WIP: backups with borg and borgmatic #39

Manually merged
jeltz merged 45 commits from backups into master 2024-07-01 01:55:28 +02:00
4 changed files with 50 additions and 27 deletions
Showing only changes of commit 243ec1fe9d - Show all commits

View file

@ -1,3 +1,5 @@
--- ---
borg_keep_hourly: 6 borg_keep_hourly: 6
borg_backup_exclude:
- "/var/lib/postgresql/"
... ...

View file

@ -34,13 +34,13 @@
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Create configuration direcotory for borgmatic - name: Create configuration directory for borgmatic
file: file:
path: /etc/borgmatic path: /etc/borgmatic
state: directory state: directory
owner: root owner: root
group: root group: root
mode: u=rw,g=r,o= mode: u=rwx,g=rx,o=
- name: Add borgmatic configuration file - name: Add borgmatic configuration file
become: true become: true
@ -63,23 +63,42 @@
mode: u=rw,g=,o= mode: u=rw,g=,o=
register: ssh_key register: ssh_key
- name: Gather server facts #- name: Gather server facts
# delegate_to: "{{ borg_server_host }}"
# delegate_facts: true
# setup:
# gather_subset:
# - all
# register: server_facts
#
#- name: Add server key to known hosts
# known_hosts:
# hash_host: true
# host: "{{ hostname }}"
# key: "{{ hostname }} {{ facts['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ facts['ansible_ssh_host_key_' + item + '_public'] }}"
# loop:
# - ecdsa
# - ed25519
# - rsa
# vars:
# hostname: {{ borg_server_host }}
# facts: {{ server_facts['ansible_facts'] }}
- name: Gather SSH host keys
delegate_to: "{{ borg_server_host }}" delegate_to: "{{ borg_server_host }}"
delegate_facts: true command: "ssh-keyscan {{ borg_server_host }}"
setup: register: keys
gather_subset:
- all - name: DEBUG
register: server_facts debug:
var: keys.stdout_lines
- name: Add server key to known hosts - name: Add server key to known hosts
known_hosts: known_hosts:
hash_host: true hash_host: true
host: "{{ borg_server_host }}" host: "{{ borg_server_host }}"
key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}" key: "{{ item }}"
loop: loop: "{{ keys.stdout_lines }}"
- ecdsa
- ed25519
- rsa
- name: Add public key to remote - name: Add public key to remote
delegate_to: "{{ borg_server_host }}" delegate_to: "{{ borg_server_host }}"

View file

@ -7,7 +7,7 @@ After=network-online.target
ConditionACPower=true ConditionACPower=true
[Service] [Service]
Type=oneshot Type=simple
ProtectSystem=full ProtectSystem=full
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW

View file

@ -12,6 +12,7 @@ location:
{% endfor %} {% endfor %}
repositories: repositories:
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }} - {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
borgmatic_source_directory: /var/backups
storage: storage:
encryption_passphrase: "{{ borg_encryption_passphrase }}" encryption_passphrase: "{{ borg_encryption_passphrase }}"
@ -23,18 +24,18 @@ storage:
retention: retention:
{% if borg_keep_hourly > 0 %} {% if borg_keep_hourly > 0 %}
- keep_hourly: {{ borg_keep_hourly }} keep_hourly: {{ borg_keep_hourly }}
{% endif %} {% endif %}
{% if borg_keep_daily > 0 %} {% if borg_keep_daily > 0 %}
- keep_hourly: {{ borg_keep_daily }} keep_daily: {{ borg_keep_daily }}
{% endif %} {% endif %}
{% if borg_keep_weekly > 0 %} {% if borg_keep_weekly > 0 %}
- keep_hourly: {{ borg_keep_weekly }} keep_weekly: {{ borg_keep_weekly }}
{% endif %} {% endif %}
{% if borg_keep_monthly > 0 %} {% if borg_keep_monthly > 0 %}
- keep_hourly: {{ borg_keep_monthly }} keep_monthly: {{ borg_keep_monthly }}
{% endif %} {% endif %}
consistency: consistency:
checks: checks:
@ -45,5 +46,6 @@ consistency:
hooks: hooks:
postgresql_databases: postgresql_databases:
- name: all - name: all
username: postgres
{% endif %} {% endif %}
... ...