flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add borgmatic config

Browse source
This commit is contained in:
Tunui Franken 2025-03-29 19:20:24 +01:00
parent e3a5f7ab7c
commit 3f3b7da7cc
7 changed files with 147 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
inventory/group_vars/lime2servers Normal file
View file

@ -0,0 +1,10 @@
---
backup_additional_source_directories:
- /var/lib/forgejo/forgejo-dumps
- /var/www/tunuifranken.info
borgmatic_hooks:
before_backup:
- sudo -Hiu git /usr/local/bin/forgejo-backup.sh backup
after_backup:
- sudo -Hiu git /usr/local/bin/forgejo-backup.sh prune 1

6
inventory/group_vars/mailservers
View file

@ -6,3 +6,9 @@ virtual_domains:
add_cert_email: "dns@{{ virtual_domains.0 }}" add_cert_email: "dns@{{ virtual_domains.0 }}"
add_cert_domain: "{{ ansible_hostname }}.{{ virtual_domains.0 }}" add_cert_domain: "{{ ansible_hostname }}.{{ virtual_domains.0 }}"
add_cert_post_hook: systemctl restart postfix dovecot add_cert_post_hook: systemctl restart postfix dovecot
backup_additional_source_directories:
- /var/vmail
borgmatic_hooks:
postgresql_databases:
- name: all

11
inventory/host_vars/eumycota
View file

@ -51,3 +51,14 @@ vault_virtual_user_0_pwd: !vault |
smart_devices: smart_devices:
- /dev/sda - /dev/sda
borg_passphrase: !vault |
$ANSIBLE_VAULT;1.1;AES256
33303731373664306163306132663835653431663261373761326135613830373730336139613861
3531336332306137643135303537643936393430633834340a623838666330333337623239383364
30336162396530653738363633383036616234323138643639333664346331363434393662616438
3835336461366164310a613261653862633962323164386465653066363363363836663632646332
34363065343464616231303839353332663566633439336639626135653538353665346634663439
37376231356435353938656634653530646234316237303533323336663266613463626432623836
65386664653330613231633464666666623061333364393331366232333465333736633764373561
61613436393939316133

11
inventory/host_vars/lime2
View file

@ -184,3 +184,14 @@ nagstamon_pwd: !vault |
35333633613530373864373530653936376532663933346431376435356665373863356461393734 35333633613530373864373530653936376532663933346431376435356665373863356461393734
6435363230366562630a636364653531366563313335303464666337356138656634373063643431 6435363230366562630a636364653531366563313335303464666337356138656634373063643431
33613664333030643233303738343930376263353038653762633461646330346436 33613664333030643233303738343930376263353038653762633461646330346436
borg_passphrase: !vault |
$ANSIBLE_VAULT;1.1;AES256
37663238393036376561383533383163363262626264316266306439383765383366323837313730
3963633235303435646431646431623862353965626538300a636633633865346133633133316663
38383763316231396232613031303332616236363166336263653364653539303131346439356337
6664653661643331380a343533306463326566356531666533363534643831333139303066623562
33313530646662333366383230383964306336393830653766303136646430613838613362623132
36616462633761303338333235393737336161306661343639303061393737343562636439306131
34353934333132633062653239333236386530383637313535333836623164663964313536303133
39623431313463303766

3
roles/borgmatic/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
borg_passphrase: foo

19
roles/borgmatic/tasks/main.yml
View file

@ -34,3 +34,22 @@
path: ~/.ssh/authorized_keys path: ~/.ssh/authorized_keys
line: "{{ ssh_pubkey.content | b64decode | trim }}" line: "{{ ssh_pubkey.content | b64decode | trim }}"
create: true create: true
mode: 0600
- name: Create /etc/borgmatic.d directory
become: true
ansible.builtin.file:
path: /etc/borgmatic.d
state: directory
owner: root
group: root
mode: 0700
- name: Copy borgmatic config
become: true
ansible.builtin.template:
src: borgmatic.d/config.yml.j2
dest: "/etc/borgmatic.d/{{ ansible_hostname }}.yml"
owner: root
group: root
mode: 0600

87
roles/borgmatic/templates/borgmatic.d/config.yml.j2 Normal file
View file

@ -0,0 +1,87 @@
# {{ ansible_managed }}
location:
repositories:
- ssh://borg@{{ backup_server }}/./{hostname}
source_directories:
- /root
- /etc
- /home
- /var/log
- /var/mail
- /var/lib/icinga2
{% for source_directory in backup_additional_source_directories %}
- {{ source_directory }}
{% endfor %}
one_file_system: true
exclude_patterns:
- '*.pyc'
- /home/*/.cache
- /etc/ssl
- /var/lib/icinga2/api
- /var/lib/icinga2/icinga2.state
- /var/lib/icinga2/modified-attributes.conf
storage:
encryption_passphrase: "{{ borg_passphrase }}"
retention:
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
keep_yearly: 1
hooks:
{% if borgmatic_hooks.before_everything is defined %}
before_everything:
{% for hook in borgmatic_hooks.before_everything %}
- {{ hook }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.before_backup is defined %}
before_backup:
{% for hook in borgmatic_hooks.before_backup %}
- {{ hook }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.after_backup is defined %}
after_backup:
{% for hook in borgmatic_hooks.after_backup %}
- {{ hook }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.after_everything is defined %}
after_everything:
{% for hook in borgmatic_hooks.after_everything %}
- {{ hook }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.on_error is defined %}
on_error:
{% for hook in borgmatic_hooks.on_error %}
- {{ hook }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.postgresql_databases is defined %}
postgresql_databases:
{% for hook in borgmatic_hooks.postgresql_databases %}
- name: {{ hook.name | default('all') }}
username: {{ hook.username | default('postgres') }}
format: {{ hook.format | default('custom') }}
{% endfor %}
{% endif %}
{% if borgmatic_hooks.mysql_databases is defined %}
mysql_databases:
{% for hook in borgmatic_hooks.mysql_databases %}
- name: {{ hook.name | default('all') }}
{% if hook.username is defined %}
username: {{ hook.username }}
{% endif %}
{% if hook.password is defined %}
password: {{ hook.password }}
{% endif %}
format: {{ hook.format | default('sql') }}
{% endfor %}
{% endif %}