formats.
                    example: directory
                compression:
                    type: ["string", "integer"]
                    description: |
                        Database dump compression level (integer) or method
                        ("gzip", "lz4", "zstd", or "none") and optional
                        colon-separated detail. Defaults to moderate "gzip" for
                        "custom" and "directory" formats and no compression for
                        the "plain" format. Compression is not supported for the
                        "tar" format. Be aware that Borg does its own
                        compression as well, so you may not need it in both
                        places.
                    example: none
                ssl_mode:
                    type: string
                    enum: ['disable', 'allow', 'prefer',
                          'require', 'verify-ca', 'verify-full']
                    description: |
                        SSL mode to use to connect to the database server. One
                        of "disable", "allow", "prefer", "require", "verify-ca"
                        or "verify-full". Defaults to "disable".
                    example: require
                ssl_cert:
                    type: string
                    description: |
                        Path to a client certificate.
                    example: "/root/.postgresql/postgresql.crt"
                ssl_key:
                    type: string
                    description: |
                        Path to a private client key.
                    example: "/root/.postgresql/postgresql.key"
                ssl_root_cert:
                    type: string
                    description: |
                        Path to a root certificate containing a list of trusted
                        certificate authorities.
                    example: "/root/.postgresql/root.crt"
                ssl_crl:
                    type: string
                    description: |
                        Path to a certificate revocation list.
                    example: "/root/.postgresql/root.crl"
                pg_dump_command:
                    type: string
                    description: |
                        Command to use instead of "pg_dump" or "pg_dumpall".
                        This can be used to run a specific pg_dump version
                        (e.g., one inside a running container). If you run it
                        from within a container, make sure to mount the path in
                        the "user_runtime_directory" option from the host into
                        the container at the same location. Defaults to
                        "pg_dump" for single database dump or "pg_dumpall" to
                        dump all databases.
                    example: docker exec my_pg_container pg_dump
                pg_restore_command:
                    type: string
                    description: |
                        Command to use instead of "pg_restore". This can be used
                        to run a specific pg_restore version (e.g., one inside a
                        running container). Defaults to "pg_restore".
                    example: docker exec my_pg_container pg_restore
                psql_command:
                    type: string
                    description: |
                        Command to use instead of "psql". This can be used to
                        run a specific psql version (e.g., one inside a running
                        container). Defaults to "psql".
                    example: docker exec my_pg_container psql
                options:
                    type: string
                    description: |
                        Additional pg_dump/pg_dumpall options to pass directly
                        to the dump command, without performing any validation
                        on them. See pg_dump documentation for details.
                    example: --role=someone
                list_options:
                    type: string
                    description: |
                        Additional psql options to pass directly to the psql
                        command that lists available databases, without
                        performing any validation on them. See psql
                        documentation for details.
                    example: --role=someone
                restore_options:
                    type: string
                    description: |
                        Additional pg_restore/psql options to pass directly to
                        the restore command, without performing any validation
                        on them. See pg_restore/psql documentation for details.
                    example: --role=someone
                analyze_options:
                    type: string
                    description: |
                        Additional psql options to pass directly to the analyze
                        command run after a restore, without performing any
                        validation on them. See psql documentation for details.
                    example: --role=someone
        description: |
            List of one or more PostgreSQL databases to dump before creating a
            backup, run once per configuration file. The database dumps are
            added to your source directories at runtime and streamed directly
            to Borg. Requires pg_dump/pg_dumpall/pg_restore commands. See
            https://www.postgresql.org/docs/current/app-pgdump.html and
            https://www.postgresql.org/docs/current/libpq-ssl.html for
            details.
        example:
            - name: users
              hostname: database.example.org
    mariadb_databases:
        type: array
        items:
            type: object
            required: ['name']
            additionalProperties: false
            properties:
                name:
                    type: string
                    description: |
                        Database name (required if using this hook). Or "all" to
                        dump all databases on the host. Note that using this
                        database hook implicitly enables read_special (see
                        above) to support dump and restore streaming.
                    example: users
                hostname:
                    type: string
                    description: |
                        Database hostname to connect to. Defaults to connecting
                        via local Unix socket.
                    example: database.example.org
                restore_hostname:
                    type: string
                    description: |
                        Database hostname to restore to. Defaults to the
                        "hostname" option.
                    example: database.example.org
                port:
                    type: integer
                    description: Port to connect to. Defaults to 3306.
                    example: 3307
                restore_port:
                    type: integer
                    description: |
                        Port to restore to. Defaults to the "port" option.
                    example: 5433
                username:
                    type: string
                    description: |
                        Username with which to connect to the database. Defaults
                        to the username of the current user. Supports the
                        "{credential ...}" syntax.
                    example: dbuser
                restore_username:
                    type: string
                    description: |
                        Username with which to restore the database. Defaults to
                        the "username" option. Supports the "{credential ...}"
                        syntax.
                    example: dbuser
                password:
                    type: string
                    description: |
                        Password with which to connect to the database. Omitting
                        a password will only work if MariaDB is configured to
                        trust the configured username without a password.
                        Supports the "{credential ...}" syntax.
                    example: trustsome1
                restore_password:
                    type: string
                    description: |
                        Password with which to connect to the restore database.
                        Defaults to the "password" option. Supports the
                        "{credential ...}" syntax.
                    example: trustsome1
                password_transport:
                    type: string
                    enum:
                        - pipe
                        - environment
                    description: |
                        How to transmit database passwords from borgmatic to the
                        MariaDB client, one of:
                         * "pipe": Securely transmit passwords via anonymous
                           pipe. Only works if the database client is on the
                           same host as borgmatic. (The server can be
                           somewhere else.) This is the default value.
                         * "environment": Transmit passwords via environment
                           variable. Potentially less secure than a pipe, but
                           necessary when the database client is elsewhere, e.g.
                           when "mariadb_dump_command" is configured to "exec"
                           into a container and run a client there.
                tls:
                    type: boolean
                    description: |
                        Whether to TLS-encrypt data transmitted between the
                        client and server. The default varies based on the
                        MariaDB version.
                    example: false
                restore_tls:
                    type: boolean
                    description: |
                        Whether to TLS-encrypt data transmitted between the
                        client and restore server. The default varies based on
                        the MariaDB version.
                    example: false
                mariadb_dump_command:
                    type: string
                    description: |
                        Command to use instead of "mariadb-dump". This can be
                        used to run a specific mariadb_dump version (e.g., one
                        inside a running container). If you run it from within a
                        container, make sure to mount the path in the
                        "user_runtime_directory" option from the host into the
                        container at the same location. Defaults to
                        "mariadb-dump".
                    example: docker exec mariadb_container mariadb-dump
                mariadb_command:
                    type: string
                    description: |
                        Command to run instead of "mariadb". This can be used to
                        run a specific mariadb version (e.g., one inside a
                        running container). Defaults to "mariadb".
                    example: docker exec mariadb_container mariadb           
                format:
                    type: string
                    enum: ['sql']
                    description: |
                        Database dump output format. Currently only "sql" is
                        supported. Defaults to "sql" for a single database. Or,
                        when database name is "all" and format is blank, dumps
                        all databases to a single file. But if a format is
                        specified with an "all" database name, dumps each
                        database to a separate file of that format, allowing
                        more convenient restores of individual databases.
                    example: directory
                add_drop_database:
                    type: boolean
                    description: |
                        Use the "--add-drop-database" flag with mariadb-dump,
                        causing the database to be dropped right before restore.
                        Defaults to true.
                    example: false
                options:
                    type: string
                    description: |
                        Additional mariadb-dump options to pass directly to the
                        dump command, without performing any validation on them.
                        See mariadb-dump documentation for details.
                    example: --skip-comments
                list_options:
                    type: string
                    description: |
                        Additional options to pass directly to the mariadb
                        command that lists available databases, without
                        performing any validation on them. See mariadb command
                        documentation for details.
                    example: --defaults-extra-file=mariadb.cnf
                restore_options:
                    type: string
                    description: |
                        Additional options to pass directly to the mariadb
                        command that restores database dumps, without
                        performing any validation on them. See mariadb command
                        documentation for details.
                    example: --defaults-extra-file=mariadb.cnf
        description: |
            List of one or more MariaDB databases to dump before creating a
            backup, run once per configuration file. The database dumps are
            added to your source directories at runtime and streamed directly
            to Borg. Requires mariadb-dump/mariadb commands. See
            https://mariadb.com/kb/en/library/mysqldump/ for details.
        example:
            - name: users
              hostname: database.example.org
    mysql_databases:
        type: array
        items:
            type: object
            required: ['name']
            additionalProperties: false
            properties:
                name:
                    type: string
                    description: |
                        Database name (required if using this hook). Or "all" to
                        dump all databases on the host. Note that using this
                        database hook implicitly enables read_special (see
                        above) to support dump and restore streaming.
                    example: users
                hostname:
                    type: string
                    description: |
                        Database hostname to connect to. Defaults to connecting
                        via local Unix socket.
                    example: database.example.org
                restore_hostname:
                    type: string
                    description: |
                        Database hostname to restore to. Defaults to the
                        "hostname" option.
                    example: database.example.org
                port:
                    type: integer
                    description: Port to connect to. Defaults to 3306.
                    example: 3307
                restore_port:
                    type: integer
                    description: |
                        Port to restore to. Defaults to the "port" option.
                    example: 5433
                username:
                    type: string
                    description: |
                        Username with which to connect to the database. Defaults
                        to the username of the current user. Supports the
                        "{credential ...}" syntax.
                    example: dbuser
                restore_username:
                    type: string
                    description: |
                        Username with which to restore the database. Defaults to
                        the "username" option. Supports the "{credential ...}"
                        syntax.
                    example: dbuser
                password:
                    type: string
                    description: |
                        Password with which to connect to the database. Omitting
                        a password will only work if MySQL is configured to
                        trust the configured username without a password.
                        Supports the "{credential ...}" syntax.
                    example: trustsome1
                restore_password:
                    type: string
                    description: |
                        Password with which to connect to the restore database.
                        Defaults to the "password" option. Supports the
                        "{credential ...}" syntax.
                    example: trustsome1
                password_transport:
                    type: string
                    enum:
                        - pipe
                        - environment
                    description: |
                        How to transmit database passwords from borgmatic to the
                        MySQL client, one of:
                         * "pipe": Securely transmit passwords via anonymous
                           pipe. Only works if the database client is on the
                           same host as borgmatic. (The server can be
                           somewhere else.) This is the default value.
                         * "environment": Transmit passwords via environment
                           variable. Potentially less secure than a pipe, but
                           necessary when the database client is elsewhere, e.g.
                           when "mysql_dump_command" is configured to "exec"
                           into a container and run a client there.
                tls:
                    type: boolean
                    description: |
                        Whether to TLS-encrypt data transmitted between the
                        client and server. The default varies based on the
                        MySQL installation.
                    example: false
                restore_tls:
                    type: boolean
                    description: |
                        Whether to TLS-encrypt data transmitted between the
                        client and restore server. The default varies based on
                        the MySQL installation.
                    example: false
                mysql_dump_command:
                    type: string
                    description: |
                        Command to use instead of "mysqldump". This can be used
                        to run a specific mysql_dump version (e.g., one inside a
                        running container). If you run it from within a
                        container, make sure to mount the path in the
                        "user_runtime_directory" option from the host into the
                        container at the same location. Defaults to "mysqldump".
                    example: docker exec mysql_container mysqldump
                mysql_command:
                    type: string
                    description: |
                        Command to run instead of "mysql". This can be used to
                        run a specific mysql version (e.g., one inside a running
                        container). Defaults to "mysql".
                    example: docker exec mysql_container mysql
                format:
                    type: string
                    enum: ['sql']
                    description: |
                        Database dump output format. Currently only "sql" is
                        supported. Defaults to "sql" for a single database. Or,
                        when database name is "all" and format is blank, dumps
                        all databases to a single file. But if a format is
                        specified with an "all" database name, dumps each
                        database to a separate file of that format, allowing
                        more convenient restores of individual databases.
                    example: directory
                add_drop_database:
                    type: boolean
                    description: |
                        Use the "--add-drop-database" flag with mysqldump,
                        causing the database to be dropped right before restore.
                        Defaults to true.
                    example: false
                options:
                    type: string
                    description: |
                        Additional mysqldump options to pass directly to the
                        dump command, without performing any validation on them.
                        See mysqldump documentation for details.
                    example: --skip-comments
                list_options:
                    type: string
                    description: |
                        Additional options to pass directly to the mysql
                        command that lists available databases, without
                        performing any validation on them. See mysql command
                        documentation for details.
                    example: --defaults-extra-file=my.cnf
                restore_options:
                    type: string
                    description: |
                        Additional options to pass directly to the mysql
                        command that restores database dumps, without
                        performing any validation on them. See mysql command
                        documentation for details.
                    example: --defaults-extra-file=my.cnf
        description: |
            List of one or more MySQL databases to dump before creating a
            backup, run once per configuration file. The database dumps are
            added to your source directories at runtime and streamed directly
            to Borg. Requires mysqldump/mysql commands. See
            https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html for
            details.
        example:
            - name: users
              hostname: database.example.org
    sqlite_databases:
        type: array
        items:
            type: object
            required: ['path','name']
            additionalProperties: false
            properties:
                name:
                    type: string
                    description: |
                        This is used to tag the database dump file with a name.
                        It is not the path to the database file itself. The name
                        "all" has no special meaning for SQLite databases.
                    example: users
                path:
                    type: string
                    description: |
                        Path to the SQLite database file to dump. If relative,
                        it is relative to the current working directory. Note
                        that using this database hook implicitly enables
                        read_special (see above) to support dump and restore
                        streaming.
                    example: /var/lib/sqlite/users.db
                restore_path:
                    type: string
                    description: |
                        Path to the SQLite database file to restore to. Defaults
                        to the "path" option.
                    example: /var/lib/sqlite/users.db
                sqlite_command:
                    type: string
                    description: |
                        Command to use instead of "sqlite3". This can be used to
                        run a specific sqlite3 version (e.g., one inside a
                        running container). If you run it from within a
                        container, make sure to mount the path in the
                        "user_runtime_directory" option from the host into the
                        container at the same location. Defaults to "sqlite3".
                    example: docker exec sqlite_container sqlite3
                sqlite_restore_command:
                    type: string
                    description: |
                        Command to run when restoring a database instead
                        of "sqlite3". This can be used to run a specific 
                        sqlite3 version (e.g., one inside a running container). 
                        Defaults to "sqlite3".
                    example: docker exec sqlite_container sqlite3
        description: |
            List of one or more SQLite databases to dump before creating a
            backup, run once per configuration file. The database dumps are
            added to your source directories at runtime and streamed directly to
            Borg. Requires the sqlite3 command. See https://sqlite.org/cli.html
            for details.
        example:
            - name: users
              path: /var/lib/db.sqlite
    mongodb_databases:
        type: array
        items:
            type: object
            required: ['name']
            additionalProperties: false
            properties:
                name:
                    type: string
                    description: |
                        Database name (required if using this hook). Or "all" to
                        dump all databases on the host. Note that using this
                        database hook implicitly enables read_special (see
                        above) to support dump and restore streaming.
                    example: users
                hostname:
                    type: string
                    description: |
                        Database hostname to connect to. Defaults to connecting
                        to localhost.
                    example: database.example.org
                restore_hostname:
                    type: string
                    description: |
                        Database hostname to restore to. Defaults to the
                        "hostname" option.
                    example: database.example.org
                port:
                    type: integer
                    description: Port to connect to. Defaults to 27017.
                    example: 27018
                restore_port:
                    type: integer
                    description: |
                        Port to restore to. Defaults to the "port" option.
                    example: 5433
                username:
                    type: string
                    description: |
                        Username with which to connect to the database. Skip it
                        if no authentication is needed. Supports the
                        "{credential ...}" syntax.
                    example: dbuser
                restore_username:
                    type: string
                    description: |
                        Username with which to restore the database. Defaults to
                        the "username" option. Supports the "{credential ...}"
                        syntax.
                    example: dbuser
                password:
                    type: string
                    description: |
                        Password with which to connect to the database. Skip it
                        if no authentication is needed. Supports the
                        "{credential ...}" syntax.
                    example: trustsome1
                restore_password:
                    type: string
                    description: |
                        Password with which to connect to the restore database.
                        Defaults to the "password" option. Supports the
                        "{credential ...}" syntax.
                    example: trustsome1
                authentication_database:
                    type: string
                    description: |
                        Authentication database where the specified username
                        exists. If no authentication database is specified, the
                        database provided in "name" is used. If "name" is "all",
                        the "admin" database is used.
                    example: admin
                format:
                    type: string
                    enum: ['archive', 'directory']
                    description: |
                        Database dump output format. One of "archive", or
                        "directory". Defaults to "archive". See mongodump
                        documentation for details. Note that format is ignored
                        when the database name is "all".
                    example: directory
                options:
                    type: string
                    description: |
                        Additional mongodump options to pass directly to the
                        dump command, without performing any validation on them.
                        See mongodump documentation for details.
                    example: --dumpDbUsersAndRoles
                restore_options:
                    type: string
                    description: |
                        Additional mongorestore options to pass directly to the
                        dump command, without performing any validation on them.
                        See mongorestore documentation for details.
                    example: --restoreDbUsersAndRoles
                mongodump_command:
                    type: string
                    description: |
                        Command to use instead of "mongodump". This can be used
                        to run a specific mongodump version (e.g., one inside a
                        running container). If you run it from within a
                        container, make sure to mount the path in the
                        "user_runtime_directory" option from the host into the
                        container at the same location.  Defaults to
                        "mongodump".
                    example: docker exec mongodb_container mongodump
                mongorestore_command:
                    type: string
                    description: |
                        Command to run when restoring a database instead of
                        "mongorestore". This can be used to run a specific
                        mongorestore version (e.g., one inside a running
                        container). Defaults to "mongorestore".
                    example: docker exec mongodb_container mongorestore
        description: |
            List of one or more MongoDB databases to dump before creating a
            backup, run once per configuration file. The database dumps are
            added to your source directories at runtime and streamed directly
            to Borg. Requires mongodump/mongorestore commands. See
            https://docs.mongodb.com/database-tools/mongodump/ and
            https://docs.mongodb.com/database-tools/mongorestore/ for details.
        example:
            - name: users
              hostname: database.example.org
    ntfy:
        type: object
        required: ['topic']
        additionalProperties: false
        properties:
            topic:
                type: string
                description: |
                    The topic to publish to. See https://ntfy.sh/docs/publish/
                    for details.
                example: topic
            server:
                type: string
                description: |
                    The address of your self-hosted ntfy.sh instance.
                example: https://ntfy.your-domain.com
            username:
                type: string
                description: |
                    The username used for authentication. Supports the
                    "{credential ...}" syntax.
                example: testuser
            password:
                type: string
                description: |
                    The password used for authentication. Supports the
                    "{credential ...}" syntax.
                example: fakepassword
            access_token:
                type: string
                description: |
                    An ntfy access token to authenticate with instead of
                    username/password. Supports the "{credential ...}" syntax.
                example: tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2
            start:
                type: object
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            The title of the message.
                        example: Ping!
                    message:
                        type: string
                        description: |
                            The message body to publish.
                        example: Your backups have failed.
                    priority:
                        type: string
                        description: |
                            The priority to set.
                        example: urgent
                    tags:
                        type: string
                        description: |
                            Tags to attach to the message.
                        example: incoming_envelope
            finish:
                type: object
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            The title of the message.
                        example: Ping!
                    message:
                        type: string
                        description: |
                            The message body to publish.
                        example: Your backups have failed.
                    priority:
                        type: string
                        description: |
                            The priority to set.
                        example: urgent
                    tags:
                        type: string
                        description: |
                            Tags to attach to the message.
                        example: incoming_envelope
            fail:
                type: object
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            The title of the message.
                        example: Ping!
                    message:
                        type: string
                        description: |
                            The message body to publish.
                        example: Your backups have failed.
                    priority:
                        type: string
                        description: |
                            The priority to set.
                        example: urgent
                    tags:
                        type: string
                        description: |
                            Tags to attach to the message.
                        example: incoming_envelope
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for: "start",
                    "finish", and/or "fail". Defaults to pinging for failure
                    only.
                example:
                    - start
                    - finish
    pushover:
        type: object
        required: ['token', 'user']
        additionalProperties: false
        properties:
            token:
                type: string
                description: |
                    Your application's API token. Supports the "{credential
                    ...}" syntax.
                example: 7ms6TXHpTokTou2P6x4SodDeentHRa
            user:
                type: string
                description: |
                    Your user/group key (or that of your target user), viewable
                    when logged into your dashboard: often referred to as
                    USER_KEY in Pushover documentation and code examples.
                    Supports the "{credential ...}" syntax.
                example: hwRwoWsXMBWwgrSecfa9EfPey55WSN
            start:
                type: object
                additionalProperties: false
                properties:
                    message:
                        type: string
                        description: |
                            Message to be sent to the user or group. If omitted
                            the default is the name of the state.
                        example: A backup job has started.
                    priority:
                        type: integer
                        description: |
                            A value of -2, -1, 0 (default), 1 or 2 that 
                            indicates the message priority.
                        example: 0
                    expire:
                        type: integer
                        description: |
                            How many seconds your notification will continue 
                            to be retried (every retry seconds). Defaults to
                            600. This settings only applies to priority 2
                            notifications.
                        example: 600
                    retry:
                        type: integer
                        description: |
                            The retry parameter specifies how often 
                            (in seconds) the Pushover servers will send the 
                            same notification to the user. Defaults to 30. This
                            settings only applies to priority 2 notifications.
                        example: 30
                    device:
                        type: string
                        description: |
                            The name of one of your devices to send just to 
                            that device instead of all devices.
                        example: pixel8
                    html:
                        type: boolean
                        description: |
                            Set to True to enable HTML parsing of the message.
                            Set to false for plain text.
                        example: true
                    sound:
                        type: string
                        description: |
                            The name of a supported sound to override your 
                            default sound choice. All options can be found 
                            here: https://pushover.net/api#sounds 
                        example: bike
                    title:
                        type: string
                        description: |
                            Your message's title, otherwise your app's name is 
                            used.
                        example: A backup job has started.
                    ttl:
                        type: integer
                        description: |
                            The number of seconds that the message will live, 
                            before being deleted automatically. The ttl 
                            parameter is ignored for messages with a priority.
                            value of 2.
                        example: 3600
                    url:
                        type: string
                        description: |
                            A supplementary URL to show with your message.
                        example: https://pushover.net/apps/xxxxx-borgbackup
                    url_title:
                        type: string
                        description: |
                            A title for the URL specified as the url parameter,
                            otherwise just the URL is shown.
                        example: Pushover Link
            finish:
                type: object
                additionalProperties: false
                properties:
                    message:
                        type: string
                        description: |
                            Message to be sent to the user or group. If omitted
                            the default is the name of the state.
                        example: A backup job has finished.
                    priority:
                        type: integer
                        description: |
                            A value of -2, -1, 0 (default), 1 or 2 that 
                            indicates the message priority.
                        example: 0
                    expire:
                        type: integer
                        description: |
                            How many seconds your notification will continue 
                            to be retried (every retry seconds). Defaults to
                            600. This settings only applies to priority 2
                            notifications.
                        example: 600
                    retry:
                        type: integer
                        description: |
                            The retry parameter specifies how often 
                            (in seconds) the Pushover servers will send the 
                            same notification to the user. Defaults to 30. This
                            settings only applies to priority 2 notifications.
                        example: 30
                    device:
                        type: string
                        description: |
                            The name of one of your devices to send just to 
                            that device instead of all devices.
                        example: pixel8
                    html:
                        type: boolean
                        description: |
                            Set to True to enable HTML parsing of the message.
                            Set to false for plain text.
                        example: true
                    sound:
                        type: string
                        description: |
                            The name of a supported sound to override your 
                            default sound choice. All options can be found 
                            here: https://pushover.net/api#sounds 
                        example: bike
                    title:
                        type: string
                        description: |
                            Your message's title, otherwise your app's name is 
                            used.
                        example: A backup job has started.
                    ttl:
                        type: integer
                        description: |
                            The number of seconds that the message will live, 
                            before being deleted automatically. The ttl 
                            parameter is ignored for messages with a priority.
                            value of 2.
                        example: 3600
                    url:
                        type: string
                        description: |
                            A supplementary URL to show with your message.
                        example: https://pushover.net/apps/xxxxx-borgbackup
                    url_title:
                        type: string
                        description: |
                            A title for the URL specified as the url parameter,
                            otherwise just the URL is shown.
                        example: Pushover Link
            fail:
                type: object
                additionalProperties: false
                properties:
                    message:
                        type: string
                        description: |
                            Message to be sent to the user or group. If omitted
                            the default is the name of the state.
                        example: A backup job has failed.
                    priority:
                        type: integer
                        description: |
                            A value of -2, -1, 0 (default), 1 or 2 that 
                            indicates the message priority.
                        example: 0
                    expire:
                        type: integer
                        description: |
                            How many seconds your notification will continue 
                            to be retried (every retry seconds). Defaults to
                            600. This settings only applies to priority 2
                            notifications.
                        example: 600
                    retry:
                        type: integer
                        description: |
                            The retry parameter specifies how often 
                            (in seconds) the Pushover servers will send the 
                            same notification to the user. Defaults to 30. This
                            settings only applies to priority 2 notifications.
                        example: 30
                    device:
                        type: string
                        description: |
                            The name of one of your devices to send just to 
                            that device instead of all devices.
                        example: pixel8
                    html:
                        type: boolean
                        description: |
                            Set to True to enable HTML parsing of the message.
                            Set to false for plain text.
                        example: true
                    sound:
                        type: string
                        description: |
                            The name of a supported sound to override your 
                            default sound choice. All options can be found 
                            here: https://pushover.net/api#sounds 
                        example: bike
                    title:
                        type: string
                        description: |
                            Your message's title, otherwise your app's name is 
                            used.
                        example: A backup job has started.
                    ttl:
                        type: integer
                        description: |
                            The number of seconds that the message will live, 
                            before being deleted automatically. The ttl 
                            parameter is ignored for messages with a priority.
                            value of 2.
                        example: 3600
                    url:
                        type: string
                        description: |
                            A supplementary URL to show with your message.
                        example: https://pushover.net/apps/xxxxx-borgbackup
                    url_title:
                        type: string
                        description: |
                            A title for the URL specified as the url parameter,
                            otherwise just the URL is shown.
                        example: Pushover Link
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for: "start",
                    "finish", and/or "fail". Defaults to pinging for failure
                    only.
                example:
                    - start
                    - finish
    zabbix:
        type: object
        additionalProperties: false
        required:
            - server
        properties:
            itemid:
                type: integer
                description: |
                    The ID of the Zabbix item used for collecting data.
                    Unique across the entire Zabbix system.
                example: 55105
            host:
                type: string
                description: |
                    Host name where the item is stored. Required if "itemid"
                    is not set.
                example: borg-server
            key:
                type: string
                description: |
                    Key of the host where the item is stored. Required if
                    "itemid" is not set.
                example: borg.status
            server:
                type: string
                description: |
                    The API endpoint URL of your Zabbix instance, usually ending
                    with "/api_jsonrpc.php". Required.
                example: https://zabbix.your-domain.com
            username:
                type: string
                description: |
                    The username used for authentication. Not needed if using
                    an API key. Supports the "{credential ...}" syntax.
                example: testuser
            password:
                type: string
                description: |
                    The password used for authentication. Not needed if using
                    an API key. Supports the "{credential ...}" syntax.
                example: fakepassword
            api_key:
                type: string
                description: |
                    The API key used for authentication. Not needed if using an
                    username/password. Supports the "{credential ...}" syntax.
                example: fakekey
            start:
                type: object
                additionalProperties: false
                properties:
                    value:
                        type: ["integer", "string"]
                        description: |
                            The value to set the item to on start.
                        example: STARTED
            finish:
                type: object
                additionalProperties: false
                properties:
                    value:
                        type: ["integer", "string"]
                        description: |
                            The value to set the item to on finish.
                        example: FINISH
            fail:
                type: object
                additionalProperties: false
                properties:
                    value:
                        type: ["integer", "string"]
                        description: |
                            The value to set the item to on fail.
                        example: ERROR
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for: "start",
                    "finish", and/or "fail". Defaults to pinging for failure
                    only.
                example:
                    - start
                    - finish
    apprise:
        type: object
        required: ['services']
        additionalProperties: false
        properties:
            services:
                type: array
                items:
                    type: object
                    additionalProperties: false
                    required:
                        - url
                        - label
                    properties:
                        url:
                            type: string
                            description: URL of this Apprise service.
                            example: "gotify://hostname/token"
                        label:
                            type: string
                            description: |
                                Label used in borgmatic logs for this Apprise
                                service.
                            example: gotify
                description: |
                    A list of Apprise services to publish to with URLs and
                    labels. The labels are used for logging. A full list of
                    services and their configuration can be found at
                    https://github.com/caronc/apprise/wiki.
                example:
                    - url: "kodi://user@hostname"
                      label: kodi
                    - url: "line://Token@User"
                      label: line
            send_logs:
                type: boolean
                description: |
                    Send borgmatic logs to Apprise services as part of the
                    "finish", "fail", and "log" states. Defaults to true.
                example: false
            logs_size_limit:
                type: integer
                description: |
                    Number of bytes of borgmatic logs to send to Apprise
                    services. Set to 0 to send all logs and disable this
                    truncation. Defaults to 1500.
                example: 100000
            start:
                type: object
                required: ['body']
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            Specify the message title. If left unspecified, no
                            title is sent.
                        example: Ping!
                    body:
                        type: string
                        description: |
                            Specify the message body.
                        example: Starting backup process.
            finish:
                type: object
                required: ['body']
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            Specify the message title. If left unspecified, no
                            title is sent.
                        example: Ping!
                    body:
                        type: string
                        description: |
                            Specify the message body.
                        example: Backups successfully made.
            fail:
                type: object
                required: ['body']
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            Specify the message title. If left unspecified, no
                            title is sent.
                        example: Ping!
                    body:
                        type: string
                        description: |
                            Specify the message body.
                        example: Your backups have failed.
            log:
                type: object
                required: ['body']
                additionalProperties: false
                properties:
                    title:
                        type: string
                        description: |
                            Specify the message title. If left unspecified, no
                            title is sent.
                        example: Ping!
                    body:
                        type: string
                        description: |
                            Specify the message body.
                        example: Here is some info about your backups.
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                        - log
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for:
                    "start", "finish", "fail", and/or "log". Defaults to
                    pinging for failure only. For each selected state,
                    corresponding configuration for the message title and body
                    should be given. If any is left unspecified, a generic
                    message is emitted instead.
                example:
                    - start
                    - finish

    healthchecks:
        type: object
        required: ['ping_url']
        additionalProperties: false
        properties:
            ping_url:
                type: string
                description: |
                    Healthchecks ping URL or UUID to notify when a backup
                    begins, ends, errors, or to send only logs.
                example: https://hc-ping.com/your-uuid-here
            verify_tls:
                type: boolean
                description: |
                    Verify the TLS certificate of the ping URL host. Defaults to
                    true.
                example: false
            send_logs:
                type: boolean
                description: |
                    Send borgmatic logs to Healthchecks as part of the "finish",
                    "fail", and "log" states. Defaults to true.
                example: false
            ping_body_limit:
                type: integer
                description: |
                    Number of bytes of borgmatic logs to send to Healthchecks,
                    ideally the same as PING_BODY_LIMIT configured on the
                    Healthchecks server. Set to 0 to send all logs and disable
                    this truncation. Defaults to 100000.
                example: 200000
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                        - log
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for: "start",
                    "finish", "fail", and/or "log". Defaults to pinging for all
                    states.
                example:
                    - finish
            create_slug:
                type: boolean
                description: |
                    Create the check if it does not exist. Only works with
                    the slug URL scheme (https://hc-ping.com/<ping-key>/<slug>
                    as opposed to https://hc-ping.com/<uuid>).
                    Defaults to false.
                example: true
        description: |
            Configuration for a monitoring integration with Healthchecks. Create
            an account at https://healthchecks.io (or self-host Healthchecks) if
            you'd like to use this service. See borgmatic monitoring
            documentation for details.
    uptime_kuma:
        type: object
        required: ['push_url']
        additionalProperties: false
        properties:
            push_url:
                type: string
                description: |
                  Uptime Kuma push URL without query string (do not include the
                  question mark or anything after it).
                example: https://example.uptime.kuma/api/push/abcd1234
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to push for: "start",
                    "finish", and/or "fail". Defaults to pushing for all
                    states.
                example:
                    - start
                    - finish
                    - fail
            verify_tls:
                type: boolean
                description: |
                    Verify the TLS certificate of the push URL host. Defaults to
                    true.
                example: false
        description: |
            Configuration for a monitoring integration with Uptime Kuma using
            the Push monitor type.
            See more information here: https://uptime.kuma.pet
    cronitor:
        type: object
        required: ['ping_url']
        additionalProperties: false
        properties:
            ping_url:
                type: string
                description: |
                    Cronitor ping URL to notify when a backup begins,
                    ends, or errors.
                example: https://cronitor.link/d3x0c1
        description: |
            Configuration for a monitoring integration with Cronitor. Create an
            account at https://cronitor.io if you'd like to use this service.
            See borgmatic monitoring documentation for details.
    pagerduty:
        type: object
        required: ['integration_key']
        additionalProperties: false
        properties:
            integration_key:
                type: string
                description: |
                    PagerDuty integration key used to notify PagerDuty when a
                    backup errors. Supports the "{credential ...}" syntax.
                example: a177cad45bd374409f78906a810a3074
            send_logs:
                type: boolean
                description: |
                    Send borgmatic logs to PagerDuty when a backup errors.
                    Defaults to true.
                example: false
        description: |
            Configuration for a monitoring integration with PagerDuty. Create an
            account at https://www.pagerduty.com if you'd like to use this
            service. See borgmatic monitoring documentation for details.
    cronhub:
        type: object
        required: ['ping_url']
        additionalProperties: false
        properties:
            ping_url:
                type: string
                description: |
                    Cronhub ping URL to notify when a backup begins,
                    ends, or errors.
                example: https://cronhub.io/ping/1f5e3410-254c-5587
        description: |
            Configuration for a monitoring integration with Cronhub. Create an
            account at https://cronhub.io if you'd like to use this service. See
            borgmatic monitoring documentation for details.
    loki:
        type: object
        required: ['url', 'labels']
        additionalProperties: false
        properties:
            url:
                type: string
                description: |
                    Grafana loki log URL to notify when a backup begins,
                    ends, or fails.
                example: "http://localhost:3100/loki/api/v1/push"
            labels:
                type: object
                additionalProperties:
                    type: string
                description: |
                    Allows setting custom labels for the logging stream. At
                    least one label is required. "__hostname" gets replaced by
                    the machine hostname automatically. "__config" gets replaced
                    by the name of the configuration file. "__config_path" gets
                    replaced by the full path of the configuration file.
                example:
                    app: "borgmatic"
                    config: "__config"
                    hostname: "__hostname"
        description: |
            Configuration for a monitoring integration with Grafana Loki. You
            can send the logs to a self-hosted instance or create an account at
            https://grafana.com/auth/sign-up/create-user. See borgmatic
            monitoring documentation for details.
    sentry:
        type: object
        required: ['data_source_name_url', 'monitor_slug']
        additionalProperties: false
        properties:
            data_source_name_url:
                type: string
                description: |
                    Sentry Data Source Name (DSN) URL, associated with a
                    particular Sentry project. Used to construct a cron URL,
                    notified when a backup begins, ends, or errors.
                example: https://5f80ec@o294220.ingest.us.sentry.io/203069
            monitor_slug:
                type: string
                description: |
                    Sentry monitor slug, associated with a particular Sentry
                    project monitor. Used along with the data source name URL to
                    construct a cron URL.
                example: mymonitor
            states:
                type: array
                items:
                    type: string
                    enum:
                        - start
                        - finish
                        - fail
                    uniqueItems: true
                description: |
                    List of one or more monitoring states to ping for: "start",
                    "finish", and/or "fail". Defaults to pinging for all states.
                example:
                    - start
                    - finish
        description: |
            Configuration for a monitoring integration with Sentry. You can use
            a self-hosted instance via https://develop.sentry.dev/self-hosted/
            or create a cloud-hosted account at https://sentry.io. See borgmatic
            monitoring documentation for details.
    zfs:
        type: ["object", "null"]
        additionalProperties: false
        properties:
            zfs_command:
                type: string
                description: |
                    Command to use instead of "zfs".
                example: /usr/local/bin/zfs
            mount_command:
                type: string
                description: |
                    Command to use instead of "mount".
                example: /usr/local/bin/mount
            umount_command:
                type: string
                description: |
                    Command to use instead of "umount".
                example: /usr/local/bin/umount
        description: |
            Configuration for integration with the ZFS filesystem.
    btrfs:
        type: ["object", "null"]
        additionalProperties: false
        properties:
            btrfs_command:
                type: string
                description: |
                    Command to use instead of "btrfs".
                example: /usr/local/bin/btrfs
            findmnt_command:
                type: string
                description: |
                    Command to use instead of "findmnt".
                example: /usr/local/bin/findmnt
        description: |
            Configuration for integration with the Btrfs filesystem.
    lvm:
        type: ["object", "null"]
        additionalProperties: false
        properties:
            snapshot_size:
                type: string
                description: |
                    Size to allocate for each snapshot taken, including the
                    units to use for that size. Defaults to "10%ORIGIN" (10%
                    of the size of logical volume being snapshotted). See the
                    lvcreate "--size" and "--extents" documentation for more
                    information:
                    https://www.man7.org/linux/man-pages/man8/lvcreate.8.html
                example: 5GB
            lvcreate_command:
                type: string
                description: |
                    Command to use instead of "lvcreate".
                example: /usr/local/bin/lvcreate
            lvremove_command:
                type: string
                description: |
                    Command to use instead of "lvremove".
                example: /usr/local/bin/lvremove
            lvs_command:
                type: string
                description: |
                    Command to use instead of "lvs".
                example: /usr/local/bin/lvs
            lsblk_command:
                type: string
                description: |
                    Command to use instead of "lsblk".
                example: /usr/local/bin/lsblk
            mount_command:
                type: string
                description: |
                    Command to use instead of "mount".
                example: /usr/local/bin/mount
            umount_command:
                type: string
                description: |
                    Command to use instead of "umount".
                example: /usr/local/bin/umount
        description: |
            Configuration for integration with Linux LVM (Logical Volume
            Manager).
    container:
        type: object
        additionalProperties: false
        properties:
            secrets_directory:
                type: string
                description: |
                    Secrets directory to use instead of "/run/secrets".
                example: /path/to/secrets
        description: |
            Configuration for integration with Docker or Podman secrets.
    keepassxc:
        type: object
        additionalProperties: false
        properties:
            keepassxc_cli_command:
                type: string
                description: |
                    Command to use instead of "keepassxc-cli".
                example: /usr/local/bin/keepassxc-cli
            key_file:
                type: string
                description: |
                    Path to a key file for unlocking the KeePassXC database.
                example: /path/to/keyfile
            yubikey:
                type: string
                description: |
                    YubiKey slot and optional serial number used to access the
                    KeePassXC database. The format is "<slot[:serial]>", where:
                     * <slot> is the YubiKey slot number (e.g., `1` or `2`).
                     * <serial> (optional) is the YubiKey's serial number (e.g.,
                       `7370001`).
                example: "1:7370001"
        description: |
            Configuration for integration with the KeePassXC password manager.