diff --git a/.gitmodules b/.gitmodules index b0517ae..de130f8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,6 +4,3 @@ [submodule "roles/rvm1-ansible"] path = roles/rvm1-ansible url = https://git.triton.fet.at/git/ansible-role-rvm.git -[submodule "roles/borgbackup"] - path = roles/borgbackup - url = https://github.com/semoule/ansible-role-borgbackup.git diff --git a/host_vars/sojus b/host_vars/sojus index bf9a9c2..3972b5d 100644 --- a/host_vars/sojus +++ b/host_vars/sojus @@ -1,13 +1,7 @@ inventory_hostname: sojus.fet.htu.tuwien.ac.at inventory_hostname_short: sojus -borgbackup_install_from_binary: False borgbackup_install_from_repo: True - -borgbackup_server: True -borgbackup_server_user: "backup" -borgbackup_server_group: "backup" -borgbackup_server_home: "/home/backup" -borgbackup_server_pool: "{{ borgbackup_server_home }}/repos" +borgbackup_binary: "/usr/bin/borg" borgbackup_encryption_mode: "none" diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml deleted file mode 100644 index 81d832e..0000000 --- a/roles/backup/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -backup_borg: True \ No newline at end of file diff --git a/roles/backup/tasks/borg.yml b/roles/backup/tasks/borg.yml deleted file mode 100644 index 4fad2c2..0000000 --- a/roles/backup/tasks/borg.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: install borg - package: name="borgbackup" state=present - -- name: create repositories - file: - path: "{{item.path}}" - state: directory - with_items: "{{backup.repositories}}" - -- name: init borg repositories - command: "borg init {{item.path}} --encryption=none" - args: - creates: "{{item.path}}/README" - with_items: "{{backup.repositories}}" - -- name: create READMES - template: - src=borg_README.j2 - dest="{{item.path}}/README" - with_items: "{{backup.repositories}}" diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml deleted file mode 100644 index 83441d1..0000000 --- a/roles/backup/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- import_tasks: borg.yml - when: backup_borg - tags: ['backup', 'borg'] diff --git a/roles/backup/templates/borg_README.j2 b/roles/backup/templates/borg_README.j2 deleted file mode 100644 index 349390f..0000000 --- a/roles/backup/templates/borg_README.j2 +++ /dev/null @@ -1,2 +0,0 @@ -This is a generate FET borg repository. -Name: {{item.name}} \ No newline at end of file diff --git a/roles/backupclient/defaults/main.yml b/roles/backupclient/defaults/main.yml deleted file mode 100644 index 81d832e..0000000 --- a/roles/backupclient/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -backup_borg: True \ No newline at end of file diff --git a/roles/backupclient/tasks/borg.yml b/roles/backupclient/tasks/borg.yml deleted file mode 100644 index 451b60c..0000000 --- a/roles/backupclient/tasks/borg.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: install borg - package: name="borgbackup" state=present - -- name: create backup user - user: - name: borg_backup - comment: "BackupUser für BORG Backup" - group: root - generate_ssh_key: yes - ssh_key_bits: 4096 - ssh_key_file: .ssh/id_rsa - -- name: fetch pubickey - shell: "cat /home/borg_backup/.ssh/id_rsa.pub" - register: id_rsa_pub - changed_when: false - -- name: Add authorized key to borg backup servers - authorized_key: - user: "root" - key: "{{id_rsa_pub.stdout}}" - key_options: 'command="borg serve --restrict-to-path /srv/rep1"' - delegate_to: "{{item}}" - with_items: "{{groups['backup']}}" - when: id_rsa_pub.stdout is defined - diff --git a/roles/backupclient/tasks/main.yml b/roles/backupclient/tasks/main.yml deleted file mode 100644 index 83441d1..0000000 --- a/roles/backupclient/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- import_tasks: borg.yml - when: backup_borg - tags: ['backup', 'borg'] diff --git a/roles/borg_client/.travis.yml b/roles/borg_client/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/borg_client/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/borg_client/LICENSE b/roles/borg_client/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/roles/borg_client/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/borg_client/README.md b/roles/borg_client/README.md new file mode 100644 index 0000000..ff482ee --- /dev/null +++ b/roles/borg_client/README.md @@ -0,0 +1,59 @@ +Borgbackup +========== + +Ansible [Borgbackup](https://borgbackup.readthedocs.io/en/stable/) role. + +Features: + * Repository or binary installation + * Schedules regular backup jobs + * Schedules regular prune jobs to keep backup windows clean + * Flexible configuration to list backup targets + +Role Variables +-------------- + +see `defaults/main.yml` + +Example Playbook +---------------- + + - hosts: all + roles: + - role: SphericalElephant.borgbackup + borgbackup_client: True + borgbackup_client_backup_server: backup01.example.com + borgbackup_create_jobs: + - name: system + day: "*" + hour: "0" + minute: "{{ 59 | random }}" + directories: + - /etc + - /home + - /var + excludes: + - 're:^/var/lib/apt' + - 're:^/var/[^/]+\/cache/' + borgbackup_prune_jobs: + - name: system + prune_options: "--keep-daily=7 --keep-weekly=4" + day: "*" + hour: "8" + minute: "0" + borgbackup_check_jobs: + - name: system + check_options: "--lock-wait 28800" + day: "1" + hour: "12" + minute: "0" + + +You can easily assign client and server attributes from your inventory with something similar to the following: + + borgbackup_client: "{{ (inventory_hostname in groups.borgbackup_server)|ternary(False, True) }}" + borgbackup_client_backup_server: "{{ groups.borgbackup_server[0] }}" + +License +------- + +Apache 2.0 diff --git a/roles/borg_client/defaults/main.yml b/roles/borg_client/defaults/main.yml new file mode 100644 index 0000000..8bc3fba --- /dev/null +++ b/roles/borg_client/defaults/main.yml @@ -0,0 +1,77 @@ +--- +borgbackup_install_from_repo: False +borgbackup_binary_version: "1.1.4" +borgbackup_binary_platform: "borg-linux64" +borgbackup_binary_uri: "https://github.com/borgbackup/borg/releases/download/{{ borgbackup_binary_version }}/{{ borgbackup_binary_platform }}" +borgbackup_binary: "/usr/local/bin/borg" + +borgbackup_encryption_mode: "none" +borgbackup_passphrase: "yoursecret" + +borgbackup_server_user: "backup" +borgbackup_server_group: "backup" +borgbackup_server_home: "/home/backup" +borgbackup_server_pool: "{{ borgbackup_server_home }}/repos" + +borgbackup_client_ssh_key_type: '{{ "ed25519" + if ("ssh-ed25519" in borgbackup_register_key_types.stdout_lines) + else "rsa" }}' + +borgbackup_client_ssh_key_file: "/root/.ssh/id_{{ borgbackup_client_ssh_key_type }}-backup" +borgbackup_client_ssh_key_comment: 'root@{{ ansible_hostname }} generated by Ansible' +borgbackup_client_scripts_dir: "/etc/borg" + +borgbackup_client_lastlog_dir: "/var/log/borg" + +# backup server IP or FQDN used during ansible installation AND backup operation. +borgbackup_client_backup_server: + +# if defined, IP or FQDN used on backup operation. Usefull in case of LAN-free backup +#borgbackup_client_backup_server_lanfreebackup: + +# you have to set at least a "create" job. +# "prune" and "checks" jobs are optionnal, but you should use it too. +borgbackup_create_jobs: + +# borgbackup jobs examples : +#borgbackup_create_jobs: +# - name: system +# options: "--lock-wait 7200 --compression lzma" +# day: "*" +# hour: 0 # default value = 1 +# minute: 0 # default value = 0 +# random_hour: 5 # default value : ignore randomization +# random_minute: 59 # default value : ignore randomization +# directories: +# - "/etc/" +# - "/home" +# excludes: [] + +borgbackup_prune_enabled: yes +#borgbackup_prune_jobs: +# - name: system +# prune_options: "--lock-wait 7200 --keep-daily=7 --keep-weekly=4 --keep-monthly=12 --keep-yearly=-1" +# day: "*" +# hour: 12 # default value = 1 +# minute: 0 # default value = 0 +# random_hour: 5 # default value : ignore randomization +# random_minute: 59 # default value : ignore randomization + +borgbackup_check_enabled: yes +#borgbackup_check_jobs: +# - name: system +# check_options: "--lock-wait 28800" +# day: 1 +# hour: 12 # default value = 1 +# minute: 0 # default value = 0 +# random_hour: 5 # default value : ignore randomization +# random_minute: 59 # default value : ignore randomization +# random_day: 27 # default value : ignore randomization + +# about random : +# TL;DR : if 'random_hour' is set, then 'hour' will be set by a random value within range 'hour' up to 'hour+random_hour' +# purpose is to set indempotent random crontab values. Usefull when many jobs are croned toward a small number of repository servers. +# random_hour : if defined, a indempotent random value is computed between 0 and the value specified. +# Then, the crontab hour will be addition of hour and random_hour. +# a modulo 24 is applied in order to ensure valid hour are specified. +# random_minute and random_day works the same way. diff --git a/roles/borg_client/meta/main.yml b/roles/borg_client/meta/main.yml new file mode 100644 index 0000000..fc83234 --- /dev/null +++ b/roles/borg_client/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Farhad Shahbazi + description: Borgbackup + company: Spherical Elephant GmbH + license: Apache + min_ansible_version: 2.1 + platforms: + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - jessie + - sid + - stretch + - name: Archlinux + galaxy_tags: + - backup + +dependencies: [] diff --git a/roles/borg_client/tasks/borgbackup_client.yml b/roles/borg_client/tasks/borgbackup_client.yml new file mode 100644 index 0000000..c2955ba --- /dev/null +++ b/roles/borg_client/tasks/borgbackup_client.yml @@ -0,0 +1,191 @@ +--- +- name: check available SSH key types + shell: ssh -Q key 2>/dev/null || echo "ssh-rsa" + register: borgbackup_register_key_types + changed_when: False + check_mode: no + +- name: generate backup ssh-key + user: + name: root + ssh_key_file: "{{ borgbackup_client_ssh_key_file }}" + ssh_key_type: "{{ borgbackup_client_ssh_key_type }}" + ssh_key_comment: "{{ borgbackup_client_ssh_key_comment }}" + ssh_key_bits: 4096 + generate_ssh_key: yes + +- name: fetch backup ssh-pubkey + command: "cat {{ borgbackup_client_ssh_key_file }}.pub" + check_mode: no + register: borgbackup_client_ssh_pubkey_file + changed_when: False + +- name: add ssh-pubkey to backup server + delegate_to: "{{ borgbackup_client_backup_server }}" + # Start the delegate from the ansible master to avoid distributing more keys + connection: local + authorized_key: + user: "{{ borgbackup_server_user }}" + key: "{{ borgbackup_client_ssh_pubkey_file.stdout }}" + key_options: 'command="cd {{ borgbackup_server_pool }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgbackup_server_pool }}/{{ inventory_hostname }}",restrict' + +- name: create repo path for host + delegate_to: "{{ borgbackup_client_backup_server }}" + # Start the delegate from the ansible master to avoid distributing more keys + connection: local + file: + path: "{{ borgbackup_server_pool }}/{{ inventory_hostname }}" + owner: "{{ borgbackup_server_user }}" + group: "{{ borgbackup_server_group }}" + mode: 0700 + state: directory + +- name: backup scripts dir + file: + path: "{{ borgbackup_client_scripts_dir }}" + owner: root + group: root + mode: 0750 + state: directory + +- name: backup supervision lastlog dir + file: + path: "{{ borgbackup_client_lastlog_dir }}" + owner: root + group: root + mode: 0755 + state: directory + +- name: check if the repositories already exist + command: "{{ borgbackup_binary }} list {{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }}" + environment: + - BORG_RSH: "ssh -o StrictHostKeyChecking=no -i {{ borgbackup_client_ssh_key_file }}" + - BORG_PASSPHRASE: "{{ borgbackup_passphrase }}" + with_items: "{{ borgbackup_create_jobs }}" + register: list_repos + failed_when: False + changed_when: False + check_mode: no + +- name: initialize empty list of initialized repositories + set_fact: + initialized_repos: [] + +- name: store only initialized repositories in the list + set_fact: + initialized_repos: "{{ initialized_repos }} + [ '{{ item.item.name }}' ]" + with_items: "{{ list_repos.results }}" + when: item.rc == 0 + +- name: initialize repositories + command: "{{ borgbackup_binary }} init --encryption {{ borgbackup_encryption_mode }} {{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }}" + environment: + - BORG_RSH: "ssh -o StrictHostKeyChecking=no -i {{ borgbackup_client_ssh_key_file }}" + - BORG_PASSPHRASE: "{{ borgbackup_passphrase }}" + with_items: "{{ borgbackup_create_jobs }}" + register: borgbackup_initialize_result + failed_when: (borgbackup_initialize_result.rc != 0) and (borgbackup_initialize_result.stderr != "") and ('already exists' not in borgbackup_initialize_result.stderr) + when: item.name not in initialized_repos + +- name: generate filename for create / prune / check scripts + set_fact: + create_suffix_script_filename: "create_{{ borgbackup_client_backup_server.split('.')[0] }}" + prune_suffix_script_filename: "prune_{{ borgbackup_client_backup_server.split('.')[0] }}" + check_suffix_script_filename: "check_{{ borgbackup_client_backup_server.split('.')[0] }}" + +# +# borg create scripts +# +- name: deploy borg create scripts + template: + dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.sh" + src: create_job.sh.j2 + owner: root + group: root + mode: 0700 + with_items: "{{ borgbackup_create_jobs }}" + +- name: schedule borg create scripts on cron + cron: + name: "borg backup {{ item.name }}" + user: root + job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup" + day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default('*') }}" + hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + create_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(1) }}" + minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + create_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}" + state: present + cron_file: "borgbackup_{{ item.name }}_{{ create_suffix_script_filename }}" + with_items: "{{ borgbackup_create_jobs }}" + +- name: deploy borg create fake logs, when no log yet + shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.lastlog" + args: + chdir: "{{ borgbackup_client_lastlog_dir }}" + creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.lastlog" + with_items: "{{ borgbackup_create_jobs }}" + +# +# borg prune scripts +# +- name: deploy borg prune scripts + template: + dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.sh" + src: prune_job.sh.j2 + owner: root + group: root + mode: 0700 + with_items: "{{ borgbackup_prune_jobs }}" + when: borgbackup_prune_enabled + +- name: schedule borg prune scripts on cron + cron: + name: "borg prune {{ item.name }}" + user: root + job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup" + day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default('*') }}" + hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + prune_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(2) }}" + minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + prune_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}" + state: present + cron_file: "borgbackup_{{ item.name }}_{{ prune_suffix_script_filename }}" + with_items: "{{ borgbackup_prune_jobs }}" + when: borgbackup_prune_enabled + +- name: deploy borg prune fake logs, when no log yet + shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.lastlog" + args: + chdir: "{{ borgbackup_client_lastlog_dir }}" + creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.lastlog" + with_items: "{{ borgbackup_prune_jobs }}" + +# +# borg check scripts +# +- name: deploy borg check scripts + template: + dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.sh" + src: check_job.sh.j2 + owner: root + group: root + mode: 0700 + with_items: "{{ borgbackup_check_jobs }}" + when: borgbackup_check_enabled + +- name: schedule borg check scripts on cron + cron: + name: "borg check {{ item.name }}" + user: root + job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup" + day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default(1) }}" + hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + check_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(3) }}" + minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + check_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}" + state: present + cron_file: "borgbackup_{{ item.name }}_{{ check_suffix_script_filename }}" + with_items: "{{ borgbackup_check_jobs }}" + when: borgbackup_check_enabled + +- name: deploy borg check fake logs, when no log yet + shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.lastlog" + args: + chdir: "{{ borgbackup_client_lastlog_dir }}" + creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.lastlog" + with_items: "{{ borgbackup_check_jobs }}" diff --git a/roles/borg_client/tasks/borgbackup_install.yml b/roles/borg_client/tasks/borgbackup_install.yml new file mode 100644 index 0000000..10b4fff --- /dev/null +++ b/roles/borg_client/tasks/borgbackup_install.yml @@ -0,0 +1,21 @@ +--- +- name: borgbackup - download borg binary + get_url: + url: "{{ borgbackup_binary_uri }}" + dest: "{{ borgbackup_binary }}-{{ borgbackup_binary_version }}" + mode: "755" + when: not borgbackup_install_from_repo + +- name: borgbackup - link install + file: + src: "{{ borgbackup_binary }}-{{ borgbackup_binary_version }}" + dest: "{{ borgbackup_binary }}" + state: link + force: yes + when: not borgbackup_install_from_repo + +- name: borgbackup - install borgbackup + package: + name: borg + state: latest + when: borgbackup_install_from_repo diff --git a/roles/borg_client/tasks/main.yml b/roles/borg_client/tasks/main.yml new file mode 100644 index 0000000..b59598e --- /dev/null +++ b/roles/borg_client/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: borgbackup_install.yml + tags: [ borg ] + +- import_tasks: borgbackup_client.yml + tags: [ borg ] diff --git a/roles/borg_client/templates/check_job.sh.j2 b/roles/borg_client/templates/check_job.sh.j2 new file mode 100644 index 0000000..ddcaf84 --- /dev/null +++ b/roles/borg_client/templates/check_job.sh.j2 @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +export BORG_RSH="ssh -i {{ borgbackup_client_ssh_key_file }}" +export BORG_PASSPHRASE="{{ borgbackup_passphrase }}" + +REPOSITORY={{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }} + +{{ borgbackup_binary }} check --show-rc --verbose \ + {{ item.check_options }} \ + $REPOSITORY \ + 2>&1 | tee {{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.lastlog \ + | /usr/bin/logger -t borgbackup_check_{{ item.name }}_{{ borgbackup_client_backup_server }} diff --git a/roles/borg_client/templates/create_job.sh.j2 b/roles/borg_client/templates/create_job.sh.j2 new file mode 100644 index 0000000..08564b1 --- /dev/null +++ b/roles/borg_client/templates/create_job.sh.j2 @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +export BORG_RSH="ssh -i {{ borgbackup_client_ssh_key_file }}" +export BORG_PASSPHRASE="{{ borgbackup_passphrase }}" + +REPOSITORY={{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }} + +{{ borgbackup_binary }} create --show-rc --verbose --stats \ + {{ item.options | default('--compression zlib,6') }} \ + $REPOSITORY::{{ ansible_hostname }}-$(date +%Y-%m-%d_%H-%M) \ + {{ item.directories | join(' ') }} \ + {% for e in item.excludes %} + --exclude '{{ e }}' \ + {% endfor %} + 2>&1 | tee {{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.lastlog \ + | /usr/bin/logger -t borgbackup_backup_{{ item.name }}_{{ borgbackup_client_backup_server }} \ No newline at end of file diff --git a/roles/borg_client/templates/prune_job.sh.j2 b/roles/borg_client/templates/prune_job.sh.j2 new file mode 100644 index 0000000..5977439 --- /dev/null +++ b/roles/borg_client/templates/prune_job.sh.j2 @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +export BORG_RSH="ssh -i {{ borgbackup_client_ssh_key_file }}" +export BORG_PASSPHRASE="{{ borgbackup_passphrase }}" + +REPOSITORY={{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }} + +{{ borgbackup_binary }} prune --show-rc --verbose --stats \ + {{ item.prune_options }} \ + $REPOSITORY \ + 2>&1 | tee {{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.lastlog \ + | /usr/bin/logger -t borgbackup_prune_{{ item.name }}_{{ borgbackup_client_backup_server }} diff --git a/roles/borg_server/.travis.yml b/roles/borg_server/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/borg_server/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/borg_server/LICENSE b/roles/borg_server/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/roles/borg_server/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/borg_server/README.md b/roles/borg_server/README.md new file mode 100644 index 0000000..ff482ee --- /dev/null +++ b/roles/borg_server/README.md @@ -0,0 +1,59 @@ +Borgbackup +========== + +Ansible [Borgbackup](https://borgbackup.readthedocs.io/en/stable/) role. + +Features: + * Repository or binary installation + * Schedules regular backup jobs + * Schedules regular prune jobs to keep backup windows clean + * Flexible configuration to list backup targets + +Role Variables +-------------- + +see `defaults/main.yml` + +Example Playbook +---------------- + + - hosts: all + roles: + - role: SphericalElephant.borgbackup + borgbackup_client: True + borgbackup_client_backup_server: backup01.example.com + borgbackup_create_jobs: + - name: system + day: "*" + hour: "0" + minute: "{{ 59 | random }}" + directories: + - /etc + - /home + - /var + excludes: + - 're:^/var/lib/apt' + - 're:^/var/[^/]+\/cache/' + borgbackup_prune_jobs: + - name: system + prune_options: "--keep-daily=7 --keep-weekly=4" + day: "*" + hour: "8" + minute: "0" + borgbackup_check_jobs: + - name: system + check_options: "--lock-wait 28800" + day: "1" + hour: "12" + minute: "0" + + +You can easily assign client and server attributes from your inventory with something similar to the following: + + borgbackup_client: "{{ (inventory_hostname in groups.borgbackup_server)|ternary(False, True) }}" + borgbackup_client_backup_server: "{{ groups.borgbackup_server[0] }}" + +License +------- + +Apache 2.0 diff --git a/roles/borg_server/defaults/main.yml b/roles/borg_server/defaults/main.yml new file mode 100644 index 0000000..fb548b3 --- /dev/null +++ b/roles/borg_server/defaults/main.yml @@ -0,0 +1,14 @@ +--- +borgbackup_install_from_repo: False +borgbackup_binary_version: "1.1.4" +borgbackup_binary_platform: "borg-linux64" +borgbackup_binary_uri: "https://github.com/borgbackup/borg/releases/download/{{ borgbackup_binary_version }}/{{ borgbackup_binary_platform }}" +borgbackup_binary: "/usr/local/bin/borg" + +borgbackup_server_user: "backup" +borgbackup_server_group: "backup" +borgbackup_server_home: "/home/backup" +borgbackup_server_pool: "{{ borgbackup_server_home }}/repos" + +borgbackup_encryption_mode: "none" +borgbackup_passphrase: "yoursecret" diff --git a/roles/borg_server/meta/main.yml b/roles/borg_server/meta/main.yml new file mode 100644 index 0000000..fc83234 --- /dev/null +++ b/roles/borg_server/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Farhad Shahbazi + description: Borgbackup + company: Spherical Elephant GmbH + license: Apache + min_ansible_version: 2.1 + platforms: + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - jessie + - sid + - stretch + - name: Archlinux + galaxy_tags: + - backup + +dependencies: [] diff --git a/roles/borg_server/tasks/borgbackup_install.yml b/roles/borg_server/tasks/borgbackup_install.yml new file mode 100644 index 0000000..10b4fff --- /dev/null +++ b/roles/borg_server/tasks/borgbackup_install.yml @@ -0,0 +1,21 @@ +--- +- name: borgbackup - download borg binary + get_url: + url: "{{ borgbackup_binary_uri }}" + dest: "{{ borgbackup_binary }}-{{ borgbackup_binary_version }}" + mode: "755" + when: not borgbackup_install_from_repo + +- name: borgbackup - link install + file: + src: "{{ borgbackup_binary }}-{{ borgbackup_binary_version }}" + dest: "{{ borgbackup_binary }}" + state: link + force: yes + when: not borgbackup_install_from_repo + +- name: borgbackup - install borgbackup + package: + name: borg + state: latest + when: borgbackup_install_from_repo diff --git a/roles/borg_server/tasks/borgbackup_server.yml b/roles/borg_server/tasks/borgbackup_server.yml new file mode 100644 index 0000000..2b64ed4 --- /dev/null +++ b/roles/borg_server/tasks/borgbackup_server.yml @@ -0,0 +1,40 @@ +--- +- name: borg_server - create group + group: + name: "{{ borgbackup_server_group }}" + state: present + +- name: borg_server - create user + user: + name: "{{ borgbackup_server_user }}" + group: "{{ borgbackup_server_group }}" + groups: + home: "{{ borgbackup_server_home }}" + createhome: yes + shell: /bin/bash + state: present + +- name: borg_server - manage permissions + file: + path: "{{ item }}" + owner: "{{ borgbackup_server_user }}" + group: "{{ borgbackup_server_group }}" + mode: 0700 + state: directory + with_items: + - "{{ borgbackup_server_home }}" + - "{{ borgbackup_server_home }}/.ssh" + - "{{ borgbackup_server_pool }}" + +- name : borg_server - create authorized_keys + stat: + path: "{{ borgbackup_server_home }}/.ssh/authorized_keys" + register: authorized_keys + +- name: borg_server - manage permissions for authorized_keys + file: + path: "{{ borgbackup_server_home }}/.ssh/authorized_keys" + owner: "{{ borgbackup_server_user }}" + group: "{{ borgbackup_server_group }}" + mode: 0600 + state: '{{ "file" if authorized_keys.stat.exists else "touch" }}' diff --git a/roles/borg_server/tasks/main.yml b/roles/borg_server/tasks/main.yml new file mode 100644 index 0000000..0394b37 --- /dev/null +++ b/roles/borg_server/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: borgbackup_install.yml + tags: [ borg ] + +- import_tasks: borgbackup_server.yml + tags: [ borg ] diff --git a/roles/borgbackup b/roles/borgbackup deleted file mode 160000 index 54dae41..0000000 --- a/roles/borgbackup +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 54dae41af2101bc90fa9a5e5edf28fcd56f4c444 diff --git a/roles/sojus/defaults/main.yml b/roles/sojus/defaults/main.yml deleted file mode 100644 index fabb7e3..0000000 --- a/roles/sojus/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -user: backup -group: backup -home: /home/backup -pool: "{{ home }}/repos" -auth_users: -- host: maria-storage - key: "{{ lookup('file', 'maria-storage.pub') }}" diff --git a/roles/sojus/tasks/main.yml b/roles/sojus/tasks/main.yml deleted file mode 100644 index a98f3c9..0000000 --- a/roles/sojus/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_tasks: sojus.yml - tags: [ sojus ] diff --git a/roles/sojus/tasks/sojus.yml b/roles/sojus/tasks/sojus.yml deleted file mode 100644 index 9e211c6..0000000 --- a/roles/sojus/tasks/sojus.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: borg - install packages - package: "name={{ item }} state=latest update_cache=yes" - with_items: - - python3 - - python3-devel - - python3-pip - - python3-virtualenv - - libressl-devel - - acl-devel - - fuse3-devel - - pkg-config - -- name: borg - pip3 install - pip: name=pip executable=pip3 state=latest - -- name: borg - install - pip: name=borg executable=pip3 state=latest - -- name: borg - create group - group: "name={{ group }} state=present" - -- name: borg - create user - user: "name={{ user }} shell=/bin/bash home={{ home }} createhome=yes group={{ group }} groups= state=present" - -- name: borg - create user home - file: "path={{ home }} owner={{ user }} group={{ group }} mode=0700 state=directory" - -- name: borg - create user .ssh - file: "path={{ home }}/.ssh owner={{ user }} group={{ group }} mode=0700 state=directory" - -- name: borg - deploy authorized keys - authorized_key: - user: "{{ user }}" - key: "{{ item.key }}" - key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --append-only --restrict-to-path {{ pool }}/{{ item.host }}",restrict' - with_items: "{{ auth_users }}" - -- name: borg - deploy authorized keys permissions - file: "path={{ home }}/.ssh/authorized_keys owner={{ user }} group={{ group }} mode=0600 state=file" - -- name: borg - create repos dir - file: "path={{ pool }} owner={{ user }} group={{ group }} mode=0700 state=directory" - -- name: borg - create repo dir - file: "path={{ pool }}/{{ item.host }} owner={{ user }} group={{ group }} mode=0700 state=directory" - with_items: "{{ auth_users }}" - -- name: borg - create repo - command: borg init -e none "{{ pool }}/{{ item.host }}" - creates: "{{ pool }}/{{ item.host }}/config" - with_items: "{{ auth_users }}" diff --git a/site.yml b/site.yml index 6272ca6..f85b529 100644 --- a/site.yml +++ b/site.yml @@ -36,7 +36,7 @@ - hosts: sojus roles: - - borgbackup + - borg_server #- hosts: ruby # become: True