From 405b66d2cfb334b9e3ebc62a7970c5ceecfc7e1e Mon Sep 17 00:00:00 2001
From: "Daniel A. Maierhofer" <git@damadmai.at>
Date: Thu, 26 Jul 2018 12:27:37 +0200
Subject: [PATCH] Add sojus borgbackup server

---
 doc/ariane.md                 |  2 ++
 host_vars/ariane              | 11 ++++++++
 host_vars/lxc-sojus-01        |  2 ++
 hosts/production              |  1 +
 roles/sojus/defaults/main.yml |  8 ++++++
 roles/sojus/tasks/main.yml    |  3 ++
 roles/sojus/tasks/sojus.yml   | 52 +++++++++++++++++++++++++++++++++++
 site.yml                      |  4 +++
 8 files changed, 83 insertions(+)
 create mode 100644 host_vars/lxc-sojus-01
 create mode 100644 roles/sojus/defaults/main.yml
 create mode 100644 roles/sojus/tasks/main.yml
 create mode 100644 roles/sojus/tasks/sojus.yml

diff --git a/doc/ariane.md b/doc/ariane.md
index 2fb45ce..938fe9a 100644
--- a/doc/ariane.md
+++ b/doc/ariane.md
@@ -100,10 +100,12 @@ mv /var/log/* /ssd/var/log/
 zfs set mountpoint=/var/log ssd/var/log
 mv /var/lib/lxc/* /ssd/var/lxc/
 zfs set mountpoint=/var/lib/lxc ssd/var/lxc
+zfs create -o com.sun:auto-snapshot=false zv1/sojus
 ```
 ### Set dataset quota
 ```shell
 zfs set quota=1T zv1/homes zv1/daten zv1/fotos
+zfs set quota=3T zv1/sojus
 ```
 ### If intend using ACL someday
 ```shell
diff --git a/host_vars/ariane b/host_vars/ariane
index 09f5f7d..3d80a58 100644
--- a/host_vars/ariane
+++ b/host_vars/ariane
@@ -33,6 +33,17 @@ lxc:
       - lxc.network.hwaddr = 2e:6d:b6:07:15:01
       - lxc.pts = 6
 
+  - name: sojus
+    revision: "01"
+    template: voidlinux
+    config:
+      - lxc.network.1.type = veth
+      - lxc.network.1.hwaddr = 2e:6d:b6:07:17:01
+      - lxc.network.1.link = br0
+      - lxc.network.1.flags = up
+      - lxc.pts = 6
+      - lxc.mount.entry = /zv1/sojus /var/lib/lxc/lxc-sojus-01/rootfs/home/backup/repos none bind,create=dir 0 0
+
   - name: proteus
     revision: "01"
     template: debian
diff --git a/host_vars/lxc-sojus-01 b/host_vars/lxc-sojus-01
new file mode 100644
index 0000000..b014890
--- /dev/null
+++ b/host_vars/lxc-sojus-01
@@ -0,0 +1,2 @@
+inventory_hostname: sojus.fet.htu.tuwien.ac.at
+inventory_hostname_short: sojus
diff --git a/hosts/production b/hosts/production
index acab774..aca57b3 100644
--- a/hosts/production
+++ b/hosts/production
@@ -12,5 +12,6 @@ all:
     fet_lxc_void:
       hosts:
         zyklon:
+        sojus:
   vars:
     ansible_python_interpreter=/usr/bin/python3
diff --git a/roles/sojus/defaults/main.yml b/roles/sojus/defaults/main.yml
new file mode 100644
index 0000000..fabb7e3
--- /dev/null
+++ b/roles/sojus/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+user: backup
+group: backup
+home: /home/backup
+pool: "{{ home }}/repos"
+auth_users:
+- host: maria-storage
+  key: "{{ lookup('file', 'maria-storage.pub') }}"
diff --git a/roles/sojus/tasks/main.yml b/roles/sojus/tasks/main.yml
new file mode 100644
index 0000000..a98f3c9
--- /dev/null
+++ b/roles/sojus/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: sojus.yml
+  tags: [ sojus ]
diff --git a/roles/sojus/tasks/sojus.yml b/roles/sojus/tasks/sojus.yml
new file mode 100644
index 0000000..9e211c6
--- /dev/null
+++ b/roles/sojus/tasks/sojus.yml
@@ -0,0 +1,52 @@
+---
+- name: borg - install packages
+  package: "name={{ item }} state=latest update_cache=yes"
+  with_items:
+  - python3
+  - python3-devel
+  - python3-pip
+  - python3-virtualenv
+  - libressl-devel
+  - acl-devel
+  - fuse3-devel
+  - pkg-config
+
+- name: borg - pip3 install
+  pip: name=pip executable=pip3 state=latest
+
+- name: borg - install
+  pip: name=borg executable=pip3 state=latest
+
+- name: borg - create group
+  group: "name={{ group }} state=present"
+
+- name: borg - create user
+  user: "name={{ user }} shell=/bin/bash home={{ home }} createhome=yes group={{ group }} groups= state=present"
+
+- name: borg - create user home
+  file: "path={{ home }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create user .ssh
+  file: "path={{ home }}/.ssh owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - deploy authorized keys
+  authorized_key:
+    user: "{{ user }}"
+    key: "{{ item.key }}"
+    key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --append-only --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
+  with_items: "{{ auth_users }}"
+
+- name: borg - deploy authorized keys permissions
+  file: "path={{ home }}/.ssh/authorized_keys owner={{ user }} group={{ group }} mode=0600 state=file"
+
+- name: borg - create repos dir
+  file: "path={{ pool }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create repo dir
+  file: "path={{ pool }}/{{ item.host }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+  with_items: "{{ auth_users }}"
+
+- name: borg - create repo
+  command: borg init -e none "{{ pool }}/{{ item.host }}"
+  creates: "{{ pool }}/{{ item.host }}/config"
+  with_items: "{{ auth_users }}"
diff --git a/site.yml b/site.yml
index 925a98f..29e46a6 100644
--- a/site.yml
+++ b/site.yml
@@ -34,6 +34,10 @@
   roles:
   - gitea
 
+- hosts: sojus
+  roles:
+  - sojus
+
 - hosts: backup
   roles:
   - backup