commit 7630e98a339cb0e2f11a27e9d41979ba2ee96f29
parent 9c6440eca5240f7302e202c3ba5e41469d40aec8
Author: Leah Thein <leah@toaster.fritz.box>
Date: Wed, 2 Dec 2020 00:24:49 +0100
parent 9c6440eca5240f7302e202c3ba5e41469d40aec8
Author: Leah Thein <leah@toaster.fritz.box>
Date: Wed, 2 Dec 2020 00:24:49 +0100
backup: add role
4 files changed, 72 insertions(+), 0 deletions(-)
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml @@ -0,0 +1,18 @@ +--- + +- include: wanderduene.yml + when: network.hostname == "wanderduene" + +- name: Copy backup-script to server + copy: + src: scripts/restic-backup-{{network.hostname}}.sh + dest: /root/restic-backup.sh + mode: 0755 + +- name: create crontab entry + cron: + name: "run restic-backups" + special_time: daily + user: root + job: "/root/restic-backup.sh > /dev/null" + state: present
diff --git a/roles/backup/tasks/wanderduene.yml b/roles/backup/tasks/wanderduene.yml @@ -0,0 +1,33 @@ +--- + +- name: create password files for services + copy: + content: "{{ lookup('community.general.passwordstore', 'server/{{network.hostname}}/restic/{{item}} returnall=true')}}" + dest: "/var/lib/{{item}}/restic-password" + owner: "{{item}}" + group: "{{item}}" + mode: 0700 + loop: + - maddy + - radicale + - git + - pleroma + - synapse + - oeffisearch + +- name: create password file for postgresql + copy: + content: "{{ lookup('community.general.passwordstore', 'server/{{network.hostname}}/restic/postgresql returnall=true')}}" + dest: /var/lib/postgresql/restic-password + owner: postgres + group: postgres + mode: 0700 + +- name: create password file for htmldir + copy: + content: "{{ lookup('community.general.passwordstore', 'server/{{network.hostname}}/restic/websites returnall=true')}}" + dest: /var/lib/websites/restic-password + owner: leah + group: leah + mode: 0700 +
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml @@ -26,5 +26,6 @@ - git - patch - jq + - restic update_cache: yes
diff --git a/scripts/restic-backup-wanderduene.sh b/scripts/restic-backup-wanderduene.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +#backup services +for service in pleroma radicale synapse git maddy oeffisearch +do + sudo -u $service restic init --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service + sudo -u $service restic backup --password-file /var/lib/$service/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-$service /var/lib/$service +done + +#backup websites +sudo -u leah restic init --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites +sudo -u leah restic backup --password-file /var/lib/websites/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-websites /var/lib/websites + +#backup postgres +SQLFILE=/var/lib/postgresql/backup/postgres_$(date "+%Y-%m-%d_%H:%M").sql +sudo -u postgres mkdir /var/lib/postgresql/backup +sudo -u postgres bash -c "pg_dumpall > $SQLFILE" +sudo -u postgres restic init --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres +sudo -u postgres restic backup --password-file /var/lib/postgresql/restic-password --repo rest:https://restic:$(cat /var/lib/restic-password)@restic.ctu.cx/$(hostname)-postgres /var/lib/postgresql/backup +sudo -u postgres rm -rf /var/lib/postgresql/backup