#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
# system backup script + systemd timer
#
---
- name: install backup tool
apt:
pkg:
- borgbackup
- python3-pyfuse3
state: present
policy_rc_d: 101
tags: "online"
ignore_errors: "{{ignore_online_errors | bool}}"
- name: create dir /bkp
file:
path: "/bkp"
state: directory
mode: 0711
owner: "root"
group: "root"
- name: create dir /bkp/local
file:
path: "/bkp/local"
state: directory
mode: 0700
owner: "root"
group: "root"
- name: create dir /bkp/storage-local
file:
path: "/bkp/storage-local"
state: directory
mode: "u+rwX,go-rwx"
owner: "root"
group: "root"
recurse: yes
- name: copy backup.sh to /bkp/local
copy:
src: "{{item}}"
dest: "/bkp/local/backup.sh"
mode: 0700
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.sh"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.sh"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.sh"
- "default/backup.sh"
- name: copy backup.conf.managed to /bkp/local
copy:
src: "{{item}}"
dest: "/bkp/local/backup.conf.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.conf.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.conf.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.conf.managed"
- "default/backup.conf.managed"
- name: create dir /bkp/local/exclude.conf.d
file:
path: "/bkp/local/exclude.conf.d"
state: directory
mode: 0700
owner: "root"
group: "root"
- name: copy etc--00-global.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--00-global.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--00-global.managed"
- "default/exclude/etc--00-global.managed"
- name: copy etc--10-host.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--etc--10-host.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/etc--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/etc--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/etc--10-host.managed"
- "default/exclude/etc--10-host.managed"
- name: copy root--00-global.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--00-global.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--00-global.managed"
- "default/exclude/root--00-global.managed"
- name: copy root--10-host.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--root--10-host.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/root--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/root--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/root--10-host.managed"
- "default/exclude/root--10-host.managed"
- name: copy srv--00-global.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--00-global.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--00-global.managed"
- "default/exclude/srv--00-global.managed"
- name: copy srv--10-host.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--srv--10-host.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/srv--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/srv--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/srv--10-host.managed"
- "default/exclude/srv--10-host.managed"
- name: copy var--00-global.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--00-global.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--00-global.managed"
- "default/exclude/var--00-global.managed"
- name: copy var--10-host.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--var--10-host.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/var--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/var--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/var--10-host.managed"
- "default/exclude/var--10-host.managed"
- name: copy backup.service to /etc/systemd/system/
copy:
src: "{{item}}"
dest: "/etc/systemd/system/backup.service"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.service"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.service"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.service"
- "default/backup.service"
- name: copy home--00-global.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--00-global.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--00-global.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--00-global.managed"
- "default/exclude/home--00-global.managed"
- name: copy home--10-host.managed to /bkp/local/exclude.conf.d
copy:
src: "{{item}}"
dest: "/bkp/local/exclude.conf.d/{{inventory_hostname}}--home--10-host.managed"
mode: 0600
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/exclude/home--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/exclude/home--10-host.managed"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/exclude/home--10-host.managed"
- "default/exclude/home--10-host.managed"
- name: copy backup.timer to /etc/systemd/system/
copy:
src: "{{item}}"
dest: "/etc/systemd/system/backup.timer"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup.timer"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup.timer"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup.timer"
- "default/backup.timer"
- name: enable and start backup.timer
include_role: name="base/systemd/enable-and-start"
vars:
service_name: backup.timer
###############################
# setup backup storage server #
###############################
- name: create borg-storage user
user:
name: "borg-storage"
home: "/bkp/storage-server"
shell: "/bin/bash"
createhome: no
system: yes
state: present
when: setup_backup_storage_server | bool
- name: create dir /bkp/storage-server
file:
path: "/bkp/storage-server"
state: directory
mode: "u+rwX,go-rwx"
owner: "borg-storage"
group: "borg-storage"
recurse: yes
when: setup_backup_storage_server | bool
- name: create dir /bkp/storage-server/.ssh
file:
path: "/bkp/storage-server/.ssh"
state: directory
mode: 0700
owner: "borg-storage"
group: "borg-storage"
when: setup_backup_storage_server | bool
- name: copy authorized_keys to /bkp/storage-server/.ssh/authorized_keys
copy:
src: "{{item}}"
dest: "/bkp/storage-server/.ssh/authorized_keys"
mode: 0600
owner: "borg-storage"
group: "borg-storage"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/backup-server.authorized_keys"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/backup-server.authorized_keys"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/backup-server.authorized_keys"
- "default/backup-server.authorized_keys"
when: setup_backup_storage_server | bool