Monitor backups with PagerDuty hook integration (#245 ).

Fix tests.
Add per-action hooks: "before_prune", "after_prune", "before_check", and "after_check" (#255 ).
2020-01-27 15:32:09 -08:00 · 2020-01-27 12:56:12 -08:00 · 2020-01-27 11:07:07 -08:00 · 2020-01-24 21:02:56 -08:00 · 2020-01-24 20:52:48 -08:00 · 2020-01-24 11:27:16 -08:00
133 changed files with 8982 additions and 1590 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,2 @@
+.git
+.tox
--- a/.drone.yml
+++ b/.drone.yml
@ -1,43 +1,113 @@
 ---
 kind: pipeline
-name: python-3-5-alpine-3-9
+name: python-3-5-alpine-3-10
+
+services:
+  - name: postgresql
+    image: postgres:11.6-alpine
+    environment:
+      POSTGRES_PASSWORD: test
+      POSTGRES_DB: test
+  - name: mysql
+    image: mariadb:10.3
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_DATABASE: test

 steps:
 - name: build
-  image: python:3.5-alpine3.9
+  image: python:3.5-alpine3.10
  pull: always
  commands:
-    - scripts/run-tests
+    - scripts/run-full-tests
 ---
 kind: pipeline
-name: python-3-6-alpine-3-9
+name: python-3-6-alpine-3-10
+
+services:
+  - name: postgresql
+    image: postgres:11.6-alpine
+    environment:
+      POSTGRES_PASSWORD: test
+      POSTGRES_DB: test
+  - name: mysql
+    image: mariadb:10.3
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_DATABASE: test

 steps:
 - name: build
-  image: python:3.6-alpine3.9
+  image: python:3.6-alpine3.10
  pull: always
  commands:
-    - scripts/run-tests
+    - scripts/run-full-tests
 ---
 kind: pipeline
-name: python-3-7-alpine-3-9
+name: python-3-7-alpine-3-10
+
+services:
+  - name: postgresql
+    image: postgres:11.6-alpine
+    environment:
+      POSTGRES_PASSWORD: test
+      POSTGRES_DB: test
+  - name: mysql
+    image: mariadb:10.3
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_DATABASE: test

 steps:
 - name: build
-  image: python:3.7-alpine3.9
+  image: python:3.7-alpine3.10
  pull: always
  commands:
-    - scripts/run-tests
+    - scripts/run-full-tests
 ---
 kind: pipeline
 name: python-3-7-alpine-3-7

+services:
+  - name: postgresql
+    image: postgres:10.11-alpine
+    environment:
+      POSTGRES_PASSWORD: test
+      POSTGRES_DB: test
+  - name: mysql
+    image: mariadb:10.1
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_DATABASE: test
+
 steps:
 - name: build
  image: python:3.7-alpine3.7
  pull: always
  commands:
-    - scripts/run-tests
+    - scripts/run-full-tests
+---
+kind: pipeline
+name: python-3-8-alpine-3-10
+
+services:
+  - name: postgresql
+    image: postgres:11.6-alpine
+    environment:
+      POSTGRES_PASSWORD: test
+      POSTGRES_DB: test
+  - name: mysql
+    image: mariadb:10.3
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_DATABASE: test
+
+steps:
+- name: build
+  image: python:3.8-alpine3.10
+  pull: always
+  commands:
+    - scripts/run-full-tests
 ---
 kind: pipeline
 name: documentation
--- a/.eleventy.js
+++ b/.eleventy.js
@ -13,10 +13,11 @@ module.exports = function(eleventyConfig) {
        html: true,
        breaks: false,
        linkify: true,
-        // Replace links to .md files with links to directories. This allows unparsed Markdown links
-        // to work on GitHub, while rendered links elsewhere also work.
        replaceLink: function (link, env) {
-            return link.replace(/\.md$/, '/');
+            if (process.env.NODE_ENV == "production") {
+                return link;
+            }
+            return link.replace('https://torsion.org/borgmatic/', 'http://localhost:8080/');
        }
    };
    let markdownItAnchorOptions = {
@ -31,6 +32,8 @@ module.exports = function(eleventyConfig) {
            .use(markdownItReplaceLink)
    );

+    eleventyConfig.addPassthroughCopy({"docs/static": "static"});
+
    return {
        templateFormats: [
          "md",
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@ -0,0 +1,35 @@
+#### What I'm trying to do and why
+
+#### Steps to reproduce (if a bug)
+
+Include (sanitized) borgmatic configuration files if applicable.
+
+#### Actual behavior (if a bug)
+
+Include (sanitized) `--verbosity 2` output if applicable.
+
+#### Expected behavior (if a bug)
+
+#### Other notes / implementation ideas
+
+#### Environment
+
+**borgmatic version:** [version here]
+
+Use `sudo borgmatic --version` or `sudo pip show borgmatic | grep ^Version`
+
+**borgmatic installation method:** [e.g., Debian package, Docker container, etc.]
+
+**Borg version:** [version here]
+
+Use `sudo borg --version`
+
+**Python version:** [version here]
+
+Use `python3 --version`
+
+**Database version (if applicable):** [version here]
+
+Use `psql --version` or `mysql --version` on client and server.
+
+**operating system and version:** [OS here]
--- a/.gitignore
+++ b/.gitignore
@ -5,6 +5,7 @@
 .coverage
 .pytest_cache
 .tox
+__pycache__
 build/
 dist/
 pip-wheel-metadata/
--- a/2
+++ b/2
@ -10,3 +10,5 @@ newtonne: Read encryption password from external file
 Robin `ypid` Schneider: Support additional options of Borg and add validate-borgmatic-config command
 Scott Squires: Custom archive names
 Thomas LÉVEIL: Support for a keep_minutely prune option. Support for the --json option
+
+And many others! See the output of "git log".
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -1 +1,2 @@
 include borgmatic/config/schema.yaml
+graft sample/systemd
--- a/241
+++ b/241
@ -1,3 +1,244 @@
+1.5.0
+ * #245: Monitor backups with PagerDuty hook integration. See the documentation for more
+   information: https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#pagerduty-hook
+ * #255: Add per-action hooks: "before_prune", "after_prune", "before_check", and "after_check".
+ * #274: Add ~/.config/borgmatic.d as another configuration directory default.
+ * #277: Customize Healthchecks log level via borgmatic "--monitoring-verbosity" flag.
+ * #280: Change "exclude_if_present" option to support multiple filenames that indicate a directory
+   should be excluded from backups, rather than just a single filename.
+ * #284: Backup to a removable drive or intermittent server via "soft failure" feature. See the
+   documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server/
+ * #287: View consistency check progress via "--progress" flag for "check" action.
+ * For "create" and "prune" actions, no longer list files or show detailed stats at any verbosities
+   by default. You can opt back in with "--files" or "--stats" flags.
+ * For "list" and "info" actions, show repository names even at verbosity 0.
+
+1.4.22
+ * #276, #285: Disable colored output when "--json" flag is used, so as to produce valid JSON ouput.
+ * After a backup of a database dump in directory format, properly remove the dump directory.
+ * In "borgmatic --help", don't expand $HOME in listing of default "--config" paths.
+
+1.4.21
+ * #268: Override particular configuration options from the command-line via "--override" flag. See
+   the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/#configuration-overrides
+ * #270: Only trigger "on_error" hooks and monitoring failures for "prune", "create", and "check"
+   actions, and not for other actions.
+ * When pruning with verbosity level 1, list pruned and kept archives. Previously, this information
+   was only shown at verbosity level 2.
+
+1.4.20
+ * Fix repository probing during "borgmatic init" to respect verbosity flag and remote_path option.
+ * #249: Update Healthchecks/Cronitor/Cronhub monitoring integrations to fire for "check" and
+   "prune" actions, not just "create".
+
+1.4.19
+ * #259: Optionally change the internal database dump path via "borgmatic_source_directory" option
+   in location configuration section.
+ * #271: Support piping "borgmatic list" output to grep by logging certain log levels to console
+   stdout and others to stderr.
+ * Retain colored output when piping or redirecting in an interactive terminal.
+ * Add end-to-end tests for database dump and restore. These are run on developer machines with
+   Docker Compose for approximate parity with continuous integration tests.
+
+1.4.18
+ * Fix "--repository" flag to accept relative paths.
+ * Fix "borgmatic umount" so it only runs Borg once instead of once per repository / configuration
+   file.
+ * #253: Mount whole repositories via "borgmatic mount" without any "--archive" flag.
+ * #269: Filter listed paths via "borgmatic list --path" flag.
+
+1.4.17
+ * #235: Pass extra options directly to particular Borg commands, handy for Borg options that
+   borgmatic does not yet support natively. Use "extra_borg_options" in the storage configuration
+   section.
+ * #266: Attempt to repair any inconsistencies found during a consistency check via
+   "borgmatic check --repair" flag.
+
+1.4.16
+ * #256: Fix for "before_backup" hook not triggering an error when the command contains "borg" and
+   has an exit code of 1.
+ * #257: Fix for garbled Borg file listing when using "borgmatic create --progress" with
+   verbosity level 1 or 2.
+ * #260: Fix for missing Healthchecks monitoring payload or HTTP 500 due to incorrect unicode
+   encoding.
+
+1.4.15
+ * Fix for database dump removal incorrectly skipping some database dumps.
+ * #123: Support for mounting an archive as a FUSE filesystem via "borgmatic mount" action, and
+   unmounting via "borgmatic umount". See the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/extract-a-backup/#mount-a-filesystem
+
+1.4.14
+ * Show summary log errors regardless of verbosity level, and log the "summary:" header with a log
+   level based on the contained summary logs.
+
+1.4.13
+ * Show full error logs at "--verbosity 0" so you can see command output without upping the
+   verbosity level.
+
+1.4.12
+ * #247: With "borgmatic check", consider Borg warnings as errors.
+ * Dial back the display of inline error logs a bit, so failed command output doesn't appear
+   multiple times in the logs (well, except for the summary).
+
+1.4.11
+ * #241: When using the Healthchecks monitoring hook, include borgmatic logs in the payloads for
+   completion and failure pings.
+ * With --verbosity level 1 or 2, show error logs both inline when they occur and in the summary
+   logs at the bottom. With lower verbosity levels, suppress the summary and show error logs when
+   they occur.
+
+1.4.10
+ * #246: Fix for "borgmatic restore" showing success and incorrectly extracting archive files, even
+   when no databases are configured to restore. As this can overwrite files from the archive and
+   lead to data loss, please upgrade to get the fix before using "borgmatic restore".
+ * Reopen the file given by "--log-file" flag if an external program rotates the log file while
+   borgmatic is running.
+
+1.4.9
+ * #228: Database dump hooks for MySQL/MariaDB, so you can easily dump your databases before backups
+   run.
+ * #243: Fix repository does not exist error with "borgmatic extract" when repository is remote.
+
+1.4.8
+ * Monitor backups with Cronhub hook integration. See the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronhub-hook
+ * Fix Healthchecks/Cronitor hooks to skip actions when the borgmatic "--dry-run" flag is used.
+
+1.4.7
+ * #238: In documentation, clarify when Healthchecks/Cronitor hooks fire in relation to other hooks.
+ * #239: Upgrade your borgmatic configuration to get new options and comments via
+   "generate-borgmatic-config --source". See the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/upgrade/#upgrading-your-configuration
+
+1.4.6
+ * Verbosity level "-1" for even quieter output: Errors only (#236).
+
+1.4.5
+ * Log to file instead of syslog via command-line "--log-file" flag (#233).
+
+1.4.4
+ * #234: Support for Borg --keep-exclude-tags and --exclude-nodump options.
+
+1.4.3
+ * Monitor backups with Cronitor hook integration. See the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronitor-hook
+
+1.4.2
+ * Extract files to a particular directory via "borgmatic extract --destination" flag.
+ * Rename "borgmatic extract --restore-path" flag to "--path" to reduce confusion with the separate
+   "borgmatic restore" action. Any uses of "--restore-path" will continue working.
+
+1.4.1
+ * #229: Restore backed up PostgreSQL databases via "borgmatic restore" action. See the
+   documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/backup-your-databases/
+ * Documentation on how to develop borgmatic's documentation:
+   https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/#documentation-development
+
+1.4.0
+ * #225: Database dump hooks for PostgreSQL, so you can easily dump your databases before backups
+   run.
+ * #230: Rename "borgmatic list --pattern-from" flag to "--patterns-from" to match Borg.
+
+1.3.26
+ * #224: Fix "borgmatic list --successful" with a slightly better heuristic for listing successful
+   (non-checkpoint) archives.
+
+1.3.25
+ * #223: Dead man's switch to detect when backups start failing silently, implemented via
+   healthchecks.io hook integration. See the documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#healthchecks-hook
+ * Documentation on monitoring and alerting options for borgmatic backups:
+   https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/
+ * Automatically rewrite links when developing on documentation locally.
+
+1.3.24
+ * #86: Add "borgmatic list --successful" flag to only list successful (non-checkpoint) archives.
+ * Add a suggestion form to all documentation pages, so users can submit ideas for improving the
+   documentation.
+ * Update documentation link to community Arch Linux borgmatic package.
+
+1.3.23
+ * #174: More detailed error alerting via runtime context available in "on_error" hook.
+
+1.3.22
+ * #144: When backups to one of several repositories fails, keep backing up to the other
+   repositories and report errors afterwards.
+
+1.3.21
+ * #192: User-defined hooks for global setup or cleanup that run before/after all actions. See the
+   documentation for more information:
+   https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/
+
+1.3.20
+ * #205: More robust sample systemd service: boot delay, network dependency, lowered CPU/IO
+   priority, etc.
+ * #221: Fix "borgmatic create --progress" output so that it updates on the console in real-time.
+
+1.3.19
+ * #219: Fix visibility of "borgmatic prune --stats" output.
+
+1.3.18
+ * #220: Fix regression of argument parsing for default actions.
+
+1.3.17
+ * #217: Fix error with "borgmatic check --only" command-line flag with "extract" consistency check.
+
+1.3.16
+ * #210: Support for Borg check --verify-data flag via borgmatic "data" consistency check.
+ * #210: Override configured consistency checks via "borgmatic check --only" command-line flag.
+ * When generating sample configuration with generate-borgmatic-config, add a space after each "#"
+   comment indicator.
+
+1.3.15
+ * #208: Fix for traceback when the "checks" option has an empty value.
+ * #209: Bypass Borg error about a moved repository via "relocated_repo_access_is_ok" option in
+   borgmatic storage configuration section.
+ * #213: Reorder arguments passed to Borg to fix duplicate directories when using Borg patterns.
+ * #214: Fix for hook erroring with exit code 1 not being interpreted as an error.
+
+1.3.14
+ * #204: Do not treat Borg warnings (exit code 1) as failures.
+ * When validating configuration files, require strings instead of allowing any scalar type.
+
+1.3.13
+ * #199: Add note to documentation about using spaces instead of tabs for indentation, as YAML does
+   not allow tabs.
+ * #203: Fix compatibility with ruamel.yaml 0.16.x.
+ * If a "prefix" option in borgmatic's configuration has an empty value (blank or ""), then disable
+   default prefix.
+
+1.3.12
+ * Only log to syslog when run from a non-interactive console (e.g. a cron job).
+ * Remove unicode byte order mark from syslog output so it doesn't show up as a literal in rsyslog
+   output. See discussion on #197.
+
+1.3.11
+ * #193: Pass through several "borg list" and "borg info" flags like --short, --format, --sort-by,
+   --first, --last, etc. via borgmatic command-line flags.
+ * Add borgmatic info --repository and --archive command-line flags to display info for individual
+   repositories or archives.
+ * Support for Borg --noatime, --noctime, and --nobirthtime flags via corresponding options in
+   borgmatic configuration location section.
+
+1.3.10
+ * #198: Fix for Borg create error output not showing up at borgmatic verbosity level zero.
+
+1.3.9
+ * #195: Switch to command-line actions as more traditional sub-commands, e.g. "borgmatic create",
+   "borgmatic prune", etc. However, the classic dashed options like "--create" still work!
+
+1.3.8
+ * #191: Disable console color via "color" option in borgmatic configuration output section.
+
+1.3.7
+ * #196: Fix for unclear error message for invalid YAML merge include.
+ * #197: Don't color syslog output.
+ * Change default syslog verbosity to show errors only.
+
 1.3.6
 * #53: Log to syslog in addition to existing console logging. Add --syslog-verbosity flag to
   customize the log level. See the documentation for more information:
--- a/README.md
+++ b/README.md
@ -2,60 +2,74 @@
 title: borgmatic
 permalink: index.html
 ---
-<a href="https://build.torsion.org/witten/borgmatic" alt="build status">![Build Status](https://build.torsion.org/api/badges/witten/borgmatic/status.svg)</a>

-## Overview
+## It's your data. Keep it that way.

-<img src="https://projects.torsion.org/witten/borgmatic/raw/branch/master/static/borgmatic.png" alt="borgmatic logo" width="150px" style="float: right; padding-left: 1em;">
+<img src="docs/static/borgmatic.png" alt="borgmatic logo" width="150px" style="float: right; padding-left: 1em;">

 borgmatic is simple, configuration-driven backup software for servers and
-workstations. Backup all of your machines from the command-line or scheduled
-jobs. No GUI required. Built atop [Borg Backup](https://www.borgbackup.org/),
-borgmatic initiates a backup, prunes any old backups according to a retention
-policy, and validates backups for consistency. borgmatic supports specifying
-your settings in a declarative configuration file, rather than having to put
-them all on the command-line, and handles common errors.
+workstations. Protect your files with client-side encryption. Backup your
+databases too. Monitor it all with integrated third-party services.

-Here's an example config file:
+Here's an example configuration file:

 ```yaml
 location:
-    # List of source directories to backup. Globs are expanded.
+    # List of source directories to backup.
    source_directories:
        - /home
        - /etc
-        - /var/log/syslog*

-    # Paths to local or remote repositories.
+    # Paths of local or remote repositories to backup to.
    repositories:
-        - user@backupserver:sourcehostname.borg
-
-    # Any paths matching these patterns are excluded from backups.
-    exclude_patterns:
-        - /home/*/.cache
+        - 1234@usw-s001.rsync.net:backups.borg
+        - k8pDxu32@k8pDxu32.repo.borgbase.com:repo
+        - /var/lib/backups/local.borg

 retention:
-    # Retention policy for how many backups to keep in each category.
+    # Retention policy for how many backups to keep.
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 6

 consistency:
-    # List of consistency checks to run: "repository", "archives", or both.
+    # List of checks to run to validate your backups.
    checks:
        - repository
        - archives
-```

-borgmatic is hosted at <https://torsion.org/borgmatic> with [source code
-available](https://projects.torsion.org/witten/borgmatic). It's also mirrored
-on [GitHub](https://github.com/witten/borgmatic) for convenience.
+hooks:
+    # Custom preparation scripts to run.
+    before_backup:
+        - prepare-for-backup.sh
+
+    # Databases to dump and include in backups.
+    postgresql_databases:
+        - name: users
+
+    # Third-party services to notify you if backups aren't happening.
+    healthchecks: https://hc-ping.com/be067061-cf96-4412-8eae-62b0c50d6a8c
+```

 Want to see borgmatic in action? Check out the <a
 href="https://asciinema.org/a/203761" target="_blank">screencast</a>.

 <script src="https://asciinema.org/a/203761.js" id="asciicast-203761" async></script>

+borgmatic is powered by [Borg Backup](https://www.borgbackup.org/).
+
+## Integrations
+
+<a href="https://www.postgresql.org/"><img src="docs/static/postgresql.png" alt="PostgreSQL" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://www.mysql.com/"><img src="docs/static/mysql.png" alt="MySQL" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://mariadb.com/"><img src="docs/static/mariadb.png" alt="MariaDB" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://healthchecks.io/"><img src="docs/static/healthchecks.png" alt="Healthchecks" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://cronitor.io/"><img src="docs/static/cronitor.png" alt="Cronitor" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://cronhub.io/"><img src="docs/static/cronhub.png" alt="Cronhub" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://www.pagerduty.com/"><img src="docs/static/pagerduty.png" alt="PagerDuty" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://www.rsync.net/cgi-bin/borg.cgi?campaign=borg&adgroup=borgmatic"><img src="docs/static/rsyncnet.png" alt="rsync.net" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="https://www.borgbase.com/?utm_source=borgmatic"><img src="docs/static/borgbase.png" alt="BorgBase" height="60px" style="margin-bottom:20px;"></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+

 ## How-to guides

@ -63,8 +77,11 @@ href="https://asciinema.org/a/203761" target="_blank">screencast</a>.
 * [Make per-application backups](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/)
 * [Deal with very large backups](https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/)
 * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
- * [Restore a backup](https://torsion.org/borgmatic/docs/how-to/restore-a-backup/)
- * [Run preparation steps before backups](https://torsion.org/borgmatic/docs/how-to/run-preparation-steps-before-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+ * [Extract a backup](https://torsion.org/borgmatic/docs/how-to/extract-a-backup/)
+ * [Backup your databases](https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
+ * [Add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/)
+ * [Backup to a removable drive or an intermittent server](https://torsion.org/borgmatic/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server/)
 * [Upgrade borgmatic](https://torsion.org/borgmatic/docs/how-to/upgrade/)
 * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/)

@ -107,6 +124,10 @@ Other questions or comments? Contact <mailto:witten@torsion.org>.

 ### Contributing

+borgmatic is hosted at <https://torsion.org/borgmatic> with [source code
+available](https://projects.torsion.org/witten/borgmatic). It's also mirrored
+on [GitHub](https://github.com/witten/borgmatic) for convenience.
+
 If you'd like to contribute to borgmatic development, please feel free to
 submit a [Pull Request](https://projects.torsion.org/witten/borgmatic/pulls)
 or open an [issue](https://projects.torsion.org/witten/borgmatic/issues) first
@ -117,7 +138,5 @@ Also, please check out the [borgmatic development
 how-to](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/) for
 info on cloning source code, running tests, etc.

-<script>
-  var links = document.getElementsByClassName("referral");
-  links[Math.floor(Math.random() * links.length)].style.display = "none";
-</script>
+<a href="https://build.torsion.org/witten/borgmatic" alt="build status">![Build Status](https://build.torsion.org/api/badges/witten/borgmatic/status.svg?ref=refs/heads/master)</a>
+
--- a/borgmatic/borg/check.py
+++ b/borgmatic/borg/check.py
@ -1,19 +1,19 @@
 import logging

 from borgmatic.borg import extract
-from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger
+from borgmatic.execute import execute_command, execute_command_without_capture

 DEFAULT_CHECKS = ('repository', 'archives')
 DEFAULT_PREFIX = '{hostname}-'


-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


-def _parse_checks(consistency_config):
+def _parse_checks(consistency_config, only_checks=None):
    '''
-    Given a consistency config with a "checks" list, transform it to a tuple of named checks to run.
+    Given a consistency config with a "checks" list, and an optional list of override checks,
+    transform them a tuple of named checks to run.

    For example, given a retention config of:

@ -23,16 +23,21 @@ def _parse_checks(consistency_config):

        ('repository', 'archives')

-    If no "checks" option is present, return the DEFAULT_CHECKS. If the checks value is the string
-    "disabled", return an empty tuple, meaning that no checks should be run.
+    If no "checks" option is present in the config, return the DEFAULT_CHECKS. If the checks value
+    is the string "disabled", return an empty tuple, meaning that no checks should be run.
+
+    If the "data" option is present, then make sure the "archives" option is included as well.
    '''
-    checks = consistency_config.get('checks', [])
+    checks = [
+        check.lower() for check in (only_checks or consistency_config.get('checks', []) or [])
+    ]
    if checks == ['disabled']:
        return ()

-    return (
-        tuple(check for check in checks if check.lower() not in ('disabled', '')) or DEFAULT_CHECKS
-    )
+    if 'data' in checks and 'archives' not in checks:
+        checks.append('archives')
+
+    return tuple(check for check in checks if check not in ('disabled', '')) or DEFAULT_CHECKS


 def _make_check_flags(checks, check_last=None, prefix=None):
@ -56,7 +61,7 @@ def _make_check_flags(checks, check_last=None, prefix=None):
    '''
    if 'archives' in checks:
        last_flags = ('--last', str(check_last)) if check_last else ()
-        prefix_flags = ('--prefix', prefix) if prefix else ('--prefix', DEFAULT_PREFIX)
+        prefix_flags = ('--prefix', prefix) if prefix else ()
    else:
        last_flags = ()
        prefix_flags = ()
@ -69,33 +74,42 @@ def _make_check_flags(checks, check_last=None, prefix=None):
                'Ignoring consistency prefix option, as "archives" is not in consistency checks.'
            )

+    common_flags = last_flags + prefix_flags + (('--verify-data',) if 'data' in checks else ())
+
    if set(DEFAULT_CHECKS).issubset(set(checks)):
-        return last_flags + prefix_flags
+        return common_flags

    return (
        tuple('--{}-only'.format(check) for check in checks if check in DEFAULT_CHECKS)
-        + last_flags
-        + prefix_flags
+        + common_flags
    )


 def check_archives(
-    repository, storage_config, consistency_config, local_path='borg', remote_path=None
+    repository,
+    storage_config,
+    consistency_config,
+    local_path='borg',
+    remote_path=None,
+    progress=None,
+    repair=None,
+    only_checks=None,
 ):
    '''
    Given a local or remote repository path, a storage config dict, a consistency config dict,
-    and a local/remote commands to run, check the contained Borg archives for consistency.
+    local/remote commands to run, whether to include progress information, whether to attempt a
+    repair, and an optional list of checks to use instead of configured checks, check the contained
+    Borg archives for consistency.

    If there are no consistency checks to run, skip running them.
    '''
-    checks = _parse_checks(consistency_config)
+    checks = _parse_checks(consistency_config, only_checks)
    check_last = consistency_config.get('check_last', None)
    lock_wait = None
+    extra_borg_options = storage_config.get('extra_borg_options', {}).get('check', '')

-    if set(checks).intersection(set(DEFAULT_CHECKS)):
-        remote_path_flags = ('--remote-path', remote_path) if remote_path else ()
+    if set(checks).intersection(set(DEFAULT_CHECKS + ('data',))):
        lock_wait = storage_config.get('lock_wait', None)
-        lock_wait_flags = ('--lock-wait', str(lock_wait)) if lock_wait else ()

        verbosity_flags = ()
        if logger.isEnabledFor(logging.INFO):
@ -103,17 +117,26 @@ def check_archives(
        if logger.isEnabledFor(logging.DEBUG):
            verbosity_flags = ('--debug', '--show-rc')

-        prefix = consistency_config.get('prefix')
+        prefix = consistency_config.get('prefix', DEFAULT_PREFIX)

        full_command = (
-            (local_path, 'check', repository)
+            (local_path, 'check')
+            + (('--repair',) if repair else ())
            + _make_check_flags(checks, check_last, prefix)
-            + remote_path_flags
-            + lock_wait_flags
+            + (('--remote-path', remote_path) if remote_path else ())
+            + (('--lock-wait', str(lock_wait)) if lock_wait else ())
            + verbosity_flags
+            + (('--progress',) if progress else ())
+            + (tuple(extra_borg_options.split(' ')) if extra_borg_options else ())
+            + (repository,)
        )

-        execute_command(full_command)
+        # The Borg repair option trigger an interactive prompt, which won't work when output is
+        # captured. And progress messes with the terminal directly.
+        if repair or progress:
+            execute_command_without_capture(full_command, error_on_warnings=True)
+        else:
+            execute_command(full_command, error_on_warnings=True)

    if 'extract' in checks:
        extract.extract_last_archive_dry_run(repository, lock_wait, local_path, remote_path)
--- a/borgmatic/borg/create.py
+++ b/borgmatic/borg/create.py
@ -4,10 +4,9 @@ import logging
 import os
 import tempfile

-from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger
+from borgmatic.execute import execute_command, execute_command_without_capture

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def _expand_directory(directory):
@ -61,8 +60,8 @@ def _write_pattern_file(patterns=None):

 def _make_pattern_flags(location_config, pattern_filename=None):
    '''
-    Given a location config dict with a potential pattern_from option, and a filename containing any
-    additional patterns, return the corresponding Borg flags for those files as a tuple.
+    Given a location config dict with a potential patterns_from option, and a filename containing
+    any additional patterns, return the corresponding Borg flags for those files as a tuple.
    '''
    pattern_filenames = tuple(location_config.get('patterns_from') or ()) + (
        (pattern_filename,) if pattern_filename else ()
@ -89,10 +88,41 @@ def _make_exclude_flags(location_config, exclude_filename=None):
        )
    )
    caches_flag = ('--exclude-caches',) if location_config.get('exclude_caches') else ()
-    if_present = location_config.get('exclude_if_present')
-    if_present_flags = ('--exclude-if-present', if_present) if if_present else ()
+    if_present_flags = tuple(
+        itertools.chain.from_iterable(
+            ('--exclude-if-present', if_present)
+            for if_present in location_config.get('exclude_if_present', ())
+        )
+    )
+    keep_exclude_tags_flags = (
+        ('--keep-exclude-tags',) if location_config.get('keep_exclude_tags') else ()
+    )
+    exclude_nodump_flags = ('--exclude-nodump',) if location_config.get('exclude_nodump') else ()

-    return exclude_from_flags + caches_flag + if_present_flags
+    return (
+        exclude_from_flags
+        + caches_flag
+        + if_present_flags
+        + keep_exclude_tags_flags
+        + exclude_nodump_flags
+    )
+
+
+DEFAULT_BORGMATIC_SOURCE_DIRECTORY = '~/.borgmatic'
+
+
+def borgmatic_source_directories(borgmatic_source_directory):
+    '''
+    Return a list of borgmatic-specific source directories used for state like database backups.
+    '''
+    if not borgmatic_source_directory:
+        borgmatic_source_directory = DEFAULT_BORGMATIC_SOURCE_DIRECTORY
+
+    return (
+        [borgmatic_source_directory]
+        if os.path.exists(os.path.expanduser(borgmatic_source_directory))
+        else []
+    )


 def create_archive(
@ -105,12 +135,16 @@ def create_archive(
    progress=False,
    stats=False,
    json=False,
+    files=False,
 ):
    '''
    Given vebosity/dry-run flags, a local or remote repository path, a location config dict, and a
    storage config dict, create a Borg archive and return Borg's JSON output (if any).
    '''
-    sources = _expand_directories(location_config['source_directories'])
+    sources = _expand_directories(
+        location_config['source_directories']
+        + borgmatic_source_directories(location_config.get('borgmatic_source_directory'))
+    )

    pattern_file = _write_pattern_file(location_config.get('patterns'))
    exclude_file = _write_pattern_file(
@ -125,16 +159,10 @@ def create_archive(
    files_cache = location_config.get('files_cache')
    default_archive_name_format = '{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}'
    archive_name_format = storage_config.get('archive_name_format', default_archive_name_format)
+    extra_borg_options = storage_config.get('extra_borg_options', {}).get('create', '')

    full_command = (
-        (
-            local_path,
-            'create',
-            '{repository}::{archive_name_format}'.format(
-                repository=repository, archive_name_format=archive_name_format
-            ),
-        )
-        + sources
+        (local_path, 'create')
        + _make_pattern_flags(location_config, pattern_file.name if pattern_file else None)
        + _make_exclude_flags(location_config, exclude_file.name if exclude_file else None)
        + (('--checkpoint-interval', str(checkpoint_interval)) if checkpoint_interval else ())
@ -143,30 +171,42 @@ def create_archive(
        + (('--remote-ratelimit', str(remote_rate_limit)) if remote_rate_limit else ())
        + (('--one-file-system',) if location_config.get('one_file_system') else ())
        + (('--numeric-owner',) if location_config.get('numeric_owner') else ())
+        + (('--noatime',) if location_config.get('atime') is False else ())
+        + (('--noctime',) if location_config.get('ctime') is False else ())
+        + (('--nobirthtime',) if location_config.get('birthtime') is False else ())
        + (('--read-special',) if location_config.get('read_special') else ())
        + (('--nobsdflags',) if location_config.get('bsd_flags') is False else ())
        + (('--files-cache', files_cache) if files_cache else ())
        + (('--remote-path', remote_path) if remote_path else ())
        + (('--umask', str(umask)) if umask else ())
        + (('--lock-wait', str(lock_wait)) if lock_wait else ())
-        + (('--list', '--filter', 'AME-') if logger.isEnabledFor(logging.INFO) and not json else ())
+        + (('--list', '--filter', 'AME-') if files and not json and not progress else ())
        + (('--info',) if logger.getEffectiveLevel() == logging.INFO and not json else ())
-        + (
-            ('--stats',)
-            if not dry_run and (logger.isEnabledFor(logging.INFO) or stats) and not json
-            else ()
-        )
+        + (('--stats',) if stats and not json and not dry_run else ())
        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) and not json else ())
        + (('--dry-run',) if dry_run else ())
        + (('--progress',) if progress else ())
        + (('--json',) if json else ())
+        + (tuple(extra_borg_options.split(' ')) if extra_borg_options else ())
+        + (
+            '{repository}::{archive_name_format}'.format(
+                repository=repository, archive_name_format=archive_name_format
+            ),
+        )
+        + sources
    )

+    # The progress output isn't compatible with captured and logged output, as progress messes with
+    # the terminal directly.
+    if progress:
+        execute_command_without_capture(full_command, error_on_warnings=False)
+        return
+
    if json:
        output_log_level = None
-    elif stats:
+    elif (stats or files) and logger.getEffectiveLevel() == logging.WARNING:
        output_log_level = logging.WARNING
    else:
        output_log_level = logging.INFO

-    return execute_command(full_command, output_log_level)
+    return execute_command(full_command, output_log_level, error_on_warnings=False)
--- a/borgmatic/borg/environment.py
+++ b/borgmatic/borg/environment.py
@ -11,9 +11,21 @@ OPTION_TO_ENVIRONMENT_VARIABLE = {
    'ssh_command': 'BORG_RSH',
 }

+DEFAULT_BOOL_OPTION_TO_ENVIRONMENT_VARIABLE = {
+    'relocated_repo_access_is_ok': 'BORG_RELOCATED_REPO_ACCESS_IS_OK',
+    'unknown_unencrypted_repo_access_is_ok': 'BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK',
+}
+

 def initialize(storage_config):
    for option_name, environment_variable_name in OPTION_TO_ENVIRONMENT_VARIABLE.items():
        value = storage_config.get(option_name)
        if value:
            os.environ[environment_variable_name] = value
+
+    for (
+        option_name,
+        environment_variable_name,
+    ) in DEFAULT_BOOL_OPTION_TO_ENVIRONMENT_VARIABLE.items():
+        value = storage_config.get(option_name, False)
+        os.environ[environment_variable_name] = 'yes' if value else 'no'
--- a/borgmatic/borg/extract.py
+++ b/borgmatic/borg/extract.py
@ -1,9 +1,9 @@
 import logging
+import os

-from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger
+from borgmatic.execute import execute_command, execute_command_without_capture

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def extract_last_archive_dry_run(repository, lock_wait=None, local_path='borg', remote_path=None):
@ -20,13 +20,14 @@ def extract_last_archive_dry_run(repository, lock_wait=None, local_path='borg',
        verbosity_flags = ('--info',)

    full_list_command = (
-        (local_path, 'list', '--short', repository)
+        (local_path, 'list', '--short')
        + remote_path_flags
        + lock_wait_flags
        + verbosity_flags
+        + (repository,)
    )

-    list_output = execute_command(full_list_command, output_log_level=None)
+    list_output = execute_command(full_list_command, output_log_level=None, error_on_warnings=False)

    try:
        last_archive_name = list_output.strip().splitlines()[-1]
@ -35,45 +36,45 @@ def extract_last_archive_dry_run(repository, lock_wait=None, local_path='borg',

    list_flag = ('--list',) if logger.isEnabledFor(logging.DEBUG) else ()
    full_extract_command = (
-        (
-            local_path,
-            'extract',
-            '--dry-run',
-            '{repository}::{last_archive_name}'.format(
-                repository=repository, last_archive_name=last_archive_name
-            ),
-        )
+        (local_path, 'extract', '--dry-run')
        + remote_path_flags
        + lock_wait_flags
        + verbosity_flags
        + list_flag
+        + (
+            '{repository}::{last_archive_name}'.format(
+                repository=repository, last_archive_name=last_archive_name
+            ),
+        )
    )

-    execute_command(full_extract_command)
+    execute_command(full_extract_command, working_directory=None, error_on_warnings=True)


 def extract_archive(
    dry_run,
    repository,
    archive,
-    restore_paths,
+    paths,
    location_config,
    storage_config,
    local_path='borg',
    remote_path=None,
+    destination_path=None,
    progress=False,
+    error_on_warnings=True,
 ):
    '''
    Given a dry-run flag, a local or remote repository path, an archive name, zero or more paths to
-    restore from the archive, and location/storage configuration dicts, extract the archive into the
-    current directory.
+    restore from the archive, location/storage configuration dicts, optional local and remote Borg
+    paths, and an optional destination path to extract to, extract the archive into the current
+    directory.
    '''
    umask = storage_config.get('umask', None)
    lock_wait = storage_config.get('lock_wait', None)

    full_command = (
-        (local_path, 'extract', '::'.join((repository, archive)))
-        + (tuple(restore_paths) if restore_paths else ())
+        (local_path, 'extract')
        + (('--remote-path', remote_path) if remote_path else ())
        + (('--numeric-owner',) if location_config.get('numeric_owner') else ())
        + (('--umask', str(umask)) if umask else ())
@ -82,6 +83,20 @@ def extract_archive(
        + (('--debug', '--list', '--show-rc') if logger.isEnabledFor(logging.DEBUG) else ())
        + (('--dry-run',) if dry_run else ())
        + (('--progress',) if progress else ())
+        + ('::'.join((repository if ':' in repository else os.path.abspath(repository), archive)),)
+        + (tuple(paths) if paths else ())
    )

-    execute_command(full_command)
+    # The progress output isn't compatible with captured and logged output, as progress messes with
+    # the terminal directly.
+    if progress:
+        execute_command_without_capture(
+            full_command, working_directory=destination_path, error_on_warnings=error_on_warnings
+        )
+        return
+
+    # Error on warnings by default, as Borg only gives a warning if the restore paths don't exist in
+    # the archive!
+    execute_command(
+        full_command, working_directory=destination_path, error_on_warnings=error_on_warnings
+    )
--- a/borgmatic/borg/flags.py
+++ b/borgmatic/borg/flags.py
@ -0,0 +1,31 @@
+import itertools
+
+
+def make_flags(name, value):
+    '''
+    Given a flag name and its value, return it formatted as Borg-compatible flags.
+    '''
+    if not value:
+        return ()
+
+    flag = '--{}'.format(name.replace('_', '-'))
+
+    if value is True:
+        return (flag,)
+
+    return (flag, str(value))
+
+
+def make_flags_from_arguments(arguments, excludes=()):
+    '''
+    Given borgmatic command-line arguments as an instance of argparse.Namespace, and optionally a
+    list of named arguments to exclude, generate and return the corresponding Borg command-line
+    flags as a tuple.
+    '''
+    return tuple(
+        itertools.chain.from_iterable(
+            make_flags(name, value=getattr(arguments, name))
+            for name in sorted(vars(arguments))
+            if name not in excludes and not name.startswith('_')
+        )
+    )
--- a/borgmatic/borg/info.py
+++ b/borgmatic/borg/info.py
@ -1,27 +1,45 @@
 import logging

+from borgmatic.borg.flags import make_flags, make_flags_from_arguments
 from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def display_archives_info(
-    repository, storage_config, local_path='borg', remote_path=None, json=False
+    repository, storage_config, info_arguments, local_path='borg', remote_path=None
 ):
    '''
-    Given a local or remote repository path, and a storage config dict, display summary information
-    for Borg archives in the repository or return JSON summary information.
+    Given a local or remote repository path, a storage config dict, and the arguments to the info
+    action, display summary information for Borg archives in the repository or return JSON summary
+    information.
    '''
    lock_wait = storage_config.get('lock_wait', None)

    full_command = (
-        (local_path, 'info', repository)
-        + (('--remote-path', remote_path) if remote_path else ())
-        + (('--lock-wait', str(lock_wait)) if lock_wait else ())
-        + (('--info',) if logger.getEffectiveLevel() == logging.INFO and not json else ())
-        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) and not json else ())
-        + (('--json',) if json else ())
+        (local_path, 'info')
+        + (
+            ('--info',)
+            if logger.getEffectiveLevel() == logging.INFO and not info_arguments.json
+            else ()
+        )
+        + (
+            ('--debug', '--show-rc')
+            if logger.isEnabledFor(logging.DEBUG) and not info_arguments.json
+            else ()
+        )
+        + make_flags('remote-path', remote_path)
+        + make_flags('lock-wait', lock_wait)
+        + make_flags_from_arguments(info_arguments, excludes=('repository', 'archive'))
+        + (
+            '::'.join((repository, info_arguments.archive))
+            if info_arguments.archive
+            else repository,
+        )
    )

-    return execute_command(full_command, output_log_level=None if json else logging.WARNING)
+    return execute_command(
+        full_command,
+        output_log_level=None if info_arguments.json else logging.WARNING,
+        error_on_warnings=False,
+    )
--- a/borgmatic/borg/init.py
+++ b/borgmatic/borg/init.py
@ -1,10 +1,9 @@
 import logging
 import subprocess

-from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger
+from borgmatic.execute import execute_command, execute_command_without_capture

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 INFO_REPOSITORY_NOT_FOUND_EXIT_CODE = 2
@ -12,6 +11,7 @@ INFO_REPOSITORY_NOT_FOUND_EXIT_CODE = 2

 def initialize_repository(
    repository,
+    storage_config,
    encryption_mode,
    append_only=None,
    storage_quota=None,
@ -19,11 +19,17 @@ def initialize_repository(
    remote_path=None,
 ):
    '''
-    Given a local or remote repository path, a Borg encryption mode, whether the repository should
-    be append-only, and the storage quota to use, initialize the repository. If the repository
-    already exists, then log and skip initialization.
+    Given a local or remote repository path, a storage configuration dict, a Borg encryption mode,
+    whether the repository should be append-only, and the storage quota to use, initialize the
+    repository. If the repository already exists, then log and skip initialization.
    '''
-    info_command = (local_path, 'info', repository)
+    info_command = (
+        (local_path, 'info')
+        + (('--info',) if logger.getEffectiveLevel() == logging.INFO else ())
+        + (('--debug',) if logger.isEnabledFor(logging.DEBUG) else ())
+        + (('--remote-path', remote_path) if remote_path else ())
+        + (repository,)
+    )
    logger.debug(' '.join(info_command))

    try:
@ -34,15 +40,19 @@ def initialize_repository(
        if error.returncode != INFO_REPOSITORY_NOT_FOUND_EXIT_CODE:
            raise

+    extra_borg_options = storage_config.get('extra_borg_options', {}).get('init', '')
+
    init_command = (
-        (local_path, 'init', repository)
+        (local_path, 'init')
        + (('--encryption', encryption_mode) if encryption_mode else ())
        + (('--append-only',) if append_only else ())
        + (('--storage-quota', storage_quota) if storage_quota else ())
        + (('--info',) if logger.getEffectiveLevel() == logging.INFO else ())
        + (('--debug',) if logger.isEnabledFor(logging.DEBUG) else ())
        + (('--remote-path', remote_path) if remote_path else ())
+        + (tuple(extra_borg_options.split(' ')) if extra_borg_options else ())
+        + (repository,)
    )

    # Don't use execute_command() here because it doesn't support interactive prompts.
-    subprocess.check_call(init_command)
+    execute_command_without_capture(init_command, error_on_warnings=False)
--- a/borgmatic/borg/list.py
+++ b/borgmatic/borg/list.py
@ -1,28 +1,53 @@
 import logging

+from borgmatic.borg.flags import make_flags, make_flags_from_arguments
 from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


-def list_archives(
-    repository, storage_config, archive=None, local_path='borg', remote_path=None, json=False
-):
+# A hack to convince Borg to exclude archives ending in ".checkpoint". This assumes that a
+# non-checkpoint archive name ends in a digit (e.g. from a timestamp).
+BORG_EXCLUDE_CHECKPOINTS_GLOB = '*[0123456789]'
+
+
+def list_archives(repository, storage_config, list_arguments, local_path='borg', remote_path=None):
    '''
-    Given a local or remote repository path and a storage config dict, display the output of listing
-    Borg archives in the repository or return JSON output. Or, if an archive name is given, listing
-    the files in that archive.
+    Given a local or remote repository path, a storage config dict, and the arguments to the list
+    action, display the output of listing Borg archives in the repository or return JSON output. Or,
+    if an archive name is given, listing the files in that archive.
    '''
    lock_wait = storage_config.get('lock_wait', None)
+    if list_arguments.successful:
+        list_arguments.glob_archives = BORG_EXCLUDE_CHECKPOINTS_GLOB

    full_command = (
-        (local_path, 'list', '::'.join((repository, archive)) if archive else repository)
-        + (('--remote-path', remote_path) if remote_path else ())
-        + (('--lock-wait', str(lock_wait)) if lock_wait else ())
-        + (('--info',) if logger.getEffectiveLevel() == logging.INFO and not json else ())
-        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) and not json else ())
-        + (('--json',) if json else ())
+        (local_path, 'list')
+        + (
+            ('--info',)
+            if logger.getEffectiveLevel() == logging.INFO and not list_arguments.json
+            else ()
+        )
+        + (
+            ('--debug', '--show-rc')
+            if logger.isEnabledFor(logging.DEBUG) and not list_arguments.json
+            else ()
+        )
+        + make_flags('remote-path', remote_path)
+        + make_flags('lock-wait', lock_wait)
+        + make_flags_from_arguments(
+            list_arguments, excludes=('repository', 'archive', 'paths', 'successful')
+        )
+        + (
+            '::'.join((repository, list_arguments.archive))
+            if list_arguments.archive
+            else repository,
+        )
+        + (tuple(list_arguments.paths) if list_arguments.paths else ())
    )

-    return execute_command(full_command, output_log_level=None if json else logging.WARNING)
+    return execute_command(
+        full_command,
+        output_log_level=None if list_arguments.json else logging.WARNING,
+        error_on_warnings=False,
+    )
--- a/borgmatic/borg/mount.py
+++ b/borgmatic/borg/mount.py
@ -0,0 +1,46 @@
+import logging
+
+from borgmatic.execute import execute_command, execute_command_without_capture
+
+logger = logging.getLogger(__name__)
+
+
+def mount_archive(
+    repository,
+    archive,
+    mount_point,
+    paths,
+    foreground,
+    options,
+    storage_config,
+    local_path='borg',
+    remote_path=None,
+):
+    '''
+    Given a local or remote repository path, an optional archive name, a filesystem mount point,
+    zero or more paths to mount from the archive, extra Borg mount options, a storage configuration
+    dict, and optional local and remote Borg paths, mount the archive onto the mount point.
+    '''
+    umask = storage_config.get('umask', None)
+    lock_wait = storage_config.get('lock_wait', None)
+
+    full_command = (
+        (local_path, 'mount')
+        + (('--remote-path', remote_path) if remote_path else ())
+        + (('--umask', str(umask)) if umask else ())
+        + (('--lock-wait', str(lock_wait)) if lock_wait else ())
+        + (('--info',) if logger.getEffectiveLevel() == logging.INFO else ())
+        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) else ())
+        + (('--foreground',) if foreground else ())
+        + (('-o', options) if options else ())
+        + (('::'.join((repository, archive)),) if archive else (repository,))
+        + (mount_point,)
+        + (tuple(paths) if paths else ())
+    )
+
+    # Don't capture the output when foreground mode is used so that ctrl-C can work properly.
+    if foreground:
+        execute_command_without_capture(full_command, error_on_warnings=False)
+        return
+
+    execute_command(full_command, error_on_warnings=False)
--- a/borgmatic/borg/prune.py
+++ b/borgmatic/borg/prune.py
@ -1,9 +1,8 @@
 import logging

 from borgmatic.execute import execute_command
-from borgmatic.logger import get_logger

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def _make_prune_flags(retention_config):
@ -22,12 +21,15 @@ def _make_prune_flags(retention_config):
            ('--keep-monthly', '6'),
        )
    '''
-    if not retention_config.get('prefix'):
-        retention_config['prefix'] = '{hostname}-'
+    config = retention_config.copy()
+
+    if 'prefix' not in config:
+        config['prefix'] = '{hostname}-'
+    elif not config['prefix']:
+        config.pop('prefix')

    return (
-        ('--' + option_name.replace('_', '-'), str(retention_config[option_name]))
-        for option_name, value in retention_config.items()
+        ('--' + option_name.replace('_', '-'), str(value)) for option_name, value in config.items()
    )


@ -39,6 +41,7 @@ def prune_archives(
    local_path='borg',
    remote_path=None,
    stats=False,
+    files=False,
 ):
    '''
    Given dry-run flag, a local or remote repository path, a storage config dict, and a
@ -47,18 +50,26 @@ def prune_archives(
    '''
    umask = storage_config.get('umask', None)
    lock_wait = storage_config.get('lock_wait', None)
+    extra_borg_options = storage_config.get('extra_borg_options', {}).get('prune', '')

    full_command = (
-        (local_path, 'prune', repository)
+        (local_path, 'prune')
        + tuple(element for pair in _make_prune_flags(retention_config) for element in pair)
        + (('--remote-path', remote_path) if remote_path else ())
        + (('--umask', str(umask)) if umask else ())
        + (('--lock-wait', str(lock_wait)) if lock_wait else ())
-        + (('--stats',) if not dry_run and logger.isEnabledFor(logging.INFO) else ())
+        + (('--stats',) if stats and not dry_run else ())
        + (('--info',) if logger.getEffectiveLevel() == logging.INFO else ())
-        + (('--debug', '--list', '--show-rc') if logger.isEnabledFor(logging.DEBUG) else ())
+        + (('--list',) if files else ())
+        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) else ())
        + (('--dry-run',) if dry_run else ())
-        + (('--stats',) if stats else ())
+        + (tuple(extra_borg_options.split(' ')) if extra_borg_options else ())
+        + (repository,)
    )

-    execute_command(full_command)
+    if (stats or files) and logger.getEffectiveLevel() == logging.WARNING:
+        output_log_level = logging.WARNING
+    else:
+        output_log_level = logging.INFO
+
+    execute_command(full_command, output_log_level=output_log_level, error_on_warnings=False)
--- a/borgmatic/borg/umount.py
+++ b/borgmatic/borg/umount.py
@ -0,0 +1,20 @@
+import logging
+
+from borgmatic.execute import execute_command
+
+logger = logging.getLogger(__name__)
+
+
+def unmount_archive(mount_point, local_path='borg'):
+    '''
+    Given a mounted filesystem mount point, and an optional local Borg paths, umount the filesystem
+    from the mount point.
+    '''
+    full_command = (
+        (local_path, 'umount')
+        + (('--info',) if logger.getEffectiveLevel() == logging.INFO else ())
+        + (('--debug', '--show-rc') if logger.isEnabledFor(logging.DEBUG) else ())
+        + (mount_point,)
+    )
+
+    execute_command(full_command, error_on_warnings=True)
--- a/borgmatic/commands/arguments.py
+++ b/borgmatic/commands/arguments.py
@ -0,0 +1,559 @@
+import collections
+from argparse import ArgumentParser
+
+from borgmatic.config import collect
+
+SUBPARSER_ALIASES = {
+    'init': ['--init', '-I'],
+    'prune': ['--prune', '-p'],
+    'create': ['--create', '-C'],
+    'check': ['--check', '-k'],
+    'extract': ['--extract', '-x'],
+    'mount': ['--mount', '-m'],
+    'umount': ['--umount', '-u'],
+    'restore': ['--restore', '-r'],
+    'list': ['--list', '-l'],
+    'info': ['--info', '-i'],
+}
+
+
+def parse_subparser_arguments(unparsed_arguments, subparsers):
+    '''
+    Given a sequence of arguments, and a subparsers object as returned by
+    argparse.ArgumentParser().add_subparsers(), give each requested action's subparser a shot at
+    parsing all arguments. This allows common arguments like "--repository" to be shared across
+    multiple subparsers.
+
+    Return the result as a dict mapping from subparser name to a parsed namespace of arguments.
+    '''
+    arguments = collections.OrderedDict()
+    remaining_arguments = list(unparsed_arguments)
+    alias_to_subparser_name = {
+        alias: subparser_name
+        for subparser_name, aliases in SUBPARSER_ALIASES.items()
+        for alias in aliases
+    }
+
+    for subparser_name, subparser in subparsers.choices.items():
+        if subparser_name not in remaining_arguments:
+            continue
+
+        canonical_name = alias_to_subparser_name.get(subparser_name, subparser_name)
+
+        # If a parsed value happens to be the same as the name of a subparser, remove it from the
+        # remaining arguments. This prevents, for instance, "check --only extract" from triggering
+        # the "extract" subparser.
+        parsed, unused_remaining = subparser.parse_known_args(unparsed_arguments)
+        for value in vars(parsed).values():
+            if isinstance(value, str):
+                if value in subparsers.choices:
+                    remaining_arguments.remove(value)
+            elif isinstance(value, list):
+                for item in value:
+                    if item in subparsers.choices:
+                        remaining_arguments.remove(item)
+
+        arguments[canonical_name] = parsed
+
+    # If no actions are explicitly requested, assume defaults: prune, create, and check.
+    if not arguments and '--help' not in unparsed_arguments and '-h' not in unparsed_arguments:
+        for subparser_name in ('prune', 'create', 'check'):
+            subparser = subparsers.choices[subparser_name]
+            parsed, unused_remaining = subparser.parse_known_args(unparsed_arguments)
+            arguments[subparser_name] = parsed
+
+    return arguments
+
+
+def parse_global_arguments(unparsed_arguments, top_level_parser, subparsers):
+    '''
+    Given a sequence of arguments, a top-level parser (containing subparsers), and a subparsers
+    object as returned by argparse.ArgumentParser().add_subparsers(), parse and return any global
+    arguments as a parsed argparse.Namespace instance.
+    '''
+    # Ask each subparser, one by one, to greedily consume arguments. Any arguments that remain
+    # are global arguments.
+    remaining_arguments = list(unparsed_arguments)
+    present_subparser_names = set()
+
+    for subparser_name, subparser in subparsers.choices.items():
+        if subparser_name not in remaining_arguments:
+            continue
+
+        present_subparser_names.add(subparser_name)
+        unused_parsed, remaining_arguments = subparser.parse_known_args(remaining_arguments)
+
+    # If no actions are explicitly requested, assume defaults: prune, create, and check.
+    if (
+        not present_subparser_names
+        and '--help' not in unparsed_arguments
+        and '-h' not in unparsed_arguments
+    ):
+        for subparser_name in ('prune', 'create', 'check'):
+            subparser = subparsers.choices[subparser_name]
+            unused_parsed, remaining_arguments = subparser.parse_known_args(remaining_arguments)
+
+    # Remove the subparser names themselves.
+    for subparser_name in present_subparser_names:
+        if subparser_name in remaining_arguments:
+            remaining_arguments.remove(subparser_name)
+
+    return top_level_parser.parse_args(remaining_arguments)
+
+
+def parse_arguments(*unparsed_arguments):
+    '''
+    Given command-line arguments with which this script was invoked, parse the arguments and return
+    them as a dict mapping from subparser name (or "global") to an argparse.Namespace instance.
+    '''
+    config_paths = collect.get_default_config_paths(expand_home=True)
+    unexpanded_config_paths = collect.get_default_config_paths(expand_home=False)
+
+    global_parser = ArgumentParser(add_help=False)
+    global_group = global_parser.add_argument_group('global arguments')
+
+    global_group.add_argument(
+        '-c',
+        '--config',
+        nargs='*',
+        dest='config_paths',
+        default=config_paths,
+        help='Configuration filenames or directories, defaults to: {}'.format(
+            ' '.join(unexpanded_config_paths)
+        ),
+    )
+    global_group.add_argument(
+        '--excludes',
+        dest='excludes_filename',
+        help='Deprecated in favor of exclude_patterns within configuration',
+    )
+    global_group.add_argument(
+        '-n',
+        '--dry-run',
+        dest='dry_run',
+        action='store_true',
+        help='Go through the motions, but do not actually write to any repositories',
+    )
+    global_group.add_argument(
+        '-nc', '--no-color', dest='no_color', action='store_true', help='Disable colored output'
+    )
+    global_group.add_argument(
+        '-v',
+        '--verbosity',
+        type=int,
+        choices=range(-1, 3),
+        default=0,
+        help='Display verbose progress to the console (from only errors to very verbose: -1, 0, 1, or 2)',
+    )
+    global_group.add_argument(
+        '--syslog-verbosity',
+        type=int,
+        choices=range(-1, 3),
+        default=0,
+        help='Log verbose progress to syslog (from only errors to very verbose: -1, 0, 1, or 2). Ignored when console is interactive or --log-file is given',
+    )
+    global_group.add_argument(
+        '--log-file-verbosity',
+        type=int,
+        choices=range(-1, 3),
+        default=0,
+        help='Log verbose progress to log file (from only errors to very verbose: -1, 0, 1, or 2). Only used when --log-file is given',
+    )
+    global_group.add_argument(
+        '--monitoring-verbosity',
+        type=int,
+        choices=range(-1, 3),
+        default=1,
+        help='Log verbose progress to monitoring integrations that support logging (from only errors to very verbose: -1, 0, 1, or 2)',
+    )
+    global_group.add_argument(
+        '--log-file',
+        type=str,
+        default=None,
+        help='Write log messages to this file instead of syslog',
+    )
+    global_group.add_argument(
+        '--override',
+        metavar='SECTION.OPTION=VALUE',
+        nargs='+',
+        dest='overrides',
+        help='One or more configuration file options to override with specified values',
+    )
+    global_group.add_argument(
+        '--version',
+        dest='version',
+        default=False,
+        action='store_true',
+        help='Display installed version number of borgmatic and exit',
+    )
+
+    top_level_parser = ArgumentParser(
+        description='''
+            Simple, configuration-driven backup software for servers and workstations. If none of
+            the action options are given, then borgmatic defaults to: prune, create, and check
+            archives.
+            ''',
+        parents=[global_parser],
+    )
+
+    subparsers = top_level_parser.add_subparsers(
+        title='actions',
+        metavar='',
+        help='Specify zero or more actions. Defaults to prune, create, and check. Use --help with action for details:',
+    )
+    init_parser = subparsers.add_parser(
+        'init',
+        aliases=SUBPARSER_ALIASES['init'],
+        help='Initialize an empty Borg repository',
+        description='Initialize an empty Borg repository',
+        add_help=False,
+    )
+    init_group = init_parser.add_argument_group('init arguments')
+    init_group.add_argument(
+        '-e',
+        '--encryption',
+        dest='encryption_mode',
+        help='Borg repository encryption mode',
+        required=True,
+    )
+    init_group.add_argument(
+        '--append-only',
+        dest='append_only',
+        action='store_true',
+        help='Create an append-only repository',
+    )
+    init_group.add_argument(
+        '--storage-quota',
+        dest='storage_quota',
+        help='Create a repository with a fixed storage quota',
+    )
+    init_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    prune_parser = subparsers.add_parser(
+        'prune',
+        aliases=SUBPARSER_ALIASES['prune'],
+        help='Prune archives according to the retention policy',
+        description='Prune archives according to the retention policy',
+        add_help=False,
+    )
+    prune_group = prune_parser.add_argument_group('prune arguments')
+    prune_group.add_argument(
+        '--stats',
+        dest='stats',
+        default=False,
+        action='store_true',
+        help='Display statistics of archive',
+    )
+    prune_group.add_argument(
+        '--files', dest='files', default=False, action='store_true', help='Show per-file details'
+    )
+    prune_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    create_parser = subparsers.add_parser(
+        'create',
+        aliases=SUBPARSER_ALIASES['create'],
+        help='Create archives (actually perform backups)',
+        description='Create archives (actually perform backups)',
+        add_help=False,
+    )
+    create_group = create_parser.add_argument_group('create arguments')
+    create_group.add_argument(
+        '--progress',
+        dest='progress',
+        default=False,
+        action='store_true',
+        help='Display progress for each file as it is backed up',
+    )
+    create_group.add_argument(
+        '--stats',
+        dest='stats',
+        default=False,
+        action='store_true',
+        help='Display statistics of archive',
+    )
+    create_group.add_argument(
+        '--files', dest='files', default=False, action='store_true', help='Show per-file details'
+    )
+    create_group.add_argument(
+        '--json', dest='json', default=False, action='store_true', help='Output results as JSON'
+    )
+    create_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    check_parser = subparsers.add_parser(
+        'check',
+        aliases=SUBPARSER_ALIASES['check'],
+        help='Check archives for consistency',
+        description='Check archives for consistency',
+        add_help=False,
+    )
+    check_group = check_parser.add_argument_group('check arguments')
+    check_group.add_argument(
+        '--progress',
+        dest='progress',
+        default=False,
+        action='store_true',
+        help='Display progress for each file as it is checked',
+    )
+    check_group.add_argument(
+        '--repair',
+        dest='repair',
+        default=False,
+        action='store_true',
+        help='Attempt to repair any inconsistencies found (experimental and only for interactive use)',
+    )
+    check_group.add_argument(
+        '--only',
+        metavar='CHECK',
+        choices=('repository', 'archives', 'data', 'extract'),
+        dest='only',
+        action='append',
+        help='Run a particular consistency check (repository, archives, data, or extract) instead of configured checks; can specify flag multiple times',
+    )
+    check_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    extract_parser = subparsers.add_parser(
+        'extract',
+        aliases=SUBPARSER_ALIASES['extract'],
+        help='Extract files from a named archive to the current directory',
+        description='Extract a named archive to the current directory',
+        add_help=False,
+    )
+    extract_group = extract_parser.add_argument_group('extract arguments')
+    extract_group.add_argument(
+        '--repository',
+        help='Path of repository to extract, defaults to the configured repository if there is only one',
+    )
+    extract_group.add_argument('--archive', help='Name of archive to extract', required=True)
+    extract_group.add_argument(
+        '--path',
+        '--restore-path',
+        metavar='PATH',
+        nargs='+',
+        dest='paths',
+        help='Paths to extract from archive, defaults to the entire archive',
+    )
+    extract_group.add_argument(
+        '--destination',
+        metavar='PATH',
+        dest='destination',
+        help='Directory to extract files into, defaults to the current directory',
+    )
+    extract_group.add_argument(
+        '--progress',
+        dest='progress',
+        default=False,
+        action='store_true',
+        help='Display progress for each file as it is extracted',
+    )
+    extract_group.add_argument(
+        '-h', '--help', action='help', help='Show this help message and exit'
+    )
+
+    mount_parser = subparsers.add_parser(
+        'mount',
+        aliases=SUBPARSER_ALIASES['mount'],
+        help='Mount files from a named archive as a FUSE filesystem',
+        description='Mount a named archive as a FUSE filesystem',
+        add_help=False,
+    )
+    mount_group = mount_parser.add_argument_group('mount arguments')
+    mount_group.add_argument(
+        '--repository',
+        help='Path of repository to use, defaults to the configured repository if there is only one',
+    )
+    mount_group.add_argument('--archive', help='Name of archive to mount')
+    mount_group.add_argument(
+        '--mount-point',
+        metavar='PATH',
+        dest='mount_point',
+        help='Path where filesystem is to be mounted',
+        required=True,
+    )
+    mount_group.add_argument(
+        '--path',
+        metavar='PATH',
+        nargs='+',
+        dest='paths',
+        help='Paths to mount from archive, defaults to the entire archive',
+    )
+    mount_group.add_argument(
+        '--foreground',
+        dest='foreground',
+        default=False,
+        action='store_true',
+        help='Stay in foreground until ctrl-C is pressed',
+    )
+    mount_group.add_argument('--options', dest='options', help='Extra Borg mount options')
+    mount_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    umount_parser = subparsers.add_parser(
+        'umount',
+        aliases=SUBPARSER_ALIASES['umount'],
+        help='Unmount a FUSE filesystem that was mounted with "borgmatic mount"',
+        description='Unmount a mounted FUSE filesystem',
+        add_help=False,
+    )
+    umount_group = umount_parser.add_argument_group('umount arguments')
+    umount_group.add_argument(
+        '--mount-point',
+        metavar='PATH',
+        dest='mount_point',
+        help='Path of filesystem to unmount',
+        required=True,
+    )
+    umount_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    restore_parser = subparsers.add_parser(
+        'restore',
+        aliases=SUBPARSER_ALIASES['restore'],
+        help='Restore database dumps from a named archive',
+        description='Restore database dumps from a named archive. (To extract files instead, use "borgmatic extract".)',
+        add_help=False,
+    )
+    restore_group = restore_parser.add_argument_group('restore arguments')
+    restore_group.add_argument(
+        '--repository',
+        help='Path of repository to restore from, defaults to the configured repository if there is only one',
+    )
+    restore_group.add_argument('--archive', help='Name of archive to restore from', required=True)
+    restore_group.add_argument(
+        '--database',
+        metavar='NAME',
+        nargs='+',
+        dest='databases',
+        help='Names of databases to restore from archive, defaults to all databases. Note that any databases to restore must be defined in borgmatic\'s configuration',
+    )
+    restore_group.add_argument(
+        '--progress',
+        dest='progress',
+        default=False,
+        action='store_true',
+        help='Display progress for each database dump file as it is extracted from archive',
+    )
+    restore_group.add_argument(
+        '-h', '--help', action='help', help='Show this help message and exit'
+    )
+
+    list_parser = subparsers.add_parser(
+        'list',
+        aliases=SUBPARSER_ALIASES['list'],
+        help='List archives',
+        description='List archives or the contents of an archive',
+        add_help=False,
+    )
+    list_group = list_parser.add_argument_group('list arguments')
+    list_group.add_argument(
+        '--repository',
+        help='Path of repository to list, defaults to the configured repository if there is only one',
+    )
+    list_group.add_argument('--archive', help='Name of archive to list')
+    list_group.add_argument(
+        '--path',
+        metavar='PATH',
+        nargs='+',
+        dest='paths',
+        help='Paths to list from archive, defaults to the entire archive',
+    )
+    list_group.add_argument(
+        '--short', default=False, action='store_true', help='Output only archive or path names'
+    )
+    list_group.add_argument('--format', help='Format for file listing')
+    list_group.add_argument(
+        '--json', default=False, action='store_true', help='Output results as JSON'
+    )
+    list_group.add_argument(
+        '-P', '--prefix', help='Only list archive names starting with this prefix'
+    )
+    list_group.add_argument(
+        '-a', '--glob-archives', metavar='GLOB', help='Only list archive names matching this glob'
+    )
+    list_group.add_argument(
+        '--successful',
+        default=False,
+        action='store_true',
+        help='Only list archive names of successful (non-checkpoint) backups',
+    )
+    list_group.add_argument(
+        '--sort-by', metavar='KEYS', help='Comma-separated list of sorting keys'
+    )
+    list_group.add_argument(
+        '--first', metavar='N', help='List first N archives after other filters are applied'
+    )
+    list_group.add_argument(
+        '--last', metavar='N', help='List last N archives after other filters are applied'
+    )
+    list_group.add_argument(
+        '-e', '--exclude', metavar='PATTERN', help='Exclude paths matching the pattern'
+    )
+    list_group.add_argument(
+        '--exclude-from', metavar='FILENAME', help='Exclude paths from exclude file, one per line'
+    )
+    list_group.add_argument('--pattern', help='Include or exclude paths matching a pattern')
+    list_group.add_argument(
+        '--patterns-from',
+        metavar='FILENAME',
+        help='Include or exclude paths matching patterns from pattern file, one per line',
+    )
+    list_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    info_parser = subparsers.add_parser(
+        'info',
+        aliases=SUBPARSER_ALIASES['info'],
+        help='Display summary information on archives',
+        description='Display summary information on archives',
+        add_help=False,
+    )
+    info_group = info_parser.add_argument_group('info arguments')
+    info_group.add_argument(
+        '--repository',
+        help='Path of repository to show info for, defaults to the configured repository if there is only one',
+    )
+    info_group.add_argument('--archive', help='Name of archive to show info for')
+    info_group.add_argument(
+        '--json', dest='json', default=False, action='store_true', help='Output results as JSON'
+    )
+    info_group.add_argument(
+        '-P', '--prefix', help='Only show info for archive names starting with this prefix'
+    )
+    info_group.add_argument(
+        '-a',
+        '--glob-archives',
+        metavar='GLOB',
+        help='Only show info for archive names matching this glob',
+    )
+    info_group.add_argument(
+        '--sort-by', metavar='KEYS', help='Comma-separated list of sorting keys'
+    )
+    info_group.add_argument(
+        '--first',
+        metavar='N',
+        help='Show info for first N archives after other filters are applied',
+    )
+    info_group.add_argument(
+        '--last', metavar='N', help='Show info for first N archives after other filters are applied'
+    )
+    info_group.add_argument('-h', '--help', action='help', help='Show this help message and exit')
+
+    arguments = parse_subparser_arguments(unparsed_arguments, subparsers)
+    arguments['global'] = parse_global_arguments(unparsed_arguments, top_level_parser, subparsers)
+
+    if arguments['global'].excludes_filename:
+        raise ValueError(
+            'The --excludes option has been replaced with exclude_patterns in configuration'
+        )
+
+    if 'init' in arguments and arguments['global'].dry_run:
+        raise ValueError('The init action cannot be used with the --dry-run option')
+
+    if 'list' in arguments and arguments['list'].glob_archives and arguments['list'].successful:
+        raise ValueError('The --glob-archives and --successful options cannot be used together')
+
+    if (
+        'list' in arguments
+        and 'info' in arguments
+        and arguments['list'].json
+        and arguments['info'].json
+    ):
+        raise ValueError('With the --json option, list and info actions cannot be used together')
+
+    return arguments
--- a/borgmatic/commands/borgmatic.py
+++ b/borgmatic/commands/borgmatic.py
--- a/borgmatic/commands/generate_config.py
+++ b/borgmatic/commands/generate_config.py
@ -12,12 +12,18 @@ def parse_arguments(*arguments):
    them as an ArgumentParser instance.
    '''
    parser = ArgumentParser(description='Generate a sample borgmatic YAML configuration file.')
+    parser.add_argument(
+        '-s',
+        '--source',
+        dest='source_filename',
+        help='Optional YAML configuration file to merge into the generated configuration, useful for upgrading your configuration',
+    )
    parser.add_argument(
        '-d',
        '--destination',
        dest='destination_filename',
        default=DEFAULT_DESTINATION_CONFIG_FILENAME,
-        help='Destination YAML configuration filename. Default: {}'.format(
+        help='Destination YAML configuration file. Default: {}'.format(
            DEFAULT_DESTINATION_CONFIG_FILENAME
        ),
    )
@ -30,11 +36,21 @@ def main():  # pragma: no cover
        args = parse_arguments(*sys.argv[1:])

        generate.generate_sample_configuration(
-            args.destination_filename, validate.schema_filename()
+            args.source_filename, args.destination_filename, validate.schema_filename()
        )

        print('Generated a sample configuration file at {}.'.format(args.destination_filename))
        print()
+        if args.source_filename:
+            print(
+                'Merged in the contents of configuration file at {}.'.format(args.source_filename)
+            )
+            print('To review the changes made, run:')
+            print()
+            print(
+                '    diff --unified {} {}'.format(args.source_filename, args.destination_filename)
+            )
+            print()
        print('Please edit the file to suit your needs. The values are representative.')
        print('All fields are optional except where indicated.')
        print()
--- a/borgmatic/commands/validate_config.py
+++ b/borgmatic/commands/validate_config.py
@ -3,9 +3,8 @@ import sys
 from argparse import ArgumentParser

 from borgmatic.config import collect, validate
-from borgmatic.logger import get_logger

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def parse_arguments(*arguments):
--- a/borgmatic/config/collect.py
+++ b/borgmatic/config/collect.py
@ -1,20 +1,23 @@
 import os


-def get_default_config_paths():
+def get_default_config_paths(expand_home=True):
    '''
    Based on the value of the XDG_CONFIG_HOME and HOME environment variables, return a list of
    default configuration paths. This includes both system-wide configuration and configuration in
    the current user's home directory.
+
+    Don't expand the home directory ($HOME) if the expand home flag is False.
    '''
-    user_config_directory = os.getenv('XDG_CONFIG_HOME') or os.path.expandvars(
-        os.path.join('$HOME', '.config')
-    )
+    user_config_directory = os.getenv('XDG_CONFIG_HOME') or os.path.join('$HOME', '.config')
+    if expand_home:
+        user_config_directory = os.path.expandvars(user_config_directory)

    return [
        '/etc/borgmatic/config.yaml',
        '/etc/borgmatic.d',
        '%s/borgmatic/config.yaml' % user_config_directory,
+        '%s/borgmatic.d' % user_config_directory,
    ]


--- a/borgmatic/config/convert.py
+++ b/borgmatic/config/convert.py
@ -54,10 +54,10 @@ def convert_legacy_parsed_config(source_config, source_excludes, schema):
        destination_config['consistency']['checks'] = source_config.consistency['checks'].split(' ')

    # Add comments to each section, and then add comments to the fields in each section.
-    generate.add_comments_to_configuration(destination_config, schema)
+    generate.add_comments_to_configuration_map(destination_config, schema)

    for section_name, section_config in destination_config.items():
-        generate.add_comments_to_configuration(
+        generate.add_comments_to_configuration_map(
            section_config, schema['map'][section_name], indent=generate.INDENT
        )

--- a/borgmatic/config/generate.py
+++ b/borgmatic/config/generate.py
@ -1,8 +1,14 @@
+import collections
+import io
 import os
+import re

 from ruamel import yaml

+from borgmatic.config import load
+
 INDENT = 4
+SEQUENCE_INDENT = 2


 def _insert_newline_before_comment(config, field_name):
@ -15,7 +21,7 @@ def _insert_newline_before_comment(config, field_name):
    )


-def _schema_to_sample_configuration(schema, level=0):
+def _schema_to_sample_configuration(schema, level=0, parent_is_sequence=False):
    '''
    Given a loaded configuration schema, generate and return sample config for it. Include comments
    for each section based on the schema "desc" description.
@ -24,14 +30,29 @@ def _schema_to_sample_configuration(schema, level=0):
    if example is not None:
        return example

-    config = yaml.comments.CommentedMap(
-        [
-            (section_name, _schema_to_sample_configuration(section_schema, level + 1))
-            for section_name, section_schema in schema['map'].items()
-        ]
-    )
-
-    add_comments_to_configuration(config, schema, indent=(level * INDENT))
+    if 'seq' in schema:
+        config = yaml.comments.CommentedSeq(
+            [
+                _schema_to_sample_configuration(item_schema, level, parent_is_sequence=True)
+                for item_schema in schema['seq']
+            ]
+        )
+        add_comments_to_configuration_sequence(
+            config, schema, indent=(level * INDENT) + SEQUENCE_INDENT
+        )
+    elif 'map' in schema:
+        config = yaml.comments.CommentedMap(
+            [
+                (field_name, _schema_to_sample_configuration(sub_schema, level + 1))
+                for field_name, sub_schema in schema['map'].items()
+            ]
+        )
+        indent = (level * INDENT) + (SEQUENCE_INDENT if parent_is_sequence else 0)
+        add_comments_to_configuration_map(
+            config, schema, indent=indent, skip_first=parent_is_sequence
+        )
+    else:
+        raise ValueError('Schema at level {} is unsupported: {}'.format(level, schema))

    return config

@ -42,46 +63,40 @@ def _comment_out_line(line):
    if not stripped_line or stripped_line.startswith('#'):
        return line

-    # Comment out the names of optional sections.
-    one_indent = ' ' * INDENT
-    if not line.startswith(one_indent):
-        return '#' + line
+    # Comment out the names of optional sections, inserting the '#' after any indent for aesthetics.
+    matches = re.match(r'(\s*)', line)
+    indent_spaces = matches.group(0) if matches else ''
+    count_indent_spaces = len(indent_spaces)

-    # Otherwise, comment out the line, but insert the "#" after the first indent for aesthetics.
-    return '#'.join((one_indent, line[INDENT:]))
-
-
-REQUIRED_KEYS = {'source_directories', 'repositories', 'keep_daily'}
-REQUIRED_SECTION_NAMES = {'location', 'retention'}
+    return '# '.join((indent_spaces, line[count_indent_spaces:]))


 def _comment_out_optional_configuration(rendered_config):
    '''
-    Post-process a rendered configuration string to comment out optional key/values. The idea is
-    that this prevents the user from having to comment out a bunch of configuration they don't care
-    about to get to a minimal viable configuration file.
+    Post-process a rendered configuration string to comment out optional key/values, as determined
+    by a sentinel in the comment before each key.

-    Ideally ruamel.yaml would support this during configuration generation, but it's not terribly
-    easy to accomplish that way.
+    The idea is that the pre-commented configuration prevents the user from having to comment out a
+    bunch of configuration they don't care about to get to a minimal viable configuration file.
+
+    Ideally ruamel.yaml would support commenting out keys during configuration generation, but it's
+    not terribly easy to accomplish that way.
    '''
    lines = []
-    required = False
+    optional = False

    for line in rendered_config.split('\n'):
-        key = line.strip().split(':')[0]
-
-        if key in REQUIRED_SECTION_NAMES:
-            lines.append(line)
+        # Upon encountering an optional configuration option, commenting out lines until the next
+        # blank line.
+        if line.strip().startswith('# {}'.format(COMMENTED_OUT_SENTINEL)):
+            optional = True
            continue

-        # Upon encountering a required configuration option, skip commenting out lines until the
-        # next blank line.
-        if key in REQUIRED_KEYS:
-            required = True
-        elif not key:
-            required = False
+        # Hit a blank line, so reset commenting.
+        if not line.strip():
+            optional = False

-        lines.append(_comment_out_line(line) if not required else line)
+        lines.append(_comment_out_line(line) if optional else line)

    return '\n'.join(lines)

@ -90,7 +105,12 @@ def _render_configuration(config):
    '''
    Given a config data structure of nested OrderedDicts, render the config as YAML and return it.
    '''
-    return yaml.round_trip_dump(config, indent=INDENT, block_seq_indent=INDENT)
+    dumper = yaml.YAML()
+    dumper.indent(mapping=INDENT, sequence=INDENT + SEQUENCE_INDENT, offset=INDENT)
+    rendered = io.StringIO()
+    dumper.dump(config, rendered)
+
+    return rendered.getvalue()


 def write_configuration(config_filename, rendered_config, mode=0o600):
@ -112,33 +132,159 @@ def write_configuration(config_filename, rendered_config, mode=0o600):
    os.chmod(config_filename, mode)


-def add_comments_to_configuration(config, schema, indent=0):
+def add_comments_to_configuration_sequence(config, schema, indent=0):
    '''
-    Using descriptions from a schema as a source, add those descriptions as comments to the given
-    config before each field. This function only adds comments for the top-most config map level.
-    Indent the comment the given number of characters.
+    If the given config sequence's items are maps, then mine the schema for the description of the
+    map's first item, and slap that atop the sequence. Indent the comment the given number of
+    characters.
+
+    Doing this for sequences of maps results in nice comments that look like:
+
+    ```
+    things:
+          # First key description. Added by this function.
+        - key: foo
+          # Second key description. Added by add_comments_to_configuration_map().
+          other: bar
+    ```
    '''
-    for index, field_name in enumerate(config.keys()):
-        field_schema = schema['map'].get(field_name, {})
+    if 'map' not in schema['seq'][0]:
+        return
+
+    for field_name in config[0].keys():
+        field_schema = schema['seq'][0]['map'].get(field_name, {})
        description = field_schema.get('desc')

        # No description to use? Skip it.
        if not field_schema or not description:
+            return
+
+        config[0].yaml_set_start_comment(description, indent=indent)
+
+        # We only want the first key's description here, as the rest of the keys get commented by
+        # add_comments_to_configuration_map().
+        return
+
+
+REQUIRED_SECTION_NAMES = {'location', 'retention'}
+REQUIRED_KEYS = {'source_directories', 'repositories', 'keep_daily'}
+COMMENTED_OUT_SENTINEL = 'COMMENT_OUT'
+
+
+def add_comments_to_configuration_map(config, schema, indent=0, skip_first=False):
+    '''
+    Using descriptions from a schema as a source, add those descriptions as comments to the given
+    config mapping, before each field. Indent the comment the given number of characters.
+    '''
+    for index, field_name in enumerate(config.keys()):
+        if skip_first and index == 0:
+            continue
+
+        field_schema = schema['map'].get(field_name, {})
+        description = field_schema.get('desc', '').strip()
+
+        # If this is an optional key, add an indicator to the comment flagging it to be commented
+        # out from the sample configuration. This sentinel is consumed by downstream processing that
+        # does the actual commenting out.
+        if field_name not in REQUIRED_SECTION_NAMES and field_name not in REQUIRED_KEYS:
+            description = (
+                '\n'.join((description, COMMENTED_OUT_SENTINEL))
+                if description
+                else COMMENTED_OUT_SENTINEL
+            )
+
+        # No description to use? Skip it.
+        if not field_schema or not description:  # pragma: no cover
            continue

        config.yaml_set_comment_before_after_key(key=field_name, before=description, indent=indent)
+
        if index > 0:
            _insert_newline_before_comment(config, field_name)


-def generate_sample_configuration(config_filename, schema_filename):
+RUAMEL_YAML_COMMENTS_INDEX = 1
+
+
+def remove_commented_out_sentinel(config, field_name):
    '''
-    Given a target config filename and the path to a schema filename in pykwalify YAML schema
-    format, write out a sample configuration file based on that schema.
+    Given a configuration CommentedMap and a top-level field name in it, remove any "commented out"
+    sentinel found at the end of its YAML comments. This prevents the given field name from getting
+    commented out by downstream processing that consumes the sentinel.
+    '''
+    try:
+        last_comment_value = config.ca.items[field_name][RUAMEL_YAML_COMMENTS_INDEX][-1].value
+    except KeyError:
+        return
+
+    if last_comment_value == '# {}\n'.format(COMMENTED_OUT_SENTINEL):
+        config.ca.items[field_name][RUAMEL_YAML_COMMENTS_INDEX].pop()
+
+
+def merge_source_configuration_into_destination(destination_config, source_config):
+    '''
+    Deep merge the given source configuration dict into the destination configuration CommentedMap,
+    favoring values from the source when there are collisions.
+
+    The purpose of this is to upgrade configuration files from old versions of borgmatic by adding
+    new
+    configuration keys and comments.
+    '''
+    if not source_config:
+        return destination_config
+    if not destination_config or not isinstance(source_config, collections.abc.Mapping):
+        return source_config
+
+    for field_name, source_value in source_config.items():
+        # Since this key/value is from the source configuration, leave it uncommented and remove any
+        # sentinel that would cause it to get commented out.
+        remove_commented_out_sentinel(destination_config, field_name)
+
+        # This is a mapping. Recurse for this key/value.
+        if isinstance(source_value, collections.abc.Mapping):
+            destination_config[field_name] = merge_source_configuration_into_destination(
+                destination_config[field_name], source_value
+            )
+            continue
+
+        # This is a sequence. Recurse for each item in it.
+        if isinstance(source_value, collections.abc.Sequence) and not isinstance(source_value, str):
+            destination_value = destination_config[field_name]
+            destination_config[field_name] = yaml.comments.CommentedSeq(
+                [
+                    merge_source_configuration_into_destination(
+                        destination_value[index] if index < len(destination_value) else None,
+                        source_item,
+                    )
+                    for index, source_item in enumerate(source_value)
+                ]
+            )
+            continue
+
+        # This is some sort of scalar. Simply set it into the destination.
+        destination_config[field_name] = source_config[field_name]
+
+    return destination_config
+
+
+def generate_sample_configuration(source_filename, destination_filename, schema_filename):
+    '''
+    Given an optional source configuration filename, and a required destination configuration
+    filename, and the path to a schema filename in pykwalify YAML schema format, write out a
+    sample configuration file based on that schema. If a source filename is provided, merge the
+    parsed contents of that configuration into the generated configuration.
    '''
    schema = yaml.round_trip_load(open(schema_filename))
-    config = _schema_to_sample_configuration(schema)
+    source_config = None
+
+    if source_filename:
+        source_config = load.load_configuration(source_filename)
+
+    destination_config = merge_source_configuration_into_destination(
+        _schema_to_sample_configuration(schema), source_config
+    )

    write_configuration(
-        config_filename, _comment_out_optional_configuration(_render_configuration(config))
+        destination_filename,
+        _comment_out_optional_configuration(_render_configuration(destination_config)),
    )
--- a/borgmatic/config/load.py
+++ b/borgmatic/config/load.py
@ -1,10 +1,9 @@
+import logging
 import os

 import ruamel.yaml

-from borgmatic.logger import get_logger
-
-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


 def load_configuration(filename):
@ -54,9 +53,7 @@ class Include_constructor(ruamel.yaml.SafeConstructor):

        for index, (key_node, value_node) in enumerate(node.value):
            if key_node.tag == u'tag:yaml.org,2002:merge' and value_node.tag == '!include':
-                included_value = representer.represent_mapping(
-                    tag='tag:yaml.org,2002:map', mapping=self.construct_object(value_node)
-                )
+                included_value = representer.represent_data(self.construct_object(value_node))
                node.value[index] = (key_node, included_value)

        super(Include_constructor, self).flatten_mapping(node)
--- a/borgmatic/config/normalize.py
+++ b/borgmatic/config/normalize.py
@ -0,0 +1,10 @@
+def normalize(config):
+    '''
+    Given a configuration dict, apply particular hard-coded rules to normalize its contents to
+    adhere to the configuration schema.
+    '''
+    exclude_if_present = config.get('location', {}).get('exclude_if_present')
+
+    # "Upgrade" exclude_if_present from a string to a list.
+    if isinstance(exclude_if_present, str):
+        config['location']['exclude_if_present'] = [exclude_if_present]
--- a/borgmatic/config/override.py
+++ b/borgmatic/config/override.py
@ -0,0 +1,71 @@
+import io
+
+import ruamel.yaml
+
+
+def set_values(config, keys, value):
+    '''
+    Given a hierarchy of configuration dicts, a sequence of parsed key strings, and a string value,
+    descend into the hierarchy based on the keys to set the value into the right place.
+    '''
+    if not keys:
+        return
+
+    first_key = keys[0]
+    if len(keys) == 1:
+        config[first_key] = value
+        return
+
+    if first_key not in config:
+        config[first_key] = {}
+
+    set_values(config[first_key], keys[1:], value)
+
+
+def convert_value_type(value):
+    '''
+    Given a string value, determine its logical type (string, boolean, integer, etc.), and return it
+    converted to that type.
+    '''
+    return ruamel.yaml.YAML(typ='safe').load(io.StringIO(value))
+
+
+def parse_overrides(raw_overrides):
+    '''
+    Given a sequence of configuration file override strings in the form of "section.option=value",
+    parse and return a sequence of tuples (keys, values), where keys is a sequence of strings. For
+    instance, given the following raw overrides:
+
+        ['section.my_option=value1', 'section.other_option=value2']
+
+    ... return this:
+
+        (
+            (('section', 'my_option'), 'value1'),
+            (('section', 'other_option'), 'value2'),
+        )
+
+    Raise ValueError if an override can't be parsed.
+    '''
+    if not raw_overrides:
+        return ()
+
+    try:
+        return tuple(
+            (tuple(raw_keys.split('.')), convert_value_type(value))
+            for raw_override in raw_overrides
+            for raw_keys, value in (raw_override.split('=', 1),)
+        )
+    except ValueError:
+        raise ValueError('Invalid override. Make sure you use the form: SECTION.OPTION=VALUE')
+
+
+def apply_overrides(config, raw_overrides):
+    '''
+    Given a sequence of configuration file override strings in the form of "section.option=value"
+    and a configuration dict, parse each override and set it the configuration dict.
+    '''
+    overrides = parse_overrides(raw_overrides)
+
+    for (keys, value) in overrides:
+        set_values(config, keys, value)
--- a/borgmatic/config/schema.yaml
+++ b/borgmatic/config/schema.yaml
@ -11,7 +11,7 @@ map:
            source_directories:
                required: true
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    List of source directories to backup (required). Globs and tildes are expanded.
                example:
@ -21,7 +21,7 @@ map:
            repositories:
                required: true
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Paths to local or remote repositories (required). Tildes are expanded. Multiple
                    repositories are backed up to in sequence. See ssh_command for SSH options like
@ -36,6 +36,18 @@ map:
                type: bool
                desc: Only store/extract numeric user and group identifiers. Defaults to false.
                example: true
+            atime:
+                type: bool
+                desc: Store atime into archive. Defaults to true.
+                example: false
+            ctime:
+                type: bool
+                desc: Store ctime into archive. Defaults to true.
+                example: false
+            birthtime:
+                type: bool
+                desc: Store birthtime (creation date) into archive. Defaults to true.
+                example: false
            read_special:
                type: bool
                desc: |
@ -48,23 +60,23 @@ map:
                desc: Record bsdflags (e.g. NODUMP, IMMUTABLE) in archive. Defaults to true.
                example: true
            files_cache:
-                type: scalar
+                type: str
                desc: |
                    Mode in which to operate the files cache. See
                    https://borgbackup.readthedocs.io/en/stable/usage/create.html#description for
                    details. Defaults to "ctime,size,inode".
                example: ctime,size,inode
            local_path:
-                type: scalar
+                type: str
                desc: Alternate Borg local executable. Defaults to "borg".
                example: borg1
            remote_path:
-                type: scalar
+                type: str
                desc: Alternate Borg remote executable. Defaults to "borg".
                example: borg1
            patterns:
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Any paths matching these patterns are included/excluded from backups. Globs are
                    expanded. (Tildes are not.) Note that Borg considers this option experimental.
@ -77,7 +89,7 @@ map:
                    - '- /home/*'
            patterns_from:
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Read include/exclude patterns from one or more separate named files, one pattern
                    per line. Note that Borg considers this option experimental. See the output of
@ -86,7 +98,7 @@ map:
                    - /etc/borgmatic/patterns
            exclude_patterns:
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Any paths matching these patterns are excluded from backups. Globs and tildes
                    are expanded. See the output of "borg help patterns" for more details.
@ -96,7 +108,7 @@ map:
                    - /etc/ssl
            exclude_from:
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Read exclude patterns from one or more separate named files, one pattern per
                    line. See the output of "borg help patterns" for more details.
@ -109,11 +121,32 @@ map:
                    http://www.brynosaurus.com/cachedir/spec.html for details. Defaults to false.
                example: true
            exclude_if_present:
-                type: scalar
+                seq:
+                    - type: str
                desc: |
-                    Exclude directories that contain a file with the given filename. Defaults to not
+                    Exclude directories that contain a file with the given filenames. Defaults to not
                    set.
-                example: .nobackup
+                example:
+                    - .nobackup
+            keep_exclude_tags:
+                type: bool
+                desc: |
+                    If true, the exclude_if_present filename is included in backups. Defaults to
+                    false, meaning that the exclude_if_present filename is omitted from backups.
+                example: true
+            exclude_nodump:
+                type: bool
+                desc: |
+                    Exclude files with the NODUMP flag. Defaults to false.
+                example: true
+            borgmatic_source_directory:
+                type: str
+                desc: |
+                    Path for additional source files used for temporary internal state like
+                    borgmatic database dumps. Note that changing this path prevents "borgmatic
+                    restore" from finding any database dumps created before the change. Defaults
+                    to ~/.borgmatic
+                example: /tmp/borgmatic
    storage:
        desc: |
            Repository storage options. See
@ -122,7 +155,7 @@ map:
            details.
        map:
            encryption_passcommand:
-                type: scalar
+                type: str
                desc: |
                    The standard output of this command is used to unlock the encryption key. Only
                    use on repositories that were initialized with passcommand/repokey encryption.
@ -130,7 +163,7 @@ map:
                    then encryption_passphrase takes precedence. Defaults to not set.
                example: "secret-tool lookup borg-repository repo-name"
            encryption_passphrase:
-                type: scalar
+                type: str
                desc: |
                    Passphrase to unlock the encryption key with. Only use on repositories that were
                    initialized with passphrase/repokey encryption. Quote the value if it contains
@ -145,14 +178,14 @@ map:
                    for details. Defaults to checkpoints every 1800 seconds (30 minutes).
                example: 1800
            chunker_params:
-                type: scalar
+                type: str
                desc: |
                    Specify the parameters passed to then chunker (CHUNK_MIN_EXP, CHUNK_MAX_EXP,
                    HASH_MASK_BITS, HASH_WINDOW_SIZE). See https://borgbackup.readthedocs.io/en/stable/internals.html
                    for details. Defaults to "19,23,21,4095".
                example: 19,23,21,4095
            compression:
-                type: scalar
+                type: str
                desc: |
                    Type of compression to use when creating archives. See
                    https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
@ -163,34 +196,34 @@ map:
                desc: Remote network upload rate limit in kiBytes/second. Defaults to unlimited.
                example: 100
            ssh_command:
-                type: scalar
+                type: str
                desc: |
                    Command to use instead of "ssh". This can be used to specify ssh options.
                    Defaults to not set.
                example: ssh -i /path/to/private/key
            borg_base_directory:
-                type: scalar
+                type: str
                desc: |
                    Base path used for various Borg directories. Defaults to $HOME, ~$USER, or ~.
                    See https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for details.
                example: /path/to/base
            borg_config_directory:
-                type: scalar
+                type: str
                desc: |
                    Path for Borg configuration files. Defaults to $borg_base_directory/.config/borg
                example: /path/to/base/config
            borg_cache_directory:
-                type: scalar
+                type: str
                desc: |
                    Path for Borg cache files. Defaults to $borg_base_directory/.cache/borg
                example: /path/to/base/cache
            borg_security_directory:
-                type: scalar
+                type: str
                desc: |
                    Path for Borg security and encryption nonce files. Defaults to $borg_base_directory/.config/borg/security
                example: /path/to/base/config/security
            borg_keys_directory:
-                type: scalar
+                type: str
                desc: |
                    Path for Borg encryption key files. Defaults to $borg_base_directory/.config/borg/keys
                example: /path/to/base/config/keys
@ -203,7 +236,7 @@ map:
                desc: Maximum seconds to wait for acquiring a repository/cache lock. Defaults to 1.
                example: 5
            archive_name_format:
-                type: scalar
+                type: str
                desc: |
                    Name of the archive. Borg placeholders can be used. See the output of
                    "borg help placeholders" for details. Defaults to
@ -212,6 +245,39 @@ map:
                    archives with a different archive name format. And you should also specify a
                    prefix in the consistency section as well.
                example: "{hostname}-documents-{now}"
+            relocated_repo_access_is_ok:
+                type: bool
+                desc: Bypass Borg error about a repository that has been moved. Defaults to false.
+                example: true
+            unknown_unencrypted_repo_access_is_ok:
+                type: bool
+                desc: |
+                    Bypass Borg error about a previously unknown unencrypted repository. Defaults to
+                    false.
+                example: true
+            extra_borg_options:
+                map:
+                    init:
+                        type: str
+                        desc: Extra command-line options to pass to "borg init".
+                        example: "--make-parent-dirs"
+                    prune:
+                        type: str
+                        desc: Extra command-line options to pass to "borg prune".
+                        example: "--save-space"
+                    create:
+                        type: str
+                        desc: Extra command-line options to pass to "borg create".
+                        example: "--no-files-cache"
+                    check:
+                        type: str
+                        desc: Extra command-line options to pass to "borg check".
+                        example: "--save-space"
+                desc: |
+                    Additional options to pass directly to particular Borg commands, handy for Borg
+                    options that borgmatic does not yet support natively. Note that borgmatic does
+                    not perform any validation on these options. Running borgmatic with
+                    "--verbosity 2" shows the exact Borg command-line invocation.
    retention:
        desc: |
            Retention policy for how many backups to keep in each category. See
@ -221,7 +287,7 @@ map:
            if you'd like to skip pruning entirely.
        map:
            keep_within:
-                type: scalar
+                type: str
                desc: Keep all archives within this time interval.
                example: 3H
            keep_secondly:
@ -253,11 +319,11 @@ map:
                desc: Number of yearly archives to keep.
                example: 1
            prefix:
-                type: scalar
+                type: str
                desc: |
                    When pruning, only consider archive names starting with this prefix.
                    Borg placeholders can be used. See the output of "borg help placeholders" for
-                    details. Defaults to "{hostname}-".
+                    details. Defaults to "{hostname}-". Use an empty value to disable the default.
                example: sourcehostname
    consistency:
        desc: |
@ -268,20 +334,21 @@ map:
            checks:
                seq:
                    - type: str
-                      enum: ['repository', 'archives', 'extract', 'disabled']
+                      enum: ['repository', 'archives', 'data', 'extract', 'disabled']
                      unique: true
                desc: |
-                    List of one or more consistency checks to run: "repository", "archives", and/or
-                    "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
-                    all consistency checks. "repository" checks the consistency of the repository,
-                    "archive" checks all of the archives, and "extract" does an extraction dry-run
-                    of the most recent archive.
+                    List of one or more consistency checks to run: "repository", "archives", "data",
+                    and/or "extract". Defaults to "repository" and "archives". Set to "disabled" to
+                    disable all consistency checks. "repository" checks the consistency of the
+                    repository, "archives" checks all of the archives, "data" verifies the integrity
+                    of the data within the archives, and "extract" does an extraction dry-run of the
+                    most recent archive. Note that "data" implies "archives".
                example:
                    - repository
                    - archives
            check_repositories:
                seq:
-                    - type: scalar
+                    - type: str
                desc: |
                    Paths to a subset of the repositories in the location section on which to run
                    consistency checks. Handy in case some of your repositories are very large, and
@ -295,37 +362,247 @@ map:
                      "archives" check. Defaults to checking all archives.
                example: 3
            prefix:
-                type: scalar
+                type: str
                desc: |
                    When performing the "archives" check, only consider archive names starting with
                    this prefix. Borg placeholders can be used. See the output of
-                    "borg help placeholders" for details. Defaults to "{hostname}-".
+                    "borg help placeholders" for details. Defaults to "{hostname}-". Use an empty
+                    value to disable the default.
                example: sourcehostname
+    output:
+        desc: |
+            Options for customizing borgmatic's own output and logging.
+        map:
+            color:
+                type: bool
+                desc: |
+                    Apply color to console output. Can be overridden with --no-color command-line
+                    flag. Defaults to true.
+                example: false
    hooks:
        desc: |
-            Shell commands or scripts to execute before and after a backup or if an error has occurred.
-            IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
-            Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
-            prevent potential shell injection or privilege escalation.
+            Shell commands, scripts, or integrations to execute at various points during a borgmatic
+            run. IMPORTANT: All provided commands and scripts are executed with user permissions of
+            borgmatic. Do not forget to set secure permissions on this configuration file (chmod
+            0600) as well as on any script called from a hook (chmod 0700) to prevent potential
+            shell injection or privilege escalation.
        map:
            before_backup:
                seq:
-                    - type: scalar
-                desc: List of one or more shell commands or scripts to execute before creating a backup.
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute before creating a
+                    backup, run once per configuration file.
                example:
-                    - echo "Starting a backup job."
+                    - echo "Starting a backup."
+            before_prune:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute before pruning, run
+                    once per configuration file.
+                example:
+                    - echo "Starting pruning."
+            before_check:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute before consistency
+                    checks, run once per configuration file.
+                example:
+                    - echo "Starting checks."
            after_backup:
                seq:
-                    - type: scalar
-                desc: List of one or more shell commands or scripts to execute after creating a backup.
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute after creating a
+                    backup, run once per configuration file.
                example:
-                    - echo "Backup created."
+                    - echo "Finished a backup."
+            after_prune:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute after pruning, run once
+                    per configuration file.
+                example:
+                    - echo "Finished pruning."
+            after_check:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute after consistency
+                    checks, run once per configuration file.
+                example:
+                    - echo "Finished checks."
            on_error:
                seq:
-                    - type: scalar
-                desc: List of one or more shell commands or scripts to execute in case an exception has occurred.
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute when an exception
+                    occurs during a "prune", "create", or "check" action or an associated
+                    before/after hook.
                example:
-                    - echo "Error while creating a backup."
+                    - echo "Error during prune/create/check."
+            postgresql_databases:
+                seq:
+                    - map:
+                        name:
+                            required: true
+                            type: str
+                            desc: |
+                                Database name (required if using this hook). Or "all" to dump all
+                                databases on the host.
+                            example: users
+                        hostname:
+                            type: str
+                            desc: |
+                                Database hostname to connect to. Defaults to connecting via local
+                                Unix socket.
+                            example: database.example.org
+                        port:
+                            type: int
+                            desc: Port to connect to. Defaults to 5432.
+                            example: 5433
+                        username:
+                            type: str
+                            desc: |
+                                Username with which to connect to the database. Defaults to the
+                                username of the current user. You probably want to specify the
+                                "postgres" superuser here when the database name is "all".
+                            example: dbuser
+                        password:
+                            type: str
+                            desc: |
+                                Password with which to connect to the database. Omitting a password
+                                will only work if PostgreSQL is configured to trust the configured
+                                username without a password, or you create a ~/.pgpass file.
+                            example: trustsome1
+                        format:
+                            type: str
+                            enum: ['plain', 'custom', 'directory', 'tar']
+                            desc: |
+                                Database dump output format. One of "plain", "custom", "directory",
+                                or "tar". Defaults to "custom" (unlike raw pg_dump). See
+                                https://www.postgresql.org/docs/current/app-pgdump.html for details.
+                                Note that format is ignored when the database name is "all".
+                            example: directory
+                        options:
+                            type: str
+                            desc: |
+                                Additional pg_dump/pg_dumpall options to pass directly to the dump
+                                command, without performing any validation on them. See
+                                https://www.postgresql.org/docs/current/app-pgdump.html for details.
+                            example: --role=someone
+                desc: |
+                    List of one or more PostgreSQL databases to dump before creating a backup,
+                    run once per configuration file. The database dumps are added to your source
+                    directories at runtime, backed up, and then removed afterwards. Requires
+                    pg_dump/pg_dumpall/pg_restore commands. See
+                    https://www.postgresql.org/docs/current/app-pgdump.html for details.
+            mysql_databases:
+                seq:
+                    - map:
+                        name:
+                            required: true
+                            type: str
+                            desc: |
+                                Database name (required if using this hook). Or "all" to dump all
+                                databases on the host.
+                            example: users
+                        hostname:
+                            type: str
+                            desc: |
+                                Database hostname to connect to. Defaults to connecting via local
+                                Unix socket.
+                            example: database.example.org
+                        port:
+                            type: int
+                            desc: Port to connect to. Defaults to 3306.
+                            example: 3307
+                        username:
+                            type: str
+                            desc: |
+                                Username with which to connect to the database. Defaults to the
+                                username of the current user.
+                            example: dbuser
+                        password:
+                            type: str
+                            desc: |
+                                Password with which to connect to the database. Omitting a password
+                                will only work if MySQL is configured to trust the configured
+                                username without a password.
+                            example: trustsome1
+                        options:
+                            type: str
+                            desc: |
+                                Additional mysqldump options to pass directly to the dump command,
+                                without performing any validation on them. See
+                                https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html or
+                                https://mariadb.com/kb/en/library/mysqldump/ for details.
+                            example: --skip-comments
+                desc: |
+                    List of one or more MySQL/MariaDB databases to dump before creating a backup,
+                    run once per configuration file. The database dumps are added to your source
+                    directories at runtime, backed up, and then removed afterwards. Requires
+                    mysqldump/mysql commands (from either MySQL or MariaDB). See
+                    https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html or
+                    https://mariadb.com/kb/en/library/mysqldump/ for details.
+            healthchecks:
+                type: str
+                desc: |
+                    Healthchecks ping URL or UUID to notify when a backup begins, ends, or errors.
+                    Create an account at https://healthchecks.io if you'd like to use this service.
+                    See
+                    https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#healthchecks-hook
+                    for details.
+                example:
+                    https://hc-ping.com/your-uuid-here
+            cronitor:
+                type: str
+                desc: |
+                    Cronitor ping URL to notify when a backup begins, ends, or errors. Create an
+                    account at https://cronitor.io if you'd like to use this service. See
+                    https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronitor-hook
+                    for details.
+                example:
+                    https://cronitor.link/d3x0c1
+            pagerduty:
+                type: str
+                desc: |
+                    PagerDuty integration key used to notify PagerDuty when a backup errors. Create
+                    an account at https://www.pagerduty.com/ if you'd like to use this service. See
+                    https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#pagerduty-hook
+                    for details.
+                example:
+                    a177cad45bd374409f78906a810a3074
+            cronhub:
+                type: str
+                desc: |
+                    Cronhub ping URL to notify when a backup begins, ends, or errors. Create an
+                    account at https://cronhub.io if you'd like to use this service. See
+                    https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronhub-hook for
+                    details.
+                example:
+                    https://cronhub.io/start/1f5e3410-254c-11e8-b61d-55875966d031
+            before_everything:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute before running all
+                    actions (if one of them is "create"). These are collected from all configuration
+                    files and then run once before all of them (prior to all actions).
+                example:
+                    - echo "Starting actions."
+            after_everything:
+                seq:
+                    - type: str
+                desc: |
+                    List of one or more shell commands or scripts to execute after running all
+                    actions (if one of them is "create"). These are collected from all configuration
+                    files and then run once before all of them (prior to all actions).
+                example:
+                    - echo "Completed actions."
            umask:
                type: scalar
                desc: Umask used when executing hooks. Defaults to the umask that borgmatic is run with.
--- a/borgmatic/config/validate.py
+++ b/borgmatic/config/validate.py
@ -1,14 +1,12 @@
 import logging
+import os

 import pkg_resources
 import pykwalify.core
 import pykwalify.errors
 import ruamel.yaml

-from borgmatic.config import load
-from borgmatic.logger import get_logger
-
-logger = get_logger(__name__)
+from borgmatic.config import load, normalize, override


 def schema_filename():
@ -66,19 +64,30 @@ def apply_logical_validation(config_filename, parsed_configuration):
                ),
            )

-    consistency_prefix = parsed_configuration.get('consistency', {}).get('prefix')
-    if archive_name_format and not consistency_prefix:
-        logger.warning(
-            'Since version 1.1.16, if you provide `archive_name_format`, you should also'
-            ' specify `consistency.prefix`.'
-        )

-
-def parse_configuration(config_filename, schema_filename):
+def remove_examples(schema):
    '''
-    Given the path to a config filename in YAML format and the path to a schema filename in
-    pykwalify YAML schema format, return the parsed configuration as a data structure of nested
-    dicts and lists corresponding to the schema. Example return value:
+    pykwalify gets angry if the example field is not a string. So rather than bend to its will,
+    remove all examples from the given schema before passing the schema to pykwalify.
+    '''
+    if 'map' in schema:
+        for item_name, item_schema in schema['map'].items():
+            item_schema.pop('example', None)
+            remove_examples(item_schema)
+    elif 'seq' in schema:
+        for item_schema in schema['seq']:
+            item_schema.pop('example', None)
+            remove_examples(item_schema)
+
+    return schema
+
+
+def parse_configuration(config_filename, schema_filename, overrides=None):
+    '''
+    Given the path to a config filename in YAML format, the path to a schema filename in pykwalify
+    YAML schema format, a sequence of configuration file override strings in the form of
+    "section.option=value", return the parsed configuration as a data structure of nested dicts and
+    lists corresponding to the schema. Example return value:

       {'location': {'source_directories': ['/home', '/etc'], 'repository': 'hostname.borg'},
       'retention': {'keep_daily': 7}, 'consistency': {'checks': ['repository', 'archives']}}
@ -94,13 +103,10 @@ def parse_configuration(config_filename, schema_filename):
    except (ruamel.yaml.error.YAMLError, RecursionError) as error:
        raise Validation_error(config_filename, (str(error),))

-    # pykwalify gets angry if the example field is not a string. So rather than bend to its will,
-    # remove all examples before passing the schema to pykwalify.
-    for section_name, section_schema in schema['map'].items():
-        for field_name, field_schema in section_schema['map'].items():
-            field_schema.pop('example', None)
+    override.apply_overrides(config, overrides)
+    normalize.normalize(config)

-    validator = pykwalify.core.Core(source_data=config, schema_data=schema)
+    validator = pykwalify.core.Core(source_data=config, schema_data=remove_examples(schema))
    parsed_result = validator.validate(raise_exception=False)

    if validator.validation_errors:
@ -111,6 +117,24 @@ def parse_configuration(config_filename, schema_filename):
    return parsed_result


+def normalize_repository_path(repository):
+    '''
+    Given a repository path, return the absolute path of it (for local repositories).
+    '''
+    # A colon in the repository indicates it's a remote repository. Bail.
+    if ':' in repository:
+        return repository
+
+    return os.path.abspath(repository)
+
+
+def repositories_match(first, second):
+    '''
+    Given two repository paths (relative and/or absolute), return whether they match.
+    '''
+    return normalize_repository_path(first) == normalize_repository_path(second)
+
+
 def guard_configuration_contains_repository(repository, configurations):
    '''
    Given a repository path and a dict mapping from config filename to corresponding parsed config
@ -132,9 +156,7 @@ def guard_configuration_contains_repository(repository, configurations):

        if count > 1:
            raise ValueError(
-                'Can\'t determine which repository to use. Use --repository option to disambiguate'.format(
-                    repository
-                )
+                'Can\'t determine which repository to use. Use --repository option to disambiguate'
            )

        return
@ -144,7 +166,7 @@ def guard_configuration_contains_repository(repository, configurations):
            config_repository
            for config in configurations.values()
            for config_repository in config['location']['repositories']
-            if repository == config_repository
+            if repositories_match(repository, config_repository)
        )
    )

--- a/borgmatic/execute.py
+++ b/borgmatic/execute.py
@ -1,45 +1,128 @@
 import logging
+import os
 import subprocess

-from borgmatic.logger import get_logger
-
-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


-def execute_and_log_output(full_command, output_log_level, shell):
-    process = subprocess.Popen(
-        full_command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=shell
-    )
+ERROR_OUTPUT_MAX_LINE_COUNT = 25
+BORG_ERROR_EXIT_CODE = 2
+
+
+def exit_code_indicates_error(command, exit_code, error_on_warnings=True):
+    '''
+    Return True if the given exit code from running the command corresponds to an error.
+    If error on warnings is False, then treat exit code 1 as a warning instead of an error.
+    '''
+    if error_on_warnings:
+        return bool(exit_code != 0)
+
+    return bool(exit_code >= BORG_ERROR_EXIT_CODE)
+
+
+def log_output(command, process, output_buffer, output_log_level, error_on_warnings):
+    '''
+    Given a command already executed, its process opened by subprocess.Popen(), and the process'
+    relevant output buffer (stderr or stdout), log its output with the requested log level.
+    Additionally, raise a CalledProcessException if the process exits with an error (or a warning,
+    if error on warnings is True).
+    '''
+    last_lines = []

    while process.poll() is None:
-        line = process.stdout.readline().rstrip().decode()
+        line = output_buffer.readline().rstrip().decode()
        if not line:
            continue

-        if line.startswith('borg: error:'):
-            logger.error(line)
-        else:
-            logger.log(output_log_level, line)
+        # Keep the last few lines of output in case the command errors, and we need the output for
+        # the exception below.
+        last_lines.append(line)
+        if len(last_lines) > ERROR_OUTPUT_MAX_LINE_COUNT:
+            last_lines.pop(0)

-    remaining_output = process.stdout.read().rstrip().decode()
+        logger.log(output_log_level, line)
+
+    remaining_output = output_buffer.read().rstrip().decode()
    if remaining_output:  # pragma: no cover
        logger.log(output_log_level, remaining_output)

    exit_code = process.poll()
-    if exit_code != 0:
-        raise subprocess.CalledProcessError(exit_code, full_command)
+
+    if exit_code_indicates_error(command, exit_code, error_on_warnings):
+        # If an error occurs, include its output in the raised exception so that we don't
+        # inadvertently hide error output.
+        if len(last_lines) == ERROR_OUTPUT_MAX_LINE_COUNT:
+            last_lines.insert(0, '...')
+
+        raise subprocess.CalledProcessError(exit_code, ' '.join(command), '\n'.join(last_lines))


-def execute_command(full_command, output_log_level=logging.INFO, shell=False):
+def execute_command(
+    full_command,
+    output_log_level=logging.INFO,
+    output_file=None,
+    input_file=None,
+    shell=False,
+    extra_environment=None,
+    working_directory=None,
+    error_on_warnings=True,
+):
    '''
    Execute the given command (a sequence of command/argument strings) and log its output at the
-    given log level. If output log level is None, instead capture and return the output. If
-    shell is True, execute the command within a shell.
+    given log level. If output log level is None, instead capture and return the output. If an
+    open output file object is given, then write stdout to the file and only log stderr (but only
+    if an output log level is set). If an open input file object is given, then read stdin from the
+    file. If shell is True, execute the command within a shell. If an extra environment dict is
+    given, then use it to augment the current environment, and pass the result into the command. If
+    a working directory is given, use that as the present working directory when running the
+    command. If error on warnings is False, then treat exit code 1 as a warning instead of an error.
+
+    Raise subprocesses.CalledProcessError if an error occurs while running the command.
+    '''
+    logger.debug(
+        ' '.join(full_command)
+        + (' < {}'.format(input_file.name) if input_file else '')
+        + (' > {}'.format(output_file.name) if output_file else '')
+    )
+    environment = {**os.environ, **extra_environment} if extra_environment else None
+
+    if output_log_level is None:
+        output = subprocess.check_output(
+            full_command, shell=shell, env=environment, cwd=working_directory
+        )
+        return output.decode() if output is not None else None
+    else:
+        process = subprocess.Popen(
+            full_command,
+            stdin=input_file,
+            stdout=output_file or subprocess.PIPE,
+            stderr=subprocess.PIPE if output_file else subprocess.STDOUT,
+            shell=shell,
+            env=environment,
+            cwd=working_directory,
+        )
+        log_output(
+            full_command,
+            process,
+            process.stderr if output_file else process.stdout,
+            output_log_level,
+            error_on_warnings,
+        )
+
+
+def execute_command_without_capture(full_command, working_directory=None, error_on_warnings=True):
+    '''
+    Execute the given command (a sequence of command/argument strings), but don't capture or log its
+    output in any way. This is necessary for commands that monkey with the terminal (e.g. progress
+    display) or provide interactive prompts.
+
+    If a working directory is given, use that as the present working directory when running the
+    command. If error on warnings is False, then treat exit code 1 as a warning instead of an error.
    '''
    logger.debug(' '.join(full_command))

-    if output_log_level is None:
-        output = subprocess.check_output(full_command, shell=shell)
-        return output.decode() if output is not None else None
-    else:
-        execute_and_log_output(full_command, output_log_level, shell=shell)
+    try:
+        subprocess.check_call(full_command, cwd=working_directory)
+    except subprocess.CalledProcessError as error:
+        if exit_code_indicates_error(full_command, error.returncode, error_on_warnings):
+            raise
--- a/borgmatic/hooks/init.py
+++ b/borgmatic/hooks/init.py
--- a/borgmatic/hooks/command.py
+++ b/borgmatic/hooks/command.py
@ -2,18 +2,35 @@ import logging
 import os

 from borgmatic import execute
-from borgmatic.logger import get_logger

-logger = get_logger(__name__)
+logger = logging.getLogger(__name__)


-def execute_hook(commands, umask, config_filename, description, dry_run):
+SOFT_FAIL_EXIT_CODE = 75
+
+
+def interpolate_context(command, context):
+    '''
+    Given a single hook command and a dict of context names/values, interpolate the values by
+    "{name}" into the command and return the result.
+    '''
+    for name, value in context.items():
+        command = command.replace('{%s}' % name, str(value))
+
+    return command
+
+
+def execute_hook(commands, umask, config_filename, description, dry_run, **context):
    '''
    Given a list of hook commands to execute, a umask to execute with (or None), a config filename,
    a hook description, and whether this is a dry run, run the given commands. Or, don't run them
    if this is a dry run.

+    The context contains optional values interpolated by name into the hook commands. Currently,
+    this only applies to the on_error hook.
+
    Raise ValueError if the umask cannot be parsed.
+    Raise subprocesses.CalledProcessError if an error occurs in a hook.
    '''
    if not commands:
        logger.debug('{}: No commands to run for {} hook'.format(config_filename, description))
@ -21,6 +38,9 @@ def execute_hook(commands, umask, config_filename, description, dry_run):

    dry_run_label = ' (dry run; not actually running hooks)' if dry_run else ''

+    context['configuration_filename'] = config_filename
+    commands = [interpolate_context(command, context) for command in commands]
+
    if len(commands) == 1:
        logger.info(
            '{}: Running command for {} hook{}'.format(config_filename, description, dry_run_label)
@ -52,3 +72,24 @@ def execute_hook(commands, umask, config_filename, description, dry_run):
    finally:
        if original_umask:
            os.umask(original_umask)
+
+
+def considered_soft_failure(config_filename, error):
+    '''
+    Given a configuration filename and an exception object, return whether the exception object
+    represents a subprocess.CalledProcessError with a return code of SOFT_FAIL_EXIT_CODE. If so,
+    that indicates that the error is a "soft failure", and should not result in an error.
+    '''
+    exit_code = getattr(error, 'returncode', None)
+    if exit_code is None:
+        return False
+
+    if exit_code == SOFT_FAIL_EXIT_CODE:
+        logger.info(
+            '{}: Command hook exited with soft failure exit code ({}); skipping remaining actions'.format(
+                config_filename, SOFT_FAIL_EXIT_CODE
+            )
+        )
+        return True
+
+    return False
--- a/borgmatic/hooks/cronhub.py
+++ b/borgmatic/hooks/cronhub.py
@ -0,0 +1,32 @@
+import logging
+
+import requests
+
+from borgmatic.hooks import monitor
+
+logger = logging.getLogger(__name__)
+
+MONITOR_STATE_TO_CRONHUB = {
+    monitor.State.START: 'start',
+    monitor.State.FINISH: 'finish',
+    monitor.State.FAIL: 'fail',
+}
+
+
+def ping_monitor(ping_url, config_filename, state, monitoring_log_level, dry_run):
+    '''
+    Ping the given Cronhub URL, modified with the monitor.State. Use the given configuration
+    filename in any log entries. If this is a dry run, then don't actually ping anything.
+    '''
+    dry_run_label = ' (dry run; not actually pinging)' if dry_run else ''
+    formatted_state = '/{}/'.format(MONITOR_STATE_TO_CRONHUB[state])
+    ping_url = ping_url.replace('/start/', formatted_state).replace('/ping/', formatted_state)
+
+    logger.info(
+        '{}: Pinging Cronhub {}{}'.format(config_filename, state.name.lower(), dry_run_label)
+    )
+    logger.debug('{}: Using Cronhub ping URL {}'.format(config_filename, ping_url))
+
+    if not dry_run:
+        logging.getLogger('urllib3').setLevel(logging.ERROR)
+        requests.get(ping_url)
--- a/borgmatic/hooks/cronitor.py
+++ b/borgmatic/hooks/cronitor.py
@ -0,0 +1,31 @@
+import logging
+
+import requests
+
+from borgmatic.hooks import monitor
+
+logger = logging.getLogger(__name__)
+
+MONITOR_STATE_TO_CRONITOR = {
+    monitor.State.START: 'run',
+    monitor.State.FINISH: 'complete',
+    monitor.State.FAIL: 'fail',
+}
+
+
+def ping_monitor(ping_url, config_filename, state, monitoring_log_level, dry_run):
+    '''
+    Ping the given Cronitor URL, modified with the monitor.State. Use the given configuration
+    filename in any log entries. If this is a dry run, then don't actually ping anything.
+    '''
+    dry_run_label = ' (dry run; not actually pinging)' if dry_run else ''
+    ping_url = '{}/{}'.format(ping_url, MONITOR_STATE_TO_CRONITOR[state])
+
+    logger.info(
+        '{}: Pinging Cronitor {}{}'.format(config_filename, state.name.lower(), dry_run_label)
+    )
+    logger.debug('{}: Using Cronitor ping URL {}'.format(config_filename, ping_url))
+
+    if not dry_run:
+        logging.getLogger('urllib3').setLevel(logging.ERROR)
+        requests.get(ping_url)
--- a/borgmatic/hooks/dispatch.py
+++ b/borgmatic/hooks/dispatch.py
@ -0,0 +1,62 @@
+import logging
+
+from borgmatic.hooks import cronhub, cronitor, healthchecks, mysql, pagerduty, postgresql
+
+logger = logging.getLogger(__name__)
+
+HOOK_NAME_TO_MODULE = {
+    'healthchecks': healthchecks,
+    'cronitor': cronitor,
+    'cronhub': cronhub,
+    'pagerduty': pagerduty,
+    'postgresql_databases': postgresql,
+    'mysql_databases': mysql,
+}
+
+
+def call_hook(function_name, hooks, log_prefix, hook_name, *args, **kwargs):
+    '''
+    Given the hooks configuration dict and a prefix to use in log entries, call the requested
+    function of the Python module corresponding to the given hook name. Supply that call with the
+    configuration for this hook, the log prefix, and any given args and kwargs. Return any return
+    value.
+
+    If the hook name is not present in the hooks configuration, then bail without calling anything.
+
+    Raise ValueError if the hook name is unknown.
+    Raise AttributeError if the function name is not found in the module.
+    Raise anything else that the called function raises.
+    '''
+    config = hooks.get(hook_name)
+    if not config:
+        logger.debug('{}: No {} hook configured.'.format(log_prefix, hook_name))
+        return
+
+    try:
+        module = HOOK_NAME_TO_MODULE[hook_name]
+    except KeyError:
+        raise ValueError('Unknown hook name: {}'.format(hook_name))
+
+    logger.debug('{}: Calling {} hook function {}'.format(log_prefix, hook_name, function_name))
+    return getattr(module, function_name)(config, log_prefix, *args, **kwargs)
+
+
+def call_hooks(function_name, hooks, log_prefix, hook_names, *args, **kwargs):
+    '''
+    Given the hooks configuration dict and a prefix to use in log entries, call the requested
+    function of the Python module corresponding to each given hook name. Supply each call with the
+    configuration for that hook, the log prefix, and any given args and kwargs. Collect any return
+    values into a dict from hook name to return value.
+
+    If the hook name is not present in the hooks configuration, then don't call the function for it,
+    and omit it from the return values.
+
+    Raise ValueError if the hook name is unknown.
+    Raise AttributeError if the function name is not found in the module.
+    Raise anything else that a called function raises. An error stops calls to subsequent functions.
+    '''
+    return {
+        hook_name: call_hook(function_name, hooks, log_prefix, hook_name, *args, **kwargs)
+        for hook_name in hook_names
+        if hook_name in hooks
+    }
--- a/borgmatic/hooks/dump.py
+++ b/borgmatic/hooks/dump.py
@ -0,0 +1,179 @@
+import glob
+import logging
+import os
+import shutil
+
+from borgmatic.borg.create import DEFAULT_BORGMATIC_SOURCE_DIRECTORY
+
+logger = logging.getLogger(__name__)
+
+DATABASE_HOOK_NAMES = ('postgresql_databases', 'mysql_databases')
+
+
+def make_database_dump_path(borgmatic_source_directory, database_hook_name):
+    '''
+    Given a borgmatic source directory (or None) and a database hook name, construct a database dump
+    path.
+    '''
+    if not borgmatic_source_directory:
+        borgmatic_source_directory = DEFAULT_BORGMATIC_SOURCE_DIRECTORY
+
+    return os.path.join(borgmatic_source_directory, database_hook_name)
+
+
+def make_database_dump_filename(dump_path, name, hostname=None):
+    '''
+    Based on the given dump directory path, database name, and hostname, return a filename to use
+    for the database dump. The hostname defaults to localhost.
+
+    Raise ValueError if the database name is invalid.
+    '''
+    if os.path.sep in name:
+        raise ValueError('Invalid database name {}'.format(name))
+
+    return os.path.join(os.path.expanduser(dump_path), hostname or 'localhost', name)
+
+
+def flatten_dump_patterns(dump_patterns, names):
+    '''
+    Given a dict from a database hook name to glob patterns matching the dumps for the named
+    databases, flatten out all the glob patterns into a single sequence, and return it.
+
+    Raise ValueError if there are no resulting glob patterns, which indicates that databases are not
+    configured in borgmatic's configuration.
+    '''
+    flattened = [pattern for patterns in dump_patterns.values() for pattern in patterns]
+
+    if not flattened:
+        raise ValueError(
+            'Cannot restore database(s) {} missing from borgmatic\'s configuration'.format(
+                ', '.join(names) or '"all"'
+            )
+        )
+
+    return flattened
+
+
+def remove_database_dumps(dump_path, databases, database_type_name, log_prefix, dry_run):
+    '''
+    Remove the database dumps for the given databases in the dump directory path. The databases are
+    supplied as a sequence of dicts, one dict describing each database as per the configuration
+    schema. Use the name of the database type and the log prefix in any log entries. If this is a
+    dry run, then don't actually remove anything.
+    '''
+    if not databases:
+        logger.debug('{}: No {} databases configured'.format(log_prefix, database_type_name))
+        return
+
+    dry_run_label = ' (dry run; not actually removing anything)' if dry_run else ''
+
+    logger.info(
+        '{}: Removing {} database dumps{}'.format(log_prefix, database_type_name, dry_run_label)
+    )
+
+    for database in databases:
+        dump_filename = make_database_dump_filename(
+            dump_path, database['name'], database.get('hostname')
+        )
+
+        logger.debug(
+            '{}: Removing {} database dump {} from {}{}'.format(
+                log_prefix, database_type_name, database['name'], dump_filename, dry_run_label
+            )
+        )
+        if dry_run:
+            continue
+
+        if os.path.isdir(dump_filename):
+            shutil.rmtree(dump_filename)
+        else:
+            os.remove(dump_filename)
+        dump_file_dir = os.path.dirname(dump_filename)
+
+        if len(os.listdir(dump_file_dir)) == 0:
+            os.rmdir(dump_file_dir)
+
+
+def convert_glob_patterns_to_borg_patterns(patterns):
+    '''
+    Convert a sequence of shell glob patterns like "/etc/*" to the corresponding Borg archive
+    patterns like "sh:etc/*".
+    '''
+    return ['sh:{}'.format(pattern.lstrip(os.path.sep)) for pattern in patterns]
+
+
+def get_database_names_from_dumps(patterns):
+    '''
+    Given a sequence of database dump patterns, find the corresponding database dumps on disk and
+    return the database names from their filenames.
+    '''
+    return [os.path.basename(dump_path) for pattern in patterns for dump_path in glob.glob(pattern)]
+
+
+def get_database_configurations(databases, names):
+    '''
+    Given the full database configuration dicts as per the configuration schema, and a sequence of
+    database names, filter down and yield the configuration for just the named databases.
+    Additionally, if a database configuration is named "all", project out that configuration for
+    each named database.
+    '''
+    named_databases = {database['name']: database for database in databases}
+
+    for name in names:
+        database = named_databases.get(name)
+        if database:
+            yield database
+            continue
+
+        if 'all' in named_databases:
+            yield {**named_databases['all'], **{'name': name}}
+            continue
+
+
+def get_per_hook_database_configurations(hooks, names, dump_patterns):
+    '''
+    Given the hooks configuration dict as per the configuration schema, a sequence of database
+    names to restore, and a dict from database hook name to glob patterns for matching dumps,
+    filter down the configuration for just the named databases.
+
+    If there are no named databases given, then find the corresponding database dumps on disk and
+    use the database names from their filenames. Additionally, if a database configuration is named
+    "all", project out that configuration for each named database.
+
+    Return the results as a dict from database hook name to a sequence of database configuration
+    dicts for that database type.
+
+    Raise ValueError if one of the database names cannot be matched to a database in borgmatic's
+    database configuration.
+    '''
+    hook_databases = {
+        hook_name: list(
+            get_database_configurations(
+                hooks.get(hook_name),
+                names or get_database_names_from_dumps(dump_patterns[hook_name]),
+            )
+        )
+        for hook_name in DATABASE_HOOK_NAMES
+        if hook_name in hooks
+    }
+
+    if not names or 'all' in names:
+        if not any(hook_databases.values()):
+            raise ValueError(
+                'Cannot restore database "all", as there are no database dumps in the archive'
+            )
+
+        return hook_databases
+
+    found_names = {
+        database['name'] for databases in hook_databases.values() for database in databases
+    }
+    missing_names = sorted(set(names) - found_names)
+    if missing_names:
+        raise ValueError(
+            'Cannot restore database(s) {} missing from borgmatic\'s configuration'.format(
+                ', '.join(missing_names)
+            )
+        )
+
+    return hook_databases
--- a/borgmatic/hooks/healthchecks.py
+++ b/borgmatic/hooks/healthchecks.py
@ -0,0 +1,103 @@
+import logging
+
+import requests
+
+from borgmatic.hooks import monitor
+
+logger = logging.getLogger(__name__)
+
+MONITOR_STATE_TO_HEALTHCHECKS = {
+    monitor.State.START: 'start',
+    monitor.State.FINISH: None,  # Healthchecks doesn't append to the URL for the finished state.
+    monitor.State.FAIL: 'fail',
+}
+
+PAYLOAD_TRUNCATION_INDICATOR = '...\n'
+PAYLOAD_LIMIT_BYTES = 10 * 1024 - len(PAYLOAD_TRUNCATION_INDICATOR)
+
+
+class Forgetful_buffering_handler(logging.Handler):
+    '''
+    A buffering log handler that stores log messages in memory, and throws away messages (oldest
+    first) once a particular capacity in bytes is reached.
+    '''
+
+    def __init__(self, byte_capacity, log_level):
+        super().__init__()
+
+        self.byte_capacity = byte_capacity
+        self.byte_count = 0
+        self.buffer = []
+        self.forgot = False
+        self.setLevel(log_level)
+
+    def emit(self, record):
+        message = record.getMessage() + '\n'
+        self.byte_count += len(message)
+        self.buffer.append(message)
+
+        while self.byte_count > self.byte_capacity and self.buffer:
+            self.byte_count -= len(self.buffer[0])
+            self.buffer.pop(0)
+            self.forgot = True
+
+
+def format_buffered_logs_for_payload():
+    '''
+    Get the handler previously added to the root logger, and slurp buffered logs out of it to
+    send to Healthchecks.
+    '''
+    try:
+        buffering_handler = next(
+            handler
+            for handler in logging.getLogger().handlers
+            if isinstance(handler, Forgetful_buffering_handler)
+        )
+    except StopIteration:
+        # No handler means no payload.
+        return ''
+
+    payload = ''.join(message for message in buffering_handler.buffer)
+
+    if buffering_handler.forgot:
+        return PAYLOAD_TRUNCATION_INDICATOR + payload
+
+    return payload
+
+
+def ping_monitor(ping_url_or_uuid, config_filename, state, monitoring_log_level, dry_run):
+    '''
+    Ping the given Healthchecks URL or UUID, modified with the monitor.State. Use the given
+    configuration filename in any log entries, and log to Healthchecks with the giving log level.
+    If this is a dry run, then don't actually ping anything.
+    '''
+    if state is monitor.State.START:
+        # Add a handler to the root logger that stores in memory the most recent logs emitted. That
+        # way, we can send them all to Healthchecks upon a finish or failure state.
+        logging.getLogger().addHandler(
+            Forgetful_buffering_handler(PAYLOAD_LIMIT_BYTES, monitoring_log_level)
+        )
+        payload = ''
+
+    ping_url = (
+        ping_url_or_uuid
+        if ping_url_or_uuid.startswith('http')
+        else 'https://hc-ping.com/{}'.format(ping_url_or_uuid)
+    )
+    dry_run_label = ' (dry run; not actually pinging)' if dry_run else ''
+
+    healthchecks_state = MONITOR_STATE_TO_HEALTHCHECKS.get(state)
+    if healthchecks_state:
+        ping_url = '{}/{}'.format(ping_url, healthchecks_state)
+
+    logger.info(
+        '{}: Pinging Healthchecks {}{}'.format(config_filename, state.name.lower(), dry_run_label)
+    )
+    logger.debug('{}: Using Healthchecks ping URL {}'.format(config_filename, ping_url))
+
+    if state in (monitor.State.FINISH, monitor.State.FAIL):
+        payload = format_buffered_logs_for_payload()
+
+    if not dry_run:
+        logging.getLogger('urllib3').setLevel(logging.ERROR)
+        requests.post(ping_url, data=payload.encode('utf-8'))
--- a/borgmatic/hooks/monitor.py
+++ b/borgmatic/hooks/monitor.py
@ -0,0 +1,9 @@
+from enum import Enum
+
+MONITOR_HOOK_NAMES = ('healthchecks', 'cronitor', 'cronhub', 'pagerduty')
+
+
+class State(Enum):
+    START = 1
+    FINISH = 2
+    FAIL = 3
--- a/borgmatic/hooks/mysql.py
+++ b/borgmatic/hooks/mysql.py
@ -0,0 +1,111 @@
+import logging
+import os
+
+from borgmatic.execute import execute_command
+from borgmatic.hooks import dump
+
+logger = logging.getLogger(__name__)
+
+
+def make_dump_path(location_config):  # pragma: no cover
+    '''
+    Make the dump path from the given location configuration and the name of this hook.
+    '''
+    return dump.make_database_dump_path(
+        location_config.get('borgmatic_source_directory'), 'mysql_databases'
+    )
+
+
+def dump_databases(databases, log_prefix, location_config, dry_run):
+    '''
+    Dump the given MySQL/MariaDB databases to disk. The databases are supplied as a sequence of
+    dicts, one dict describing each database as per the configuration schema. Use the given log
+    prefix in any log entries. Use the given location configuration dict to construct the
+    destination path. If this is a dry run, then don't actually dump anything.
+    '''
+    dry_run_label = ' (dry run; not actually dumping anything)' if dry_run else ''
+
+    logger.info('{}: Dumping MySQL databases{}'.format(log_prefix, dry_run_label))
+
+    for database in databases:
+        name = database['name']
+        dump_filename = dump.make_database_dump_filename(
+            make_dump_path(location_config), name, database.get('hostname')
+        )
+        command = (
+            ('mysqldump', '--add-drop-database')
+            + (('--host', database['hostname']) if 'hostname' in database else ())
+            + (('--port', str(database['port'])) if 'port' in database else ())
+            + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
+            + (('--user', database['username']) if 'username' in database else ())
+            + (tuple(database['options'].split(' ')) if 'options' in database else ())
+            + (('--all-databases',) if name == 'all' else ('--databases', name))
+        )
+        extra_environment = {'MYSQL_PWD': database['password']} if 'password' in database else None
+
+        logger.debug(
+            '{}: Dumping MySQL database {} to {}{}'.format(
+                log_prefix, name, dump_filename, dry_run_label
+            )
+        )
+        if not dry_run:
+            os.makedirs(os.path.dirname(dump_filename), mode=0o700, exist_ok=True)
+            execute_command(
+                command, output_file=open(dump_filename, 'w'), extra_environment=extra_environment
+            )
+
+
+def remove_database_dumps(databases, log_prefix, location_config, dry_run):  # pragma: no cover
+    '''
+    Remove the database dumps for the given databases. The databases are supplied as a sequence of
+    dicts, one dict describing each database as per the configuration schema. Use the log prefix in
+    any log entries. Use the given location configuration dict to construct the destination path. If
+    this is a dry run, then don't actually remove anything.
+    '''
+    dump.remove_database_dumps(
+        make_dump_path(location_config), databases, 'MySQL', log_prefix, dry_run
+    )
+
+
+def make_database_dump_patterns(databases, log_prefix, location_config, names):
+    '''
+    Given a sequence of configurations dicts, a prefix to log with, a location configuration dict,
+    and a sequence of database names to match, return the corresponding glob patterns to match the
+    database dumps in an archive. An empty sequence of names indicates that the patterns should
+    match all dumps.
+    '''
+    return [
+        dump.make_database_dump_filename(make_dump_path(location_config), name, hostname='*')
+        for name in (names or ['*'])
+    ]
+
+
+def restore_database_dumps(databases, log_prefix, location_config, dry_run):
+    '''
+    Restore the given MySQL/MariaDB databases from disk. The databases are supplied as a sequence of
+    dicts, one dict describing each database as per the configuration schema. Use the given log
+    prefix in any log entries. Use the given location configuration dict to construct the
+    destination path. If this is a dry run, then don't actually restore anything.
+    '''
+    dry_run_label = ' (dry run; not actually restoring anything)' if dry_run else ''
+
+    for database in databases:
+        dump_filename = dump.make_database_dump_filename(
+            make_dump_path(location_config), database['name'], database.get('hostname')
+        )
+        restore_command = (
+            ('mysql', '--batch')
+            + (('--host', database['hostname']) if 'hostname' in database else ())
+            + (('--port', str(database['port'])) if 'port' in database else ())
+            + (('--protocol', 'tcp') if 'hostname' in database or 'port' in database else ())
+            + (('--user', database['username']) if 'username' in database else ())
+        )
+        extra_environment = {'MYSQL_PWD': database['password']} if 'password' in database else None
+
+        logger.debug(
+            '{}: Restoring MySQL database {}{}'.format(log_prefix, database['name'], dry_run_label)
+        )
+        if not dry_run:
+            execute_command(
+                restore_command, input_file=open(dump_filename), extra_environment=extra_environment
+            )
--- a/borgmatic/hooks/pagerduty.py
+++ b/borgmatic/hooks/pagerduty.py
@ -0,0 +1,62 @@
+import datetime
+import json
+import logging
+import platform
+
+import requests
+
+from borgmatic.hooks import monitor
+
+logger = logging.getLogger(__name__)
+
+EVENTS_API_URL = 'https://events.pagerduty.com/v2/enqueue'
+
+
+def ping_monitor(integration_key, config_filename, state, monitoring_log_level, dry_run):
+    '''
+    If this is an error state, create a PagerDuty event with the given integration key. Use the
+    given configuration filename in any log entries. If this is a dry run, then don't actually
+    create an event.
+    '''
+    if state != monitor.State.FAIL:
+        logger.debug(
+            '{}: Ignoring unsupported monitoring {} in PagerDuty hook'.format(
+                config_filename, state.name.lower()
+            )
+        )
+        return
+
+    dry_run_label = ' (dry run; not actually sending)' if dry_run else ''
+    logger.info('{}: Sending failure event to PagerDuty {}'.format(config_filename, dry_run_label))
+
+    if dry_run:
+        return
+
+    hostname = platform.node()
+    local_timestamp = (
+        datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).astimezone().isoformat()
+    )
+    payload = json.dumps(
+        {
+            'routing_key': integration_key,
+            'event_action': 'trigger',
+            'payload': {
+                'summary': 'backup failed on {}'.format(hostname),
+                'severity': 'error',
+                'source': hostname,
+                'timestamp': local_timestamp,
+                'component': 'borgmatic',
+                'group': 'backups',
+                'class': 'backup failure',
+                'custom_details': {
+                    'hostname': hostname,
+                    'configuration filename': config_filename,
+                    'server time': local_timestamp,
+                },
+            },
+        }
+    )
+    logger.debug('{}: Using PagerDuty payload: {}'.format(config_filename, payload))
+
+    logging.getLogger('urllib3').setLevel(logging.ERROR)
+    requests.post(EVENTS_API_URL, data=payload.encode('utf-8'))
--- a/borgmatic/hooks/postgresql.py
+++ b/borgmatic/hooks/postgresql.py
@ -0,0 +1,121 @@
+import logging
+import os
+
+from borgmatic.execute import execute_command
+from borgmatic.hooks import dump
+
+logger = logging.getLogger(__name__)
+
+
+def make_dump_path(location_config):  # pragma: no cover
+    '''
+    Make the dump path from the given location configuration and the name of this hook.
+    '''
+    return dump.make_database_dump_path(
+        location_config.get('borgmatic_source_directory'), 'postgresql_databases'
+    )
+
+
+def dump_databases(databases, log_prefix, location_config, dry_run):
+    '''
+    Dump the given PostgreSQL databases to disk. The databases are supplied as a sequence of dicts,
+    one dict describing each database as per the configuration schema. Use the given log prefix in
+    any log entries. Use the given location configuration dict to construct the destination path. If
+    this is a dry run, then don't actually dump anything.
+    '''
+    dry_run_label = ' (dry run; not actually dumping anything)' if dry_run else ''
+
+    logger.info('{}: Dumping PostgreSQL databases{}'.format(log_prefix, dry_run_label))
+
+    for database in databases:
+        name = database['name']
+        dump_filename = dump.make_database_dump_filename(
+            make_dump_path(location_config), name, database.get('hostname')
+        )
+        all_databases = bool(name == 'all')
+        command = (
+            ('pg_dumpall' if all_databases else 'pg_dump', '--no-password', '--clean')
+            + ('--file', dump_filename)
+            + (('--host', database['hostname']) if 'hostname' in database else ())
+            + (('--port', str(database['port'])) if 'port' in database else ())
+            + (('--username', database['username']) if 'username' in database else ())
+            + (() if all_databases else ('--format', database.get('format', 'custom')))
+            + (tuple(database['options'].split(' ')) if 'options' in database else ())
+            + (() if all_databases else (name,))
+        )
+        extra_environment = {'PGPASSWORD': database['password']} if 'password' in database else None
+
+        logger.debug(
+            '{}: Dumping PostgreSQL database {} to {}{}'.format(
+                log_prefix, name, dump_filename, dry_run_label
+            )
+        )
+        if not dry_run:
+            os.makedirs(os.path.dirname(dump_filename), mode=0o700, exist_ok=True)
+            execute_command(command, extra_environment=extra_environment)
+
+
+def remove_database_dumps(databases, log_prefix, location_config, dry_run):  # pragma: no cover
+    '''
+    Remove the database dumps for the given databases. The databases are supplied as a sequence of
+    dicts, one dict describing each database as per the configuration schema. Use the log prefix in
+    any log entries. Use the given location configuration dict to construct the destination path. If
+    this is a dry run, then don't actually remove anything.
+    '''
+    dump.remove_database_dumps(
+        make_dump_path(location_config), databases, 'PostgreSQL', log_prefix, dry_run
+    )
+
+
+def make_database_dump_patterns(databases, log_prefix, location_config, names):
+    '''
+    Given a sequence of configurations dicts, a prefix to log with, a location configuration dict,
+    and a sequence of database names to match, return the corresponding glob patterns to match the
+    database dumps in an archive. An empty sequence of names indicates that the patterns should
+    match all dumps.
+    '''
+    return [
+        dump.make_database_dump_filename(make_dump_path(location_config), name, hostname='*')
+        for name in (names or ['*'])
+    ]
+
+
+def restore_database_dumps(databases, log_prefix, location_config, dry_run):
+    '''
+    Restore the given PostgreSQL databases from disk. The databases are supplied as a sequence of
+    dicts, one dict describing each database as per the configuration schema. Use the given log
+    prefix in any log entries. Use the given location configuration dict to construct the
+    destination path. If this is a dry run, then don't actually restore anything.
+    '''
+    dry_run_label = ' (dry run; not actually restoring anything)' if dry_run else ''
+
+    for database in databases:
+        dump_filename = dump.make_database_dump_filename(
+            make_dump_path(location_config), database['name'], database.get('hostname')
+        )
+        restore_command = (
+            ('pg_restore', '--no-password', '--clean', '--if-exists', '--exit-on-error')
+            + (('--host', database['hostname']) if 'hostname' in database else ())
+            + (('--port', str(database['port'])) if 'port' in database else ())
+            + (('--username', database['username']) if 'username' in database else ())
+            + ('--dbname', database['name'])
+            + (dump_filename,)
+        )
+        extra_environment = {'PGPASSWORD': database['password']} if 'password' in database else None
+        analyze_command = (
+            ('psql', '--no-password', '--quiet')
+            + (('--host', database['hostname']) if 'hostname' in database else ())
+            + (('--port', str(database['port'])) if 'port' in database else ())
+            + (('--username', database['username']) if 'username' in database else ())
+            + ('--dbname', database['name'])
+            + ('--command', 'ANALYZE')
+        )
+
+        logger.debug(
+            '{}: Restoring PostgreSQL database {}{}'.format(
+                log_prefix, database['name'], dry_run_label
+            )
+        )
+        if not dry_run:
+            execute_command(restore_command, extra_environment=extra_environment)
+            execute_command(analyze_command, extra_environment=extra_environment)
--- a/borgmatic/logger.py
+++ b/borgmatic/logger.py
@ -21,19 +21,67 @@ def to_bool(arg):
    return False


-def should_do_markup(no_color):
+def interactive_console():
    '''
-    Determine if we should enable colorama marking up.
+    Return whether the current console is "interactive". Meaning: Capable of
+    user input and not just something like a cron job.
+    '''
+    return sys.stderr.isatty() and os.environ.get('TERM') != 'dumb'
+
+
+def should_do_markup(no_color, configs):
+    '''
+    Given the value of the command-line no-color argument, and a dict of configuration filename to
+    corresponding parsed configuration, determine if we should enable colorama marking up.
    '''
    if no_color:
        return False

+    if any(config.get('output', {}).get('color') is False for config in configs.values()):
+        return False
+
    py_colors = os.environ.get('PY_COLORS', None)

    if py_colors is not None:
        return to_bool(py_colors)

-    return sys.stdout.isatty() and os.environ.get('TERM') != 'dumb'
+    return interactive_console()
+
+
+class Multi_stream_handler(logging.Handler):
+    '''
+    A logging handler that dispatches each log record to one of multiple stream handlers depending
+    on the record's log level.
+    '''
+
+    def __init__(self, log_level_to_stream_handler):
+        super(Multi_stream_handler, self).__init__()
+        self.log_level_to_handler = log_level_to_stream_handler
+        self.handlers = set(self.log_level_to_handler.values())
+
+    def flush(self):  # pragma: no cover
+        super(Multi_stream_handler, self).flush()
+
+        for handler in self.handlers:
+            handler.flush()
+
+    def emit(self, record):
+        '''
+        Dispatch the log record to the approriate stream handler for the record's log level.
+        '''
+        self.log_level_to_handler[record.levelno].emit(record)
+
+    def setFormatter(self, formatter):  # pragma: no cover
+        super(Multi_stream_handler, self).setFormatter(formatter)
+
+        for handler in self.handlers:
+            handler.setFormatter(formatter)
+
+    def setLevel(self, level):  # pragma: no cover
+        super(Multi_stream_handler, self).setLevel(level)
+
+        for handler in self.handlers:
+            handler.setLevel(level)


 LOG_LEVEL_TO_COLOR = {
@ -45,52 +93,10 @@ LOG_LEVEL_TO_COLOR = {
 }


-class Borgmatic_logger(logging.Logger):
-    def critical(self, msg, *args, **kwargs):
-        color = LOG_LEVEL_TO_COLOR.get(logging.CRITICAL)
-
-        return super(Borgmatic_logger, self).critical(color_text(color, msg), *args, **kwargs)
-
-    def error(self, msg, *args, **kwargs):
-        color = LOG_LEVEL_TO_COLOR.get(logging.ERROR)
-
-        return super(Borgmatic_logger, self).error(color_text(color, msg), *args, **kwargs)
-
-    def warn(self, msg, *args, **kwargs):
-        color = LOG_LEVEL_TO_COLOR.get(logging.WARN)
-
-        return super(Borgmatic_logger, self).warn(color_text(color, msg), *args, **kwargs)
-
-    def info(self, msg, *args, **kwargs):
-        color = LOG_LEVEL_TO_COLOR.get(logging.INFO)
-
-        return super(Borgmatic_logger, self).info(color_text(color, msg), *args, **kwargs)
-
-    def debug(self, msg, *args, **kwargs):
-        color = LOG_LEVEL_TO_COLOR.get(logging.DEBUG)
-
-        return super(Borgmatic_logger, self).debug(color_text(color, msg), *args, **kwargs)
-
-    def handle(self, record):
+class Console_color_formatter(logging.Formatter):
+    def format(self, record):
        color = LOG_LEVEL_TO_COLOR.get(record.levelno)
-        colored_record = logging.makeLogRecord(
-            dict(
-                levelno=record.levelno,
-                levelname=record.levelname,
-                msg=color_text(color, record.msg),
-            )
-        )
-
-        return super(Borgmatic_logger, self).handle(colored_record)
-
-
-def get_logger(name=None):
-    '''
-    Build a logger with the given name.
-    '''
-    logging.setLoggerClass(Borgmatic_logger)
-    logger = logging.getLogger(name)
-    return logger
+        return color_text(color, record.msg)


 def color_text(color, message):
@ -103,29 +109,63 @@ def color_text(color, message):
    return '{}{}{}'.format(color, message, colorama.Style.RESET_ALL)


-def configure_logging(console_log_level, syslog_log_level=None):
+def configure_logging(
+    console_log_level,
+    syslog_log_level=None,
+    log_file_log_level=None,
+    monitoring_log_level=None,
+    log_file=None,
+):
    '''
-    Configure logging to go to both the console and syslog. Use the given log levels, respectively.
+    Configure logging to go to both the console and (syslog or log file). Use the given log levels,
+    respectively.
+
+    Raise FileNotFoundError or PermissionError if the log file could not be opened for writing.
    '''
    if syslog_log_level is None:
        syslog_log_level = console_log_level
+    if log_file_log_level is None:
+        log_file_log_level = console_log_level
+    if monitoring_log_level is None:
+        monitoring_log_level = console_log_level

-    console_handler = logging.StreamHandler()
-    console_handler.setFormatter(logging.Formatter('%(message)s'))
+    # Log certain log levels to console stderr and others to stdout. This supports use cases like
+    # grepping (non-error) output.
+    console_error_handler = logging.StreamHandler(sys.stderr)
+    console_standard_handler = logging.StreamHandler(sys.stdout)
+    console_handler = Multi_stream_handler(
+        {
+            logging.CRITICAL: console_error_handler,
+            logging.ERROR: console_error_handler,
+            logging.WARN: console_standard_handler,
+            logging.INFO: console_standard_handler,
+            logging.DEBUG: console_standard_handler,
+        }
+    )
+    console_handler.setFormatter(Console_color_formatter())
    console_handler.setLevel(console_log_level)

    syslog_path = None
-    if os.path.exists('/dev/log'):
-        syslog_path = '/dev/log'
-    elif os.path.exists('/var/run/syslog'):
-        syslog_path = '/var/run/syslog'
+    if log_file is None:
+        if os.path.exists('/dev/log'):
+            syslog_path = '/dev/log'
+        elif os.path.exists('/var/run/syslog'):
+            syslog_path = '/var/run/syslog'

-    if syslog_path:
+    if syslog_path and not interactive_console():
        syslog_handler = logging.handlers.SysLogHandler(address=syslog_path)
-        syslog_handler.setFormatter(logging.Formatter('borgmatic: %(levelname)s \ufeff%(message)s'))
+        syslog_handler.setFormatter(logging.Formatter('borgmatic: %(levelname)s %(message)s'))
        syslog_handler.setLevel(syslog_log_level)
        handlers = (console_handler, syslog_handler)
+    elif log_file:
+        file_handler = logging.handlers.WatchedFileHandler(log_file)
+        file_handler.setFormatter(logging.Formatter('[%(asctime)s] %(levelname)s: %(message)s'))
+        file_handler.setLevel(log_file_log_level)
+        handlers = (console_handler, file_handler)
    else:
        handlers = (console_handler,)

-    logging.basicConfig(level=min(console_log_level, syslog_log_level), handlers=handlers)
+    logging.basicConfig(
+        level=min(console_log_level, syslog_log_level, log_file_log_level, monitoring_log_level),
+        handlers=handlers,
+    )
--- a/borgmatic/verbosity.py
+++ b/borgmatic/verbosity.py
@ -1,5 +1,6 @@
 import logging

+VERBOSITY_ERROR = -1
 VERBOSITY_WARNING = 0
 VERBOSITY_SOME = 1
 VERBOSITY_LOTS = 2
@ -10,6 +11,7 @@ def verbosity_to_log_level(verbosity):
    Given a borgmatic verbosity value, return the corresponding Python log level.
    '''
    return {
+        VERBOSITY_ERROR: logging.ERROR,
        VERBOSITY_WARNING: logging.WARNING,
        VERBOSITY_SOME: logging.INFO,
        VERBOSITY_LOTS: logging.DEBUG,
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@ -1,10 +1,15 @@
-FROM python:3.7.3-alpine3.9 as borgmatic
+FROM python:3.7.4-alpine3.10 as borgmatic

 COPY . /app
 RUN pip install --no-cache /app && generate-borgmatic-config && chmod +r /etc/borgmatic/config.yaml
-RUN borgmatic --help > /command-line.txt
+RUN borgmatic --help > /command-line.txt \
+    && for action in init prune create check extract mount umount restore list info; do \
+           echo -e "\n--------------------------------------------------------------------------------\n" >> /command-line.txt \
+           && borgmatic "$action" --help >> /command-line.txt; done

-FROM node:11.15.0-alpine as html
+FROM node:12.10.0-alpine as html
+
+ARG ENVIRONMENT=production

 WORKDIR /source

@ -17,10 +22,10 @@ RUN npm install @11ty/eleventy \
 COPY --from=borgmatic /etc/borgmatic/config.yaml /source/docs/_includes/borgmatic/config.yaml
 COPY --from=borgmatic /command-line.txt /source/docs/_includes/borgmatic/command-line.txt
 COPY . /source
-RUN npx eleventy --input=/source/docs --output=/output/docs \
+RUN NODE_ENV=${ENVIRONMENT} npx eleventy --input=/source/docs --output=/output/docs \
  && mv /output/docs/index.html /output/index.html

-FROM nginx:1.16.0-alpine
+FROM nginx:1.16.1-alpine

 COPY --from=html /output /usr/share/nginx/html
 COPY --from=borgmatic /etc/borgmatic/config.yaml /usr/share/nginx/html/docs/reference/config.yaml
--- a/docs/_includes/components/suggestion-form.css
+++ b/docs/_includes/components/suggestion-form.css
@ -0,0 +1,18 @@
+#suggestion-form textarea {
+	font-family: sans-serif;
+	width: 100%;
+}
+
+#suggestion-form label {
+	font-weight: bold;
+}
+
+#suggestion-form input[type=email] {
+	font-size: 16px;
+	width: 100%;
+}
+
+#suggestion-form .form-error {
+        color: red;
+}
+
--- a/docs/_includes/components/suggestion-form.html
+++ b/docs/_includes/components/suggestion-form.html
@ -0,0 +1,33 @@
+<h2>Improve this documentation</h2>
+
+<p>Have an idea on how to make this documentation even better? Send your
+feedback below! But if you need help with borgmatic, or have an idea for a
+borgmatic feature, please use our <a href="https://torsion.org/borgmatic/#issues">issue
+tracker</a> instead.</p>
+
+<form id="suggestion-form">
+    <div><label for="suggestion">Documentation suggestion</label></div>
+    <textarea id="suggestion" rows="8" cols="60" name="suggestion"></textarea>
+    <div data-sk-error="suggestion" class="form-error"></div>
+    <input id="_page" type="hidden" name="_page">
+    <input id="_subject" type="hidden" name="_subject" value="borgmatic documentation suggestion">
+    <br />
+    <label for="email">Email address</label>
+    <div><input id="email" type="email" name="email" placeholder="Only required if you want a response!"></div>
+    <div data-sk-error="email" class="form-error"></div>
+    <br />
+    <div><button type="submit">Send</button></div>
+    <br />
+</form>
+
+<script>
+    document.getElementById('_page').value = window.location.href;
+    window.sk=window.sk||function(){(sk.q=sk.q||[]).push(arguments)};
+  
+    sk('form', 'init', {
+        id: '1d536680ab96',
+        element: '#suggestion-form'
+    });
+</script>
+
+<script defer src="https://js.statickit.com/statickit.js"></script>
--- a/docs/_includes/header.njk
+++ b/docs/_includes/header.njk
@ -1,3 +1,4 @@
 <header class="elv-layout elv-layout-full elv-header{% if headerClass %} {{ headerClass }}{% endif %}">
-	<h1 class="elv-hed">{{ title | safe }}</h1>
+    {% if page.url != '/' %}<h3><a href="https://torsion.org/borgmatic/">borgmatic</a></h3>{% endif %}
+    <h1 class="elv-hed">{{ title | safe }}</h1>
 </header>
--- a/docs/_includes/layouts/base.njk
+++ b/docs/_includes/layouts/base.njk
@ -11,6 +11,7 @@
 {% include 'components/minilink.css' %}
 {% include 'components/toc.css' %}
 {% include 'components/info-blocks.css' %}
+{% include 'components/suggestion-form.css' %}
 {% include 'prism-theme.css' %}
 {% include 'asciinema.css' %}
 {% endset %}
--- a/docs/_includes/layouts/main.njk
+++ b/docs/_includes/layouts/main.njk
@ -8,5 +8,7 @@ headerClass: elv-header-default
 <main class="elv-layout{% if layoutClass %} {{ layoutClass }}{% endif %}">
    <article>
        {{ content | safe }}
+
+        {% include 'components/suggestion-form.html' %}
    </article>
 </main>
--- a/docs/how-to/add-preparation-and-cleanup-steps-to-backups.md
+++ b/docs/how-to/add-preparation-and-cleanup-steps-to-backups.md
@ -0,0 +1,83 @@
+---
+title: How to add preparation and cleanup steps to backups
+---
+## Preparation and cleanup hooks
+
+If you find yourself performing prepraration tasks before your backup runs, or
+cleanup work afterwards, borgmatic hooks may be of interest. Hooks are shell
+commands that borgmatic executes for you at various points, and they're
+configured in the `hooks` section of your configuration file. But if you're
+looking to backup a database, it's probably easier to use the [database backup
+feature](https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
+instead.
+
+You can specify `before_backup` hooks to perform preparation steps before
+running backups, and specify `after_backup` hooks to perform cleanup steps
+afterwards. Here's an example:
+
+```yaml
+hooks:
+    before_backup:
+        - mount /some/filesystem
+    after_backup:
+        - umount /some/filesystem
+```
+
+The `before_backup` and `after_backup` hooks each run once per configuration
+file. `before_backup` hooks run prior to backups of all repositories in a
+configuration file, right before the `create` action. `after_backup` hooks run
+afterwards, but not if an error occurs in a previous hook or in the backups
+themselves.
+
+There are additional hooks for the `prune` and `check` actions as well.
+`before_prune` and `after_prune` run if there are any `prune` actions, while
+`before_check` and `after_check` run if there are any `check` actions.
+
+You can also use `before_everything` and `after_everything` hooks to perform
+global setup or cleanup:
+
+```yaml
+hooks:
+    before_everything:
+        - set-up-stuff-globally
+    after_everything:
+        - clean-up-stuff-globally
+```
+
+`before_everything` hooks collected from all borgmatic configuration files run
+once before all configuration files (prior to all actions), but only if there
+is a `create` action. An error encountered during a `before_everything` hook
+causes borgmatic to exit without creating backups.
+
+`after_everything` hooks run once after all configuration files and actions,
+but only if there is a `create` action. It runs even if an error occurs during
+a backup or a backup hook, but not if an error occurs during a
+`before_everything` hook.
+
+borgmatic also runs `on_error` hooks if an error occurs, either when creating
+a backup or running a backup hook. See the [monitoring and alerting
+documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+for more information.
+
+## Hook output
+
+Any output produced by your hooks shows up both at the console and in syslog
+(when run in a non-interactive console). For more information, read about <a
+href="https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/">inspecting
+your backups</a>.
+
+## Security
+
+An important security note about hooks: borgmatic executes all hook commands
+with the user permissions of borgmatic itself. So to prevent potential shell
+injection or privilege escalation, do not forget to set secure permissions
+on borgmatic configuration files (`chmod 0600`) and scripts (`chmod 0700`)
+invoked by hooks.
+
+
+## Related documentation
+
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Backup your databases](https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
--- a/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server.md
+++ b/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server.md
@ -0,0 +1,107 @@
+---
+title: How to backup to a removable drive or an intermittent server
+---
+## Occasional backups
+
+A common situation is backing up to a repository that's only sometimes online.
+For instance, you might send most of your backups to the cloud, but
+occasionally you want to plug in an external hard drive or backup to your
+buddy's sometimes-online server for that extra level of redundancy.
+
+But if you run borgmatic and your hard drive isn't plugged in, or your buddy's
+server is offline, then you'll get an annoying error message and the overall
+borgmatic run will fail (even if individual repositories complete just fine).
+
+So what if you want borgmatic to swallow the error of a missing drive
+or an offline server, and continue trucking along? That's where the concept of
+"soft failure" come in.
+
+## Soft failure command hooks
+
+This feature leverages [borgmatic command
+hooks](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/),
+so first familiarize yourself with them. The idea is that you write a simple
+test in the form of a borgmatic hook to see if backups should proceed or not.
+
+The way the test works is that if any of your hook commands return a special
+exit status of 75, that indicates to borgmatic that it's a temporary failure,
+and borgmatic should skip all subsequent actions for that configuration file.
+If you return any other status, then it's a standard success or error. (Zero is
+success; anything else other than 75 is an error).
+
+So for instance, if you have an external drive that's only sometimes mounted,
+declare its repository in its own [separate configuration
+file](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/),
+say at `/etc/borgmatic.d/removable.yaml`:
+
+```yaml
+location:
+    source_directories:
+        - /home
+
+    repositories:
+        - /mnt/removable/backup.borg
+```
+
+Then, write a `before_backup` hook in that same configuration file that uses
+the external `findmnt` utility to see whether the drive is mounted before
+proceeding.
+
+```yaml
+hooks:
+    before_backup:
+      - findmnt /mnt/removable > /dev/null || exit 75
+```
+
+What this does is check if the `findmnt` command errors when probing for a
+particular mount point. If it does error, then it returns exit code 75 to
+borgmatic. borgmatic logs the soft failure, skips all further actions in that
+configurable file, and proceeds onward to any other borgmatic configuration
+files you may have.
+
+You can imagine a similar check for the sometimes-online server case:
+
+```yaml
+location:
+    source_directories:
+        - /home
+
+    repositories:
+        - me@buddys-server.org:backup.borg
+
+hooks:
+    before_backup:
+      - ping -q -c 1 buddys-server.org > /dev/null || exit 75
+```
+
+## Caveats and details
+
+There are some caveats you should be aware of with this feature.
+
+ * You'll generally want to put a soft failure command in the `before_backup`
+   hook, so as to gate whether the backup action occurs. While a soft failure is
+   also supported in the `after_backup` hook, returning a soft failure there
+   won't prevent any actions from occuring, because they've already occurred!
+   Similiarly, you can return a soft failure from an `on_error` hook, but at
+   that point it's too late to prevent the error.
+ * Returning a soft failure does prevent further commands in the same hook from
+   executing. So, like a standard error, it is an "early out". Unlike a standard
+   error, borgmatic does not display it in angry red text or consider it a
+   failure.
+ * The soft failure only applies to the scope of a single borgmatic
+   configuration file. So put anything that you don't want soft-failed, like
+   always-online cloud backups, in separate configuration files from your
+   soft-failing repositories.
+ * The soft failure doesn't have to apply to a repository. You can even perform
+   a test to make sure that individual source directories are mounted and
+   available. Use your imagination!
+ * The soft failure feature also works for `before_prune`, `after_prune`,
+   `before_check`, and `after_check` hooks. However it is not implemented for
+   `before_everything` or `after_everything`.
+
+## Related documentation
+
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Make per-application backups](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/)
+ * [Add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
--- a/docs/how-to/backup-your-databases.md
+++ b/docs/how-to/backup-your-databases.md
@ -0,0 +1,203 @@
+---
+title: How to backup your databases
+---
+## Database dump hooks
+
+If you want to backup a database, it's best practice with most database
+systems to backup an exported database dump, rather than backing up your
+database's internal file storage. That's because the internal storage can
+change while you're reading from it. In contrast, a database dump creates a
+consistent snapshot that is more suited for backups.
+
+Fortunately, borgmatic includes built-in support for creating database dumps
+prior to running backups. For example, here is everything you need to dump and
+backup a couple of local PostgreSQL databases and a MySQL/MariaDB database:
+
+```yaml
+hooks:
+    postgresql_databases:
+        - name: users
+        - name: orders
+    mysql_databases:
+        - name: posts
+```
+
+Prior to each backup, borgmatic dumps each configured database to a file
+and includes it in the backup. After the backup completes, borgmatic removes
+the database dump files to recover disk space.
+
+borgmatic creates these temporary dump files in `~/.borgmatic` by default. To
+customize this path, set the `borgmatic_source_directory` option in the
+`location` section of borgmatic's configuration.
+
+Here's a more involved example that connects to remote databases:
+
+```yaml
+hooks:
+    postgresql_databases:
+        - name: users
+          hostname: database1.example.org
+          port: 5433
+          username: postgres
+          password: trustsome1
+          format: tar
+          options: "--role=someone"
+    mysql_databases:
+        - name: posts
+          hostname: database2.example.org
+          port: 3307
+          username: root
+          password: trustsome1
+          options: "--skip-comments"
+```
+
+If you want to dump all databases on a host, use `all` for the database name:
+
+```yaml
+hooks:
+    postgresql_databases:
+        - name: all
+    mysql_databases:
+        - name: all
+```
+
+Note that you may need to use a `username` of the `postgres` superuser for
+this to work with PostgreSQL.
+
+
+### Configuration backups
+
+An important note about this database configuration: You'll need the
+configuration to be present in order for borgmatic to restore a database. So
+to prepare for this situation, it's a good idea to include borgmatic's own
+configuration files as part of your regular backups. That way, you can always
+bring back any missing configuration files in order to restore a database.
+
+
+## Supported databases
+
+As of now, borgmatic supports PostgreSQL and MySQL/MariaDB databases
+directly. But see below about general-purpose preparation and cleanup hooks as
+a work-around with other database systems. Also, please [file a
+ticket](https://torsion.org/borgmatic/#issues) for additional database systems
+that you'd like supported.
+
+
+## Database restoration
+
+To restore a database dump from an archive, use the `borgmatic restore`
+action. But the first step is to figure out which archive to restore from. A
+good way to do that is to use the `list` action:
+
+```bash
+borgmatic list
+```
+
+(No borgmatic `list` action? Try the old-style `--list`, or upgrade
+borgmatic!)
+
+That should yield output looking something like:
+
+```text
+host-2019-01-01T04:05:06.070809      Tue, 2019-01-01 04:05:06 [...]
+host-2019-01-02T04:06:07.080910      Wed, 2019-01-02 04:06:07 [...]
+```
+
+Assuming that you want to restore all database dumps from the archive with the
+most up-to-date files and therefore the latest timestamp, run a command like:
+
+```bash
+borgmatic restore --archive host-2019-01-02T04:06:07.080910
+```
+
+(No borgmatic `restore` action? Upgrade borgmatic!)
+
+The `--archive` value is the name of the archive to restore from. This
+restores all databases dumps that borgmatic originally backed up to that
+archive.
+
+This is a destructive action! `borgmatic restore` replaces live databases by
+restoring dumps from the selected archive. So be very careful when and where
+you run it.
+
+
+### Repository selection
+
+If you have a single repository in your borgmatic configuration file(s), no
+problem: the `restore` action figures out which repository to use.
+
+But if you have multiple repositories configured, then you'll need to specify
+the repository path containing the archive to restore. Here's an example:
+
+```bash
+borgmatic restore --repository repo.borg --archive host-2019-...
+```
+
+### Restore particular databases
+
+If you've backed up multiple databases into an archive, and you'd only like to
+restore one of them, use the `--database` flag to select one or more
+databases. For instance:
+
+```bash
+borgmatic restore --archive host-2019-... --database users
+```
+
+### Limitations
+
+There are a few important limitations with borgmatic's current database
+restoration feature that you should know about:
+
+1. You must restore as the same Unix user that created the archive containing
+the database dump. That's because the user's home directory path is encoded
+into the path of the database dump within the archive.
+2. As mentioned above, borgmatic can only restore a database that's defined in
+borgmatic's own configuration file. So include your configuration file in
+backups to avoid getting caught without a way to restore a database.
+3. borgmatic does not currently support backing up or restoring multiple
+databases that share the exact same name on different hosts.
+
+
+### Manual restoration
+
+If you prefer to restore a database without the help of borgmatic, first
+[extract](https://torsion.org/borgmatic/docs/how-to/extract-a-backup/) an
+archive containing a database dump, and then manually restore the dump file
+found within the extracted `~/.borgmatic/` path (e.g. with `pg_restore` or
+`mysql` commands).
+
+
+## Preparation and cleanup hooks
+
+If this database integration is too limited for needs, borgmatic also supports
+general-purpose [preparation and cleanup
+hooks](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/).
+These hooks allows you to trigger arbitrary commands or scripts before and
+after backups. So if necessary, you can use these hooks to create database
+dumps with any database system.
+
+
+## Troubleshooting
+
+### MySQL table lock errors
+
+If you encounter table lock errors during a database dump with MySQL/MariaDB,
+you may need to [use a
+transaction](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html#option_mysqldump_single-transaction).
+You can add any additional flags to the `options:` in your database
+configuration. Here's an example:
+
+```yaml
+hooks:
+    mysql_databases:
+        - name: posts
+          options: "--single-transaction --quick"
+```
+
+
+## Related documentation
+
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
+ * [Extract a backup](https://torsion.org/borgmatic/docs/how-to/extract-a-backup/)
--- a/docs/how-to/deal-with-very-large-backups.md
+++ b/docs/how-to/deal-with-very-large-backups.md
@ -14,18 +14,21 @@ repositories.

 If you find yourself in this situation, you have some options. First, you can
 run borgmatic's pruning, creating, or checking actions separately. For
-instance, the the following optional flags are available:
+instance, the the following optional actions are available:

 ```bash
-borgmatic --prune
-borgmatic --create
-borgmatic --check
+borgmatic prune
+borgmatic create
+borgmatic check
 ```

-You can run with only one of these flags provided, or you can mix and match
+(No borgmatic `prune`, `create`, or `check` actions? Try the old-style
+`--prune`, `--create`, or `--check`. Or upgrade borgmatic!)
+
+You can run with only one of these actions provided, or you can mix and match
 any number of them in a single borgmatic run. This supports approaches like
-making backups with `--create` on a frequent schedule, while only running
-expensive consistency checks with `--check` on a much less frequent basis from
+making backups with `create` on a frequent schedule, while only running
+expensive consistency checks with `check` on a much less frequent basis from
 a separate cron job.

 ### Consistency check configuration
@ -65,6 +68,16 @@ consistency:
        - path/of/repository_to_check.borg
 ```

+Finally, you can override your configuration file's consistency checks, and
+run particular checks via the command-line. For instance:
+
+```bash
+borgmatic check --only data --only extract
+```
+
+This is useful for running slow consistency checks on an infrequent basis,
+separate from your regular checks.
+

 ## Troubleshooting

@ -93,4 +106,4 @@ backups.

 ## Related documentation

- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
--- a/docs/how-to/develop-on-borgmatic.md
+++ b/docs/how-to/develop-on-borgmatic.md
@ -62,6 +62,8 @@ following:
 tox -e black
 ```

+Note that Black requires at minimum Python 3.6.
+
 And if you get a complaint from the
 [isort](https://github.com/timothycrosley/isort) Python import orderer, you
 can ask isort to order your imports for you:
@ -73,14 +75,22 @@ tox -e isort
 ### End-to-end tests

 borgmatic additionally includes some end-to-end tests that integration test
-with Borg for a few representative scenarios. These tests don't run by default
-because they're relatively slow and depend on Borg. If you would like to run
-them:
+with Borg and supported databases for a few representative scenarios. These
+tests don't run by default when running `tox`, because they're relatively slow
+and depend on Docker containers for runtime dependencies. These tests tests do
+run on the continuous integration (CI) server, and running them on your
+developer machine is the closest thing to CI test parity.
+
+If you would like to run the full test suite, first install Docker and [Docker
+Compose](https://docs.docker.com/compose/install/). Then run:

 ```bash
-tox -e end-to-end
+scripts/run-full-dev-tests
 ```

+Note that this scripts assumes you have permission to run Docker. If you
+don't, then you may need to run with `sudo`.
+
 ## Code style

 Start with [PEP 8](https://www.python.org/dev/peps/pep-0008/). But then, apply
@ -107,6 +117,29 @@ suite. You can view these builds on
 [build.torsion.org](https://build.torsion.org/witten/borgmatic), and they're
 also linked from the commits list on each pull request.

+## Documentation development
+
+Updates to borgmatic's documentation are welcome. It's formatted in Markdown
+and located in the `docs/` directory in borgmatic's source, plus the
+`README.md` file at the root.
+
+To build and view a copy of the documentation with your local changes, run the
+following from the root of borgmatic's source code:
+
+```bash
+sudo scripts/dev-docs
+```
+
+This requires Docker to be installed on your system. You may not need to use
+sudo if your non-root user has permissions to run Docker.
+
+After you run the script, you can point your web browser at
+http://localhost:8080 to view the documentation with your changes.
+
+To close the documentation server, ctrl-C the script. Note that it does not
+currently auto-reload, so you'll need to stop it and re-run it for any
+additional documentation changes to take effect.
+
 ## Related documentation

- * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups.md)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
--- a/docs/how-to/extract-a-backup.md
+++ b/docs/how-to/extract-a-backup.md
@ -0,0 +1,130 @@
+---
+title: How to extract a backup
+---
+## Extract
+
+When the worst happens—or you want to test your backups—the first step is
+to figure out which archive to extract. A good way to do that is to use the
+`list` action:
+
+```bash
+borgmatic list
+```
+
+(No borgmatic `list` action? Try the old-style `--list`, or upgrade
+borgmatic!)
+
+That should yield output looking something like:
+
+```text
+host-2019-01-01T04:05:06.070809      Tue, 2019-01-01 04:05:06 [...]
+host-2019-01-02T04:06:07.080910      Wed, 2019-01-02 04:06:07 [...]
+```
+
+Assuming that you want to extract the archive with the most up-to-date files
+and therefore the latest timestamp, run a command like:
+
+```bash
+borgmatic extract --archive host-2019-01-02T04:06:07.080910
+```
+
+(No borgmatic `extract` action? Try the old-style `--extract`, or upgrade
+borgmatic!)
+
+The `--archive` value is the name of the archive to extract. This extracts the
+entire contents of the archive to the current directory, so make sure you're
+in the right place before running the command.
+
+
+## Repository selection
+
+If you have a single repository in your borgmatic configuration file(s), no
+problem: the `extract` action figures out which repository to use.
+
+But if you have multiple repositories configured, then you'll need to specify
+the repository path containing the archive to extract. Here's an example:
+
+```bash
+borgmatic extract --repository repo.borg --archive host-2019-...
+```
+
+## Extract particular files
+
+Sometimes, you want to extract a single deleted file, rather than extracting
+everything from an archive. To do that, tack on one or more `--path` values.
+For instance:
+
+```bash
+borgmatic extract --archive host-2019-... --path path/1 path/2
+```
+
+Note that the specified restore paths should not have a leading slash. Like a
+whole-archive extract, this also extracts into the current directory. So for
+example, if you happen to be in the directory `/var` and you run the `extract`
+command above, borgmatic will extract `/var/path/1` and `/var/path/2`.
+
+## Extract to a particular destination
+
+By default, borgmatic extracts files into the current directory. To instead
+extract files to a particular destination directory, use the `--destination`
+flag:
+
+```bash
+borgmatic extract --archive host-2019-... --destination /tmp
+```
+
+When using the `--destination` flag, be careful not to overwrite your system's
+files with extracted files unless that is your intent.
+
+
+## Database restoration
+
+The `borgmatic extract` command only extracts files. To restore a database,
+please see the [documentation on database backups and
+restores](https://torsion.org/borgmatic/docs/how-to/backup-your-databases/).
+borgmatic does not perform database restoration as part of `borgmatic extract`
+so that you can extract files from your archive without impacting your live
+databases.
+
+
+## Mount a filesystem
+
+If instead of extracting files, you'd like to explore the files from an
+archive as a [FUSE](https://en.wikipedia.org/wiki/Filesystem_in_Userspace)
+filesystem, you can use the `borgmatic mount` action. Here's an example:
+
+```bash
+borgmatic mount --archive host-2019-... --mount-point /mnt
+```
+
+This mounts the entire archive on the given mount point `/mnt`, so that you
+can look in there for your files.
+
+Omit the `--archive` flag to mount all archives (lazy-loaded):
+
+```bash
+borgmatic mount --mount-point /mnt
+```
+
+If you'd like to restrict the mounted filesystem to only particular paths from
+your archive, use the `--path` flag, similar to the `extract` action above.
+For instance:
+
+```bash
+borgmatic mount --archive host-2019-... --mount-point /mnt --path var/lib
+```
+
+When you're all done exploring your files, unmount your mount point. No
+`--archive` flag is needed:
+
+```bash
+borgmatic umount --mount-point /mnt
+```
+
+
+## Related documentation
+
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+ * [Backup your databases](https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
--- a/docs/how-to/inspect-your-backups.md
+++ b/docs/how-to/inspect-your-backups.md
@ -20,33 +20,48 @@ Or, for even more progress and debug spew:
 borgmatic --verbosity 2
 ```

+## Backup summary
+
+If you're less concerned with progress during a backup, and you only want to
+see the summary of archive statistics at the end, you can use the stats
+option when performing a backup:
+
+```bash
+borgmatic --stats
+```
+
 ## Existing backups

-Borgmatic provides convenient flags for Borg's
+borgmatic provides convenient actions for Borg's
 [list](https://borgbackup.readthedocs.io/en/stable/usage/list.html) and
 [info](https://borgbackup.readthedocs.io/en/stable/usage/info.html)
 functionality:


 ```bash
-borgmatic --list
-borgmatic --info
+borgmatic list
+borgmatic info
 ```

+(No borgmatic `list` or `info` actions? Try the old-style `--list` or
+`--info`. Or upgrade borgmatic!)
+
+
 ## Logging

 By default, borgmatic logs to a local syslog-compatible daemon if one is
-present. Where those logs show up depends on your particular system. If you're
-using systemd, try running `journalctl -xe`. Otherwise, try viewing
-`/var/log/syslog` or similiar.
+present and borgmatic is running in a non-interactive console. Where those
+logs show up depends on your particular system. If you're using systemd, try
+running `journalctl -xe`. Otherwise, try viewing `/var/log/syslog` or
+similiar.

 You can customize the log level used for syslog logging with the
 `--syslog-verbosity` flag, and this is independent from the console logging
-`--verbosity` flag described above. For instance, to disable syslog logging
-except for errors:
+`--verbosity` flag described above. For instance, to get additional
+information about the progress of the backup as it proceeds:

 ```bash
-borgmatic --syslog-verbosity 0
+borgmatic --syslog-verbosity 1
 ```

 Or to increase syslog logging to include debug spew:
@ -55,31 +70,39 @@ Or to increase syslog logging to include debug spew:
 borgmatic --syslog-verbosity 2
 ```

-### systemd journal
+### Rate limiting

-If your local syslog daemon is systemd's journal, be aware that journald by
-default throttles the rate at which a particular program can log. So you may
-need to [change the journald rate
+If you are using rsyslog or systemd's journal, be aware that by default they
+both throttle the rate at which logging occurs. So you may need to change
+either [the global rate
+limit](https://www.rootusers.com/how-to-change-log-rate-limiting-in-linux/) or
+[the per-service rate
 limit](https://www.freedesktop.org/software/systemd/man/journald.conf.html#RateLimitIntervalSec=)
-in `/etc/systemd/journald.conf` if you're finding that borgmatic journald logs
-are missing.
+if you're finding that borgmatic logs are missing.

 Note that the [sample borgmatic systemd service
 file](https://torsion.org/borgmatic/docs/how-to/set-up-backups/#systemd)
-already has this rate limit disabled.
+already has this rate limit disabled for systemd's journal.

-## Scripting borgmatic

-To consume the output of borgmatic in other software, you can include an
-optional `--json` flag with `--create`, `--list`, or `--info` to get the
-output formatted as JSON.
+### Logging to file

-Note that when you specify the `--json` flag, Borg's other non-JSON output is
-suppressed so as not to interfere with the captured JSON. Also note that JSON
-output only shows up at the console, and not in syslog.
+If you don't want to use syslog, and you'd rather borgmatic log to a plain
+file, use the `--log-file` flag:
+
+```bash
+borgmatic --log-file /path/to/file.log
+```
+
+Note that if you use the `--log-file` flag, you are responsible for rotating
+the log file so it doesn't grow too large, for example with
+[logrotate](https://wiki.archlinux.org/index.php/Logrotate). Also, there is a
+`--log-file-verbosity` flag to customize the log file's log level.


 ## Related documentation

- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
- * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic.md)
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+ * [Add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/)
+ * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/)
--- a/docs/how-to/make-per-application-backups.md
+++ b/docs/how-to/make-per-application-backups.md
@ -22,9 +22,15 @@ When you set up multiple configuration files like this, borgmatic will run
 each one in turn from a single borgmatic invocation. This includes, by
 default, the traditional `/etc/borgmatic/config.yaml` as well.

-And if you need even more customizability, you can specify alternate
-configuration paths on the command-line with borgmatic's `--config` option.
-See `borgmatic --help` for more information.
+Each configuration file is interpreted independently, as if you ran borgmatic
+for each configuration file one at a time. In other words, borgmatic does not
+perform any merging of configuration files by default. If you'd like borgmatic
+to merge your configuration files, see below about configuration includes.
+
+Additionally, the `~/.config/borgmatic.d/` directory works the same way as
+`/etc/borgmatic.d`. If you need even more customizability, you can specify
+alternate configuration paths on the command-line with borgmatic's `--config`
+flag. See `borgmatic --help` for more information.


 ## Configuration includes
@ -105,7 +111,45 @@ include, the local file's option takes precedent. And note that this is a
 shallow merge rather than a deep merge, so the merging does not descend into
 nested values.

+Note that this `<<` include merging syntax is only for merging in mappings
+(keys/values). If you'd like to include other types like scalars or lists
+directly, please see the section above about standard includes.
+
+
+## Configuration overrides
+
+In more complex multi-application setups, you may want to override particular
+borgmatic configuration file options at the time you run borgmatic. For
+instance, you could reuse a common configuration file for multiple
+applications, but then set the repository for each application at runtime. Or
+you might want to try a variant of an option for testing purposes without
+actually touching your configuration file.
+
+Whatever the reason, you can override borgmatic configuration options at the
+command-line via the `--override` flag. Here's an example:
+
+```bash
+borgmatic create --override location.remote_path=borg1
+```
+
+What this does is load your configuration files, and for each one, disregard
+the configured value for the `remote_path` option in the `location` section,
+and use the value of `borg1` instead.
+
+Note that the value is parsed as an actual YAML string, so you can even set
+list values by using brackets. For instance:
+
+```bash
+borgmatic create --override location.repositories=[test1.borg,test2.borg]
+```
+
+There is not currently a way to override a single element of a list without
+replacing the whole list.
+
+Be sure to quote your overrides if they contain spaces or other characters
+that your shell may interpret.
+

 ## Related documentation

- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
--- a/docs/how-to/monitor-your-backups.md
+++ b/docs/how-to/monitor-your-backups.md
@ -0,0 +1,270 @@
+---
+title: How to monitor your backups
+---
+
+## Monitoring and alerting
+
+Having backups is great, but they won't do you a lot of good unless you have
+confidence that they're running on a regular basis. That's where monitoring
+and alerting comes in.
+
+There are several different ways you can monitor your backups and find out
+whether they're succeeding. Which of these you choose to do is up to you and
+your particular infrastructure:
+
+1. **Job runner alerts**: The easiest place to start is with failure alerts
+from the [scheduled job
+runner](https://torsion.org/borgmatic/docs/how-to/set-up-backups/#autopilot) (cron,
+systemd, etc.) that's running borgmatic. But note that if the job doesn't even
+get scheduled (e.g. due to the job runner not running), you probably won't get
+an alert at all! Still, this is a decent first line of defense, especially
+when combined with some of the other approaches below.
+2. **borgmatic error hooks**: The `on_error` hook allows you to run an arbitrary
+command or script when borgmatic itself encounters an error running your
+backups. So for instance, you can run a script to send yourself a text message
+alert. But note that if borgmatic doesn't actually run, this alert won't fire.
+See [error
+hooks](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#error-hooks)
+below for how to configure this.
+4. **borgmatic monitoring hooks**: This feature integrates with monitoring
+   services like [Healthchecks](https://healthchecks.io/),
+[Cronitor](https://cronitor.io), [Cronhub](https://cronhub.io), and
+[PagerDuty](https://www.pagerduty.com/) and pings these services whenever
+borgmatic runs. That way, you'll receive an alert when something goes wrong or
+(for certain hooks) the service doesn't hear from borgmatic for a configured
+interval. See [Healthchecks
+hook](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#healthchecks-hook), [Cronitor
+hook](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronitor-hook), [Cronhub
+hook](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#cronhub-hook), and
+[PagerDuty hook](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#pagerduty-hook)
+below for how to configure this.
+3. **Third-party monitoring software**: You can use traditional monitoring
+software to consume borgmatic JSON output and track when the last
+successful backup occurred. See [scripting
+borgmatic](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#scripting-borgmatic)
+below for how to configure this.
+5. **Borg hosting providers**: Most [Borg hosting
+providers](https://torsion.org/borgmatic/#hosting-providers) include
+monitoring and alerting as part of their offering. This gives you a dashboard
+to check on all of your backups, and can alert you if the service doesn't hear
+from borgmatic for a configured interval.
+6. **borgmatic consistency checks**: While not strictly part of monitoring, if you
+really want confidence that your backups are not only running but are
+restorable as well, you can configure particular [consistency
+checks](https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/#consistency-check-configuration)
+or even script full [extract
+tests](https://torsion.org/borgmatic/docs/how-to/extract-a-backup/).
+
+
+## Error hooks
+
+When an error occurs during a `prune`, `create`, or `check` action, borgmatic
+can run configurable shell commands to fire off custom error notifications or
+take other actions, so you can get alerted as soon as something goes wrong.
+Here's a not-so-useful example:
+
+```yaml
+hooks:
+    on_error:
+        - echo "Error while creating a backup or running a backup hook."
+```
+
+The `on_error` hook supports interpolating particular runtime variables into
+the hook command. Here's an example that assumes you provide a separate shell
+script to handle the alerting:
+
+```yaml
+hooks:
+    on_error:
+        - send-text-message.sh "{configuration_filename}" "{repository}"
+```
+
+In this example, when the error occurs, borgmatic interpolates a few runtime
+values into the hook command: the borgmatic configuration filename, and the
+path of the repository. Here's the full set of supported variables you can use
+here:
+
+ * `configuration_filename`: borgmatic configuration filename in which the
+   error occurred
+ * `repository`: path of the repository in which the error occurred (may be
+   blank if the error occurs in a hook)
+ * `error`: the error message itself
+ * `output`: output of the command that failed (may be blank if an error
+   occurred without running a command)
+
+Note that borgmatic runs the `on_error` hooks only for `prune`, `create`, or
+`check` actions or hooks in which an error occurs, and not other actions. 
+borgmatic does not run `on_error` hooks if an error occurs within a
+`before_everything` or `after_everything` hook. For more about hooks, see the
+[borgmatic hooks
+documentation](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/),
+especially the security information.
+
+
+## Healthchecks hook
+
+[Healthchecks](https://healthchecks.io/) is a service that provides "instant
+alerts when your cron jobs fail silently", and borgmatic has built-in
+integration with it. Once you create a Healthchecks account and project on
+their site, all you need to do is configure borgmatic with the unique "Ping
+URL" for your project. Here's an example:
+
+
+```yaml
+hooks:
+    healthchecks: https://hc-ping.com/addffa72-da17-40ae-be9c-ff591afb942a
+```
+
+With this hook in place, borgmatic pings your Healthchecks project when a
+backup begins, ends, or errors. Specifically, before the <a
+href="https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/">`before_backup`
+hooks</a> run, borgmatic lets Healthchecks know that it has started if any of
+the `prune`, `create`, or `check` actions are run.
+
+Then, if the actions complete successfully, borgmatic notifies Healthchecks of
+the success after the `after_backup` hooks run, and includes borgmatic logs in
+the payload data sent to Healthchecks. This means that borgmatic logs show up
+in the Healthchecks UI, although be aware that Healthchecks currently has a
+10-kilobyte limit for the logs in each ping.
+
+If an error occurs during any action, borgmatic notifies Healthchecks after
+the `on_error` hooks run, also tacking on logs including the error itself. But
+the logs are only included for errors that occur when a `prune`, `create`, or
+`check` action is run.
+
+You can customize the verbosity of the logs that are sent to Healthchecks with
+borgmatic's `--monitoring-verbosity` flag. The `--files` and `--stats` flags
+may also be of use. See `borgmatic --help` for more information.
+
+You can configure Healthchecks to notify you by a [variety of
+mechanisms](https://healthchecks.io/#welcome-integrations) when backups fail
+or it doesn't hear from borgmatic for a certain period of time.
+
+
+## Cronitor hook
+
+[Cronitor](https://cronitor.io/) provides "Cron monitoring and uptime healthchecks
+for websites, services and APIs", and borgmatic has built-in
+integration with it. Once you create a Cronitor account and cron job monitor on
+their site, all you need to do is configure borgmatic with the unique "Ping
+API URL" for your monitor. Here's an example:
+
+
+```yaml
+hooks:
+    cronitor: https://cronitor.link/d3x0c1
+```
+
+With this hook in place, borgmatic pings your Cronitor monitor when a backup
+begins, ends, or errors. Specifically, before the <a
+href="https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/">`before_backup`
+hooks</a> run, borgmatic lets Cronitor know that it has started if any of the
+`prune`, `create`, or `check` actions are run. Then, if the actions complete
+successfully, borgmatic notifies Cronitor of the success after the
+`after_backup` hooks run. And if an error occurs during any action, borgmatic
+notifies Cronitor after the `on_error` hooks run.
+
+You can configure Cronitor to notify you by a [variety of
+mechanisms](https://cronitor.io/docs/cron-job-notifications) when backups fail
+or it doesn't hear from borgmatic for a certain period of time.
+
+
+## Cronhub hook
+
+[Cronhub](https://cronhub.io/) provides "instant alerts when any of your
+background jobs fail silently or run longer than expected", and borgmatic has
+built-in integration with it. Once you create a Cronhub account and monitor on
+their site, all you need to do is configure borgmatic with the unique "Ping
+URL" for your monitor. Here's an example:
+
+
+```yaml
+hooks:
+    cronhub: https://cronhub.io/start/1f5e3410-254c-11e8-b61d-55875966d031
+```
+
+With this hook in place, borgmatic pings your Cronhub monitor when a backup
+begins, ends, or errors. Specifically, before the <a
+href="https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/">`before_backup`
+hooks</a> run, borgmatic lets Cronhub know that it has started if any of the
+`prune`, `create`, or `check` actions are run. Then, if the actions complete
+successfully, borgmatic notifies Cronhub of the success after the
+`after_backup` hooks run. And if an error occurs during any action, borgmatic
+notifies Cronhub after the `on_error` hooks run.
+
+Note that even though you configure borgmatic with the "start" variant of the
+ping URL, borgmatic substitutes the correct state into the URL when pinging
+Cronhub ("start", "finish", or "fail").
+
+You can configure Cronhub to notify you by a [variety of
+mechanisms](https://docs.cronhub.io/integrations.html) when backups fail
+or it doesn't hear from borgmatic for a certain period of time.
+
+
+## PagerDuty hook
+
+[PagerDuty](https://cronhub.io/) provides incident monitoring and alerting,
+and borgmatic has built-in integration with it. Once you create a PagerDuty
+account and <a
+href="https://support.pagerduty.com/docs/services-and-integrations">service</a>
+on their site, all you need to do is configure borgmatic with the unique
+"Integration Key" for your service. Here's an example:
+
+
+```yaml
+hooks:
+    pagerduty: a177cad45bd374409f78906a810a3074
+```
+
+With this hook in place, borgmatic creates a PagerDuty event for your service
+whenever backups fail. Specifically, if an error occurs during a `create`,
+`prune`, or `check` action, borgmatic sends an event to PagerDuty after the
+`on_error` hooks run. Note that borgmatic does not contact PagerDuty when a
+backup starts or ends without error.
+
+You can configure PagerDuty to notify you by a [variety of
+mechanisms](https://support.pagerduty.com/docs/notifications) when backups
+fail.
+
+
+## Scripting borgmatic
+
+To consume the output of borgmatic in other software, you can include an
+optional `--json` flag with `create`, `list`, or `info` to get the output
+formatted as JSON.
+
+Note that when you specify the `--json` flag, Borg's other non-JSON output is
+suppressed so as not to interfere with the captured JSON. Also note that JSON
+output only shows up at the console, and not in syslog.
+
+
+### Successful backups
+
+`borgmatic list` includes support for a `--successful` flag that only lists
+successful (non-checkpoint) backups. This flag works via a basic heuristic: It
+assumes that non-checkpoint archive names end with a digit (e.g. from a
+timestamp), while checkpoint archive names do not. This means that if you're
+using custom archive names that do not end in a digit, the `--successful` flag
+will not work as expected.
+
+Combined with a built-in Borg flag like `--last`, you can list the last
+successful backup for use in your monitoring scripts. Here's an example
+combined with `--json`:
+
+```bash
+borgmatic list --successful --last 1 --json
+```
+
+Note that this particular combination will only work if you've got a single
+backup "series" in your repository. If you're instead backing up, say, from
+multiple different hosts into a single repository, then you'll need to get
+fancier with your archive listing. See `borg list --help` for more flags.
+
+
+## Related documentation
+
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
+ * [Add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/)
+ * [Extract a backup](https://torsion.org/borgmatic/docs/how-to/extract-a-backup/)
+ * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/)
--- a/docs/how-to/restore-a-backup.md
+++ b/docs/how-to/restore-a-backup.md
@ -1,61 +1,3 @@
---
-title: How to restore a backup
---
-## Extract
-
-When the worst happens—or you want to test your backups—the first step is
-to figure out which archive to restore. A good way to do that is to use the
-`--list` action:
-
-```bash
-borgmatic --list
-```
-
-That should yield output looking something like:
-
-```text
-host-2019-01-01T04:05:06.070809      Tue, 2019-01-01 04:05:06 [...]
-host-2019-01-02T04:06:07.080910      Wed, 2019-01-02 04:06:07 [...]
-```
-
-Assuming that you want to restore the archive with the most up-to-date files
-and therefore the latest timestamp, run a command like:
-
-```bash
-borgmatic --extract --archive host-2019-01-02T04:06:07.080910
-```
-
-The `--archive` value is the name of the archive to restore. This extracts the
-entire contents of the archive to the current directory, so make sure you're
-in the right place before running the command.
-
-
-## Repository selection
-
-If you have a single repository in your borgmatic configuration file(s), no
-problem: the `--extract` action figures out which repository to use.
-
-But if you have multiple repositories configured, then you'll need to specify
-the repository path containing the archive to extract. Here's an example:
-
-```bash
-borgmatic --extract --repository repo.borg --archive host-2019-...
-```
-
-## Restore particular files
-
-Sometimes, you want to restore a single deleted file, rather than restoring
-everything from an archive. To do that, tack on one or more `--restore-path`
-values. For instance:
-
-```bash
-borgmatic --extract --archive host-2019-... --restore-path /path/1 /path/2
-```
-
-Like a whole-archive restore, this also restores into the current directory.
-
-
-## Related documentation
-
- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
- * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups.md)
+<head>
+    <meta http-equiv='refresh' content='0; URL=https://torsion.org/borgmatic/docs/how-to/extract-a-backup/'>
+</head>
--- a/docs/how-to/run-preparation-steps-before-backups.md
+++ b/docs/how-to/run-preparation-steps-before-backups.md
@ -1,58 +1,3 @@
---
-title: How to run preparation steps before backups
---
-## Preparation and cleanup hooks
-
-If you find yourself performing prepraration tasks before your backup runs, or
-cleanup work afterwards, borgmatic hooks may be of interest. Hooks are
-shell commands that borgmatic executes for you at various points, and they're
-configured in the `hooks` section of your configuration file.
-
-For instance, you can specify `before_backup` hooks to dump a database to file
-before backing it up, and specify `after_backup` hooks to delete the temporary
-file afterwards. Here's an example:
-
-```yaml
-hooks:
-    before_backup:
-        - dump-a-database /to/file.sql
-    after_backup:
-        - rm /to/file.sql
-```
-
-borgmatic hooks run once per configuration file. `before_backup` hooks run
-prior to backups of all repositories. `after_backup` hooks run afterwards, but
-not if an error occurs in a previous hook or in the backups themselves.
-
-
-## Error hooks
-
-borgmatic also runs `on_error` hooks if an error occurs. Here's an example
-configuration:
-
-```yaml
-hooks:
-    on_error:
-        - echo "Error while creating a backup."
-```
-
-## Hook output
-
-Any output produced by your hooks shows up both at the console and in syslog.
-For more information, read about <a
-href="https://torsion.org/borgmatic/docs/how-to/inspect-your-backups.md">inspecting
-your backups</a>.
-
-## Security
-
-An important security note about hooks: borgmatic executes all hook commands
-with the user permissions of borgmatic itself. So to prevent potential shell
-injection or privilege escalation, do not forget to set secure permissions
-(`chmod 0700`) on borgmatic configuration files and scripts invoked by hooks.
-
-
-## Related documentation
-
- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
- * [Make per-application backups](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups.md)
- * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups.md)
+<head>
+    <meta http-equiv='refresh' content='0; URL=https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/'>
+</head>
--- a/docs/how-to/set-up-backups.md
+++ b/docs/how-to/set-up-backups.md
@ -3,15 +3,11 @@ title: How to set up backups with borgmatic
 ---
 ## Installation

-To get up and running, first [install
-Borg](https://borgbackup.readthedocs.io/en/latest/installation.html), at
-least version 1.1.
+First, [install
+Borg](https://borgbackup.readthedocs.io/en/stable/installation.html), at least
+version 1.1.

-Borgmatic consumes configurations in `/etc/borgmatic/` and `/etc/borgmatic.d/`
-by default. Therefore, we show how to install borgmatic for the root user which
-will have access permissions for these locations by default.
-
-Run the following commands to download and install borgmatic:
+Then, download and install borgmatic by running the following command:

 ```bash
 sudo pip3 install --user --upgrade borgmatic
@ -19,8 +15,14 @@ sudo pip3 install --user --upgrade borgmatic

 This is a [recommended user site
 installation](https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site).
-You will need to ensure that `/root/.local/bin` is available on your `$PATH` so
-that the borgmatic executable is available.
+You will need to ensure that `/root/.local/bin` is available on your `$PATH`
+so
+that the borgmatic executable is available. For instance, adding this to
+root's `~/.profile` or `~/.bash_profile` may do the trick:
+
+```bash
+export PATH="$PATH:~/.local/bin"
+```

 Note that your pip binary may have a different name than "pip3". Make sure
 you're using Python 3, as borgmatic does not support Python 2.
@ -30,14 +32,17 @@ you're using Python 3, as borgmatic does not support Python 2.
 Along with the above process, you have several other options for installing
 borgmatic:

+ * [Docker image with scheduled backups](https://hub.docker.com/r/b3vis/borgmatic/)
 * [Docker base image](https://hub.docker.com/r/monachus/borgmatic/)
- * [Docker image with support for scheduled backups](https://hub.docker.com/r/b3vis/borgmatic/)
 * [Debian](https://tracker.debian.org/pkg/borgmatic)
 * [Ubuntu](https://launchpad.net/ubuntu/+source/borgmatic)
- * [Fedora](https://bodhi.fedoraproject.org/updates/?search=borgmatic)
- * [Arch Linux](https://aur.archlinux.org/packages/borgmatic/)
+ * [Fedora official](https://bodhi.fedoraproject.org/updates/?search=borgmatic)
+ * [Fedora unofficial](https://copr.fedorainfracloud.org/coprs/heffer/borgmatic/)
+ * [Arch Linux](https://www.archlinux.org/packages/community/any/borgmatic/)
 * [OpenBSD](http://ports.su/sysutils/borgmatic)
 * [openSUSE](https://software.opensuse.org/package/borgmatic)
+ * [stand-alone binary](https://github.com/cmarquardt/borgmatic-binary)
+ * [virtualenv](https://virtualenv.pypa.io/en/stable/)


 ## Hosting providers
@ -61,22 +66,28 @@ sudo generate-borgmatic-config
 ```

 If that command is not found, then it may be installed in a location that's
-not in your system `PATH`. Try looking in `/usr/local/bin/`.
+not in your system `PATH` (see above). Try looking in `~/.local/bin/`.

-This generates a sample configuration file at /etc/borgmatic/config.yaml (by
-default). You should edit the file to suit your needs, as the values are
-representative. All options are optional except where indicated, so feel free
-to ignore anything you don't need.
+This generates a sample configuration file at `/etc/borgmatic/config.yaml` by
+default. If you'd like to use another path, use the `--destination` flag, for
+instance: `--destination ~/.config/borgmatic/config.yaml`.
+
+You should edit the configuration file to suit your needs, as the generated
+values are only representative. All options are optional except where
+indicated, so feel free to ignore anything you don't need.

 Note that the configuration file is organized into distinct sections, each
 with a section name like `location:` or `storage:`. So take care that if you
 uncomment a particular option, also uncomment its containing section name, or
-else borgmatic won't recognize the option.
+else borgmatic won't recognize the option. Also be sure to use spaces rather
+than tabs for indentation; YAML does not allow tabs.

-You can also get the same sample configuration file from the [configuration
-reference](https://torsion.org/borgmatic/docs/reference/configuration.md), the authoritative set of
-all configuration options. This is handy if borgmatic has added new options
-since you originally created your configuration file.
+You can get the same sample configuration file from the [configuration
+reference](https://torsion.org/borgmatic/docs/reference/configuration/), the
+authoritative set of all configuration options. This is handy if borgmatic has
+added new options since you originally created your configuration file. Also
+check out how to [upgrade your
+configuration](https://torsion.org/borgmatic/docs/how-to/upgrade/#upgrading-your-configuration).


 ### Encryption
@ -86,7 +97,7 @@ encrypt your Borg repository with a passphrase instead of a key file, you'll
 either need to set the borgmatic `encryption_passphrase` configuration
 variable or set the `BORG_PASSPHRASE` environment variable. See the
 [repository encryption
-section](https://borgbackup.readthedocs.io/en/latest/quickstart.html#repository-encryption)
+section](https://borgbackup.readthedocs.io/en/stable/quickstart.html#repository-encryption)
 of the Borg Quick Start for more info.

 Alternatively, you can specify the passphrase programatically by setting
@ -121,18 +132,21 @@ this step if you already have a Borg repository.) To create a repository, run
 a command like the following:

 ```bash
-borgmatic --init --encryption repokey
+borgmatic init --encryption repokey
 ```

+(No borgmatic `init` action? Try the old-style `--init` flag, or upgrade
+borgmatic!)
+
 This uses the borgmatic configuration file you created above to determine
 which local or remote repository to create, and encrypts it with the
 encryption passphrase specified there if one is provided. Read about [Borg
 encryption
-modes](https://borgbackup.readthedocs.io/en/latest/usage/init.html#encryption-modes)
+modes](https://borgbackup.readthedocs.io/en/stable/usage/init.html#encryption-modes)
 for the menu of available encryption modes.

 Also, optionally check out the [Borg Quick
-Start](https://borgbackup.readthedocs.org/en/latest/quickstart.html) for more
+Start](https://borgbackup.readthedocs.org/en/stable/quickstart.html) for more
 background about repository initialization.

 Note that borgmatic skips repository initialization if the repository already
@ -161,6 +175,9 @@ The verbosity flag makes borgmatic list the files that it's archiving, which
 are those that are new or changed since the last backup. Eyeball the list and
 see if it matches your expectations based on the configuration.

+If you'd like to specify an alternate configuration file path, use the
+`--config` flag. See `borgmatic --help` for more information.
+

 ## Autopilot

@ -192,22 +209,38 @@ Then, from the directory where you downloaded them:

 ```bash
 sudo mv borgmatic.service borgmatic.timer /etc/systemd/system/
-sudo systemctl enable borgmatic.timer
-sudo systemctl start borgmatic.timer
+sudo systemctl enable --now borgmatic.timer
 ```

 Feel free to modify the timer file based on how frequently you'd like
 borgmatic to run.

-## Colored Output
+## Colored output

-Borgmatic uses [colorama](https://pypi.org/project/colorama/) to produce
-colored terminal output by default. It is disabled when a non-interactive
-terminal is detected (like a cron job). Otherwise, it can be disabled by
-passing `--no-color` or by setting the environment variable `PY_COLORS=False`.
+Borgmatic produces colored terminal output by default. It is disabled when a
+non-interactive terminal is detected (like a cron job), or when you use the
+`--json` flag. Otherwise, you can disable it by passing the `--no-color` flag,
+setting the environment variable `PY_COLORS=False`, or setting the `color`
+option to `false` in the `output` section of configuration.

 ## Troubleshooting

+### "found character that cannot start any token" error
+
+If you run borgmatic and see an error looking something like this, it probably
+means you've used tabs instead of spaces:
+
+```
+test.yaml: Error parsing configuration file
+An error occurred while parsing a configuration file at config.yaml:
+while scanning for the next token
+found character that cannot start any token
+  in "config.yaml", line 230, column 1
+```
+
+YAML does not allow tabs. So to fix this, replace any tabs in your
+configuration file with the requisite number of spaces.
+
 ### libyaml compilation errors

 borgmatic depends on a Python YAML library (ruamel.yaml) that will optionally
@ -221,13 +254,10 @@ it.

 ## Related documentation

- * [Make per-application backups](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups.md)
- * [Deal with very large backups](https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups.md)
- * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups.md)
- * [borgmatic configuration reference](https://torsion.org/borgmatic/docs/reference/configuration.md)
- * [borgmatic command-line reference](https://torsion.org/borgmatic/docs/reference/command-line.md)
-
-<script>
-  var links = document.getElementsByClassName("referral");
-  links[Math.floor(Math.random() * links.length)].style.display = "none";
-</script>
+ * [Make per-application backups](https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/)
+ * [Deal with very large backups](https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/)
+ * [Inspect your backups](https://torsion.org/borgmatic/docs/how-to/inspect-your-backups/)
+ * [Monitor your backups](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+ * [Upgrade borgmatic](https://torsion.org/borgmatic/docs/how-to/upgrade/)
+ * [borgmatic configuration reference](https://torsion.org/borgmatic/docs/reference/configuration/)
+ * [borgmatic command-line reference](https://torsion.org/borgmatic/docs/reference/command-line/)
--- a/docs/how-to/upgrade.md
+++ b/docs/how-to/upgrade.md
@ -10,7 +10,46 @@ following:
 sudo pip3 install --user --upgrade borgmatic
 ```

-See below about special cases.
+See below about special cases with old versions of borgmatic. Additionally, if
+you installed borgmatic [without using `pip3 install
+--user`](https://torsion.org/borgmatic/docs/how-to/set-up-backups/#other-ways-to-install),
+then your upgrade process may be different.
+
+
+### Upgrading your configuration
+
+The borgmatic configuration file format is almost always backwards-compatible
+from release to release without any changes, but you may still want to update
+your configuration file when you upgrade to take advantage of new
+configuration options. This is completely optional. If you prefer, you can add
+new configuration options manually.
+
+If you do want to upgrade your configuration file to include new options, use
+the `generate-borgmatic-config` script with its optional `--source` flag that
+takes the path to your original configuration file. If provided with this
+path, `generate-borgmatic-config` merges your original configuration into the
+generated configuration file, so you get all the newest options and comments.
+
+Here's an example:
+
+```bash
+generate-borgmatic-config --source config.yaml --destination config-new.yaml
+```
+
+New options start as commented out, so you can edit the file and decide
+whether you want to use each one.
+
+There are a few caveats to this process. First, when generating the new
+configuration file, `generate-borgmatic-config` replaces any comments you've
+written in your original configuration file with the newest generated
+comments. Second, the script adds back any options you had originally deleted,
+although it does so with the options commented out. And finally, any YAML
+includes you've used in the source configuration get flattened out into a
+single generated file.
+
+As a safety measure, `generate-borgmatic-config` refuses to modify
+configuration files in-place. So it's up to you to review the generated file
+and, if desired, replace your original configuration file with it.


 ### Upgrading from borgmatic 1.0.x
@ -76,4 +115,4 @@ files.

 ## Related documentation

- * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic.md)
+ * [Develop on borgmatic](https://torsion.org/borgmatic/docs/how-to/develop-on-borgmatic/)
--- a/docs/reference/command-line.md
+++ b/docs/reference/command-line.md
@ -3,7 +3,8 @@ title: borgmatic command-line reference
 ---
 ## borgmatic options

-Here are all of the available borgmatic command-line options:
+Here are all of the available borgmatic command-line options. This includes the separate options for
+each action sub-command:

 ```
 {% include borgmatic/command-line.txt %}
@ -12,5 +13,5 @@ Here are all of the available borgmatic command-line options:

 ## Related documentation

- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
- * [borgmatic configuration reference](https://torsion.org/borgmatic/docs/reference/configuration.md)
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [borgmatic configuration reference](https://torsion.org/borgmatic/docs/reference/configuration/)
--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@ -15,5 +15,5 @@ file](https://torsion.org/borgmatic/docs/reference/config.yaml) for use locally.

 ## Related documentation

- * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups.md)
- * [borgmatic command-line reference](https://torsion.org/borgmatic/docs/reference/command-line.md)
+ * [Set up backups with borgmatic](https://torsion.org/borgmatic/docs/how-to/set-up-backups/)
+ * [borgmatic command-line reference](https://torsion.org/borgmatic/docs/reference/command-line/)
--- a/docs/static/borgbase.png
+++ b/docs/static/borgbase.png
--- a/docs/static/borgmatic.png
+++ b/docs/static/borgmatic.png
--- a/docs/static/borgmatic.svg
+++ b/docs/static/borgmatic.svg
--- a/docs/static/cronhub.png
+++ b/docs/static/cronhub.png
--- a/docs/static/cronitor.png
+++ b/docs/static/cronitor.png
--- a/docs/static/healthchecks.png
+++ b/docs/static/healthchecks.png
--- a/docs/static/mariadb.png
+++ b/docs/static/mariadb.png
--- a/docs/static/mysql.png
+++ b/docs/static/mysql.png
--- a/docs/static/pagerduty.png
+++ b/docs/static/pagerduty.png
--- a/docs/static/postgresql.png
+++ b/docs/static/postgresql.png
--- a/docs/static/rsyncnet.png
+++ b/docs/static/rsyncnet.png
--- a/sample/cron-alpine/borgmatic
+++ b/sample/cron-alpine/borgmatic