1 files changed, 40 insertions, 0 deletions
diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml
new file mode 100644
index 0000000..fedc68b
--- /dev/null
+++ b/ansible/roles/backup/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: install borgbackup
+  apt:
+    pkg: borgbackup
+    state: latest
+- name: install borgmatic
+  pip:
+    name: borgmatic
+    state: latest
+- name: create backup config dir
+  file:
+    path: /etc/borgmatic.d
+    owner: "{{ backup.runAs }}"
+    mode: 0700
+    state: directory
+# Create backup config for entire server
+# Ideally we only have one type of data to backup per server and the rest
+# can be re-constructed as necessary through auto-deploy processes
+- name: populate borgmatic config with details for hosts
+  template:
+    src: borgmatic.yml.j2
+    dest: /etc/borgmatic.d/system.backup.yml
+    owner: "{{ backup.runAs }}"
+    mode: 0600
+# Note: right now we aren't populating an 'excludes' file
+# If we need 'excludes' in the future, append '--excludes [excludesDirsFile]'
+# ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY
+# Backup will stall if unattended ssh sees new host fingerprint needing approval
+- name: install backup crontab
+  cron:
+    name: "Backup Offsite"
+    minute: 32
+    hour: 3
+    job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml"
+    user: "{{ backup.runAs }}"
+    cron_file: backup_offsite

diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml new file mode 100644 index 0000000..fedc68b --- /dev/null +++ b/ansible/roles/backup/tasks/main.yml
@@ -0,0 +1,40 @@
	1	---
	2	- name: install borgbackup
	3	apt:
	4	pkg: borgbackup
	5	state: latest
	6
	7	- name: install borgmatic
	8	pip:
	9	name: borgmatic
	10	state: latest
	11
	12	- name: create backup config dir
	13	file:
	14	path: /etc/borgmatic.d
	15	owner: "{{ backup.runAs }}"
	16	mode: 0700
	17	state: directory
	18
	19	# Create backup config for entire server
	20	# Ideally we only have one type of data to backup per server and the rest
	21	# can be re-constructed as necessary through auto-deploy processes
	22	- name: populate borgmatic config with details for hosts
	23	template:
	24	src: borgmatic.yml.j2
	25	dest: /etc/borgmatic.d/system.backup.yml
	26	owner: "{{ backup.runAs }}"
	27	mode: 0600
	28
	29	# Note: right now we aren't populating an 'excludes' file
	30	# If we need 'excludes' in the future, append '--excludes [excludesDirsFile]'
	31	# ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY
	32	# Backup will stall if unattended ssh sees new host fingerprint needing approval
	33	- name: install backup crontab
	34	cron:
	35	name: "Backup Offsite"
	36	minute: 32
	37	hour: 3
	38	job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml"
	39	user: "{{ backup.runAs }}"
	40	cron_file: backup_offsite