From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Wed, 8 Feb 2023 00:40:09 -0800 Subject: fork https://github.com/mattsta/mailweb --- ansible/roles/backup/meta/main.yml | 4 +++ ansible/roles/backup/tasks/main.yml | 40 +++++++++++++++++++++++++ ansible/roles/backup/templates/borgmatic.yml.j2 | 36 ++++++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 ansible/roles/backup/meta/main.yml create mode 100644 ansible/roles/backup/tasks/main.yml create mode 100644 ansible/roles/backup/templates/borgmatic.yml.j2 (limited to 'ansible/roles/backup') diff --git a/ansible/roles/backup/meta/main.yml b/ansible/roles/backup/meta/main.yml new file mode 100644 index 0000000..023023d --- /dev/null +++ b/ansible/roles/backup/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + # borgmatic is inside a pip3 package + - role: pip3 diff --git a/ansible/roles/backup/tasks/main.yml b/ansible/roles/backup/tasks/main.yml new file mode 100644 index 0000000..fedc68b --- /dev/null +++ b/ansible/roles/backup/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: install borgbackup + apt: + pkg: borgbackup + state: latest + +- name: install borgmatic + pip: + name: borgmatic + state: latest + +- name: create backup config dir + file: + path: /etc/borgmatic.d + owner: "{{ backup.runAs }}" + mode: 0700 + state: directory + +# Create backup config for entire server +# Ideally we only have one type of data to backup per server and the rest +# can be re-constructed as necessary through auto-deploy processes +- name: populate borgmatic config with details for hosts + template: + src: borgmatic.yml.j2 + dest: /etc/borgmatic.d/system.backup.yml + owner: "{{ backup.runAs }}" + mode: 0600 + +# Note: right now we aren't populating an 'excludes' file +# If we need 'excludes' in the future, append '--excludes [excludesDirsFile]' +# ALSO NOTE: your backup.runAs user MUST MANUALLY ACCEPT THE BACKUP HOST SSH KEY +# Backup will stall if unattended ssh sees new host fingerprint needing approval +- name: install backup crontab + cron: + name: "Backup Offsite" + minute: 32 + hour: 3 + job: "borgmatic --verbosity 1 -c /etc/borgmatic.d/system.backup.yml" + user: "{{ backup.runAs }}" + cron_file: backup_offsite diff --git a/ansible/roles/backup/templates/borgmatic.yml.j2 b/ansible/roles/backup/templates/borgmatic.yml.j2 new file mode 100644 index 0000000..864c8a6 --- /dev/null +++ b/ansible/roles/backup/templates/borgmatic.yml.j2 @@ -0,0 +1,36 @@ +location: + # List of source directories to backup. Globs are expanded. + source_directories: +{% for dir in backup.dirs %} + - {{ dir }} +{% endfor %} + + # Paths to local or remote repositories. + repositories: + - {{ backup.host }}:{{ inventory_hostname }} + + one_file_system: True + remote_path: borg1 + + # Any paths matching these patterns are excluded from backups. + exclude_patterns: + - /home/*/.cache + +storage: + encryption_passphrase: {{ backup.phrase }} + compression: lz4 + +retention: + # Retention policy for how many backups to keep in each category. + keep_within: 3H + keep_daily: 7 + keep_weekly: 2 + keep_monthly: 3 + +consistency: + # List of consistency checks to run: "repository", "archives", or both. + checks: + - repository + - archives + + check_last: 1 -- cgit v1.2.3