Add automatic backup with borg

dde2b3cb · Sven-Hendrik Haase · a10461a0 · dde2b3cb · dde2b3cb · dde2b3cb
Commit dde2b3cb authored 8 years ago by Sven-Hendrik Haase
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -6,5 +6,5 @@
  roles:
    - common
    - tools
-    - borg
    - sshd
+    - { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
--- a/playbooks/vostok.yml
+++ b/playbooks/vostok.yml
@@ -6,5 +6,5 @@
  roles:
    - common
    - tools
-    - borg
    - sshd
+    - { role: borg-server, backup_dir: "/backup", backup_clients: "orion" }
--- a/roles/borg-client/files/borg-backup.service
+++ b/roles/borg-client/files/borg-backup.service
+[Unit]
+Description=Borg backup
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/borg-backup.sh
--- a/roles/borg-client/files/borg-backup.timer
+++ b/roles/borg-client/files/borg-backup.timer
+[Unit]
+Description=Borg backup
+
+[Timer]
+OnCalendar=weekly
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/roles/borg-client/tasks/main.yml
+++ b/roles/borg-client/tasks/main.yml
+---
+
+- name: install borg
+  pacman: name=borg state=present
+
+- name: check if borg repository already exists
+  command: borg list {{ backup_host }}:{{ backup_dir }}
+  register: borg_list
+  ignore_errors: True
+
+- name: init borg repository
+  command: borg init -e keyfile {{ backup_host }}:{{ backup_dir }}
+  when: borg_list | failed
+  environment:
+    BORG_PASSPHRASE: ""
+
+- name: install borg backup script
+  template: src=borg-backup.sh dest=/usr/local/bin/borg-backup.sh owner=root group=root mode=755
+
+- name: install systemd timers for backup
+  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+  with_items:
+    - borg-backup.timer
+    - borg-backup.service
+
+- name: activate systemd timers for backup
+  service: name=borg-backup.timer enabled=yes state=started
--- a/roles/borg-client/templates/borg-backup.sh
+++ b/roles/borg-client/templates/borg-backup.sh
+#!/usr/bin/env bash
+
+borg create -v --stats -C lz4 -e /proc \
+    -e /sys -e /dev -e /run -e /tmp -e /var/cache \
+    {{ backup_host }}:{{ backup_dir }}::$(date -I) /
+borg prune -v {{ backup_host }}:{{ backup_dir }} --keep-daily=7 --keep-weekly=4 --keep-monthly=6
--- a/roles/borg-server/tasks/main.yml
+++ b/roles/borg-server/tasks/main.yml
+---
+
+- name: install borg
+  pacman: name=borg state=present
+
+- name: create the root backup directory at {{ backup_dir }}
+  file: path="{{ backup_dir }}/{{ item }}" state=directory owner=root group=root mode=700
+  with_items: "{{ backup_clients }}"
+
+- name: fetch ssh keys
+  command: cat /root/.ssh/id_rsa.pub
+  register: ssh_keys
+  delegate_to: "{{ groups[item][0] }}"
+  with_items: "{{ backup_clients }}"
+
+- name: allow certain clients to connect
+  authorized_key:
+    user=root
+    key="{{ item.stdout }}"
+    manage_dir=yes
+    key_options="command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
+  with_items: "{{ ssh_keys.results }}"
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
---
-
- name: install borg
-  pacman: name=borg state=present
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -28,3 +28,6 @@

 - name: configure locales
  template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644
+
+- name: generate ssh key for root
+  command: ssh-keygen -b 4096 -N "" -f /root/.ssh/id_rsa creates="/root/.ssh/id_rsa"