adyxax/ansible-role-borg
Archived
1
0
Fork 0
Code Issues Activity

Added borg backup role

Browse source
This commit is contained in:
Julien Dessaux 2019-07-09 11:45:03 +02:00
commit 5b953c8dba
11 changed files with 198 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
borg_prune_arguments: '--keep-within 30d'
...

18
files/borg.fact Normal file
View file

@ -0,0 +1,18 @@
#!/bin/sh
echo '{'
if [ -e '/root/.ssh/borg.pub' ]; then
pubkey=`cat /root/.ssh/borg.pub | tr -d "\n"`
echo -ne ' "pubkey": "'$pubkey'"'
pubkey_prefix=",\n"
fi
if [ -e '/srv/borg/repos/' ]; then
echo -ne "${pubkey_prefix:-}"' "repos": {'"\n"
for repo in `ls /srv/borg/repos/`; do
id=`awk '/^id =/ {print $3}' /srv/borg/repos/${repo}/config`
echo -ne ${repo_prefix:-}' "'$repo'": "'$id'"'
repo_prefix=",\n"
done
echo -ne "\n }"
fi
echo -ne "\n}"

89
tasks/client.yml Normal file
View file

@ -0,0 +1,89 @@
---
- name: generate borg ssh key on client
openssh_keypair:
owner: root
mode: 0400
path: /root/.ssh/borg
type: ed25519
register: borg_ssh_key
- name: reload ansible_local
setup: filter=ansible_local
when: borg_ssh_key.changed
- name: Enforce borg authorized key on server
authorized_key:
user: borg
key: "{{ ansible_local.borg.pubkey }}"
key_options: 'command="cd /srv/borg/repos/{{ ansible_hostname }}; borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
delegate_to: "{{ borg_server }}"
- name: create borg client repo directory on server
file:
path: "/srv/borg/repos/{{ ansible_hostname }}"
state: directory
owner: borg
mode: 0700
delegate_to: "{{ borg_server }}"
- name: create borg client repo on server
command: "borg init --encryption=none /srv/borg/repos/{{ ansible_hostname }}"
become: yes
become_method: su
become_user: borg
delegate_to: "{{ borg_server }}"
args:
creates: "/srv/borg/repos/{{ ansible_hostname }}/config"
- name: reload ansible_local
setup: filter=ansible_local
delegate_to: "{{ borg_server }}"
delegate_facts: True
when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
- name: make the server known to the client
lineinfile:
line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
path: /root/.ssh/known_hosts
create: yes
- name: make the repo directory on the client
file:
state: directory
path: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}"
owner: root
mode: 0700
- name: make the repo known to the client
copy:
dest: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}/key-type"
content: "2"
owner: root
mode: 0600
- name: deploy borg backup script
template:
dest: /usr/local/bin/adyxax_backup.sh
src: backup.sh.j2
owner: root
mode: 0500
- name: activate borg cron on alpine
lineinfile:
line: '0 23 * * * /usr/local/bin/adyxax_backup.sh'
path: /etc/crontabs/root
when: ansible_os_family == 'Alpine'
- name: activate borg cron on gentoo or redhat
file:
state: link
src: /usr/local/bin/adyxax_backup.sh
dest: /etc/cron.daily/backup
when: ansible_os_family == 'Gentoo' or ansible_os_family == 'RedHat'
- name: activate borg cron on openbsd
lineinfile:
line: '0 23 * * * /usr/local/bin/adyxax_backup.sh'
path: /var/cron/tabs/root
when: ansible_os_family == 'OpenBSD'
...

25
tasks/common.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: set distro-specific server variables
include_vars: '{{ ansible_os_family }}.yml'
- name: Check if borg is supported on distro
fail:
msg: "borg tasks are not supported on this operating system yet."
when: borg_packages is not defined
- name: Ensure borg is installed
package:
name: "{{ borg_packages }}"
- name: Push borg gathering fact on client
copy:
src: borg.fact
dest: /etc/ansible/facts.d/
mode: 0500
owner: root
register: borg_gathering_fact
- name: reload ansible_local
setup: filter=ansible_local
when: borg_gathering_fact.changed
...

10
tasks/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- import_tasks: common.yml
when: (is_borg_server|default(false)) or borg_server is defined
- import_tasks: server.yml
when: (is_borg_server|default(false))
- import_tasks: client.yml
when: borg_server is defined
...

26
tasks/server.yml Normal file
View file

@ -0,0 +1,26 @@
---
- name: Create borg group on server
group:
name: borg
system: yes
- name: Create borg user on server
user:
name: borg
shell: /bin/sh
home: /srv/borg
createhome: yes
system: yes
password_lock: yes
- name: Ensure borg directories exist on server
file:
state: directory
path: "{{ item }}"
owner: borg
mode: 0700
loop:
- /srv/borg
- /srv/borg/.ssh
- /srv/borg/repos
...

11
templates/backup.sh.j2 Normal file
View file

@ -0,0 +1,11 @@
#!/bin/sh
{% for job in borg_jobs %}
{% if job.command_to_pipe is defined %}
{{ job.command_to_pipe }} | BORG_RSH="ssh -i /root/.ssh/borg" borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path | default('-') }}
{% else %}
BORG_RSH="ssh -i /root/.ssh/borg" borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path }}
{% endif %}
{% endfor %}
BORG_RSH="ssh -i /root/.ssh/borg" borg prune borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }} {{ borg_prune_arguments }}

4
vars/Alpine.yml Normal file
View file

@ -0,0 +1,4 @@
---
borg_packages:
- 'borgbackup'
...

4
vars/Gentoo.yml Normal file
View file

@ -0,0 +1,4 @@
---
borg_packages:
- 'app-backup/borgbackup'
...

4
vars/OpenBSD.yml Normal file
View file

@ -0,0 +1,4 @@
---
borg_packages:
- 'borgbackup'
...

4
vars/RedHat.yml Normal file
View file

@ -0,0 +1,4 @@
---
borg_packages:
- borgbackup
...