From 3d528a1891d9597b40aa44f1d396726a97f56069 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sun, 23 May 2021 18:10:29 +0200
Subject: [PATCH] [borg] Migration of zephir and omnomnom

---
 group_vars/all/borg.yml                       |  1 +
 host_vars/airbus.cachan-adm.crans.org.yml     |  5 ++++
 host_vars/daniel.adm.crans.org.yml            |  4 +++
 host_vars/gulp.cachan-adm.crans.org.yml       |  7 +++++
 host_vars/jack.adm.crans.org.yml              |  4 +++
 host_vars/omnomnom.cachan-adm.crans.org.yml   | 27 +++++++++++++++++
 host_vars/re2o-ldap.cachan-adm.crans.org.yml  |  5 ++++
 host_vars/re2o.cachan-adm.crans.org.yml       |  5 ++++
 host_vars/rodauh.cachan-adm.crans.org.yml     |  5 ++++
 .../cachan.yml                                |  5 ++++
 host_vars/sam.adm.crans.org.yml               |  4 +++
 ...s.org => terenez.cachan-adm.crans.org.yml} |  5 ++++
 host_vars/unifi.cachan-adm.crans.org.yml      |  5 ++++
 host_vars/zephir.adm.crans.org.yml            |  9 ------
 host_vars/zephir.cachan-adm.crans.org.yml     | 29 +++++++++++++++++++
 hosts                                         | 16 ++++------
 plays/borgbackup_client.yml                   | 19 +++++++-----
 roles/borgbackup-client/handlers/main.yml     |  5 ----
 roles/borgbackup-client/tasks/main.yml        |  1 -
 .../templates/borgmatic/config.yaml.j2        |  3 +-
 20 files changed, 130 insertions(+), 34 deletions(-)
 create mode 100644 host_vars/omnomnom.cachan-adm.crans.org.yml
 rename host_vars/{terenez.cachan-adm.crans.org => terenez.cachan-adm.crans.org.yml} (67%)
 delete mode 100644 host_vars/zephir.adm.crans.org.yml
 create mode 100644 host_vars/zephir.cachan-adm.crans.org.yml
 delete mode 100644 roles/borgbackup-client/handlers/main.yml

diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml
index 6128209e..ecfc9440 100644
--- a/group_vars/all/borg.yml
+++ b/group_vars/all/borg.yml
@@ -15,3 +15,4 @@ glob_borg:
     - make-parent-dirs
   encryption_passphrase: "{{ vault.borgbackup_passwd }}"
   ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}"
+  ssh_options: -4 -p 2223
diff --git a/host_vars/airbus.cachan-adm.crans.org.yml b/host_vars/airbus.cachan-adm.crans.org.yml
index e70de70f..b8d9e214 100644
--- a/host_vars/airbus.cachan-adm.crans.org.yml
+++ b/host_vars/airbus.cachan-adm.crans.org.yml
@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index 9ba145d2..2766f75a 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
diff --git a/host_vars/gulp.cachan-adm.crans.org.yml b/host_vars/gulp.cachan-adm.crans.org.yml
index fdb1d6c2..251c4bdd 100644
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ b/host_vars/gulp.cachan-adm.crans.org.yml
@@ -18,3 +18,10 @@ loc_psql:
   hosts:
     - { db: re2o, user: re2o }
   addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  to_exclude:
+    - /var/lib/lxcfs
+  ssh_options: ""
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index a6631ab3..db3c3b65 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
diff --git a/host_vars/omnomnom.cachan-adm.crans.org.yml b/host_vars/omnomnom.cachan-adm.crans.org.yml
new file mode 100644
index 00000000..d99be4be
--- /dev/null
+++ b/host_vars/omnomnom.cachan-adm.crans.org.yml
@@ -0,0 +1,27 @@
+---
+interfaces:
+  adm: eno1.10
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/re2o-ldap.cachan-adm.crans.org.yml b/host_vars/re2o-ldap.cachan-adm.crans.org.yml
index e70de70f..b8d9e214 100644
--- a/host_vars/re2o-ldap.cachan-adm.crans.org.yml
+++ b/host_vars/re2o-ldap.cachan-adm.crans.org.yml
@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/re2o.cachan-adm.crans.org.yml b/host_vars/re2o.cachan-adm.crans.org.yml
index 780163f7..279c4f4d 100644
--- a/host_vars/re2o.cachan-adm.crans.org.yml
+++ b/host_vars/re2o.cachan-adm.crans.org.yml
@@ -14,6 +14,11 @@ glob_ntp_client:
 
 debian_mirror: http://172.17.10.202/debian
 
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
+
 loc_re2o:
   owner: root
   group: _nounou
diff --git a/host_vars/rodauh.cachan-adm.crans.org.yml b/host_vars/rodauh.cachan-adm.crans.org.yml
index 65a9bdbb..37b60a76 100644
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ b/host_vars/rodauh.cachan-adm.crans.org.yml
@@ -32,3 +32,8 @@ loc_reverseproxy:
     - {from: intranet-cachan.crans.org, to: 172.17.10.203}
 
   redirect_sites: []
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
index 4079d35d..4144ad09 100644
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
@@ -17,3 +17,8 @@ debian_mirror: http://172.17.10.202/debian
 loc_mirror:
   name: mirror.cachan-adm.crans.org
   ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index d5e8bbf1..a3163e32 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
diff --git a/host_vars/terenez.cachan-adm.crans.org b/host_vars/terenez.cachan-adm.crans.org.yml
similarity index 67%
rename from host_vars/terenez.cachan-adm.crans.org
rename to host_vars/terenez.cachan-adm.crans.org.yml
index e70de70f..b8d9e214 100644
--- a/host_vars/terenez.cachan-adm.crans.org
+++ b/host_vars/terenez.cachan-adm.crans.org.yml
@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/unifi.cachan-adm.crans.org.yml b/host_vars/unifi.cachan-adm.crans.org.yml
index 5d3b0511..55bd2d2f 100644
--- a/host_vars/unifi.cachan-adm.crans.org.yml
+++ b/host_vars/unifi.cachan-adm.crans.org.yml
@@ -18,3 +18,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
diff --git a/host_vars/zephir.adm.crans.org.yml b/host_vars/zephir.adm.crans.org.yml
deleted file mode 100644
index dd68cf46..00000000
--- a/host_vars/zephir.adm.crans.org.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-interfaces:
-  adm: eno1
-
-loc_borg:
-  to_exclude:
-    - /var/lib/backuppc
-  remote:
-    - /backup/borg/zephir
diff --git a/host_vars/zephir.cachan-adm.crans.org.yml b/host_vars/zephir.cachan-adm.crans.org.yml
new file mode 100644
index 00000000..0bf66658
--- /dev/null
+++ b/host_vars/zephir.cachan-adm.crans.org.yml
@@ -0,0 +1,29 @@
+---
+interfaces:
+  adm: eno1
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - /backup/borg/zephir
+  ssh_options: ""
+  to_exclude:
+    - /var/lib/backuppc
diff --git a/hosts b/hosts
index a2e76c00..30746559 100644
--- a/hosts
+++ b/hosts
@@ -7,8 +7,8 @@ zamok.adm.crans.org
 cameron.adm.crans.org
 
 [backups]
-zephir.adm.crans.org
-omnomnom.adm.crans.org
+zephir.cachan-adm.crans.org
+omnomnom.cachan-adm.crans.org
 
 [baie]
 cameron.adm.crans.org
@@ -119,7 +119,6 @@ wiki
 [ntp_server]
 charybde.adm.crans.org
 terenez.cachan-adm.crans.org
-# silice.adm.crans.org
 
 [opendkim:children]
 mailman
@@ -190,15 +189,14 @@ kiwi.adm.crans.org
 sputnik.adm.crans.org
 
 [crans_routeurs:children]
-# dhcp  TODO: Really needed ?
-# keepalived
 routeurs_vm
 
 [crans_physical]
 charybde.adm.crans.org
 #cochon.adm.crans.org
-omnomnom.adm.crans.org
+omnomnom.cachan-adm.crans.org
 zamok.adm.crans.org
+zephir.cachan-adm.crans.org
 
 [crans_physical:children]
 backups
@@ -208,7 +206,6 @@ virtu
 [crans_vm]
 airbus.cachan-adm.crans.org
 belenios.adm.crans.org
-#bigbluebutton.adm.crans.org
 boeing.adm.crans.org
 c3po.adm.crans.org
 cas.adm.crans.org
@@ -223,7 +220,6 @@ irc.adm.crans.org
 jitsi.adm.crans.org
 kenobi.adm.crans.org
 kiwi.adm.crans.org
-#kiwijuice.adm.crans.org
 linx.adm.crans.org
 mailman.adm.crans.org
 monitoring.adm.crans.org
@@ -232,7 +228,6 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 re2o.adm.crans.org
 re2o.cachan-adm.crans.org
-#re2o-dev.adm.crans.org
 re2o-ldap.adm.crans.org
 re2o-ldap.cachan-adm.crans.org
 redisdead.adm.crans.org
@@ -241,10 +236,9 @@ roundcube.adm.crans.org
 silice.adm.crans.org
 terenez.cachan-adm.crans.org
 tracker.adm.crans.org
+# unifi.cachan-adm.crans.org <- PROBLÈME WITH APT
 vol447.adm.crans.org
 voyager.adm.crans.org
-#unifi.adm.crans.org
-unifi.cachan-adm.crans.org
 
 [crans_vm:children]
 routeurs_vm
diff --git a/plays/borgbackup_client.yml b/plays/borgbackup_client.yml
index ef9fee6c..def1c08d 100755
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@@ -1,15 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: server,!stretch
+
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
+
+- hosts: server
   vars:
     borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
     mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
   roles:
     - borgbackup-client
 
-- hosts: backup_data
-  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-  roles:
-    - borgbackup-client
+#- hosts: backup_data
+#  vars:
+#    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
+#    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
+#  roles:
+#    - borgbackup-client
diff --git a/roles/borgbackup-client/handlers/main.yml b/roles/borgbackup-client/handlers/main.yml
deleted file mode 100644
index 6cd8da2f..00000000
--- a/roles/borgbackup-client/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: restart cron
-  service:
-    name: cron
-    state: restarted
diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml
index 25b8ea0d..0f917619 100644
--- a/roles/borgbackup-client/tasks/main.yml
+++ b/roles/borgbackup-client/tasks/main.yml
@@ -65,7 +65,6 @@
   template:
     src: "cron.d/borg.j2"
     dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
-  notify: restart cron
 
 - name: Indicate role in motd
   template:
diff --git a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2 b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
index b543fd09..6cd54ff8 100644
--- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
+++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
@@ -27,8 +27,9 @@ location:
     borgmatic_source_directory: /tmp/borgmatic
 
 storage:
+    relocated_repo_access_is_ok: true
     encryption_passphrase: {{ borg.encryption_passphrase }}
-    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg
+    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg {{ borg.ssh_options | default("") }}
     borg_base_directory: /etc/borgmatic
     borg_config_directory: /etc/borgmatic/config/
     borg_cache_directory: /etc/borgmatic/cache