]> git.somenet.org - root/pub/somesible.git/blob - roles/base/backup/tasks/main.yml
SomeNet / public repos / root / pub / somesible.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[rules/base/backup] setup backups
[root/pub/somesible.git] / roles / base / backup / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 # system backup script + systemd timer
8 #
9 ---
10 - name: install backup tool
11   apt:
12     pkg:
13     - borgbackup
14     - python3-pyfuse3
15     state: present
16     policy_rc_d: 101
17   tags: "online"
18   ignore_errors: "{{ignore_online_errors | bool}}"
19
20
21 - name: create dir /bkp
22   file:
23     path: "/bkp"
24     state: directory
25     mode: 0711
26     owner: "root"
27     group: "root"
28
29
30 - name: create dir /bkp/local
31   file:
32     path: "/bkp/local"
33     state: directory
34     mode: 0700
35     owner: "root"
36     group: "root"
37
38
39 - name: create dir /bkp/storage-local
40   file:
41     path: "/bkp/storage-local"
42     state: directory
43     mode: "u+rwX,go-rwx"
44     owner: "root"
45     group: "root"
46     recurse: yes
47
48
49 - name: copy backup.sh to /bkp/local
50   copy:
51     src: "{{item}}"
52     dest: "/bkp/local/backup.sh"
53     mode: 0700
54     owner: "root"
55     group: "root"
56   with_first_found:
57     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.sh"
58     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.sh"
59     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.sh"
60     - "default/backup.sh"
61
62
63 - name: copy backup.conf.managed to /bkp/local
64   copy:
65     src: "{{item}}"
66     dest: "/bkp/local/backup.conf.managed"
67     mode: 0600
68     owner: "root"
69     group: "root"
70   with_first_found:
71     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.conf.managed"
72     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.conf.managed"
73     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.conf.managed"
74     - "default/backup.conf.managed"
75
76
77 - name: create dir /bkp/local/exclude.conf.d
78   file:
79     path: "/bkp/local/exclude.conf.d"
80     state: directory
81     mode: 0700
82     owner: "root"
83     group: "root"
84
85
86 - name: copy etc--00-global.managed to /bkp/local/exclude.conf.d
87   copy:
88     src: "{{item}}"
89     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--00-global.managed"
90     mode: 0600
91     owner: "root"
92     group: "root"
93   with_first_found:
94     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--00-global.managed"
95     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--00-global.managed"
96     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--00-global.managed"
97     - "default/exclude/etc--00-global.managed"
98
99
100 - name: copy etc--10-host.managed to /bkp/local/exclude.conf.d
101   copy:
102     src: "{{item}}"
103     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--10-host.managed"
104     mode: 0600
105     owner: "root"
106     group: "root"
107   with_first_found:
108     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--10-host.managed"
109     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--10-host.managed"
110     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--10-host.managed"
111     - "default/exclude/etc--10-host.managed"
112
113
114 - name: copy root--00-global.managed to /bkp/local/exclude.conf.d
115   copy:
116     src: "{{item}}"
117     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--00-global.managed"
118     mode: 0600
119     owner: "root"
120     group: "root"
121   with_first_found:
122     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--00-global.managed"
123     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--00-global.managed"
124     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--00-global.managed"
125     - "default/exclude/root--00-global.managed"
126
127
128 - name: copy root--10-host.managed to /bkp/local/exclude.conf.d
129   copy:
130     src: "{{item}}"
131     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--10-host.managed"
132     mode: 0600
133     owner: "root"
134     group: "root"
135   with_first_found:
136     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--10-host.managed"
137     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--10-host.managed"
138     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--10-host.managed"
139     - "default/exclude/root--10-host.managed"
140
141
142 - name: copy srv--00-global.managed to /bkp/local/exclude.conf.d
143   copy:
144     src: "{{item}}"
145     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--00-global.managed"
146     mode: 0600
147     owner: "root"
148     group: "root"
149   with_first_found:
150     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--00-global.managed"
151     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--00-global.managed"
152     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--00-global.managed"
153     - "default/exclude/srv--00-global.managed"
154
155
156 - name: copy srv--10-host.managed to /bkp/local/exclude.conf.d
157   copy:
158     src: "{{item}}"
159     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--10-host.managed"
160     mode: 0600
161     owner: "root"
162     group: "root"
163   with_first_found:
164     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--10-host.managed"
165     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--10-host.managed"
166     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--10-host.managed"
167     - "default/exclude/srv--10-host.managed"
168
169
170 - name: copy var--00-global.managed to /bkp/local/exclude.conf.d
171   copy:
172     src: "{{item}}"
173     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--00-global.managed"
174     mode: 0600
175     owner: "root"
176     group: "root"
177   with_first_found:
178     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--00-global.managed"
179     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--00-global.managed"
180     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--00-global.managed"
181     - "default/exclude/var--00-global.managed"
182
183
184 - name: copy var--10-host.managed to /bkp/local/exclude.conf.d
185   copy:
186     src: "{{item}}"
187     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--10-host.managed"
188     mode: 0600
189     owner: "root"
190     group: "root"
191   with_first_found:
192     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--10-host.managed"
193     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--10-host.managed"
194     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--10-host.managed"
195     - "default/exclude/var--10-host.managed"
196
197
198 - name: copy backup.service to /etc/systemd/system/
199   copy:
200     src: "{{item}}"
201     dest: "/etc/systemd/system/backup.service"
202     mode: 0644
203     owner: "root"
204     group: "root"
205   with_first_found:
206     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.service"
207     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.service"
208     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.service"
209     - "default/backup.service"
210
211
212 - name: copy home--00-global.managed to /bkp/local/exclude.conf.d
213   copy:
214     src: "{{item}}"
215     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--00-global.managed"
216     mode: 0600
217     owner: "root"
218     group: "root"
219   with_first_found:
220     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--00-global.managed"
221     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--00-global.managed"
222     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--00-global.managed"
223     - "default/exclude/home--00-global.managed"
224
225
226 - name: copy home--10-host.managed to /bkp/local/exclude.conf.d
227   copy:
228     src: "{{item}}"
229     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--10-host.managed"
230     mode: 0600
231     owner: "root"
232     group: "root"
233   with_first_found:
234     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--10-host.managed"
235     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--10-host.managed"
236     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--10-host.managed"
237     - "default/exclude/home--10-host.managed"
238
239
240 - name: copy backup.timer to /etc/systemd/system/
241   copy:
242     src: "{{item}}"
243     dest: "/etc/systemd/system/backup.timer"
244     mode: 0644
245     owner: "root"
246     group: "root"
247   with_first_found:
248     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.timer"
249     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.timer"
250     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.timer"
251     - "default/backup.timer"
252
253
254 - name: enable and start backup.timer
255   include_role: name="base/systemd/enable-and-start"
256   vars:
257     service_name: backup.timer
258
259
260
261 ###############################
262 # setup backup storage server #
263 ###############################
264 - name: create borg-storage user
265   user:
266     name: "borg-storage"
267     home: "/bkp/storage-server"
268     shell: "/bin/bash"
269     createhome: no
270     system: yes
271     state: present
272   when: setup_backup_storage_server | bool
273
274
275 - name: create dir /bkp/storage-server
276   file:
277     path: "/bkp/storage-server"
278     state: directory
279     mode: "u+rwX,go-rwx"
280     owner: "borg-storage"
281     group: "borg-storage"
282     recurse: yes
283   when: setup_backup_storage_server | bool
284
285
286 - name: create dir /bkp/storage-server/.ssh
287   file:
288     path: "/bkp/storage-server/.ssh"
289     state: directory
290     mode: 0700
291     owner: "borg-storage"
292     group: "borg-storage"
293   when: setup_backup_storage_server | bool
294
295
296 - name: copy authorized_keys to /bkp/storage-server/.ssh/authorized_keys
297   copy:
298     src: "{{item}}"
299     dest: "/bkp/storage-server/.ssh/authorized_keys"
300     mode: 0600
301     owner: "borg-storage"
302     group: "borg-storage"
303   with_first_found:
304     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup-server.authorized_keys"
305     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup-server.authorized_keys"
306     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup-server.authorized_keys"
307     - "default/backup-server.authorized_keys"
308   when: setup_backup_storage_server | bool