commit 3a99a7beff04e49f818ba5f7aaceadd8d11e6acc
parent 1239371ff42b23eb148fce98b1027ea9aaf99d44
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Mar 2021 18:49:32 +0100
parent 1239371ff42b23eb148fce98b1027ea9aaf99d44
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Mar 2021 18:49:32 +0100
add quitschi backup script and tasks
7 files changed, 116 insertions(+), 40 deletions(-)
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml @@ -10,3 +10,6 @@ - import_tasks: wanderduene.yml when: system.hostname == "wanderduene" + +- import_tasks: quitschi.yml + when: system.hostname == "quitschi"
diff --git a/roles/backup/tasks/quitschi.yml b/roles/backup/tasks/quitschi.yml @@ -0,0 +1,41 @@ +--- + +- name: create password file for rest-server + copy: + content: "{{ lookup('community.general.passwordstore', 'Server/desastro/rest-server.plain returnall=true')}}" + dest: /var/lib/restic-password + mode: 0755 + owner: root + group: root + +- name: create password files for services + copy: + content: "{{ lookup('community.general.passwordstore', 'Server/{{system.hostname}}/restic/{{item}} returnall=true')}}" + dest: "/var/lib/{{item}}/restic-password" + owner: "{{item}}" + group: "{{item}}" + mode: 0700 + loop: + - synapse + +- name: create password file for postgresql + copy: + content: "{{ lookup('community.general.passwordstore', 'Server/{{system.hostname}}/restic/postgresql returnall=true')}}" + dest: /var/lib/postgresql/restic-password + owner: postgres + group: postgres + mode: 0700 + +- name: Copy backup-script to server + copy: + src: scripts/restic-backup/{{system.hostname}}.sh + dest: /root/restic-backup.sh + mode: 0755 + +- name: create crontab entry + cron: + name: "run restic-backups" + special_time: daily + user: root + job: "/root/restic-backup.sh > /dev/null" + state: present
diff --git a/roles/backup/tasks/wanderduene.yml b/roles/backup/tasks/wanderduene.yml @@ -2,7 +2,7 @@ - name: create password file for rest-server copy: - content: "{{ lookup('community.general.passwordstore', 'Server/taurus/rest-server.plain returnall=true')}}" + content: "{{ lookup('community.general.passwordstore', 'Server/desastro/rest-server.plain returnall=true')}}" dest: /var/lib/restic-password mode: 0755 owner: root @@ -41,7 +41,7 @@ - name: Copy backup-script to server copy: - src: scripts/restic-backup-{{system.hostname}}.sh + src: scripts/restic-backup/{{system.hostname}}.sh dest: /root/restic-backup.sh mode: 0755
diff --git a/scripts/restic-backup-wanderduene.sh b/scripts/restic-backup-wanderduene.sh @@ -1,38 +0,0 @@ -#!/usr/bin/env sh - -echo "Last run: $(date -R)" > /root/backup.last-run -echo "Status:" >> /root/backup.last-run - -#backup services -for service in pleroma radicale synapse git maddy oeffisearch -do - sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service - sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service - if [ $? -eq 0 ]; then - echo "$service: OK" >> /root/backup.last-run - else - echo "$service: FAIL" >> /root/backup.last-run - fi -done - -#backup websites -sudo -u leah restic init --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites -sudo -u leah restic backup --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites /var/lib/websites -if [ $? -eq 0 ]; then - echo "websites: OK" >> /root/backup.last-run -else - echo "websites: FAIL" >> /root/backup.last-run -fi - -#backup postgres -SQLFILE=/var/lib/postgresql/backup/postgres_$(date "+%Y-%m-%d_%H:%M").sql -sudo -u postgres mkdir /var/lib/postgresql/backup -sudo -u postgres bash -c "pg_dumpall > $SQLFILE" -sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres -sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup -if [ $? -eq 0 ]; then - echo "postgres: OK" >> /root/backup.last-run -else - echo "postgres: FAIL" >> /root/backup.last-run -fi -sudo -u postgres rm -rf /var/lib/postgresql/backup
diff --git a/scripts/restic-backup/quitschi.sh b/scripts/restic-backup/quitschi.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +echo "Last run: $(date -R)" > /root/backup.last-run +echo "Status:" >> /root/backup.last-run + +#backup services +for service in synapse +do + sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service + sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service + if [ $? -eq 0 ]; then + echo "$service: OK" >> /root/backup.last-run + else + echo "$service: FAIL" >> /root/backup.last-run + fi +done + +#backup postgres +SQLFILE=/var/lib/postgresql/backup/postgres.sql +sudo -u postgres mkdir /var/lib/postgresql/backup +sudo -u postgres bash -c "pg_dumpall > $SQLFILE" +sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres +sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup +if [ $? -eq 0 ]; then + echo "postgres: OK" >> /root/backup.last-run +else + echo "postgres: FAIL" >> /root/backup.last-run +fi +sudo -u postgres rm -rf /var/lib/postgresql/backup
diff --git a/scripts/restic-backup/snips.txt b/scripts/restic-backup/snips.txt @@ -0,0 +1,2 @@ +# to clear old backups run: +restic -r $repo forget --prune --keep-daily 7 --keep-weekly 8 --keep-monthly 12 --keep-yearly 2+ \ No newline at end of file
diff --git a/scripts/restic-backup/wanderduene.sh b/scripts/restic-backup/wanderduene.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env sh + +echo "Last run: $(date -R)" > /root/backup.last-run +echo "Status:" >> /root/backup.last-run + +#backup services +for service in pleroma radicale synapse git maddy oeffisearch +do + sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service + sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service + if [ $? -eq 0 ]; then + echo "$service: OK" >> /root/backup.last-run + else + echo "$service: FAIL" >> /root/backup.last-run + fi +done + +#backup websites +sudo -u leah restic init --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites +sudo -u leah restic backup --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites /var/lib/websites +if [ $? -eq 0 ]; then + echo "websites: OK" >> /root/backup.last-run +else + echo "websites: FAIL" >> /root/backup.last-run +fi + +#backup postgres +SQLFILE=/var/lib/postgresql/backup/postgres.sql +sudo -u postgres mkdir /var/lib/postgresql/backup +sudo -u postgres bash -c "pg_dumpall > $SQLFILE" +sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres +sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup +if [ $? -eq 0 ]; then + echo "postgres: OK" >> /root/backup.last-run +else + echo "postgres: FAIL" >> /root/backup.last-run +fi +sudo -u postgres rm -rf /var/lib/postgresql/backup