From fecacf36d9ddb7739b586259aaf3a787ad4dc623 Mon Sep 17 00:00:00 2001 From: Manu Date: Sat, 6 Oct 2018 20:04:20 +0800 Subject: [PATCH] initial commit --- LICENSE | 20 +++++++ README.md | 34 ++++++++++++ defaults/main.yml | 3 + tasks/main.yml | 48 ++++++++++++++++ templates/config.yaml.j2 | 115 +++++++++++++++++++++++++++++++++++++++ tests/inventory | 2 + tests/playbook.yml | 12 ++++ vars/main.yml | 14 +++++ 8 files changed, 248 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100755 defaults/main.yml create mode 100755 tasks/main.yml create mode 100644 templates/config.yaml.j2 create mode 100644 tests/inventory create mode 100644 tests/playbook.yml create mode 100644 vars/main.yml diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..523eac0 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2018 Manuel Riel + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..ee49b2f --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# Ansible Role: BorgBackup Client + +An Ansible Role that installs that sets up BorgBackup on Debian/Ubuntu. + +## Role Variables + +- `borg_repository` (required): Full path to repository. +- `borg_encryption_passphrase` (optional): Password to use for repokey or keyfile. Empty if repo is unencrypted. +- `borg_source_directories` (required): List of local folders to back up. +- `borg_exclude_patterns` (optional): List of local folders to exclude. + + +## Example Playbook + +``` +- hosts: webservers + roles: + - role: borgbackup + borg_encryption_passphrase: CHANGEME + borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo + borg_source_directories: + - /srv/www + - /var/lib/automysqlbackup + borg_exclude_patterns: + - /srv/www/upload +``` + +## License + +MIT/BSD + +## Author + +This role was created by Manuel Riel, founder of [BorgBase.com](https://www.borgbase.com) - Simple and Secure Hosting for your Borg Repositories. \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100755 index 0000000..42b2900 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +borg_encryption_passphrase: '' +borg_exclude_patterns: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100755 index 0000000..acb96e4 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: Regenerate apt-cache and update packages + apt: update_cache=yes upgrade=dist cache_valid_time=120 + +- name: Install required System Packages + apt: + pkg: "{{ item }}" + state: installed + with_items: "{{ borg_apt_packages }}" + +- name: Install required Python Packages + pip: + name: "{{ item }}" + executable: pip3 + with_items: "{{ borg_python_packages }}" + +- name: Ensure root has SSH key. + user: + name: "root" + generate_ssh_key: yes + ssh_key_file: .ssh/id_ed25519 + ssh_key_type: ed25519 + register: root_user + +- debug: + var: root_user['ssh_public_key'] + +- name: Ensures /etc/borgmatic exists + file: + path: /etc/borgmatic + state: directory + mode: 0700 + owner: root + +- name: Add Borgmatic Configuration + template: + src: config.yaml.j2 + dest: "/etc/borgmatic/config.yaml" + mode: 0600 + +- name: Add cron-job for borgmatic + cron: + name: "borgmatic" + hour: "{{ 4 |random }}" + minute: "{{ 59 |random }}" + user: "root" + cron_file: borgmatic + job: "/usr/local/bin/borgmatic" diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 new file mode 100644 index 0000000..22b1766 --- /dev/null +++ b/templates/config.yaml.j2 @@ -0,0 +1,115 @@ +location: + source_directories: +{% for dir in borg_source_directories %} + - {{ dir }} +{% endfor %} + + one_file_system: true + repositories: + - {{ borg_repository }} + + # Any paths matching these patterns are excluded from backups. Globs and tildes + # are expanded. See the output of "borg help patterns" for more details. + exclude_patterns: +{% for dir in borg_exclude_patterns %} + - {{ dir }} +{% endfor %} + + # Exclude directories that contain a CACHEDIR.TAG file. See + # http://www.brynosaurus.com/cachedir/spec.html for details. + exclude_caches: true + + # Exclude directories that contain a file with the given filename. + exclude_if_present: .nobackup + +# Repository storage options. See +# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and +# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for +# details. +storage: + encryption_passphrase: {{ borg_encryption_passphrase }} + # Type of compression to use when creating archives. See + # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details. + # Defaults to no compression. + compression: auto,zstd + + # Remote network upload rate limit in kiBytes/second. + #remote_rate_limit: 5000 + + # Command to use instead of just "ssh". This can be used to specify ssh options. + # ssh_command: ssh -i ~/.ssh/id_ed25519 + + # Umask to be used for borg create. + umask: 0077 + + # Maximum seconds to wait for acquiring a repository/cache lock. + lock_wait: 5 + + # Name of the archive. Borg placeholders can be used. See the output of + # "borg help placeholders" for details. Default is + # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must + # also specify a prefix in the retention section to avoid accidental pruning of + # archives with a different archive name format. And you should also specify a + # prefix in the consistency section as well. + archive_name_format: '{hostname}-{now}' + +# Retention policy for how many backups to keep in each category. See +# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details. +# At least one of the "keep" options is required for pruning to work. +retention: + # Number of hourly archives to keep. + keep_hourly: 3 + + # Number of daily archives to keep. + keep_daily: 7 + + # Number of weekly archives to keep. + keep_weekly: 4 + + # Number of monthly archives to keep. + keep_monthly: 6 + + # When pruning, only consider archive names starting with this prefix. + # Borg placeholders can be used. See the output of "borg help placeholders" for + # details. Default is "{hostname}-". + prefix: '{hostname}-' + +# Consistency checks to run after backups. See +# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and +# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details. +consistency: + # List of one or more consistency checks to run: "repository", "archives", and/or + # "extract". Defaults to "repository" and "archives". Set to "disabled" to disable + # all consistency checks. "repository" checks the consistency of the repository, + # "archive" checks all of the archives, and "extract" does an extraction dry-run + # of just the most recent archive. + checks: + - disabled + # - repository + # - archives + + # Restrict the number of checked archives to the last n. Applies only to the "archives" check. + check_last: 3 + + # When performing the "archives" check, only consider archive names starting with + # this prefix. Borg placeholders can be used. See the output of + # "borg help placeholders" for details. Default is "{hostname}-". + prefix: '{hostname}-' + +# Shell commands or scripts to execute before and after a backup or if an error has occurred. +# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic. +# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to +# prevent potential shell injection or privilege escalation. +hooks: + # List of one or more shell commands or scripts to execute before creating a backup. + before_backup: + - echo "`date` - Starting backup." + + # List of one or more shell commands or scripts to execute after creating a backup. + after_backup: + - echo "`date` - Finished backup." + + # List of one or more shell commands or scripts to execute in case an exception has occurred. + on_error: + - echo "`date` - Error while creating a backup." + diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..d8aa991 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +[gce] +debian9 ansible_ssh_host=35.231.187.214 ansible_ssh_user=erlebnishengst_gmail_com \ No newline at end of file diff --git a/tests/playbook.yml b/tests/playbook.yml new file mode 100644 index 0000000..7100a70 --- /dev/null +++ b/tests/playbook.yml @@ -0,0 +1,12 @@ +--- +- hosts: all + become: yes + roles: + - role: borgbackup + borg_encryption_passphrase: CHANGEME + borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo + borg_source_directories: + - /srv/www + - /var/lib/automysqlbackup + borg_exclude_patterns: + - /srv/www/upload \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..5b9f739 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,14 @@ +--- +borg_apt_packages: + - libssl-dev + - libacl1-dev + - libacl1 + - build-essential + - python3-dev + - python3-pip + - python3-msgpack + +borg_python_packages: + - borgbackup + - borgmatic +