Add sojus borgbackup server

2018-07-26 12:27:37 +02:00
parent 20d80b619a
commit 405b66d2cf
8 changed files with 83 additions and 0 deletions
--- a/doc/ariane.md
+++ b/doc/ariane.md
@@ -100,10 +100,12 @@ mv /var/log/* /ssd/var/log/
 zfs set mountpoint=/var/log ssd/var/log
 mv /var/lib/lxc/* /ssd/var/lxc/
 zfs set mountpoint=/var/lib/lxc ssd/var/lxc
+zfs create -o com.sun:auto-snapshot=false zv1/sojus
 ```
 ### Set dataset quota
 ```shell
 zfs set quota=1T zv1/homes zv1/daten zv1/fotos
+zfs set quota=3T zv1/sojus
 ```
 ### If intend using ACL someday
 ```shell
--- a/host_vars/ariane
+++ b/host_vars/ariane
@@ -33,6 +33,17 @@ lxc:
      - lxc.network.hwaddr = 2e:6d:b6:07:15:01
      - lxc.pts = 6

+  - name: sojus
+    revision: "01"
+    template: voidlinux
+    config:
+      - lxc.network.1.type = veth
+      - lxc.network.1.hwaddr = 2e:6d:b6:07:17:01
+      - lxc.network.1.link = br0
+      - lxc.network.1.flags = up
+      - lxc.pts = 6
+      - lxc.mount.entry = /zv1/sojus /var/lib/lxc/lxc-sojus-01/rootfs/home/backup/repos none bind,create=dir 0 0
+
  - name: proteus
    revision: "01"
    template: debian
--- a/host_vars/lxc-sojus-01
+++ b/host_vars/lxc-sojus-01
@@ -0,0 +1,2 @@
+inventory_hostname: sojus.fet.htu.tuwien.ac.at
+inventory_hostname_short: sojus
--- a/hosts/production
+++ b/hosts/production
@@ -12,5 +12,6 @@ all:
    fet_lxc_void:
      hosts:
        zyklon:
+        sojus:
  vars:
    ansible_python_interpreter=/usr/bin/python3
--- a/roles/sojus/defaults/main.yml
+++ b/roles/sojus/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+user: backup
+group: backup
+home: /home/backup
+pool: "{{ home }}/repos"
+auth_users:
+- host: maria-storage
+  key: "{{ lookup('file', 'maria-storage.pub') }}"
--- a/roles/sojus/tasks/main.yml
+++ b/roles/sojus/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: sojus.yml
+  tags: [ sojus ]
--- a/roles/sojus/tasks/sojus.yml
+++ b/roles/sojus/tasks/sojus.yml
@@ -0,0 +1,52 @@
+---
+- name: borg - install packages
+  package: "name={{ item }} state=latest update_cache=yes"
+  with_items:
+  - python3
+  - python3-devel
+  - python3-pip
+  - python3-virtualenv
+  - libressl-devel
+  - acl-devel
+  - fuse3-devel
+  - pkg-config
+
+- name: borg - pip3 install
+  pip: name=pip executable=pip3 state=latest
+
+- name: borg - install
+  pip: name=borg executable=pip3 state=latest
+
+- name: borg - create group
+  group: "name={{ group }} state=present"
+
+- name: borg - create user
+  user: "name={{ user }} shell=/bin/bash home={{ home }} createhome=yes group={{ group }} groups= state=present"
+
+- name: borg - create user home
+  file: "path={{ home }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create user .ssh
+  file: "path={{ home }}/.ssh owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - deploy authorized keys
+  authorized_key:
+    user: "{{ user }}"
+    key: "{{ item.key }}"
+    key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --append-only --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
+  with_items: "{{ auth_users }}"
+
+- name: borg - deploy authorized keys permissions
+  file: "path={{ home }}/.ssh/authorized_keys owner={{ user }} group={{ group }} mode=0600 state=file"
+
+- name: borg - create repos dir
+  file: "path={{ pool }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+
+- name: borg - create repo dir
+  file: "path={{ pool }}/{{ item.host }} owner={{ user }} group={{ group }} mode=0700 state=directory"
+  with_items: "{{ auth_users }}"
+
+- name: borg - create repo
+  command: borg init -e none "{{ pool }}/{{ item.host }}"
+  creates: "{{ pool }}/{{ item.host }}/config"
+  with_items: "{{ auth_users }}"
--- a/site.yml
+++ b/site.yml
@@ -34,6 +34,10 @@
  roles:
  - gitea

+- hosts: sojus
+  roles:
+  - sojus
+
 - hosts: backup
  roles:
  - backup