commit
fecacf36d9
8 changed files with 248 additions and 0 deletions
@ -0,0 +1,20 @@ |
||||
The MIT License (MIT) |
||||
|
||||
Copyright (c) 2018 Manuel Riel |
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of |
||||
this software and associated documentation files (the "Software"), to deal in |
||||
the Software without restriction, including without limitation the rights to |
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
||||
the Software, and to permit persons to whom the Software is furnished to do so, |
||||
subject to the following conditions: |
||||
|
||||
The above copyright notice and this permission notice shall be included in all |
||||
copies or substantial portions of the Software. |
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
||||
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
||||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
||||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
@ -0,0 +1,34 @@ |
||||
# Ansible Role: BorgBackup Client |
||||
|
||||
An Ansible Role that installs that sets up BorgBackup on Debian/Ubuntu. |
||||
|
||||
## Role Variables |
||||
|
||||
- `borg_repository` (required): Full path to repository. |
||||
- `borg_encryption_passphrase` (optional): Password to use for repokey or keyfile. Empty if repo is unencrypted. |
||||
- `borg_source_directories` (required): List of local folders to back up. |
||||
- `borg_exclude_patterns` (optional): List of local folders to exclude. |
||||
|
||||
|
||||
## Example Playbook |
||||
|
||||
``` |
||||
- hosts: webservers |
||||
roles: |
||||
- role: borgbackup |
||||
borg_encryption_passphrase: CHANGEME |
||||
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo |
||||
borg_source_directories: |
||||
- /srv/www |
||||
- /var/lib/automysqlbackup |
||||
borg_exclude_patterns: |
||||
- /srv/www/upload |
||||
``` |
||||
|
||||
## License |
||||
|
||||
MIT/BSD |
||||
|
||||
## Author |
||||
|
||||
This role was created by Manuel Riel, founder of [BorgBase.com](https://www.borgbase.com) - Simple and Secure Hosting for your Borg Repositories. |
@ -0,0 +1,3 @@ |
||||
--- |
||||
borg_encryption_passphrase: '' |
||||
borg_exclude_patterns: [] |
@ -0,0 +1,48 @@ |
||||
--- |
||||
- name: Regenerate apt-cache and update packages |
||||
apt: update_cache=yes upgrade=dist cache_valid_time=120 |
||||
|
||||
- name: Install required System Packages |
||||
apt: |
||||
pkg: "{{ item }}" |
||||
state: installed |
||||
with_items: "{{ borg_apt_packages }}" |
||||
|
||||
- name: Install required Python Packages |
||||
pip: |
||||
name: "{{ item }}" |
||||
executable: pip3 |
||||
with_items: "{{ borg_python_packages }}" |
||||
|
||||
- name: Ensure root has SSH key. |
||||
user: |
||||
name: "root" |
||||
generate_ssh_key: yes |
||||
ssh_key_file: .ssh/id_ed25519 |
||||
ssh_key_type: ed25519 |
||||
register: root_user |
||||
|
||||
- debug: |
||||
var: root_user['ssh_public_key'] |
||||
|
||||
- name: Ensures /etc/borgmatic exists |
||||
file: |
||||
path: /etc/borgmatic |
||||
state: directory |
||||
mode: 0700 |
||||
owner: root |
||||
|
||||
- name: Add Borgmatic Configuration |
||||
template: |
||||
src: config.yaml.j2 |
||||
dest: "/etc/borgmatic/config.yaml" |
||||
mode: 0600 |
||||
|
||||
- name: Add cron-job for borgmatic |
||||
cron: |
||||
name: "borgmatic" |
||||
hour: "{{ 4 |random }}" |
||||
minute: "{{ 59 |random }}" |
||||
user: "root" |
||||
cron_file: borgmatic |
||||
job: "/usr/local/bin/borgmatic" |
@ -0,0 +1,115 @@ |
||||
location: |
||||
source_directories: |
||||
{% for dir in borg_source_directories %} |
||||
- {{ dir }} |
||||
{% endfor %} |
||||
|
||||
one_file_system: true |
||||
repositories: |
||||
- {{ borg_repository }} |
||||
|
||||
# Any paths matching these patterns are excluded from backups. Globs and tildes |
||||
# are expanded. See the output of "borg help patterns" for more details. |
||||
exclude_patterns: |
||||
{% for dir in borg_exclude_patterns %} |
||||
- {{ dir }} |
||||
{% endfor %} |
||||
|
||||
# Exclude directories that contain a CACHEDIR.TAG file. See |
||||
# http://www.brynosaurus.com/cachedir/spec.html for details. |
||||
exclude_caches: true |
||||
|
||||
# Exclude directories that contain a file with the given filename. |
||||
exclude_if_present: .nobackup |
||||
|
||||
# Repository storage options. See |
||||
# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and |
||||
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for |
||||
# details. |
||||
storage: |
||||
encryption_passphrase: {{ borg_encryption_passphrase }} |
||||
# Type of compression to use when creating archives. See |
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details. |
||||
# Defaults to no compression. |
||||
compression: auto,zstd |
||||
|
||||
# Remote network upload rate limit in kiBytes/second. |
||||
#remote_rate_limit: 5000 |
||||
|
||||
# Command to use instead of just "ssh". This can be used to specify ssh options. |
||||
# ssh_command: ssh -i ~/.ssh/id_ed25519 |
||||
|
||||
# Umask to be used for borg create. |
||||
umask: 0077 |
||||
|
||||
# Maximum seconds to wait for acquiring a repository/cache lock. |
||||
lock_wait: 5 |
||||
|
||||
# Name of the archive. Borg placeholders can be used. See the output of |
||||
# "borg help placeholders" for details. Default is |
||||
# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must |
||||
# also specify a prefix in the retention section to avoid accidental pruning of |
||||
# archives with a different archive name format. And you should also specify a |
||||
# prefix in the consistency section as well. |
||||
archive_name_format: '{hostname}-{now}' |
||||
|
||||
# Retention policy for how many backups to keep in each category. See |
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details. |
||||
# At least one of the "keep" options is required for pruning to work. |
||||
retention: |
||||
# Number of hourly archives to keep. |
||||
keep_hourly: 3 |
||||
|
||||
# Number of daily archives to keep. |
||||
keep_daily: 7 |
||||
|
||||
# Number of weekly archives to keep. |
||||
keep_weekly: 4 |
||||
|
||||
# Number of monthly archives to keep. |
||||
keep_monthly: 6 |
||||
|
||||
# When pruning, only consider archive names starting with this prefix. |
||||
# Borg placeholders can be used. See the output of "borg help placeholders" for |
||||
# details. Default is "{hostname}-". |
||||
prefix: '{hostname}-' |
||||
|
||||
# Consistency checks to run after backups. See |
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and |
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details. |
||||
consistency: |
||||
# List of one or more consistency checks to run: "repository", "archives", and/or |
||||
# "extract". Defaults to "repository" and "archives". Set to "disabled" to disable |
||||
# all consistency checks. "repository" checks the consistency of the repository, |
||||
# "archive" checks all of the archives, and "extract" does an extraction dry-run |
||||
# of just the most recent archive. |
||||
checks: |
||||
- disabled |
||||
# - repository |
||||
# - archives |
||||
|
||||
# Restrict the number of checked archives to the last n. Applies only to the "archives" check. |
||||
check_last: 3 |
||||
|
||||
# When performing the "archives" check, only consider archive names starting with |
||||
# this prefix. Borg placeholders can be used. See the output of |
||||
# "borg help placeholders" for details. Default is "{hostname}-". |
||||
prefix: '{hostname}-' |
||||
|
||||
# Shell commands or scripts to execute before and after a backup or if an error has occurred. |
||||
# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic. |
||||
# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to |
||||
# prevent potential shell injection or privilege escalation. |
||||
hooks: |
||||
# List of one or more shell commands or scripts to execute before creating a backup. |
||||
before_backup: |
||||
- echo "`date` - Starting backup." |
||||
|
||||
# List of one or more shell commands or scripts to execute after creating a backup. |
||||
after_backup: |
||||
- echo "`date` - Finished backup." |
||||
|
||||
# List of one or more shell commands or scripts to execute in case an exception has occurred. |
||||
on_error: |
||||
- echo "`date` - Error while creating a backup." |
||||
|
@ -0,0 +1,2 @@ |
||||
[gce] |
||||
debian9 ansible_ssh_host=35.231.187.214 ansible_ssh_user=erlebnishengst_gmail_com |
@ -0,0 +1,12 @@ |
||||
--- |
||||
- hosts: all |
||||
become: yes |
||||
roles: |
||||
- role: borgbackup |
||||
borg_encryption_passphrase: CHANGEME |
||||
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo |
||||
borg_source_directories: |
||||
- /srv/www |
||||
- /var/lib/automysqlbackup |
||||
borg_exclude_patterns: |
||||
- /srv/www/upload |
@ -0,0 +1,14 @@ |
||||
--- |
||||
borg_apt_packages: |
||||
- libssl-dev |
||||
- libacl1-dev |
||||
- libacl1 |
||||
- build-essential |
||||
- python3-dev |
||||
- python3-pip |
||||
- python3-msgpack |
||||
|
||||
borg_python_packages: |
||||
- borgbackup |
||||
- borgmatic |
||||
|
Loading…
Reference in new issue