##################################### ### someone's ansible provisioner ### ##################################### # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2024 by someone # # system backup script + systemd timer # --- - name: install backup tool apt: pkg: - borgbackup - python3-pyfuse3 state: present policy_rc_d: 101 tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" - name: create dir /bkp file: path: "/bkp" state: directory mode: 0711 owner: "root" group: "root" - name: create dir /bkp/local file: path: "/bkp/local" state: directory mode: 0700 owner: "root" group: "root" - name: create dir /bkp/storage-local file: path: "/bkp/storage-local" state: directory mode: "u+rwX,go-rwx" owner: "root" group: "root" recurse: yes - name: copy backup.sh to /bkp/local copy: src: "{{item}}" dest: "/bkp/local/backup.sh" mode: 0700 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.sh" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.sh" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.sh" - "default/backup.sh" - name: copy backup.conf.managed to /bkp/local copy: src: "{{item}}" dest: "/bkp/local/backup.conf.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.conf.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.conf.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.conf.managed" - "default/backup.conf.managed" - name: create dir /bkp/local/exclude.conf.d file: path: "/bkp/local/exclude.conf.d" state: directory mode: 0700 owner: "root" group: "root" - name: copy etc--00-global.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--00-global.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--00-global.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--00-global.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--00-global.managed" - "default/exclude/etc--00-global.managed" - name: copy etc--10-host.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--10-host.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--10-host.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--10-host.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--10-host.managed" - "default/exclude/etc--10-host.managed" - name: copy root--00-global.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--00-global.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--00-global.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--00-global.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--00-global.managed" - "default/exclude/root--00-global.managed" - name: copy root--10-host.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--10-host.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--10-host.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--10-host.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--10-host.managed" - "default/exclude/root--10-host.managed" - name: copy srv--00-global.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--00-global.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--00-global.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--00-global.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--00-global.managed" - "default/exclude/srv--00-global.managed" - name: copy srv--10-host.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--10-host.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--10-host.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--10-host.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--10-host.managed" - "default/exclude/srv--10-host.managed" - name: copy var--00-global.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--00-global.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--00-global.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--00-global.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--00-global.managed" - "default/exclude/var--00-global.managed" - name: copy var--10-host.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--10-host.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--10-host.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--10-host.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--10-host.managed" - "default/exclude/var--10-host.managed" - name: copy backup.service to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/backup.service" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.service" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.service" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.service" - "default/backup.service" - name: copy home--00-global.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--00-global.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--00-global.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--00-global.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--00-global.managed" - "default/exclude/home--00-global.managed" - name: copy home--10-host.managed to /bkp/local/exclude.conf.d copy: src: "{{item}}" dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--10-host.managed" mode: 0600 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--10-host.managed" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--10-host.managed" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--10-host.managed" - "default/exclude/home--10-host.managed" - name: copy backup.timer to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/backup.timer" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.timer" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.timer" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.timer" - "default/backup.timer" - name: enable and start backup.timer include_role: name="base/systemd/enable-and-start" vars: service_name: backup.timer ############################### # setup backup storage server # ############################### - name: create borg-storage user user: name: "borg-storage" home: "/bkp/storage-server" shell: "/bin/bash" createhome: no system: yes state: present when: setup_backup_storage_server | bool - name: create dir /bkp/storage-server file: path: "/bkp/storage-server" state: directory mode: "u+rwX,go-rwx" owner: "borg-storage" group: "borg-storage" recurse: yes when: setup_backup_storage_server | bool - name: create dir /bkp/storage-server/.ssh file: path: "/bkp/storage-server/.ssh" state: directory mode: 0700 owner: "borg-storage" group: "borg-storage" when: setup_backup_storage_server | bool - name: copy authorized_keys to /bkp/storage-server/.ssh/authorized_keys copy: src: "{{item}}" dest: "/bkp/storage-server/.ssh/authorized_keys" mode: 0600 owner: "borg-storage" group: "borg-storage" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup-server.authorized_keys" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup-server.authorized_keys" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup-server.authorized_keys" - "default/backup-server.authorized_keys" when: setup_backup_storage_server | bool