Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Commit 4d1c0c3f authored by Arthur BOUDREAULT's avatar Arthur BOUDREAULT
Browse files

feat: add backup template

parent 6c12dc1c
No related branches found
No related tags found
No related merge requests found
---
backup_enabled: True
# Variables for BorgBackup
borg_source_directories:
- /data/
borg_version: "1.2.6"
borgmatic_version: "1.8.5"
borgmatic_relocated_repo_access_is_ok: True
borgmatic_cron_lines:
- '0 2 * * * root borgmatic -c /etc/borgmatic/borg_local_repo'
- '0 3 * * * root borgmatic -c /etc/borgmatic/borg_remote_repo'
borgmatic_hooks:
before_backup:
- echo "$(date) - Starting backup of {{ inventory_hostname }}"
borg_remote_repository: "ssh://{{ inventory_hostname }}@bkp.prd02.lydra.eu:8520/data/{{ inventory_hostname }}/borg"
borg_archive_name_format: "'{hostname}-data-{now:%Y-%m-%d-%H%M%S}'"
borg_ssh_keys_src: "files/ssh/{{ env_type }}/{{ group_name }}/id_ed25519.vault"
borg_ssh_keys_dest: "/home/{{ ansible_ssh_user }}/.ssh/id_ed25519"
borg_init_command: "borgmatic init -c /etc/borgmatic/{{ borgmatic_config_name }} -e repokey --syslog-verbosity 1"
# Variables for Restic S3
# https://github.com/roles-ansible/ansible_role_restic
restic_create_schedule: True
restic_schedule_type: "cronjob"
restic_keep_time: "0y3m0d0h"
restic_version: "0.16.3"
restic_repos:
remote_s3_scw:
location: "{{ s3_bucket_location }}"
password: "{{ s3_bucket_repo_password }}"
aws_access_key: "{{ s3_bucket_access_key }}"
aws_secret_access_key: "{{ s3_bucket_secret_access_key }}"
aws_default_region: "{{ s3_bucket_default_region }}"
init: True
restic_backups:
data_remote:
name: "data_remote"
repo: "remote_s3_scw"
src: "/data/"
tags:
- remote
keep_within: "{{ restic_keep_time }}"
prune: True
scheduled: True
schedule_hour: 6
schedule_minute: 0
# Backup Server live data on local repo
# https://github.com/borgbase/ansible-role-borgbackup
borgmatic_config_name: "borg_local_repo"
borg_encryption_passphrase: "{{ borg_local_repo_encryption_passphrase }}"
borg_repository: "/data/backup/live"
borg_retention_policy:
keep_daily: "1"
borgmatic_cron_name: "borgmatic_local_backup"
# Backup live data on remote repo
# https://github.com/borgbase/ansible-role-borgbackup
borgmatic_config_name: "borg_remote_repo"
borg_encryption_passphrase: "{{ borg_remote_repo_encryption_passphrase }}"
borg_repository: "{{ borg_remote_repository }}"
borg_retention_policy:
keep_daily: "14"
keep_weekly: "4"
keep_monthly: "3"
borgmatic_cron_name: borgmatic_remote_backup
---
- name: Playbook for local backup tasks
hosts: local_backup
vars_files: group_vars/local_backup/borg.yml
become: True
tags:
- backup
- local_backup
- borg
pre_tasks:
- name: Create backup folder for BorgBackup repository
ansible.builtin.file:
path: "{{ borg_repository }}"
state: directory
mode: '0750'
when: backup_enabled | default(true) | bool
roles:
- role: borgbase.ansible_role_borgbackup
when: backup_enabled | default(true) | bool
post_tasks:
- block:
- name: Remove lines with prefix
ansible.builtin.lineinfile:
path: "/etc/borgmatic/{{ borgmatic_config_name }}"
state: absent
regexp: '^prefix: .*'
- name: change archive name in "/etc/borgmatic/{{ borgmatic_config_name }}"
ansible.builtin.lineinfile:
path: "/etc/borgmatic/{{ borgmatic_config_name }}"
regexp: 'archive_name_format:'
line: " archive_name_format: {{ borg_archive_name_format }}"
state: present
- name: Initialize a new Borg local repository
ansible.builtin.command: "{{ borg_init_command }}"
when: backup_enabled | default(true) | bool
---
- name: Playbook for remote backup tasks
hosts: remote_backup
vars_files: group_vars/remote_backup/borg.yml
become: True
tags:
- backup
- remote_backup
pre_tasks:
- block:
- name: Deploy ssh public key for BorgBackup
ansible.builtin.copy:
src: "{{ borg_ssh_keys_src }}.pub"
dest: "{{ borg_ssh_keys_dest }}.pub"
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: 0600
- name: Deploy ssh private key for BorgBackup
ansible.builtin.copy:
src: "{{ borg_ssh_keys_src }}"
dest: "{{ borg_ssh_keys_dest }}"
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: 0600
when: backup_enabled | default(true) | bool
roles:
- role: l3d.restic
when: backup_enabled | default(true) | bool
tags: restic
- role: borgbase.ansible_role_borgbackup
when: backup_enabled | default(true) | bool
tags: borg
post_tasks:
- block:
- name: Change ssh command in "/etc/borgmatic/{{ borgmatic_config_name }}"
ansible.builtin.lineinfile:
path: "/etc/borgmatic/{{ borgmatic_config_name }}"
regexp: "# ssh_command: ssh -i ~/.ssh/id_ed25519"
line: " ssh_command: ssh -p 8520 -o StrictHostKeychecking=no -i {{ borg_ssh_keys_dest }}"
state: present
- name: Remove lines with prefix (to be deprecated)
ansible.builtin.lineinfile:
path: "/etc/borgmatic/{{ borgmatic_config_name }}"
state: absent
regexp: '^prefix: .*'
- name: Change archive name in "/etc/borgmatic/{{ borgmatic_config_name }}"
ansible.builtin.lineinfile:
path: "/etc/borgmatic/{{ borgmatic_config_name }}"
regexp: "archive_name_format:"
line: " archive_name_format: {{ borg_archive_name_format }}"
state: present
- name: Create borg command in /usr/local/bin
ansible.builtin.copy:
content: |
#!/bin/bash
. /opt/borgmatic/bin/activate
borg "$@"
dest: /usr/local/bin/borg
owner: root
group: root
mode: "0755"
- name: Initialize a new Borg remote repository
ansible.builtin.command: "{{ borg_init_command }}"
- name: Remove existing cron entries for borgmatic
ansible.builtin.lineinfile:
path: /etc/cron.d/borgmatic
regexp: '^.*borgmatic -c /etc/borgmatic/borg_.*$'
state: absent
backrefs: yes
- name: Add extra cron tasks for borgmatic in /etc/cron.d/borgmatic
ansible.builtin.lineinfile:
path: /etc/cron.d/borgmatic
line: "{{ item }}"
create: yes
state: present
owner: root
group: root
mode: '0644'
loop: "{{ borgmatic_cron_lines }}"
when: backup_enabled | default(true) | bool
tags: borg
......@@ -34,6 +34,12 @@ roles:
- name: hifis.unattended_upgrades
version: v3.1.0
- name: borgbase.ansible_role_borgbackup
version: v1.0.0
- name: l3d.restic
version: v0.7.5
collections:
# Installs an example collection from Ansible Galaxy.
# - name: geerlingguy.php_roles
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment