roles/base/backup/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 # system backup script + systemd timer
   8 #
   9 ---
  10 - name: install backup tool
  11   apt:
  12     pkg:
  13     - borgbackup
  14     - python3-pyfuse3
  15     state: present
  16     policy_rc_d: 101
  17   tags: "online"
  18   ignore_errors: "{{ignore_online_errors | bool}}"
  19
  20
  21 - name: create dir /bkp
  22   file:
  23     path: "/bkp"
  24     state: directory
  25     mode: 0711
  26     owner: "root"
  27     group: "root"
  28
  29
  30 - name: create dir /bkp/local
  31   file:
  32     path: "/bkp/local"
  33     state: directory
  34     mode: 0700
  35     owner: "root"
  36     group: "root"
  37
  38
  39 - name: create dir /bkp/storage-local
  40   file:
  41     path: "/bkp/storage-local"
  42     state: directory
  43     mode: "u+rwX,go-rwx"
  44     owner: "root"
  45     group: "root"
  46     recurse: yes
  47
  48
  49 - name: copy backup.sh to /bkp/local
  50   copy:
  51     src: "{{item}}"
  52     dest: "/bkp/local/backup.sh"
  53     mode: 0700
  54     owner: "root"
  55     group: "root"
  56   with_first_found:
  57     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.sh"
  58     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.sh"
  59     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.sh"
  60     - "default/backup.sh"
  61
  62
  63 - name: copy backup.conf.managed to /bkp/local
  64   copy:
  65     src: "{{item}}"
  66     dest: "/bkp/local/backup.conf.managed"
  67     mode: 0600
  68     owner: "root"
  69     group: "root"
  70   with_first_found:
  71     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.conf.managed"
  72     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.conf.managed"
  73     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.conf.managed"
  74     - "default/backup.conf.managed"
  75
  76
  77 - name: create dir /bkp/local/exclude.conf.d
  78   file:
  79     path: "/bkp/local/exclude.conf.d"
  80     state: directory
  81     mode: 0700
  82     owner: "root"
  83     group: "root"
  84
  85
  86 - name: copy etc--00-global.managed to /bkp/local/exclude.conf.d
  87   copy:
  88     src: "{{item}}"
  89     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--00-global.managed"
  90     mode: 0600
  91     owner: "root"
  92     group: "root"
  93   with_first_found:
  94     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--00-global.managed"
  95     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--00-global.managed"
  96     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--00-global.managed"
  97     - "default/exclude/etc--00-global.managed"
  98
  99
 100 - name: copy etc--10-host.managed to /bkp/local/exclude.conf.d
 101   copy:
 102     src: "{{item}}"
 103     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--10-host.managed"
 104     mode: 0600
 105     owner: "root"
 106     group: "root"
 107   with_first_found:
 108     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--10-host.managed"
 109     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--10-host.managed"
 110     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--10-host.managed"
 111     - "default/exclude/etc--10-host.managed"
 112
 113
 114 - name: copy root--00-global.managed to /bkp/local/exclude.conf.d
 115   copy:
 116     src: "{{item}}"
 117     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--00-global.managed"
 118     mode: 0600
 119     owner: "root"
 120     group: "root"
 121   with_first_found:
 122     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--00-global.managed"
 123     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--00-global.managed"
 124     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--00-global.managed"
 125     - "default/exclude/root--00-global.managed"
 126
 127
 128 - name: copy root--10-host.managed to /bkp/local/exclude.conf.d
 129   copy:
 130     src: "{{item}}"
 131     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--10-host.managed"
 132     mode: 0600
 133     owner: "root"
 134     group: "root"
 135   with_first_found:
 136     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--10-host.managed"
 137     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--10-host.managed"
 138     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--10-host.managed"
 139     - "default/exclude/root--10-host.managed"
 140
 141
 142 - name: copy srv--00-global.managed to /bkp/local/exclude.conf.d
 143   copy:
 144     src: "{{item}}"
 145     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--00-global.managed"
 146     mode: 0600
 147     owner: "root"
 148     group: "root"
 149   with_first_found:
 150     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--00-global.managed"
 151     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--00-global.managed"
 152     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--00-global.managed"
 153     - "default/exclude/srv--00-global.managed"
 154
 155
 156 - name: copy srv--10-host.managed to /bkp/local/exclude.conf.d
 157   copy:
 158     src: "{{item}}"
 159     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--10-host.managed"
 160     mode: 0600
 161     owner: "root"
 162     group: "root"
 163   with_first_found:
 164     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--10-host.managed"
 165     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--10-host.managed"
 166     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--10-host.managed"
 167     - "default/exclude/srv--10-host.managed"
 168
 169
 170 - name: copy var--00-global.managed to /bkp/local/exclude.conf.d
 171   copy:
 172     src: "{{item}}"
 173     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--00-global.managed"
 174     mode: 0600
 175     owner: "root"
 176     group: "root"
 177   with_first_found:
 178     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--00-global.managed"
 179     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--00-global.managed"
 180     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--00-global.managed"
 181     - "default/exclude/var--00-global.managed"
 182
 183
 184 - name: copy var--10-host.managed to /bkp/local/exclude.conf.d
 185   copy:
 186     src: "{{item}}"
 187     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--10-host.managed"
 188     mode: 0600
 189     owner: "root"
 190     group: "root"
 191   with_first_found:
 192     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--10-host.managed"
 193     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--10-host.managed"
 194     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--10-host.managed"
 195     - "default/exclude/var--10-host.managed"
 196
 197
 198 - name: copy backup.service to /etc/systemd/system/
 199   copy:
 200     src: "{{item}}"
 201     dest: "/etc/systemd/system/backup.service"
 202     mode: 0644
 203     owner: "root"
 204     group: "root"
 205   with_first_found:
 206     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.service"
 207     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.service"
 208     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.service"
 209     - "default/backup.service"
 210
 211
 212 - name: copy home--00-global.managed to /bkp/local/exclude.conf.d
 213   copy:
 214     src: "{{item}}"
 215     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--00-global.managed"
 216     mode: 0600
 217     owner: "root"
 218     group: "root"
 219   with_first_found:
 220     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--00-global.managed"
 221     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--00-global.managed"
 222     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--00-global.managed"
 223     - "default/exclude/home--00-global.managed"
 224
 225
 226 - name: copy home--10-host.managed to /bkp/local/exclude.conf.d
 227   copy:
 228     src: "{{item}}"
 229     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--10-host.managed"
 230     mode: 0600
 231     owner: "root"
 232     group: "root"
 233   with_first_found:
 234     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--10-host.managed"
 235     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--10-host.managed"
 236     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--10-host.managed"
 237     - "default/exclude/home--10-host.managed"
 238
 239
 240 - name: copy backup.timer to /etc/systemd/system/
 241   copy:
 242     src: "{{item}}"
 243     dest: "/etc/systemd/system/backup.timer"
 244     mode: 0644
 245     owner: "root"
 246     group: "root"
 247   with_first_found:
 248     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.timer"
 249     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.timer"
 250     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.timer"
 251     - "default/backup.timer"
 252
 253
 254 - name: enable and start backup.timer
 255   include_role: name="base/systemd/enable-and-start"
 256   vars:
 257     service_name: backup.timer
 258
 259
 260
 261 ###############################
 262 # setup backup storage server #
 263 ###############################
 264 - name: create borg-storage user
 265   user:
 266     name: "borg-storage"
 267     home: "/bkp/storage-server"
 268     shell: "/bin/bash"
 269     createhome: no
 270     system: yes
 271     state: present
 272   when: setup_backup_storage_server | bool
 273
 274
 275 - name: create dir /bkp/storage-server
 276   file:
 277     path: "/bkp/storage-server"
 278     state: directory
 279     mode: "u+rwX,go-rwx"
 280     owner: "borg-storage"
 281     group: "borg-storage"
 282     recurse: yes
 283   when: setup_backup_storage_server | bool
 284
 285
 286 - name: create dir /bkp/storage-server/.ssh
 287   file:
 288     path: "/bkp/storage-server/.ssh"
 289     state: directory
 290     mode: 0700
 291     owner: "borg-storage"
 292     group: "borg-storage"
 293   when: setup_backup_storage_server | bool
 294
 295
 296 - name: copy authorized_keys to /bkp/storage-server/.ssh/authorized_keys
 297   copy:
 298     src: "{{item}}"
 299     dest: "/bkp/storage-server/.ssh/authorized_keys"
 300     mode: 0600
 301     owner: "borg-storage"
 302     group: "borg-storage"
 303   with_first_found:
 304     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup-server.authorized_keys"
 305     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup-server.authorized_keys"
 306     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup-server.authorized_keys"
 307     - "default/backup-server.authorized_keys"
 308   when: setup_backup_storage_server | bool