mirror of
https://github.com/borgbase/ansible-role-borgbackup.git
synced 2025-05-24 01:17:15 +02:00
Removed: borgmatic_initialization_repo
This commit is contained in:
Frank Dornheim
parent
8dfac41011
commit
f3a3838776
@ -53,7 +53,6 @@ Main features:
|
||||
borgmatic_timer: systemd
|
||||
borgbackup_user: "srv_backup"
|
||||
borgbackup_group: "srv_backup"
|
||||
borgmatic_initialization_repo: false
|
||||
borg_source_directories:
|
||||
- /srv/www
|
||||
- /var/lib/automysqlbackup
|
||||
@ -119,7 +118,6 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
|
||||
- `borgmatic_timer_hour`: Hour when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 6 | random }}`
|
||||
- `borgmatic_timer_minute`: Minute when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 59 | random }}`
|
||||
- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more.
|
||||
- `borgmatic_initialization_repo`: Auto initialization of the repo on the backup server. Defaults to `false`
|
||||
- `borgmatic_timer`: If the variable is set, a timer is installed. A choice must be made between `cron` and `systemd`.
|
||||
- `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false`
|
||||
- `borgmatic_store_atime`: Store atime into archive. Defaults to `true`
|
||||
|
||||
@ -1,60 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=borgmatic backup only - because large repo
|
||||
Wants=backup_normal_repo.timer
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
|
||||
# want to allow borgmatic to run anytime.
|
||||
ConditionACPower=true
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User={{ borgbackup_user }}
|
||||
ExecStart=/usr/local/bin/borgmatic -C -p -c /etc/borgmatic/{{ borgmatic_config_name }}
|
||||
|
||||
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
|
||||
# Security settings for systemd running as root, optional but recommended to improve security. You
|
||||
# can disable individual settings if they cause problems for your use case. For more details, see
|
||||
# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
LockPersonality=true
|
||||
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||
MemoryDenyWriteExecute=no
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
|
||||
# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
|
||||
# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
|
||||
# leaves most of the filesystem read-only to borgmatic.
|
||||
ProtectSystem=full
|
||||
# ReadWritePaths=-/mnt/my_backup_drive
|
||||
# ReadOnlyPaths=-/var/lib/my_backup_source
|
||||
# This will mount a tmpfs on top of /root and pass through needed paths
|
||||
# ProtectHome=tmpfs
|
||||
# BindPaths=-/root/.cache/borg -/root/.config/borg -/root/.borgmatic
|
||||
|
||||
# May interfere with running external programs within borgmatic hooks.
|
||||
# CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||
|
||||
# Lower CPU and I/O priority.
|
||||
Nice=19
|
||||
CPUSchedulingPolicy=batch
|
||||
IOSchedulingClass=best-effort
|
||||
IOSchedulingPriority=7
|
||||
IOWeight=100
|
||||
@ -1,13 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=Start creating of Backups - see: https://www.freedesktop.org/software/systemd/man/systemd.time.html#
|
||||
|
||||
[Timer]
|
||||
# Day-of-the-Week Year-Month-Day Hour:Minutes:Seconds
|
||||
# Persistent -> resume backup after shutdown
|
||||
OnCalendar= *-*-* {{ borgmatic_timer_hour }}:{{ borgmatic_timer_minute }}:00
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
@ -1,60 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=borgmatic check consistently only - because large repo
|
||||
Wants=backup_normal_repo.timer
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
|
||||
# want to allow borgmatic to run anytime.
|
||||
ConditionACPower=true
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User={{ borgbackup_user }}
|
||||
ExecStart=/usr/local/bin/borgmatic -k -c /etc/borgmatic/{{ borgmatic_config_name }}
|
||||
|
||||
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
|
||||
# Security settings for systemd running as root, optional but recommended to improve security. You
|
||||
# can disable individual settings if they cause problems for your use case. For more details, see
|
||||
# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
LockPersonality=true
|
||||
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||
MemoryDenyWriteExecute=no
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
|
||||
# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
|
||||
# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
|
||||
# leaves most of the filesystem read-only to borgmatic.
|
||||
ProtectSystem=full
|
||||
# ReadWritePaths=-/mnt/my_backup_drive
|
||||
# ReadOnlyPaths=-/var/lib/my_backup_source
|
||||
# This will mount a tmpfs on top of /root and pass through needed paths
|
||||
# ProtectHome=tmpfs
|
||||
# BindPaths=-/root/.cache/borg -/root/.config/borg -/root/.borgmatic
|
||||
|
||||
# May interfere with running external programs within borgmatic hooks.
|
||||
# CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||
|
||||
# Lower CPU and I/O priority.
|
||||
Nice=19
|
||||
CPUSchedulingPolicy=batch
|
||||
IOSchedulingClass=best-effort
|
||||
IOSchedulingPriority=7
|
||||
IOWeight=100
|
||||
@ -1,13 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=Start creating of Backups - see: https://www.freedesktop.org/software/systemd/man/systemd.time.html#
|
||||
|
||||
[Timer]
|
||||
# Day-of-the-Week Year-Month-Day Hour:Minutes:Seconds
|
||||
# Persistent -> resume backup after shutdown
|
||||
OnCalendar= {% if borgmatic_timer_day_of_the_week is defined and borgmatic_timer_day_of_the_week | length > 0 %} {{ borgmatic_timer_day_of_the_week }} {% endif %} *-*-{{ borgmatic_timer_checks_day }} {{ borgmatic_timer_checks_hour }}:{{ borgmatic_timer_checks_minute }}:00
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
@ -1,60 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=borgmatic backup
|
||||
Wants=backup_normal_repo.timer
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
|
||||
# want to allow borgmatic to run anytime.
|
||||
ConditionACPower=true
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User={{ borgbackup_user }}
|
||||
ExecStart=/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
|
||||
|
||||
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
|
||||
# Security settings for systemd running as root, optional but recommended to improve security. You
|
||||
# can disable individual settings if they cause problems for your use case. For more details, see
|
||||
# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
LockPersonality=true
|
||||
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||
MemoryDenyWriteExecute=no
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHostname=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
|
||||
# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
|
||||
# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
|
||||
# leaves most of the filesystem read-only to borgmatic.
|
||||
ProtectSystem=full
|
||||
# ReadWritePaths=-/mnt/my_backup_drive
|
||||
# ReadOnlyPaths=-/var/lib/my_backup_source
|
||||
# This will mount a tmpfs on top of /root and pass through needed paths
|
||||
# ProtectHome=tmpfs
|
||||
# BindPaths=-/root/.cache/borg -/root/.config/borg -/root/.borgmatic
|
||||
|
||||
# May interfere with running external programs within borgmatic hooks.
|
||||
# CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||
|
||||
# Lower CPU and I/O priority.
|
||||
Nice=19
|
||||
CPUSchedulingPolicy=batch
|
||||
IOSchedulingClass=best-effort
|
||||
IOSchedulingPriority=7
|
||||
IOWeight=100
|
||||
@ -1,13 +0,0 @@
|
||||
# Managed by Ansible, please don't edit manually
|
||||
|
||||
[Unit]
|
||||
Description=Start creating of Backups - see: https://www.freedesktop.org/software/systemd/man/systemd.time.html#
|
||||
|
||||
[Timer]
|
||||
# Day-of-the-Week Year-Month-Day Hour:Minutes:Seconds
|
||||
# Persistent -> resume backup after shutdown
|
||||
OnCalendar= *-*-* {{ borgmatic_timer_hour }}:{{ borgmatic_timer_minute }}:00
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
Loading…
Reference in New Issue
Block a user