From b3e4383a01db97ca66a53cd9e1f6cee9025997d9 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 29 Nov 2020 20:39:17 +0100 Subject: [PATCH 01/11] [Borgbackup] Init borgbackup role --- roles/borgbackup-client/tasks/main.yml | 55 +++++++++++++++++++ .../templates/borgbackup/backup.sh.j2 | 0 .../templates/borgbackup/id_ed25519.j2 | 0 .../templates/cron.d/borgbackup | 0 4 files changed, 55 insertions(+) create mode 100644 roles/borgbackup-client/tasks/main.yml create mode 100644 roles/borgbackup-client/templates/borgbackup/backup.sh.j2 create mode 100644 roles/borgbackup-client/templates/borgbackup/id_ed25519.j2 create mode 100644 roles/borgbackup-client/templates/cron.d/borgbackup diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml new file mode 100644 index 00000000..2e68a2ae --- /dev/null +++ b/roles/borgbackup-client/tasks/main.yml @@ -0,0 +1,55 @@ +--- +- name: Install borgbackup + apt: + update_cache: true + name: + - borgbackup + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Install borgbackup + apt: + update_cache: true + name: + - borgmatic + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + when: ansible_lsb.release >= 10 + +- name: Ensures /etc/borgbackup exists + file: + path: /etc/borgbackup + state: directory + mode: 0700 + owner: root + +- name: Deploy ssh private key + template: + src: "borgbackup/id_ed25519.j2" + dest: "/etc/borgbackup/id_ed25519" + mode: 0600 + owner: root + +- name: Deploy borgbackup script + template: + src: "borgbackup/backup.sh.j2" + dest: "/etc/borgbackup/backup.sh" + mode: 0700 + owner: root + when: ansible_lsb.release <= 9 + +- name: Deploy borgmatic config + template: + src: "borgbackup/config.yaml.j2" + dest: "/etc/borgbackup/config.yaml" + when: ansible_lsb.release >= 10 + +- name: Deploy borg cron + template: + src: "cron.d/borgbackup.j2" + dest: "/etc/cron.d/borgbackup" + diff --git a/roles/borgbackup-client/templates/borgbackup/backup.sh.j2 b/roles/borgbackup-client/templates/borgbackup/backup.sh.j2 new file mode 100644 index 00000000..e69de29b diff --git a/roles/borgbackup-client/templates/borgbackup/id_ed25519.j2 b/roles/borgbackup-client/templates/borgbackup/id_ed25519.j2 new file mode 100644 index 00000000..e69de29b diff --git a/roles/borgbackup-client/templates/cron.d/borgbackup b/roles/borgbackup-client/templates/cron.d/borgbackup new file mode 100644 index 00000000..e69de29b From bb08b4312a5f530a721b76e341274a56b4c0306e Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Wed, 2 Dec 2020 16:01:07 +0100 Subject: [PATCH 02/11] [borg] Use borgmatic --- roles/borgbackup-client/tasks/main.yml | 33 ++++++++++--------- .../backup.sh.j2 => borgmatic/config.yaml.j2} | 0 .../{borgbackup => borgmatic}/id_ed25519.j2 | 0 3 files changed, 17 insertions(+), 16 deletions(-) rename roles/borgbackup-client/templates/{borgbackup/backup.sh.j2 => borgmatic/config.yaml.j2} (100%) rename roles/borgbackup-client/templates/{borgbackup => borgmatic}/id_ed25519.j2 (100%) diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index 2e68a2ae..8b5a68d6 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -9,7 +9,7 @@ retries: 3 until: apt_result is succeeded -- name: Install borgbackup +- name: Install borgmatic with apt apt: update_cache: true name: @@ -19,10 +19,20 @@ retries: 3 until: apt_result is succeeded when: ansible_lsb.release >= 10 + +- name: Install borgmatic with pip + pip: + executable: pip3 + name: + - borgmatic + register: pip_result + retries: 3 + until: pip_result is succeeded + when: ansible_lsb.release <= 9 -- name: Ensures /etc/borgbackup exists +- name: Ensures /etc/borgmatic exists file: - path: /etc/borgbackup + path: /etc/borgmatic state: directory mode: 0700 owner: root @@ -34,22 +44,13 @@ mode: 0600 owner: root -- name: Deploy borgbackup script - template: - src: "borgbackup/backup.sh.j2" - dest: "/etc/borgbackup/backup.sh" - mode: 0700 - owner: root - when: ansible_lsb.release <= 9 - - name: Deploy borgmatic config template: - src: "borgbackup/config.yaml.j2" - dest: "/etc/borgbackup/config.yaml" - when: ansible_lsb.release >= 10 + src: "borgmatic/config.yaml.j2" + dest: "/etc/borgmatic/config.yaml" - name: Deploy borg cron template: - src: "cron.d/borgbackup.j2" - dest: "/etc/cron.d/borgbackup" + src: "cron.d/borg.j2" + dest: "/etc/cron.d/borg" diff --git a/roles/borgbackup-client/templates/borgbackup/backup.sh.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 similarity index 100% rename from roles/borgbackup-client/templates/borgbackup/backup.sh.j2 rename to roles/borgbackup-client/templates/borgmatic/config.yaml.j2 diff --git a/roles/borgbackup-client/templates/borgbackup/id_ed25519.j2 b/roles/borgbackup-client/templates/borgmatic/id_ed25519.j2 similarity index 100% rename from roles/borgbackup-client/templates/borgbackup/id_ed25519.j2 rename to roles/borgbackup-client/templates/borgmatic/id_ed25519.j2 From acafd5b7c89f1a8987682a7f9947ebcfe8a36e5b Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Wed, 2 Dec 2020 19:42:21 +0100 Subject: [PATCH 03/11] [Borgbackup] Pull borg from bullseye and deploy configuration. --- group_vars/crans_server/vars.yml | 13 +++ plays/backup.yml | 19 ++--- roles/borgbackup-client/tasks/main.yml | 36 ++++---- .../apt/preferences.d/borgmatic-bullseye.j2 | 12 +++ .../apt/sources.list.d/bullseye.list.j2 | 3 + .../templates/borgmatic/config.yaml.j2 | 83 +++++++++++++++++++ .../templates/borgmatic/id_ed25519.j2 | 0 .../templates/borgmatic/id_ed25519_borg.j2 | 1 + .../templates/cron.d/borg.j2 | 5 ++ .../templates/cron.d/borgbackup | 0 10 files changed, 137 insertions(+), 35 deletions(-) create mode 100644 roles/borgbackup-client/templates/apt/preferences.d/borgmatic-bullseye.j2 create mode 100644 roles/borgbackup-client/templates/apt/sources.list.d/bullseye.list.j2 delete mode 100644 roles/borgbackup-client/templates/borgmatic/id_ed25519.j2 create mode 100644 roles/borgbackup-client/templates/borgmatic/id_ed25519_borg.j2 create mode 100644 roles/borgbackup-client/templates/cron.d/borg.j2 delete mode 100644 roles/borgbackup-client/templates/cron.d/borgbackup diff --git a/group_vars/crans_server/vars.yml b/group_vars/crans_server/vars.yml index 136ce4ab..e05f2029 100644 --- a/group_vars/crans_server/vars.yml +++ b/group_vars/crans_server/vars.yml @@ -7,3 +7,16 @@ ldap: # Parameters for debian mirror debian_mirror: http://mirror.adm.crans.org/debian debian_components: main non-free + + +glob_borg: + to_backup: + - /etc + - /var + remote: + - borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }} + retention: + - ["daily", 4] + - ["monthly", 6] + consistency_check: + - disabled diff --git a/plays/backup.yml b/plays/backup.yml index b39bb870..c656364c 100755 --- a/plays/backup.yml +++ b/plays/backup.yml @@ -1,17 +1,10 @@ #!/usr/bin/env ansible-playbook --- -# zephir backups virtual machines. -# omnomnom backups home dirs. -- import_playbook: get_adm_iface.yml +- hosts: server + vars: + borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}' + mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}' + roles: + - borgbackup-client -# Rsync client on all server to allow backup -#- hosts: server -# vars: -# # Backup password -# backuppc_rsyncd_passwd: "{{ vault_backuppc_rsyncd_passwd }}" -# roles: ["rsync-client"] - -# Backuppc backup software -#- hosts: zephir.adm.crans.org,omnomnom.adm.crans.org -# roles: ["backuppc"] diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index 8b5a68d6..26dc4e67 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -1,35 +1,24 @@ --- +- name: Pin borgmatic + template: + src: "apt/{{ item }}.j2" + dest: "/etc/apt/{{ item }}" + loop: + - sources.list.d/bullseye.list + - preferences.d/borgmatic-bullseye + when: ansible_lsb.release | int <= 10 + - name: Install borgbackup apt: update_cache: true name: - borgbackup - state: present - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Install borgmatic with apt - apt: - update_cache: true - name: - borgmatic state: present register: apt_result retries: 3 until: apt_result is succeeded - when: ansible_lsb.release >= 10 -- name: Install borgmatic with pip - pip: - executable: pip3 - name: - - borgmatic - register: pip_result - retries: 3 - until: pip_result is succeeded - when: ansible_lsb.release <= 9 - - name: Ensures /etc/borgmatic exists file: path: /etc/borgmatic @@ -39,8 +28,8 @@ - name: Deploy ssh private key template: - src: "borgbackup/id_ed25519.j2" - dest: "/etc/borgbackup/id_ed25519" + src: "borgmatic/id_ed25519_borg.j2" + dest: "/etc/borgmatic/id_ed25519_borg" mode: 0600 owner: root @@ -48,6 +37,9 @@ template: src: "borgmatic/config.yaml.j2" dest: "/etc/borgmatic/config.yaml" + mode: 0600 + owner: root + group: root - name: Deploy borg cron template: diff --git a/roles/borgbackup-client/templates/apt/preferences.d/borgmatic-bullseye.j2 b/roles/borgbackup-client/templates/apt/preferences.d/borgmatic-bullseye.j2 new file mode 100644 index 00000000..32e59b73 --- /dev/null +++ b/roles/borgbackup-client/templates/apt/preferences.d/borgmatic-bullseye.j2 @@ -0,0 +1,12 @@ +{{ ansible_header | comment }} + + +Package: * +Pin: release n=bullseye +Pin-Priority: 1 + + +Package: borgmatic +Pin: release n=bullseye +Pin-Priority: 900 + diff --git a/roles/borgbackup-client/templates/apt/sources.list.d/bullseye.list.j2 b/roles/borgbackup-client/templates/apt/sources.list.d/bullseye.list.j2 new file mode 100644 index 00000000..e8bbe8d2 --- /dev/null +++ b/roles/borgbackup-client/templates/apt/sources.list.d/bullseye.list.j2 @@ -0,0 +1,3 @@ +{{ ansible_header | comment }} + +deb http://{{ mirror.name }}/debian bullseye main diff --git a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 index e69de29b..123a57ac 100644 --- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 +++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 @@ -0,0 +1,83 @@ +{{ ansible_header | comment }} + +location: + source_directories: +{% for dir in borg.to_backup %} + - {{ dir }} +{% endfor %} + + repositories: +{% for remote in borg.remote %} + - {{ remote }} +{% endfor %} + + exclude_patterns: + - '*.pyc' + - '\#*\#' + - '*~' +{% for pattern in borg.to_exclude | default([]) %} + - {{ pattern }} +{% endfor %} + + exclude_caches: true + + exclude_if_present: + - .nobackup + + borgmatic_source_directory: /tmp/borgmatic + +storage: + encryption_passphrase: {{ vault_borgbackup_passwd }} + ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg + borg_base_directory: /etc/borgmatic + borg_config_directory: /etc/borgmatic/config/ + borg_cache_directory: /etc/borgmatic/cache + borg_security_directory: /etc/borgmatic/config/security + borg_keys_directory: /etc/borgmatic/config/keys + compression: 'lz4' + umask: 0077 + lock_wait: 5 + archive_name_format: '{hostname}-{now}' +{% set extra_prune = borg.extra_prune | default([]) %} +{% set extra_create = borg.extra_create | default([]) %} +{% set extra_check = borg.extra_check | default([]) %} + extra_borg_options: + # Extra command-line options to pass to "borg init". + init: --make-parent-dirs {% for cmd in borg.extra_init | default([]) %}--{{ cmd }} {% endfor %} +{% if extra_prune %} + # Extra command-line options to pass to "borg prune". + prune: {% for cmd in extra_prune %}--{{ cmd }} {% endfor %} +{% endif %} + +{% if extra_create %} + # Extra command-line options to pass to "borg create". + create: {% for cmd in extra_create %}--{{ cmd }} {% endfor %} +{% endif %} + +{% if extra_check %} + # Extra command-line options to pass to "borg check". + check: {% for cmd in extra_check %}--{{ cmd }} {% endfor %} +{% endif %} + +retention: +{% for retention in borg.retention %} + keep_{{ retention[0] }}: {{ retention[1] }} +{% endfor %} + prefix: '{hostname}-' + +consistency: + checks: +{% for check in borg.consistency_check %} + - {{ check }} +{% endfor %} + +{% if borg.hooks | default([]) %} + hooks: + {% for hook in borg.hooks %} + {{ hook.type }}: + {% for value in hook.values %} + - {{ value }} + {% endfor %} + {% endfor %} + umask: 0077 +{% endif %} diff --git a/roles/borgbackup-client/templates/borgmatic/id_ed25519.j2 b/roles/borgbackup-client/templates/borgmatic/id_ed25519.j2 deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/borgbackup-client/templates/borgmatic/id_ed25519_borg.j2 b/roles/borgbackup-client/templates/borgmatic/id_ed25519_borg.j2 new file mode 100644 index 00000000..1ef022e0 --- /dev/null +++ b/roles/borgbackup-client/templates/borgmatic/id_ed25519_borg.j2 @@ -0,0 +1 @@ +{{ vault_borgbackup_ssh_privkey }} diff --git a/roles/borgbackup-client/templates/cron.d/borg.j2 b/roles/borgbackup-client/templates/cron.d/borg.j2 new file mode 100644 index 00000000..41c84ebd --- /dev/null +++ b/roles/borgbackup-client/templates/cron.d/borg.j2 @@ -0,0 +1,5 @@ +{{ ansible_header | comment }} + +PATH=$PATH:/usr/sbin:/usr/bin:/usr/local/bin:/sbin:/bin + +{{ 60 | random(seed=inventory_hostname) }} {{ 24 | random(seed=inventory_hostname) }} * * * root borgmatic --syslog-verbosity 1 diff --git a/roles/borgbackup-client/templates/cron.d/borgbackup b/roles/borgbackup-client/templates/cron.d/borgbackup deleted file mode 100644 index e69de29b..00000000 From 2850679cedd410f1dbea3dbb9f5ccbfa056a18bb Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Thu, 3 Dec 2020 03:36:57 +0100 Subject: [PATCH 04/11] [borgbackups] Make use of handlers --- roles/borgbackup-client/handlers/main.yml | 5 +++++ roles/borgbackup-client/tasks/main.yml | 1 + 2 files changed, 6 insertions(+) create mode 100644 roles/borgbackup-client/handlers/main.yml diff --git a/roles/borgbackup-client/handlers/main.yml b/roles/borgbackup-client/handlers/main.yml new file mode 100644 index 00000000..6cd8da2f --- /dev/null +++ b/roles/borgbackup-client/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart cron + service: + name: cron + state: restarted diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index 26dc4e67..cbec0209 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -45,4 +45,5 @@ template: src: "cron.d/borg.j2" dest: "/etc/cron.d/borg" + notify: restart cron From 79f30669b3d5f06840374e56a0955599abf3f243 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Thu, 3 Dec 2020 03:37:32 +0100 Subject: [PATCH 05/11] [borgbackups] Initialize borg repository. --- roles/borgbackup-client/tasks/main.yml | 6 ++++++ roles/borgbackup-client/templates/borgmatic/config.yaml.j2 | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index cbec0209..f71fce33 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -41,6 +41,12 @@ owner: root group: root +- name: Init borg repository + command: + cmd: /usr/bin/borgmatic init -e repokey + register: borg_init + changed_when: '"does not exist" in borg_init.stderr' + - name: Deploy borg cron template: src: "cron.d/borg.j2" diff --git a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 index 123a57ac..dcd1b36b 100644 --- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 +++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 @@ -38,12 +38,17 @@ storage: umask: 0077 lock_wait: 5 archive_name_format: '{hostname}-{now}' +{% set extra_init = borg.extra_prune | default([]) %} {% set extra_prune = borg.extra_prune | default([]) %} {% set extra_create = borg.extra_create | default([]) %} {% set extra_check = borg.extra_check | default([]) %} +{% if extra_init or extra_prune or extra_create or extra_check %} extra_borg_options: +{% endif %} +{% if extra_init %} # Extra command-line options to pass to "borg init". - init: --make-parent-dirs {% for cmd in borg.extra_init | default([]) %}--{{ cmd }} {% endfor %} + init: {% for cmd in extra_init %}--{{ cmd }} {% endfor %} +{% endif %} {% if extra_prune %} # Extra command-line options to pass to "borg prune". prune: {% for cmd in extra_prune %}--{{ cmd }} {% endfor %} From 31f4164adb52c22e3e70ef562921eef05ed9b95b Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 00:03:39 +0100 Subject: [PATCH 06/11] [borgbackup] Typo in borgmatic config --- roles/borgbackup-client/templates/borgmatic/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 index dcd1b36b..94750a2c 100644 --- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 +++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 @@ -38,7 +38,7 @@ storage: umask: 0077 lock_wait: 5 archive_name_format: '{hostname}-{now}' -{% set extra_init = borg.extra_prune | default([]) %} +{% set extra_init = borg.extra_init | default([]) %} {% set extra_prune = borg.extra_prune | default([]) %} {% set extra_create = borg.extra_create | default([]) %} {% set extra_check = borg.extra_check | default([]) %} From c269d0c280a43b4d8ec61d18ccc87ec47a706906 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 00:04:04 +0100 Subject: [PATCH 07/11] [borg] New options --- group_vars/crans_server/vars.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/group_vars/crans_server/vars.yml b/group_vars/crans_server/vars.yml index e05f2029..7fa4bb52 100644 --- a/group_vars/crans_server/vars.yml +++ b/group_vars/crans_server/vars.yml @@ -13,6 +13,7 @@ glob_borg: to_backup: - /etc - /var + path: /backup/borg remote: - borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }} retention: @@ -20,3 +21,5 @@ glob_borg: - ["monthly", 6] consistency_check: - disabled + extra_init: + - make-parent-dirs From 6c54221a974cdb91090190fe50385344faaee7f9 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 01:01:42 +0100 Subject: [PATCH 08/11] [borg] Update client role. --- roles/borgbackup-client/tasks/main.yml | 5 +++++ .../borgbackup-client/templates/update-motd.d/04-service.j2 | 4 ++++ 2 files changed, 9 insertions(+) create mode 100755 roles/borgbackup-client/templates/update-motd.d/04-service.j2 diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index f71fce33..2325ea27 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -53,3 +53,8 @@ dest: "/etc/cron.d/borg" notify: restart cron +- name: Indicate role in motd + template: + src: update-motd.d/04-service.j2 + dest: /etc/update-motd.d/04-borgbackup + mode: 0755 diff --git a/roles/borgbackup-client/templates/update-motd.d/04-service.j2 b/roles/borgbackup-client/templates/update-motd.d/04-service.j2 new file mode 100755 index 00000000..c9e0066a --- /dev/null +++ b/roles/borgbackup-client/templates/update-motd.d/04-service.j2 @@ -0,0 +1,4 @@ +#!/usr/bin/tail +14 +{{ ansible_header | comment }} +> Borgbackup (Client) a été déployé sur cette machine. + From a871e1e480a3754ea461889f6a5c58eb3188462d Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 01:44:39 +0100 Subject: [PATCH 09/11] [Borg] Server config --- hosts | 3 ++ plays/backup.yml | 5 +++ roles/borgbackup-server/tasks/main.yml | 38 +++++++++++++++++++ .../templates/authorized_keys.j2 | 3 ++ .../templates/update-motd.d/05-service.j2 | 3 ++ 5 files changed, 52 insertions(+) create mode 100644 roles/borgbackup-server/tasks/main.yml create mode 100644 roles/borgbackup-server/templates/authorized_keys.j2 create mode 100755 roles/borgbackup-server/templates/update-motd.d/05-service.j2 diff --git a/hosts b/hosts index 09ffad9e..dc616941 100644 --- a/hosts +++ b/hosts @@ -23,6 +23,9 @@ # [test_vm] # re2o-test.adm.crans.org +[backups] +zephir.adm.crans.org + [certbot] gitzly.adm.crans.org diff --git a/plays/backup.yml b/plays/backup.yml index c656364c..1949a5ca 100755 --- a/plays/backup.yml +++ b/plays/backup.yml @@ -8,3 +8,8 @@ roles: - borgbackup-client +- hosts: backups + vars: + borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}' + roles: + - borgbackup-server diff --git a/roles/borgbackup-server/tasks/main.yml b/roles/borgbackup-server/tasks/main.yml new file mode 100644 index 00000000..052347d5 --- /dev/null +++ b/roles/borgbackup-server/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Install borgbackup + apt: + update_cache: true + name: + - borgbackup + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Create borgbackup user + user: + create_home: yes + home: '/var/lib/borg/' + system: yes + state: present + update_password: always + name: borg + +- name: Ensures .ssh dir exists + file: + path: /var/lib/borg/.ssh + state: directory + mode: 0700 + owner: borg + +- name: Deploy authorized_keys + template: + src: "authorized_keys.j2" + dest: "/var/lib/borg/.ssh/authorized_keys" + mode: 0600 + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-borg + mode: 0755 diff --git a/roles/borgbackup-server/templates/authorized_keys.j2 b/roles/borgbackup-server/templates/authorized_keys.j2 new file mode 100644 index 00000000..9c3ff0ca --- /dev/null +++ b/roles/borgbackup-server/templates/authorized_keys.j2 @@ -0,0 +1,3 @@ +{{ ansible_header | comment }} + +command="borg serve --restrict-to-path {{ borg.path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ vault_borgbackup_ssh_pubkey }} diff --git a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 new file mode 100755 index 00000000..f27119aa --- /dev/null +++ b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 @@ -0,0 +1,3 @@ +#!/usr/bin/tail +14 +{{ ansible_header | comment }} +> Borgbackup (Serveur) a été déployé sur cette machine. Les backups sont situés dans {{ borg.path }}. From 8e678435f5bc2a8478b34485ce730e34c43b1947 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 01:45:21 +0100 Subject: [PATCH 10/11] [Borg] Conf Zephir --- host_vars/zephir.adm.crans.org.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 host_vars/zephir.adm.crans.org.yml diff --git a/host_vars/zephir.adm.crans.org.yml b/host_vars/zephir.adm.crans.org.yml new file mode 100644 index 00000000..54187015 --- /dev/null +++ b/host_vars/zephir.adm.crans.org.yml @@ -0,0 +1,7 @@ +--- + +loc_borg: + to_exclude: + - /var/lib/backuppc + remote: + - /backup/borg/zephir From 8798fa348c3fca9a93cc2c813b8a9f460f31cd69 Mon Sep 17 00:00:00 2001 From: Maxime Bombar Date: Sun, 6 Dec 2020 01:51:05 +0100 Subject: [PATCH 11/11] [borg] Update motd. --- roles/borgbackup-client/templates/update-motd.d/04-service.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/borgbackup-client/templates/update-motd.d/04-service.j2 b/roles/borgbackup-client/templates/update-motd.d/04-service.j2 index c9e0066a..fcbc611d 100755 --- a/roles/borgbackup-client/templates/update-motd.d/04-service.j2 +++ b/roles/borgbackup-client/templates/update-motd.d/04-service.j2 @@ -1,4 +1,3 @@ #!/usr/bin/tail +14 {{ ansible_header | comment }} -> Borgbackup (Client) a été déployé sur cette machine. - +> Borgbackup (Client) a été déployé sur cette machine. Voir /etc/borgmatic/.