From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Wed, 8 Feb 2023 00:40:09 -0800
Subject: fork https://github.com/mattsta/mailweb

---
 ansible/roles/backup/tasks/main.yml | 40 +++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 ansible/roles/backup/tasks/main.yml

(limited to 'ansible/roles/backup/tasks')

diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml
new file mode 100644
index 0000000..fedc68b
--- /dev/null
+++ b/ansible/roles/backup/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: install borgbackup
+  apt:
+    pkg: borgbackup
+    state: latest
+
+- name: install borgmatic
+  pip:
+    name: borgmatic
+    state: latest
+
+- name: create backup config dir
+  file:
+    path: /etc/borgmatic.d
+    owner: "{{ backup.runAs }}"
+    mode: 0700
+    state: directory
+
+# Create backup config for entire server
+# Ideally we only have one type of data to backup per server and the rest
+# can be re-constructed as necessary through auto-deploy processes
+- name: populate borgmatic config with details for hosts
+  template:
+    src: borgmatic.yml.j2
+    dest: /etc/borgmatic.d/system.backup.yml
+    owner: "{{ backup.runAs }}"
+    mode: 0600
+
+# Note: right now we aren't populating an 'excludes' file
+# If we need 'excludes' in the future, append '--excludes [excludesDirsFile]'
+# ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY
+# Backup will stall if unattended ssh sees new host fingerprint needing approval
+- name: install backup crontab
+  cron:
+    name: "Backup Offsite"
+    minute: 32
+    hour: 3
+    job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml"
+    user: "{{ backup.runAs }}"
+    cron_file: backup_offsite
-- 
cgit v1.2.3