summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/backup')
-rw-r--r--ansible/roles/backup/meta/main.yml4
-rw-r--r--ansible/roles/backup/tasks/main.yml40
-rw-r--r--ansible/roles/backup/templates/borgmatic.yml.j236
3 files changed, 80 insertions, 0 deletions
diff --git a/ansible/roles/backup/meta/main.yml b/ansible/roles/backup/meta/main.yml
new file mode 100644
index 0000000..023023d
--- /dev/null
+++ b/ansible/roles/backup/meta/main.yml
@@ -0,0 +1,4 @@
1---
2dependencies:
3 # borgmatic is inside a pip3 package
4 - role: pip3
diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml
new file mode 100644
index 0000000..fedc68b
--- /dev/null
+++ b/ansible/roles/backup/tasks/main.yml
@@ -0,0 +1,40 @@
1---
2- name: install borgbackup
3 apt:
4 pkg: borgbackup
5 state: latest
6
7- name: install borgmatic
8 pip:
9 name: borgmatic
10 state: latest
11
12- name: create backup config dir
13 file:
14 path: /etc/borgmatic.d
15 owner: "{{ backup.runAs }}"
16 mode: 0700
17 state: directory
18
19# Create backup config for entire server
20# Ideally we only have one type of data to backup per server and the rest
21# can be re-constructed as necessary through auto-deploy processes
22- name: populate borgmatic config with details for hosts
23 template:
24 src: borgmatic.yml.j2
25 dest: /etc/borgmatic.d/system.backup.yml
26 owner: "{{ backup.runAs }}"
27 mode: 0600
28
29# Note: right now we aren't populating an 'excludes' file
30# If we need 'excludes' in the future, append '--excludes [excludesDirsFile]'
31# ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY
32# Backup will stall if unattended ssh sees new host fingerprint needing approval
33- name: install backup crontab
34 cron:
35 name: "Backup Offsite"
36 minute: 32
37 hour: 3
38 job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml"
39 user: "{{ backup.runAs }}"
40 cron_file: backup_offsite
diff --git a/ansible/roles/backup/templates/borgmatic.yml.j2 b/ansible/roles/backup/templates/borgmatic.yml.j2
new file mode 100644
index 0000000..864c8a6
--- /dev/null
+++ b/ansible/roles/backup/templates/borgmatic.yml.j2
@@ -0,0 +1,36 @@
1location:
2 # List of source directories to backup. Globs are expanded.
3 source_directories:
4{% for dir in backup.dirs %}
5 - {{ dir }}
6{% endfor %}
7
8 # Paths to local or remote repositories.
9 repositories:
10 - {{ backup.host }}:{{ inventory_hostname }}
11
12 one_file_system: True
13 remote_path: borg1
14
15 # Any paths matching these patterns are excluded from backups.
16 exclude_patterns:
17 - /home/*/.cache
18
19storage:
20 encryption_passphrase: {{ backup.phrase }}
21 compression: lz4
22
23retention:
24 # Retention policy for how many backups to keep in each category.
25 keep_within: 3H
26 keep_daily: 7
27 keep_weekly: 2
28 keep_monthly: 3
29
30consistency:
31 # List of consistency checks to run: "repository", "archives", or both.
32 checks:
33 - repository
34 - archives
35
36 check_last: 1
Powered by cgit v1.2.3 (git 2.41.0)