Commit dde2b3cb authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add automatic backup with borg

parent a10461a0
......@@ -6,5 +6,5 @@
roles:
- common
- tools
- borg
- sshd
- { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
......@@ -6,5 +6,5 @@
roles:
- common
- tools
- borg
- sshd
- { role: borg-server, backup_dir: "/backup", backup_clients: "orion" }
[Unit]
Description=Borg backup
[Service]
Type=oneshot
ExecStart=/usr/local/bin/borg-backup.sh
[Unit]
Description=Borg backup
[Timer]
OnCalendar=weekly
Persistent=true
[Install]
WantedBy=timers.target
---
- name: install borg
pacman: name=borg state=present
- name: check if borg repository already exists
command: borg list {{ backup_host }}:{{ backup_dir }}
register: borg_list
ignore_errors: True
- name: init borg repository
command: borg init -e keyfile {{ backup_host }}:{{ backup_dir }}
when: borg_list | failed
environment:
BORG_PASSPHRASE: ""
- name: install borg backup script
template: src=borg-backup.sh dest=/usr/local/bin/borg-backup.sh owner=root group=root mode=755
- name: install systemd timers for backup
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
with_items:
- borg-backup.timer
- borg-backup.service
- name: activate systemd timers for backup
service: name=borg-backup.timer enabled=yes state=started
#!/usr/bin/env bash
borg create -v --stats -C lz4 -e /proc \
-e /sys -e /dev -e /run -e /tmp -e /var/cache \
{{ backup_host }}:{{ backup_dir }}::$(date -I) /
borg prune -v {{ backup_host }}:{{ backup_dir }} --keep-daily=7 --keep-weekly=4 --keep-monthly=6
---
- name: install borg
pacman: name=borg state=present
- name: create the root backup directory at {{ backup_dir }}
file: path="{{ backup_dir }}/{{ item }}" state=directory owner=root group=root mode=700
with_items: "{{ backup_clients }}"
- name: fetch ssh keys
command: cat /root/.ssh/id_rsa.pub
register: ssh_keys
delegate_to: "{{ groups[item][0] }}"
with_items: "{{ backup_clients }}"
- name: allow certain clients to connect
authorized_key:
user=root
key="{{ item.stdout }}"
manage_dir=yes
key_options="command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
with_items: "{{ ssh_keys.results }}"
---
- name: install borg
pacman: name=borg state=present
......@@ -28,3 +28,6 @@
- name: configure locales
template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644
- name: generate ssh key for root
command: ssh-keygen -b 4096 -N "" -f /root/.ssh/id_rsa creates="/root/.ssh/id_rsa"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment