ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 3a99a7beff04e49f818ba5f7aaceadd8d11e6acc
parent 1239371ff42b23eb148fce98b1027ea9aaf99d44
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Mar 2021 18:49:32 +0100

add quitschi backup script and tasks
7 files changed, 116 insertions(+), 40 deletions(-)
M
roles/backup/tasks/main.yml
|
3
+++
A
roles/backup/tasks/quitschi.yml
|
41
+++++++++++++++++++++++++++++++++++++++++
M
roles/backup/tasks/wanderduene.yml
|
4
++--
D
scripts/restic-backup-wanderduene.sh
|
38
--------------------------------------
A
scripts/restic-backup/quitschi.sh
|
29
+++++++++++++++++++++++++++++
A
scripts/restic-backup/snips.txt
|
3
+++
A
scripts/restic-backup/wanderduene.sh
|
38
++++++++++++++++++++++++++++++++++++++
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
@@ -10,3 +10,6 @@
 
 - import_tasks: wanderduene.yml
   when: system.hostname == "wanderduene"
+
+- import_tasks: quitschi.yml
+  when: system.hostname == "quitschi"
diff --git a/roles/backup/tasks/quitschi.yml b/roles/backup/tasks/quitschi.yml
@@ -0,0 +1,41 @@
+---
+
+- name: create password file for rest-server
+  copy:
+    content: "{{ lookup('community.general.passwordstore', 'Server/desastro/rest-server.plain returnall=true')}}"
+    dest:    /var/lib/restic-password
+    mode:    0755
+    owner:   root
+    group:   root
+
+- name: create password files for services
+  copy:
+    content: "{{ lookup('community.general.passwordstore', 'Server/{{system.hostname}}/restic/{{item}} returnall=true')}}"
+    dest:    "/var/lib/{{item}}/restic-password"
+    owner:   "{{item}}"
+    group:   "{{item}}"
+    mode:    0700
+  loop:
+    - synapse
+
+- name: create password file for postgresql
+  copy:
+    content: "{{ lookup('community.general.passwordstore', 'Server/{{system.hostname}}/restic/postgresql returnall=true')}}"
+    dest:    /var/lib/postgresql/restic-password
+    owner:   postgres
+    group:   postgres
+    mode:    0700
+
+- name: Copy backup-script to server
+  copy:
+    src: scripts/restic-backup/{{system.hostname}}.sh
+    dest: /root/restic-backup.sh
+    mode: 0755
+
+- name: create crontab entry
+  cron:
+    name: "run restic-backups"
+    special_time: daily
+    user: root
+    job: "/root/restic-backup.sh > /dev/null"
+    state: present
diff --git a/roles/backup/tasks/wanderduene.yml b/roles/backup/tasks/wanderduene.yml
@@ -2,7 +2,7 @@
 
 - name: create password file for rest-server
   copy:
-    content: "{{ lookup('community.general.passwordstore', 'Server/taurus/rest-server.plain returnall=true')}}"
+    content: "{{ lookup('community.general.passwordstore', 'Server/desastro/rest-server.plain returnall=true')}}"
     dest:    /var/lib/restic-password
     mode:    0755
     owner:   root

@@ -41,7 +41,7 @@
 
 - name: Copy backup-script to server
   copy:
-    src: scripts/restic-backup-{{system.hostname}}.sh
+    src: scripts/restic-backup/{{system.hostname}}.sh
     dest: /root/restic-backup.sh
     mode: 0755
 
diff --git a/scripts/restic-backup-wanderduene.sh b/scripts/restic-backup-wanderduene.sh
@@ -1,38 +0,0 @@
-#!/usr/bin/env sh
-
-echo "Last run: $(date -R)" > /root/backup.last-run 
-echo "Status:" >> /root/backup.last-run
-
-#backup services
-for service in pleroma radicale synapse git maddy oeffisearch
-do
-  sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service
-  sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service
-  if [ $? -eq 0 ]; then
-  	echo "$service: OK" >> /root/backup.last-run
-  else 
-  	echo "$service: FAIL" >> /root/backup.last-run
-  fi
-done
-
-#backup websites
-sudo -u leah restic init --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites
-sudo -u leah restic backup --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites /var/lib/websites
-if [ $? -eq 0 ]; then
-  echo "websites: OK" >> /root/backup.last-run
-else 
-  echo "websites: FAIL" >> /root/backup.last-run
-fi
-
-#backup postgres
-SQLFILE=/var/lib/postgresql/backup/postgres_$(date "+%Y-%m-%d_%H:%M").sql
-sudo -u postgres mkdir /var/lib/postgresql/backup
-sudo -u postgres bash -c "pg_dumpall > $SQLFILE"
-sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres
-sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup
-if [ $? -eq 0 ]; then
-  echo "postgres: OK" >> /root/backup.last-run
-else 
-  echo "postgres: FAIL" >> /root/backup.last-run
-fi
-sudo -u postgres rm -rf /var/lib/postgresql/backup
diff --git a/scripts/restic-backup/quitschi.sh b/scripts/restic-backup/quitschi.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+echo "Last run: $(date -R)" > /root/backup.last-run 
+echo "Status:" >> /root/backup.last-run
+
+#backup services
+for service in synapse
+do
+  sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service
+  sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service
+  if [ $? -eq 0 ]; then
+  	echo "$service: OK" >> /root/backup.last-run
+  else 
+  	echo "$service: FAIL" >> /root/backup.last-run
+  fi
+done
+
+#backup postgres
+SQLFILE=/var/lib/postgresql/backup/postgres.sql
+sudo -u postgres mkdir /var/lib/postgresql/backup
+sudo -u postgres bash -c "pg_dumpall > $SQLFILE"
+sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres
+sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup
+if [ $? -eq 0 ]; then
+  echo "postgres: OK" >> /root/backup.last-run
+else 
+  echo "postgres: FAIL" >> /root/backup.last-run
+fi
+sudo -u postgres rm -rf /var/lib/postgresql/backup
diff --git a/scripts/restic-backup/snips.txt b/scripts/restic-backup/snips.txt
@@ -0,0 +1,2 @@
+# to clear old backups run: 
+restic -r $repo forget --prune --keep-daily 7 --keep-weekly 8 --keep-monthly 12 --keep-yearly 2+
\ No newline at end of file
diff --git a/scripts/restic-backup/wanderduene.sh b/scripts/restic-backup/wanderduene.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env sh
+
+echo "Last run: $(date -R)" > /root/backup.last-run 
+echo "Status:" >> /root/backup.last-run
+
+#backup services
+for service in pleroma radicale synapse git maddy oeffisearch
+do
+  sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service
+  sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service
+  if [ $? -eq 0 ]; then
+  	echo "$service: OK" >> /root/backup.last-run
+  else 
+  	echo "$service: FAIL" >> /root/backup.last-run
+  fi
+done
+
+#backup websites
+sudo -u leah restic init --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites
+sudo -u leah restic backup --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites /var/lib/websites
+if [ $? -eq 0 ]; then
+  echo "websites: OK" >> /root/backup.last-run
+else 
+  echo "websites: FAIL" >> /root/backup.last-run
+fi
+
+#backup postgres
+SQLFILE=/var/lib/postgresql/backup/postgres.sql
+sudo -u postgres mkdir /var/lib/postgresql/backup
+sudo -u postgres bash -c "pg_dumpall > $SQLFILE"
+sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres
+sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup
+if [ $? -eq 0 ]; then
+  echo "postgres: OK" >> /root/backup.last-run
+else 
+  echo "postgres: FAIL" >> /root/backup.last-run
+fi
+sudo -u postgres rm -rf /var/lib/postgresql/backup