136 lines
3.7 KiB
YAML
136 lines
3.7 KiB
YAML
---
|
|
- name: Gather ansible_local facts
|
|
ansible.builtin.setup:
|
|
gather_subset: local
|
|
|
|
- name: Install backports repository
|
|
ansible.builtin.include_role:
|
|
name: backports
|
|
when: "ansible_distribution_release in borg__backports_needed"
|
|
|
|
- name: Install borgmatic
|
|
ansible.builtin.apt:
|
|
name: borgmatic
|
|
default_release: "{{ (release in borg__backports_needed)
|
|
| ternary(release + '-backports', omit) }}"
|
|
vars:
|
|
release: "{{ ansible_distribution_release }}"
|
|
|
|
- name: Install borgmatic
|
|
ansible.builtin.apt:
|
|
name: borgmatic
|
|
when: "ansible_distribution_release not in borg__backports_needed"
|
|
|
|
- name: Create configuration directory for borgmatic
|
|
ansible.builtin.file:
|
|
path: /etc/borgmatic
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,g=rx,o=
|
|
|
|
- name: Create SSH key
|
|
community.crypto.openssh_keypair:
|
|
path: "/etc/borgmatic/remote"
|
|
type: ed25519
|
|
regenerate: full_idempotence
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=,o=
|
|
register: ssh_key
|
|
|
|
- name: Add server key to known hosts
|
|
ansible.builtin.known_hosts:
|
|
hash_host: true
|
|
host: "{{ item.0.name }}"
|
|
key: "{{ item.0.name }} {{ item.1 }}"
|
|
loop: "{{ borg__targets | subelements('hostkeys') }}"
|
|
|
|
- name: Wait for key deployment
|
|
block:
|
|
- name: Show the generated public key
|
|
ansible.builtin.debug:
|
|
msg: "{{ ssh_key.public_key }}"
|
|
|
|
- name: Please deploy the public key on every target
|
|
ansible.builtin.pause: null
|
|
when: "borg__targets
|
|
| map(attribute='name')
|
|
| difference(ansible_local.borgmatic_deployed_keys
|
|
| default([]))
|
|
| count > 0"
|
|
|
|
- name: Add borgmatic configuration file
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: /etc/borgmatic/config.yaml
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=
|
|
vars:
|
|
borg__config:
|
|
location:
|
|
source_directories: "{{ borg__backup_dirs }}"
|
|
exclude_patterns: "{{ borg__exclude_patterns }}"
|
|
repositories: "{{ borg__targets | map('borg__to_repo') }}"
|
|
borgmatic_source_directory: /tmp/borgmatic # TODO
|
|
storage:
|
|
encryption_passphrase: "{{ borg__passphrase }}"
|
|
ssh_command: "ssh -i /etc/borgmatic/remote"
|
|
retention:
|
|
keep_hourly: "{{ borg__keep_hourly }}"
|
|
keep_daily: "{{ borg__keep_daily }}"
|
|
keep_weekly: "{{ borg__keep_weekly }}"
|
|
keep_monthly: "{{ borg__keep_monthly }}"
|
|
consistency:
|
|
checks:
|
|
- repository
|
|
- archives
|
|
hooks:
|
|
postgresql_databases: "{{ borg__postgresql }}"
|
|
mysql_databases: "{{ borg__mysql }}"
|
|
|
|
- name: Init repository
|
|
ansible.builtin.command: borgmatic init --encryption repokey
|
|
|
|
- name: Create Ansible facts.d directory
|
|
ansible.builtin.file:
|
|
path: /etc/ansible/facts.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,g=rx,o=
|
|
|
|
- name: Check deployed keys fact
|
|
ansible.builtin.copy:
|
|
dest: /etc/ansible/facts.d/borgmatic_deployed_keys.fact
|
|
owner: root
|
|
group: root
|
|
content: "{{ borg__targets | map(attribute='name') }}"
|
|
mode: u=rw,g=r,o=
|
|
|
|
- name: Create override directory
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/borgmatic.timer.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,g=rx,o=rx
|
|
|
|
- name: Override borgmatic.timer
|
|
ansible.builtin.template:
|
|
src: override.conf.j2
|
|
dest: /etc/systemd/system/borgmatic.timer.d/override.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify:
|
|
- Run daemon-reload
|
|
|
|
- name: Start and enable borgmatic timer
|
|
ansible.builtin.systemd_service:
|
|
name: borgmatic.timer
|
|
state: started
|
|
daemon_reload: true
|
|
enabled: true
|
|
...
|