WIP: backups with borg and borgmatic #39
4 changed files with 50 additions and 27 deletions
|
@ -1,3 +1,5 @@
|
|||
---
|
||||
borg_keep_hourly: 6
|
||||
borg_backup_exclude:
|
||||
- "/var/lib/postgresql/"
|
||||
...
|
||||
|
|
|
@ -34,13 +34,13 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Create configuration direcotory for borgmatic
|
||||
- name: Create configuration directory for borgmatic
|
||||
file:
|
||||
path: /etc/borgmatic
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=
|
||||
mode: u=rwx,g=rx,o=
|
||||
|
||||
- name: Add borgmatic configuration file
|
||||
become: true
|
||||
|
@ -63,23 +63,42 @@
|
|||
mode: u=rw,g=,o=
|
||||
register: ssh_key
|
||||
|
||||
- name: Gather server facts
|
||||
#- name: Gather server facts
|
||||
# delegate_to: "{{ borg_server_host }}"
|
||||
# delegate_facts: true
|
||||
# setup:
|
||||
# gather_subset:
|
||||
# - all
|
||||
# register: server_facts
|
||||
#
|
||||
#- name: Add server key to known hosts
|
||||
# known_hosts:
|
||||
# hash_host: true
|
||||
# host: "{{ hostname }}"
|
||||
# key: "{{ hostname }} {{ facts['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ facts['ansible_ssh_host_key_' + item + '_public'] }}"
|
||||
# loop:
|
||||
# - ecdsa
|
||||
# - ed25519
|
||||
# - rsa
|
||||
# vars:
|
||||
# hostname: {{ borg_server_host }}
|
||||
# facts: {{ server_facts['ansible_facts'] }}
|
||||
|
||||
- name: Gather SSH host keys
|
||||
delegate_to: "{{ borg_server_host }}"
|
||||
delegate_facts: true
|
||||
setup:
|
||||
gather_subset:
|
||||
- all
|
||||
register: server_facts
|
||||
command: "ssh-keyscan {{ borg_server_host }}"
|
||||
register: keys
|
||||
|
||||
- name: DEBUG
|
||||
debug:
|
||||
var: keys.stdout_lines
|
||||
|
||||
- name: Add server key to known hosts
|
||||
known_hosts:
|
||||
hash_host: true
|
||||
host: "{{ borg_server_host }}"
|
||||
key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}"
|
||||
loop:
|
||||
- ecdsa
|
||||
- ed25519
|
||||
- rsa
|
||||
key: "{{ item }}"
|
||||
loop: "{{ keys.stdout_lines }}"
|
||||
|
||||
- name: Add public key to remote
|
||||
delegate_to: "{{ borg_server_host }}"
|
||||
|
|
|
@ -7,7 +7,7 @@ After=network-online.target
|
|||
ConditionACPower=true
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Type=simple
|
||||
ProtectSystem=full
|
||||
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ location:
|
|||
{% endfor %}
|
||||
repositories:
|
||||
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
|
||||
borgmatic_source_directory: /var/backups
|
||||
|
||||
storage:
|
||||
encryption_passphrase: "{{ borg_encryption_passphrase }}"
|
||||
|
@ -24,16 +25,16 @@ storage:
|
|||
|
||||
retention:
|
||||
{% if borg_keep_hourly > 0 %}
|
||||
- keep_hourly: {{ borg_keep_hourly }}
|
||||
keep_hourly: {{ borg_keep_hourly }}
|
||||
{% endif %}
|
||||
{% if borg_keep_daily > 0 %}
|
||||
- keep_hourly: {{ borg_keep_daily }}
|
||||
keep_daily: {{ borg_keep_daily }}
|
||||
{% endif %}
|
||||
{% if borg_keep_weekly > 0 %}
|
||||
- keep_hourly: {{ borg_keep_weekly }}
|
||||
keep_weekly: {{ borg_keep_weekly }}
|
||||
{% endif %}
|
||||
{% if borg_keep_monthly > 0 %}
|
||||
- keep_hourly: {{ borg_keep_monthly }}
|
||||
keep_monthly: {{ borg_keep_monthly }}
|
||||
{% endif %}
|
||||
|
||||
consistency:
|
||||
|
@ -45,5 +46,6 @@ consistency:
|
|||
hooks:
|
||||
postgresql_databases:
|
||||
- name: all
|
||||
username: postgres
|
||||
{% endif %}
|
||||
...
|
||||
|
|
Loading…
Reference in a new issue