Add sojus borgbackup server

doc/ariane.md

@@ -100,10 +100,12 @@ mv /var/log/* /ssd/var/log/
 zfs set mountpoint=/var/log ssd/var/log
 mv /var/lib/lxc/* /ssd/var/lxc/
 zfs set mountpoint=/var/lib/lxc ssd/var/lxc
+zfs create -o com.sun:auto-snapshot=false zv1/sojus
 ```
 ### Set dataset quota
 ```shell
 zfs set quota=1T zv1/homes zv1/daten zv1/fotos
+zfs set quota=3T zv1/sojus
 ```
 ### If intend using ACL someday
 ```shell

host_vars/ariane

@@ -33,6 +33,17 @@ lxc:
       - lxc.network.hwaddr = 2e:6d:b6:07:15:01
       - lxc.pts = 6
 
+  - name: sojus
+    revision: "01"
+    template: voidlinux
+    config:
+      - lxc.network.1.type = veth
+      - lxc.network.1.hwaddr = 2e:6d:b6:07:17:01
+      - lxc.network.1.link = br0
+      - lxc.network.1.flags = up
+      - lxc.pts = 6
+      - lxc.mount.entry = /zv1/sojus /var/lib/lxc/lxc-sojus-01/rootfs/home/backup/repos none bind,create=dir 0 0
+
   - name: proteus
     revision: "01"
     template: debian

host_vars/lxc-sojus-01

@@ -0,0 +1,2 @@
+inventory_hostname: sojus.fet.htu.tuwien.ac.at
+inventory_hostname_short: sojus

hosts/production

@@ -12,5 +12,6 @@ all:
     fet_lxc_void:
       hosts:
         zyklon:
+        sojus:
   vars:
     ansible_python_interpreter=/usr/bin/python3

roles/sojus/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+user: backup
+group: backup
+home: /home/backup
+pool: "{{ home }}/repos"
+auth_users:
+- host: maria-storage
+  key: "{{ lookup('file', 'maria-storage.pub') }}"

roles/sojus/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: sojus.yml
+  tags: [ sojus ]

roles/sojus/tasks/sojus.yml

@@ -0,0 +1,52 @@
+---
+- name: borg - install packages
+  package: "name={{ item }} state=latest update_cache=yes"
+  with_items:
+  - python3
+  - python3-devel
+  - python3-pip
+  - python3-virtualenv
+  - libressl-devel
+  - acl-devel
+  - fuse3-devel
+  - pkg-config
+
+- name: borg - pip3 install
+  pip: name=pip executable=pip3 state=latest
+
+- name: borg - install
+  pip: name=borg executable=pip3 state=latest
+
+- name: borg - create group
+  group: "name={{ group }} state=present"
+
+- name: borg - create user
+  user: "name={{ user }} shell=/bin/bash home={{ home }} createhome=yes group={{ group }} groups= state=present"
+
+- name: borg - create user home
+  file: "path={{ home }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create user .ssh
+  file: "path={{ home }}/.ssh owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - deploy authorized keys
+  authorized_key:
+    user: "{{ user }}"
+    key: "{{ item.key }}"
+    key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --append-only --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
+  with_items: "{{ auth_users }}"
+
+- name: borg - deploy authorized keys permissions
+  file: "path={{ home }}/.ssh/authorized_keys owner={{ user }} group={{ group }} mode=0600 state=file"
+
+- name: borg - create repos dir
+  file: "path={{ pool }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create repo dir
+  file: "path={{ pool }}/{{ item.host }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+  with_items: "{{ auth_users }}"
+
+- name: borg - create repo
+  command: borg init -e none "{{ pool }}/{{ item.host }}"
+  creates: "{{ pool }}/{{ item.host }}/config"
+  with_items: "{{ auth_users }}"

site.yml

@@ -34,6 +34,10 @@
   roles:
   - gitea
 
+- hosts: sojus
+  roles:
+  - sojus
+
 - hosts: backup
   roles:
   - backup