WIP: backups with borg and borgmatic #39

Manually merged
jeltz merged 45 commits from backups into master 2024-07-01 01:55:28 +02:00
4 changed files with 50 additions and 27 deletions
Showing only changes of commit 243ec1fe9d - Show all commits

View file

@ -1,3 +1,5 @@
---
borg_keep_hourly: 6
borg_backup_exclude:
- "/var/lib/postgresql/"
...

View file

@ -34,13 +34,13 @@
retries: 3
until: apt_result is succeeded
- name: Create configuration direcotory for borgmatic
- name: Create configuration directory for borgmatic
file:
path: /etc/borgmatic
state: directory
owner: root
group: root
mode: u=rw,g=r,o=
mode: u=rwx,g=rx,o=
- name: Add borgmatic configuration file
become: true
@ -63,23 +63,42 @@
mode: u=rw,g=,o=
register: ssh_key
- name: Gather server facts
#- name: Gather server facts
# delegate_to: "{{ borg_server_host }}"
# delegate_facts: true
# setup:
# gather_subset:
# - all
# register: server_facts
#
#- name: Add server key to known hosts
# known_hosts:
# hash_host: true
# host: "{{ hostname }}"
# key: "{{ hostname }} {{ facts['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ facts['ansible_ssh_host_key_' + item + '_public'] }}"
# loop:
# - ecdsa
# - ed25519
# - rsa
# vars:
# hostname: {{ borg_server_host }}
# facts: {{ server_facts['ansible_facts'] }}
- name: Gather SSH host keys
delegate_to: "{{ borg_server_host }}"
delegate_facts: true
setup:
gather_subset:
- all
register: server_facts
command: "ssh-keyscan {{ borg_server_host }}"
register: keys
- name: DEBUG
debug:
var: keys.stdout_lines
- name: Add server key to known hosts
known_hosts:
hash_host: true
host: "{{ borg_server_host }}"
key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}"
loop:
- ecdsa
- ed25519
- rsa
key: "{{ item }}"
loop: "{{ keys.stdout_lines }}"
- name: Add public key to remote
delegate_to: "{{ borg_server_host }}"

View file

@ -7,7 +7,7 @@ After=network-online.target
ConditionACPower=true
[Service]
Type=oneshot
Type=simple
ProtectSystem=full
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW

View file

@ -12,6 +12,7 @@ location:
{% endfor %}
repositories:
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
borgmatic_source_directory: /var/backups
storage:
encryption_passphrase: "{{ borg_encryption_passphrase }}"
@ -24,16 +25,16 @@ storage:
retention:
{% if borg_keep_hourly > 0 %}
- keep_hourly: {{ borg_keep_hourly }}
keep_hourly: {{ borg_keep_hourly }}
{% endif %}
{% if borg_keep_daily > 0 %}
- keep_hourly: {{ borg_keep_daily }}
keep_daily: {{ borg_keep_daily }}
{% endif %}
{% if borg_keep_weekly > 0 %}
- keep_hourly: {{ borg_keep_weekly }}
keep_weekly: {{ borg_keep_weekly }}
{% endif %}
{% if borg_keep_monthly > 0 %}
- keep_hourly: {{ borg_keep_monthly }}
keep_monthly: {{ borg_keep_monthly }}
{% endif %}
consistency:
@ -45,5 +46,6 @@ consistency:
hooks:
postgresql_databases:
- name: all
username: postgres
{% endif %}
...