WIP: backups with borg and borgmatic #39
4 changed files with 50 additions and 27 deletions
|
@ -1,3 +1,5 @@
|
||||||
---
|
---
|
||||||
borg_keep_hourly: 6
|
borg_keep_hourly: 6
|
||||||
|
borg_backup_exclude:
|
||||||
|
- "/var/lib/postgresql/"
|
||||||
...
|
...
|
||||||
|
|
|
@ -34,13 +34,13 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- name: Create configuration direcotory for borgmatic
|
- name: Create configuration directory for borgmatic
|
||||||
file:
|
file:
|
||||||
path: /etc/borgmatic
|
path: /etc/borgmatic
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: u=rw,g=r,o=
|
mode: u=rwx,g=rx,o=
|
||||||
|
|
||||||
- name: Add borgmatic configuration file
|
- name: Add borgmatic configuration file
|
||||||
become: true
|
become: true
|
||||||
|
@ -63,23 +63,42 @@
|
||||||
mode: u=rw,g=,o=
|
mode: u=rw,g=,o=
|
||||||
register: ssh_key
|
register: ssh_key
|
||||||
|
|
||||||
- name: Gather server facts
|
#- name: Gather server facts
|
||||||
|
# delegate_to: "{{ borg_server_host }}"
|
||||||
|
# delegate_facts: true
|
||||||
|
# setup:
|
||||||
|
# gather_subset:
|
||||||
|
# - all
|
||||||
|
# register: server_facts
|
||||||
|
#
|
||||||
|
#- name: Add server key to known hosts
|
||||||
|
# known_hosts:
|
||||||
|
# hash_host: true
|
||||||
|
# host: "{{ hostname }}"
|
||||||
|
# key: "{{ hostname }} {{ facts['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ facts['ansible_ssh_host_key_' + item + '_public'] }}"
|
||||||
|
# loop:
|
||||||
|
# - ecdsa
|
||||||
|
# - ed25519
|
||||||
|
# - rsa
|
||||||
|
# vars:
|
||||||
|
# hostname: {{ borg_server_host }}
|
||||||
|
# facts: {{ server_facts['ansible_facts'] }}
|
||||||
|
|
||||||
|
- name: Gather SSH host keys
|
||||||
delegate_to: "{{ borg_server_host }}"
|
delegate_to: "{{ borg_server_host }}"
|
||||||
delegate_facts: true
|
command: "ssh-keyscan {{ borg_server_host }}"
|
||||||
setup:
|
register: keys
|
||||||
gather_subset:
|
|
||||||
- all
|
- name: DEBUG
|
||||||
register: server_facts
|
debug:
|
||||||
|
var: keys.stdout_lines
|
||||||
|
|
||||||
- name: Add server key to known hosts
|
- name: Add server key to known hosts
|
||||||
known_hosts:
|
known_hosts:
|
||||||
hash_host: true
|
hash_host: true
|
||||||
host: "{{ borg_server_host }}"
|
host: "{{ borg_server_host }}"
|
||||||
key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}"
|
key: "{{ item }}"
|
||||||
loop:
|
loop: "{{ keys.stdout_lines }}"
|
||||||
- ecdsa
|
|
||||||
- ed25519
|
|
||||||
- rsa
|
|
||||||
|
|
||||||
- name: Add public key to remote
|
- name: Add public key to remote
|
||||||
delegate_to: "{{ borg_server_host }}"
|
delegate_to: "{{ borg_server_host }}"
|
||||||
|
|
|
@ -7,7 +7,7 @@ After=network-online.target
|
||||||
ConditionACPower=true
|
ConditionACPower=true
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=simple
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ location:
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
repositories:
|
repositories:
|
||||||
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
|
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
|
||||||
|
borgmatic_source_directory: /var/backups
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
encryption_passphrase: "{{ borg_encryption_passphrase }}"
|
encryption_passphrase: "{{ borg_encryption_passphrase }}"
|
||||||
|
@ -24,16 +25,16 @@ storage:
|
||||||
|
|
||||||
retention:
|
retention:
|
||||||
{% if borg_keep_hourly > 0 %}
|
{% if borg_keep_hourly > 0 %}
|
||||||
- keep_hourly: {{ borg_keep_hourly }}
|
keep_hourly: {{ borg_keep_hourly }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if borg_keep_daily > 0 %}
|
{% if borg_keep_daily > 0 %}
|
||||||
- keep_hourly: {{ borg_keep_daily }}
|
keep_daily: {{ borg_keep_daily }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if borg_keep_weekly > 0 %}
|
{% if borg_keep_weekly > 0 %}
|
||||||
- keep_hourly: {{ borg_keep_weekly }}
|
keep_weekly: {{ borg_keep_weekly }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if borg_keep_monthly > 0 %}
|
{% if borg_keep_monthly > 0 %}
|
||||||
- keep_hourly: {{ borg_keep_monthly }}
|
keep_monthly: {{ borg_keep_monthly }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
consistency:
|
consistency:
|
||||||
|
@ -45,5 +46,6 @@ consistency:
|
||||||
hooks:
|
hooks:
|
||||||
postgresql_databases:
|
postgresql_databases:
|
||||||
- name: all
|
- name: all
|
||||||
|
username: postgres
|
||||||
{% endif %}
|
{% endif %}
|
||||||
...
|
...
|
||||||
|
|
Loading…
Reference in a new issue