diff options
Diffstat (limited to 'ansible/roles/backup')
-rw-r--r-- | ansible/roles/backup/meta/main.yml | 4 | ||||
-rw-r--r-- | ansible/roles/backup/tasks/main.yml | 40 | ||||
-rw-r--r-- | ansible/roles/backup/templates/borgmatic.yml.j2 | 36 |
3 files changed, 80 insertions, 0 deletions
diff --git a/ansible/roles/backup/meta/main.yml b/ansible/roles/backup/meta/main.yml new file mode 100644 index 0000000..023023d --- /dev/null +++ b/ansible/roles/backup/meta/main.yml | |||
@@ -0,0 +1,4 @@ | |||
1 | --- | ||
2 | dependencies: | ||
3 | # borgmatic is inside a pip3 package | ||
4 | - role: pip3 | ||
diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml new file mode 100644 index 0000000..fedc68b --- /dev/null +++ b/ansible/roles/backup/tasks/main.yml | |||
@@ -0,0 +1,40 @@ | |||
1 | --- | ||
2 | - name: install borgbackup | ||
3 | apt: | ||
4 | pkg: borgbackup | ||
5 | state: latest | ||
6 | |||
7 | - name: install borgmatic | ||
8 | pip: | ||
9 | name: borgmatic | ||
10 | state: latest | ||
11 | |||
12 | - name: create backup config dir | ||
13 | file: | ||
14 | path: /etc/borgmatic.d | ||
15 | owner: "{{ backup.runAs }}" | ||
16 | mode: 0700 | ||
17 | state: directory | ||
18 | |||
19 | # Create backup config for entire server | ||
20 | # Ideally we only have one type of data to backup per server and the rest | ||
21 | # can be re-constructed as necessary through auto-deploy processes | ||
22 | - name: populate borgmatic config with details for hosts | ||
23 | template: | ||
24 | src: borgmatic.yml.j2 | ||
25 | dest: /etc/borgmatic.d/system.backup.yml | ||
26 | owner: "{{ backup.runAs }}" | ||
27 | mode: 0600 | ||
28 | |||
29 | # Note: right now we aren't populating an 'excludes' file | ||
30 | # If we need 'excludes' in the future, append '--excludes [excludesDirsFile]' | ||
31 | # ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY | ||
32 | # Backup will stall if unattended ssh sees new host fingerprint needing approval | ||
33 | - name: install backup crontab | ||
34 | cron: | ||
35 | name: "Backup Offsite" | ||
36 | minute: 32 | ||
37 | hour: 3 | ||
38 | job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml" | ||
39 | user: "{{ backup.runAs }}" | ||
40 | cron_file: backup_offsite | ||
diff --git a/ansible/roles/backup/templates/borgmatic.yml.j2 b/ansible/roles/backup/templates/borgmatic.yml.j2 new file mode 100644 index 0000000..864c8a6 --- /dev/null +++ b/ansible/roles/backup/templates/borgmatic.yml.j2 | |||
@@ -0,0 +1,36 @@ | |||
1 | location: | ||
2 | # List of source directories to backup. Globs are expanded. | ||
3 | source_directories: | ||
4 | {% for dir in backup.dirs %} | ||
5 | - {{ dir }} | ||
6 | {% endfor %} | ||
7 | |||
8 | # Paths to local or remote repositories. | ||
9 | repositories: | ||
10 | - {{ backup.host }}:{{ inventory_hostname }} | ||
11 | |||
12 | one_file_system: True | ||
13 | remote_path: borg1 | ||
14 | |||
15 | # Any paths matching these patterns are excluded from backups. | ||
16 | exclude_patterns: | ||
17 | - /home/*/.cache | ||
18 | |||
19 | storage: | ||
20 | encryption_passphrase: {{ backup.phrase }} | ||
21 | compression: lz4 | ||
22 | |||
23 | retention: | ||
24 | # Retention policy for how many backups to keep in each category. | ||
25 | keep_within: 3H | ||
26 | keep_daily: 7 | ||
27 | keep_weekly: 2 | ||
28 | keep_monthly: 3 | ||
29 | |||
30 | consistency: | ||
31 | # List of consistency checks to run: "repository", "archives", or both. | ||
32 | checks: | ||
33 | - repository | ||
34 | - archives | ||
35 | |||
36 | check_last: 1 | ||