roles/base/backup/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2026 by someone <someone@somenet.org>
   6 #
   7 # system backup script + systemd timer
   8 #
   9 ---
  10 - name: install backup tool
  11   apt:
  12     pkg:
  13     - borgbackup
  14     - borgbackup2
  15     - python3-pyfuse3
  16     state: present
  17     policy_rc_d: 101
  18   tags: "online"
  19   ignore_errors: "{{ignore_online_errors | bool}}"
  20   when: setup_backup | bool
  21
  22
  23 - name: create dir /bkp
  24   file:
  25     path: "/bkp"
  26     state: directory
  27     mode: 0711
  28     owner: "root"
  29     group: "root"
  30
  31
  32 - name: create dir /bkp/local
  33   file:
  34     path: "/bkp/local"
  35     state: directory
  36     mode: 0700
  37     owner: "root"
  38     group: "root"
  39   when: setup_backup | bool
  40
  41
  42 - name: create dir /bkp/storage-local
  43   file:
  44     path: "/bkp/storage-local"
  45     state: directory
  46     mode: "u+rwX,go-rwx"
  47     owner: "root"
  48     group: "root"
  49     recurse: yes
  50   when: setup_backup | bool
  51
  52
  53 - name: copy backup.sh to /bkp/local
  54   copy:
  55     src: "{{item}}"
  56     dest: "/bkp/local/backup.sh"
  57     mode: 0700
  58     owner: "root"
  59     group: "root"
  60   with_first_found:
  61     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.sh"
  62     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.sh"
  63     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.sh"
  64     - "default/backup.sh"
  65   when: setup_backup | bool
  66
  67
  68 - name: copy backup.conf.managed to /bkp/local
  69   copy:
  70     src: "{{item}}"
  71     dest: "/bkp/local/backup.conf.managed"
  72     mode: 0600
  73     owner: "root"
  74     group: "root"
  75   with_first_found:
  76     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.conf.managed"
  77     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.conf.managed"
  78     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.conf.managed"
  79     - "default/backup.conf.managed"
  80   when: setup_backup | bool
  81
  82
  83 - name: create dir /bkp/local/exclude.conf.d
  84   file:
  85     path: "/bkp/local/exclude.conf.d"
  86     state: directory
  87     mode: 0700
  88     owner: "root"
  89     group: "root"
  90   when: setup_backup | bool
  91
  92
  93 - name: copy etc--00-global.managed to /bkp/local/exclude.conf.d
  94   copy:
  95     src: "{{item}}"
  96     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--00-global.managed"
  97     mode: 0600
  98     owner: "root"
  99     group: "root"
 100   with_first_found:
 101     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--00-global.managed"
 102     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--00-global.managed"
 103     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--00-global.managed"
 104     - "default/exclude/etc--00-global.managed"
 105   when: setup_backup | bool
 106
 107
 108 - name: copy etc--10-host.managed to /bkp/local/exclude.conf.d
 109   copy:
 110     src: "{{item}}"
 111     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--10-host.managed"
 112     mode: 0600
 113     owner: "root"
 114     group: "root"
 115   with_first_found:
 116     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--10-host.managed"
 117     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--10-host.managed"
 118     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--10-host.managed"
 119     - "default/exclude/etc--10-host.managed"
 120   when: setup_backup | bool
 121
 122
 123 - name: copy root--00-global.managed to /bkp/local/exclude.conf.d
 124   copy:
 125     src: "{{item}}"
 126     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--00-global.managed"
 127     mode: 0600
 128     owner: "root"
 129     group: "root"
 130   with_first_found:
 131     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--00-global.managed"
 132     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--00-global.managed"
 133     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--00-global.managed"
 134     - "default/exclude/root--00-global.managed"
 135   when: setup_backup | bool
 136
 137
 138 - name: copy root--10-host.managed to /bkp/local/exclude.conf.d
 139   copy:
 140     src: "{{item}}"
 141     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--10-host.managed"
 142     mode: 0600
 143     owner: "root"
 144     group: "root"
 145   with_first_found:
 146     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--10-host.managed"
 147     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--10-host.managed"
 148     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--10-host.managed"
 149     - "default/exclude/root--10-host.managed"
 150   when: setup_backup | bool
 151
 152
 153 - name: copy srv--00-global.managed to /bkp/local/exclude.conf.d
 154   copy:
 155     src: "{{item}}"
 156     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--00-global.managed"
 157     mode: 0600
 158     owner: "root"
 159     group: "root"
 160   with_first_found:
 161     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--00-global.managed"
 162     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--00-global.managed"
 163     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--00-global.managed"
 164     - "default/exclude/srv--00-global.managed"
 165   when: setup_backup | bool
 166
 167
 168 - name: copy srv--10-host.managed to /bkp/local/exclude.conf.d
 169   copy:
 170     src: "{{item}}"
 171     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--10-host.managed"
 172     mode: 0600
 173     owner: "root"
 174     group: "root"
 175   with_first_found:
 176     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--10-host.managed"
 177     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--10-host.managed"
 178     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--10-host.managed"
 179     - "default/exclude/srv--10-host.managed"
 180   when: setup_backup | bool
 181
 182
 183 - name: copy var--00-global.managed to /bkp/local/exclude.conf.d
 184   copy:
 185     src: "{{item}}"
 186     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--00-global.managed"
 187     mode: 0600
 188     owner: "root"
 189     group: "root"
 190   with_first_found:
 191     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--00-global.managed"
 192     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--00-global.managed"
 193     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--00-global.managed"
 194     - "default/exclude/var--00-global.managed"
 195   when: setup_backup | bool
 196
 197
 198 - name: copy var--10-host.managed to /bkp/local/exclude.conf.d
 199   copy:
 200     src: "{{item}}"
 201     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--10-host.managed"
 202     mode: 0600
 203     owner: "root"
 204     group: "root"
 205   with_first_found:
 206     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--10-host.managed"
 207     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--10-host.managed"
 208     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--10-host.managed"
 209     - "default/exclude/var--10-host.managed"
 210   when: setup_backup | bool
 211
 212
 213 - name: copy backup.service to /etc/systemd/system/
 214   copy:
 215     src: "{{item}}"
 216     dest: "/etc/systemd/system/backup.service"
 217     mode: 0644
 218     owner: "root"
 219     group: "root"
 220   with_first_found:
 221     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.service"
 222     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.service"
 223     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.service"
 224     - "default/backup.service"
 225   when: setup_backup | bool
 226
 227
 228 - name: copy home--00-global.managed to /bkp/local/exclude.conf.d
 229   copy:
 230     src: "{{item}}"
 231     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--00-global.managed"
 232     mode: 0600
 233     owner: "root"
 234     group: "root"
 235   with_first_found:
 236     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--00-global.managed"
 237     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--00-global.managed"
 238     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--00-global.managed"
 239     - "default/exclude/home--00-global.managed"
 240   when: setup_backup | bool
 241
 242
 243 - name: copy home--10-host.managed to /bkp/local/exclude.conf.d
 244   copy:
 245     src: "{{item}}"
 246     dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--10-host.managed"
 247     mode: 0600
 248     owner: "root"
 249     group: "root"
 250   with_first_found:
 251     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--10-host.managed"
 252     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--10-host.managed"
 253     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--10-host.managed"
 254     - "default/exclude/home--10-host.managed"
 255   when: setup_backup | bool
 256
 257
 258 - name: copy backup.timer to /etc/systemd/system/
 259   copy:
 260     src: "{{item}}"
 261     dest: "/etc/systemd/system/backup.timer"
 262     mode: 0644
 263     owner: "root"
 264     group: "root"
 265   with_first_found:
 266     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.timer"
 267     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.timer"
 268     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.timer"
 269     - "default/backup.timer"
 270   when: setup_backup | bool
 271
 272
 273 - name: enable and start backup.timer
 274   include_role: name="base/systemd/enable-and-start"
 275   vars:
 276     service_name: backup.timer
 277   when: setup_backup | bool
 278
 279
 280
 281 ###############################
 282 # setup backup storage server #
 283 ###############################
 284 - name: create borg-storage user
 285   user:
 286     name: "borg-storage"
 287     home: "/bkp/storage-server"
 288     shell: "/bin/bash"
 289     createhome: no
 290     system: yes
 291     state: present
 292   when: setup_backup_storage_server | bool
 293
 294
 295 - name: create dir /bkp/storage-server
 296   file:
 297     path: "/bkp/storage-server"
 298     state: directory
 299     mode: "u+rwX,go-rwx"
 300     owner: "borg-storage"
 301     group: "borg-storage"
 302     recurse: yes
 303   when: setup_backup_storage_server | bool
 304
 305
 306 - name: create dir /bkp/storage-server/.ssh
 307   file:
 308     path: "/bkp/storage-server/.ssh"
 309     state: directory
 310     mode: 0700
 311     owner: "borg-storage"
 312     group: "borg-storage"
 313   when: setup_backup_storage_server | bool
 314
 315
 316 - name: copy authorized_keys to /bkp/storage-server/.ssh/authorized_keys
 317   copy:
 318     src: "{{item}}"
 319     dest: "/bkp/storage-server/.ssh/authorized_keys"
 320     mode: 0600
 321     owner: "borg-storage"
 322     group: "borg-storage"
 323   with_first_found:
 324     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup-server.authorized_keys"
 325     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup-server.authorized_keys"
 326     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup-server.authorized_keys"
 327     - "default/backup-server.authorized_keys"
 328   when: setup_backup_storage_server | bool