crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ajout des backups avec restic

mise_a_niveau
korenstin 2024-11-16 22:16:14 +01:00
parent 8c15a54cf2
commit 1f5129092e
15 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
all.yml
View File

@ -49,6 +49,7 @@
- import_playbook: plays/radvd.yml - import_playbook: plays/radvd.yml
- import_playbook: plays/re2o-ldap.yml - import_playbook: plays/re2o-ldap.yml
- import_playbook: plays/re2o.yml - import_playbook: plays/re2o.yml
- import_playbook: plays/restic_client.yml
- import_playbook: plays/reverse-proxy.yml - import_playbook: plays/reverse-proxy.yml
- import_playbook: plays/root.yml - import_playbook: plays/root.yml
- import_playbook: plays/roundcube.yml - import_playbook: plays/roundcube.yml

9
group_vars/all/restic.yml 100644
View File

@ -0,0 +1,9 @@
---
glob_restic:
to_exclude:
- /var/lib/lxcfs
to_backup:
- /etc
- /var
remote:
- rest:http://{{ ansible_hostname }}:{{ vault.restic[ansible_hostname].rest_password }}@172.16.10.14/{{ ansible_hostname }}/base

8
plays/restic_client.yml 100755
View File

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts: server
vars:
restic: "{{ glob_restic | default({}) | combine(loc_borg | default({})) }}"
roles:
- restic-client

1
plays/root.yml
View File

@ -30,6 +30,7 @@
- import_playbook: scripts.yml - import_playbook: scripts.yml
- import_playbook: vm_setup.yml - import_playbook: vm_setup.yml
- import_playbook: borgbackup_client.yml - import_playbook: borgbackup_client.yml
- import_playbook: restic_client.yml
- import_playbook: network_interfaces.yml - import_playbook: network_interfaces.yml
- import_playbook: nullmailer.yml - import_playbook: nullmailer.yml

5
roles/restic-client/handlers/main.yml 100644
View File

@ -0,0 +1,5 @@
---
- name: Restart timer
service:
name: restic-base.timer
state: restarted

51
roles/restic-client/tasks/main.yml 100644
View File

@ -0,0 +1,51 @@
---
- name: Install restic
apt:
update_cache: true
name:
- restic
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensures /etc/restic exists
file:
path: /etc/restic
state: directory
mode: 0700
owner: root
- name: Deploy restic config
template:
src: "{{ item }}.j2"
dest: /etc/{{ item }}
mode: 0600
owner: root
group: root
loop:
- restic/base.env
- restic/base-excludes
- restic/base-includes
- restic/base-password
- restic/base-repo
- systemd/system/restic-base.service
- systemd/system/restic-base.timer
notify: Restart timer
- name: Init restic repository
command:
cmd: "restic init --repository-file /etc/restic/base-repo --password-file /etc/restic/base-password"
register: restic_init
ignore_errors: true
- name: Indicate role in motd
template:
src: update-motd.d/04-service.j2
dest: /etc/update-motd.d/04-restic
mode: 0755
- name: Enable timer
service:
name: restic-base.timer
enabled: true

3
roles/restic-client/templates/restic/base-excludes.j2 100644
View File

@ -0,0 +1,3 @@
{% for dir in restic.to_exclude %}
{{ dir }}
{% endfor %}

3
roles/restic-client/templates/restic/base-includes.j2 100644
View File

@ -0,0 +1,3 @@
{% for dir in restic.to_backup %}
{{ dir }}
{% endfor %}

1
roles/restic-client/templates/restic/base-password.j2 100644
View File

@ -0,0 +1 @@
{{ vault.restic[ansible_hostname].repo_password }}

3
roles/restic-client/templates/restic/base-repo.j2 100644
View File

@ -0,0 +1,3 @@
{% for repo in restic.remote %}
{{ repo }}
{% endfor %}

9
roles/restic-client/templates/restic/base.env.j2 100644
View File

@ -0,0 +1,9 @@
{{ ansible_header | comment }}
RESTIC_REPOSITORY_FILE="/etc/restic/base-repo"
RESTIC_PASSWORD_FILE="/etc/restic/base-password"
RESTIC_CACHE_DIR="/var/cache/restic"
RESTIC_COMPRESSION="max"
RESTIC_PROGRESS_FPS=1
RESTIC_PACK_SIZE="64M"

13
roles/restic-client/templates/systemd/system/restic-base.service.j2 100644
View File

@ -0,0 +1,13 @@
{{ ansible_header | comment }}
[Unit]
After=network-online.target
Wants=network-online.target
[Service]
EnvironmentFile=/etc/restic/base.env
ExecStart=restic backup --files-from=/etc/restic/base-includes --exclude-file=/etc/restic/base-excludes
ExecStart=restic forget --prune --keep-daily 2 --keep-weekly 2 --keep-monthly 2 --keep-yearly 1
Type=oneshot
User=root

10
roles/restic-client/templates/systemd/system/restic-base.timer.j2 100644
View File

@ -0,0 +1,10 @@
{{ ansible_header | comment }}
[Unit]
[Timer]
OnCalendar={{ 24 | random(seed=inventory_hostname) }}:{{ 60 | random(seed=inventory_hostname) }}
Persistent=true
[Install]
WantedBy=timers.target

3
roles/restic-client/templates/update-motd.d/04-service.j2 100755
View File

@ -0,0 +1,3 @@
#!/usr/bin/tail +14
{{ ansible_header | comment }}
> Restic (Client) a été déployé sur cette machine. Voir /etc/restic/.

0
{attempts: 100644
View File