diff --git a/roles/ynh_backup/README-FR.md b/roles/ynh_backup/README-FR.md index 0580e2a1304edd918594fd137b41eb7fa513fe13..0e16cc75ec9aa1cce4846ed45bd12f54a26e5b8a 100644 --- a/roles/ynh_backup/README-FR.md +++ b/roles/ynh_backup/README-FR.md @@ -11,10 +11,11 @@ YunoHost doit déjà être installé sur votre serveur. ## Variables du rôle Les variables par défaut sont disponibles dans `default/main.yml` cependant il est possible de les surcharger selon vos besoins. -Nous avons intégré deux systèmes de sauvegardes différents à ce rôle YunoHost : +Nous avons intégré trois systèmes de sauvegardes différents à ce rôle YunoHost : - sauvegardes natives YunoHost en local - sauvegardes à distance avec un [dépôt BorgBackup](https://borgbackup.readthedocs.io/en/stable/) +- sauvegardes à distance avec un [dépôt Restic](https://restic.readthedocs.io/en/stable/) ### Sauvegardes natives YunoHost locales @@ -22,16 +23,15 @@ Nous avons intégré deux systèmes de sauvegardes différents à ce rôle YunoH ```yml ynh_backup: - scheduled: True - directory: "/data/backup" - scheduled_hour: "*" - scheduled_minute: "*/30" + scheduled: True + directory: "/data/backup" + scheduled_hour: "*" + scheduled_minute: "*/30" scheduled_weekday: "*" - scheduled_month: "*" - system: True - apps: True + scheduled_month: "*" + system: True + apps: True number_days_to_keep: "2" - ``` - `ynh_backup.scheduled` : active la fonctionnalité de sauvegarde des applications YunoHost en mettant la valeur à `True`. @@ -48,18 +48,17 @@ ynh_backup: ```yml ynh_borg_backup_scheduled: True -borg_source_directories: - - "/data/yunohost" -borg_repository: "/data/backup/live" +borg_source_directories: "{{ ynh_backup.directory }}" +borg_repository: "/data/backup/live" borg_encryption_passphrase: "PLEASECHANGEME" -borgmatic_config_name: "borgmatic_ynh_config" -borgmatic_cron_name: "borgmatic_ynh_cron" +borgmatic_config_name: "borgmatic_ynh_config" +borgmatic_cron_name: "borgmatic_ynh_cron" borg_retention_policy: keep_daily: "4" ynh_borg_backup_remote_repo: True -borg_ssh_keys_src: "files/prd/ssh_keys/ynh_ed25519.vault" -borg_ssh_keys_dest: "/home/debian/.ssh/ynh_ed25519" -ynh_ssh_borg_command: "ssh_command: ssh -p 7410 -o StrictHostKeychecking=no -i {{ borg_ssh_keys_dest }}" +borg_ssh_keys_src: "files/prd/ssh_keys/ynh_ed25519.vault" +borg_ssh_keys_dest: "/home/debian/.ssh/ynh_ed25519" +ynh_ssh_borg_command: "ssh_command: ssh -p 7410 -o StrictHostKeychecking=no -i {{ borg_ssh_keys_dest }}" ``` - `ynh_borg_backup_scheduled` : Active / désactive la fonctionnalité de sauvegarde avec BorgBackup. @@ -92,18 +91,18 @@ restic_keep_time: 0y2m0d0h restic_repos: s3_ynh_restic_repo: - location: "s3:s3.fr-par.scw.cloud/dummy_bucket_name" - password: "dummy_restic_repo_password" - aws_access_key: "dummy_access_key" + location: "s3:s3.fr-par.scw.cloud/dummy_bucket_name" + password: "dummy_restic_repo_password" + aws_access_key: "dummy_access_key" aws_secret_access_key: "dummy_secret_access_key" - aws_default_region: "fr-par" + aws_default_region: "fr-par" init: true restic_backups: YunoHost_remote: - name: "remote_ynh_restic" - repo: "s3_ynh_restic_repo" - src: "/data/yunohost/backup" + name: "remote_ynh_restic" + repo: "s3_ynh_restic_repo" + src: "{{ ynh_backup.directory }}" tags: - yunohost - remote diff --git a/roles/ynh_backup/README.md b/roles/ynh_backup/README.md index 054428ca81a0b31c8474afa1aa43fca2aa66fcd0..583854ce061d056e0611a7dea66e7840d05b3661 100644 --- a/roles/ynh_backup/README.md +++ b/roles/ynh_backup/README.md @@ -11,10 +11,11 @@ YunoHost needs to be installed on your server. ## Role Variables The default variables are available in `default/main.yml` however it is possible to override them according to your needs. -We have integrated two different backup systems to this YunoHost role: +We have integrated three different backup systems to this YunoHost role: - YunoHost native local backups - Remote backups with a [BorgBackup repository](https://borgbackup.readthedocs.io/en/stable/) +- Remote backups with a [Restic repository](https://restic.readthedocs.io/en/stable/) ### YunoHost native local backups @@ -22,14 +23,15 @@ YunoHost provides its own native backup system. It is able to back up YunoHost c ```yml ynh_backup: - scheduled: True - directory: "/data/backup" - scheduled_hour: "*" - scheduled_minute: "*/30" + scheduled: True + directory: "/data/backup" + scheduled_hour: "*" + scheduled_minute: "*/30" scheduled_weekday: "*" - scheduled_month: "*" - system: True - apps: True + scheduled_month: "*" + system: True + apps: True + number_days_to_keep: "2" ``` - `ynh_backup.scheduled`: Enable the YunoHost applications backup feature by setting the value to `True`. @@ -46,22 +48,22 @@ ynh_backup: ```yml ynh_borg_backup_scheduled: True -borg_source_directories: - - "/data/yunohost" -borg_repository: "/data/backup/live" +borg_source_directories: "{{ ynh_backup.directory }}" +borg_repository: "/data/backup/live" borg_encryption_passphrase: "PLEASECHANGEME" -borgmatic_config_name: "borgmatic_ynh_config" -borgmatic_cron_name: "borgmatic_ynh_cron" +borgmatic_config_name: "borgmatic_ynh_config" +borgmatic_cron_name: "borgmatic_ynh_cron" borg_retention_policy: keep_daily: "4" ynh_borg_backup_remote_repo: True -borg_ssh_keys_src: "files/prd/ssh_keys/ynh_ed25519.vault" -borg_ssh_keys_dest: "/home/debian/.ssh/ynh_ed25519" +borg_ssh_keys_src: "files/prd/ssh_keys/ynh_ed25519.vault" +borg_ssh_keys_dest: "/home/debian/.ssh/ynh_ed25519" +ynh_ssh_borg_command: "ssh_command: ssh -p 7410 -o StrictHostKeychecking=no -i {{ borg_ssh_keys_dest }}" ``` - `ynh_borg_backup_scheduled`: Enable / disable the backup feature with BorgBackup. - `ynh_borg_backup_remote_repo`: Enable / disable the backup functionality on a BorgBackup remote repository (tasks related to SSH keys setup). If you enable this feature, then you will need to use `borg_ssh_keys_src` and `borg_ssh_keys_dest` variables. -- `borg_source_directories`: List of source folders to back up. By default, this is the folder containing all YunoHost data (configuration, applications). +- `borg_source_directories`: List of source folders to back up. By default, this is the folder in which YunoHost local backups are located. - `borg_repository`: Full path to the Borg repository. Possibility to give a list of repositories to save data in several places. - `borg_encryption_passphrase` : **Mandatory**, password to use for the Borg repository encryption key. - `borgmatic_config_name`: **Optional**, name of the Borgmatic configuration file. @@ -89,18 +91,18 @@ restic_keep_time: 0y2m0d0h restic_repos: s3_ynh_restic_repo: - location: "s3:s3.fr-par.scw.cloud/dummy_bucket_name" - password: "dummy_restic_repo_password" - aws_access_key: "dummy_access_key" + location: "s3:s3.fr-par.scw.cloud/dummy_bucket_name" + password: "dummy_restic_repo_password" + aws_access_key: "dummy_access_key" aws_secret_access_key: "dummy_secret_access_key" - aws_default_region: "fr-par" + aws_default_region: "fr-par" init: true restic_backups: YunoHost_remote: - name: "remote_ynh_restic" - repo: "s3_ynh_restic_repo" - src: "/data/yunohost/backup" + name: "remote_ynh_restic" + repo: "s3_ynh_restic_repo" + src: "{{ ynh_backup.directory }}" tags: - yunohost - remote diff --git a/roles/ynh_backup/defaults/main.yml b/roles/ynh_backup/defaults/main.yml index 6a8c9ce9135d79cc6b6157b797c932b6a02f34f0..b68ee3be279f31eb17034998c4313b4afd3ce359 100644 --- a/roles/ynh_backup/defaults/main.yml +++ b/roles/ynh_backup/defaults/main.yml @@ -23,15 +23,15 @@ ynh_backup: scheduled: False # Variables for YunoHost BorgBackup -ynh_borg_backup_scheduled: False +ynh_borg_backup_scheduled: False borg_source_directories: - "/data/yunohost" -borg_repository: "/data/backup/live" -borg_init_command: "borgmatic init -c /etc/borgmatic/{{ borgmatic_config_name }} -e repokey --syslog-verbosity 1" -borg_archive_name_format: "'{hostname}-yunohost-live-data-{now:%Y-%m-%d-%H%M%S}'" +borg_repository: "/data/backup/live" +borg_init_command: "borgmatic init -c /etc/borgmatic/{{ borgmatic_config_name }} -e repokey --syslog-verbosity 1" +borg_archive_name_format: "'{hostname}-yunohost-live-data-{now:%Y-%m-%d-%H%M%S}'" ynh_borg_backup_remote_repo: False # Variables for YunoHost Restic # https://github.com/roles-ansible/ansible_role_restic ynh_restic_backup_scheduled: False -restic_schedule_type: "cronjob" +restic_schedule_type: "cronjob" diff --git a/roles/ynh_backup/tasks/backup.yml b/roles/ynh_backup/tasks/backup.yml index 94ebd0b863bec716c6ec53bd45e01f664daf5dc7..7e6d6a3a430ea5621b012c294943150902cb0c8d 100644 --- a/roles/ynh_backup/tasks/backup.yml +++ b/roles/ynh_backup/tasks/backup.yml @@ -25,19 +25,19 @@ - name: Create backup folder if doesn't already exist ansible.builtin.file: - path: "{{ ynh_backup.directory }}" + path: "{{ ynh_backup.directory }}" state: directory - mode: '0750' + mode: '0750' when: ynh_backup.directory is defined tags: backup - name: Create backup script ansible.builtin.template: - src: "{{ ynh_backup_src_script }}" - dest: "{{ ynh_backup_dest_script }}" + src: "{{ ynh_backup_src_script }}" + dest: "{{ ynh_backup_dest_script }}" owner: root group: root - mode: '0740' + mode: '0740' tags: backup - name: Create cron task to schedule YNH backup script diff --git a/roles/ynh_backup/tasks/borgbackup.yml b/roles/ynh_backup/tasks/borgbackup.yml index 52027d047dc8685cb86825a69dc15d804598c2da..2dbfc28bafbc20e4fc734f195e65cab205ad7928 100644 --- a/roles/ynh_backup/tasks/borgbackup.yml +++ b/roles/ynh_backup/tasks/borgbackup.yml @@ -54,19 +54,19 @@ block: - name: deploy ssh public key for BorgBackup ansible.builtin.copy: - src: "{{ borg_ssh_keys_src }}.pub" - dest: "{{ borg_ssh_keys_dest }}.pub" + src: "{{ borg_ssh_keys_src }}.pub" + dest: "{{ borg_ssh_keys_dest }}.pub" owner: "root" group: "root" - mode: 0600 + mode: 0600 - name: deploy ssh private key for BorgBackup ansible.builtin.copy: - src: "{{ borg_ssh_keys_src }}.vault" - dest: "{{ borg_ssh_keys_dest }}" + src: "{{ borg_ssh_keys_src }}.vault" + dest: "{{ borg_ssh_keys_dest }}" owner: "root" group: "root" - mode: 0600 + mode: 0600 when: ynh_borg_backup_remote_repo - name: change SSH command in "/etc/borgmatic/{{ borgmatic_config_name }}" @@ -83,7 +83,7 @@ - name: change archive name in "/etc/borgmatic/{{ borgmatic_config_name }}" ansible.builtin.lineinfile: - path: "/etc/borgmatic/{{ borgmatic_config_name }}" + path: "/etc/borgmatic/{{ borgmatic_config_name }}" regexp: "archive_name_format:" line: " archive_name_format: {{ borg_archive_name_format }}" state: present @@ -97,7 +97,7 @@ #!/bin/bash . /opt/borgmatic/bin/activate borg "$@" - dest: /usr/local/bin/borg + dest: /usr/local/bin/borg owner: root group: root mode: "0755" diff --git a/roles/ynh_backup/tasks/restic.yml b/roles/ynh_backup/tasks/restic.yml index 22d04126232941d0119f9af7ff6735e7facc10fb..afe3722c22d33207046520b7c37a81e2e71e3fa2 100644 --- a/roles/ynh_backup/tasks/restic.yml +++ b/roles/ynh_backup/tasks/restic.yml @@ -20,7 +20,7 @@ - name: Download Restic role on localhost ansible.builtin.command: ansible-galaxy install do1jlr.restic,v0.7.1 -p "{{ _ansible_role_directory }}" delegate_to: localhost - become: False + become: False tags: - backup - restic