diff --git a/playbooks/apps/files/bin/borgmatic_on_after_backup.sh b/playbooks/apps/files/bin/borgmatic_on_after_backup.sh deleted file mode 100755 index 56a23be..0000000 --- a/playbooks/apps/files/bin/borgmatic_on_after_backup.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -SOURCE_DIRECTORY="/mnt/data/nextcloud-aio/backups/borg" - -rm "$SOURCE_DIRECTORY/aio-lockfile" - -if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then - docker exec -en nextcloud-aio-nextcloud bash /notify.sh "Remote Borg backup successful!" "Synchronised the backup repository successfully!" -else - echo "Synchronised the backup repository successfully." -fi diff --git a/playbooks/apps/files/bin/borgmatic_on_before_backup.sh b/playbooks/apps/files/bin/borgmatic_on_before_backup.sh deleted file mode 100755 index 3a767b1..0000000 --- a/playbooks/apps/files/bin/borgmatic_on_before_backup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -SOURCE_DIRECTORY="/mnt/data/nextcloud-aio/backups/borg" - -if [ "$EUID" -ne 0 ]; then - echo "run as root" - output 1 -fi - -if ! [ -d "$SOURCE_DIRECTORY" ]; then - echo "The root directory does not exist." - exit 1 -fi - -if [ -z "$(ls -A "$SOURCE_DIRECTORY/")" ]; then - echo "The source directory is empty, which is not allowed." - exit 1 -fi - -if [ -f "$SOURCE_DIRECTORY/lock.roster" ]; then - echo "Unable to execute the script as the backup archive is currently modified. Please try again later." - exit 1 -fi - -if [ -f "$SOURCE_DIRECTORY/aio-lockfile" ]; then - echo "Cannot continue because aio-lockfile already exists." - exit 1 -fi - -touch "$SOURCE_DIRECTORY/aio-lockfile" - -echo "$(date) - Starting backup." diff --git a/playbooks/apps/files/bin/borgmatic_on_error_backup.sh b/playbooks/apps/files/bin/borgmatic_on_error_backup.sh deleted file mode 100755 index 01f2b08..0000000 --- a/playbooks/apps/files/bin/borgmatic_on_error_backup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then - docker exec -en nextcloud-aio-nextcloud bash /notify.sh "Remote Borg backup FAILED!" "Repository: $1 failed to synchronise with error: $2 when executing command: $3>." -else - echo "Repository: $1 failed to synchronise with error: $2 when executing command: $3" -fi diff --git a/playbooks/apps/files/bin/restic-excludes b/playbooks/apps/files/bin/restic-excludes index f3bb319..a6e6559 100644 --- a/playbooks/apps/files/bin/restic-excludes +++ b/playbooks/apps/files/bin/restic-excludes @@ -12,8 +12,8 @@ prowlarr radarr sonarr transmission -nextcloud_data/lib -nextcloud_data/data/appdata_ocw94g5hjk8b/preview +/mnt/data/nextcloud +nextcloud-aio source_code sources .cache @@ -22,4 +22,6 @@ prometheus_data .es_temp_file timemachine elastic_data -nextcloud-aio +code/code_data +node_modules +whisper-data diff --git a/playbooks/apps/files/bin/resticenv b/playbooks/apps/files/bin/resticenv index bcff4e6..6a04d1a 100644 --- a/playbooks/apps/files/bin/resticenv +++ b/playbooks/apps/files/bin/resticenv @@ -1,18 +1,14 @@ $ANSIBLE_VAULT;1.1;AES256 -34643931646634623466323636613561313364633364663034363863353162323266343166363632 -3334363465393362393631356631666161653066663032350a613763383934376138646134313234 -66656436353737333138346133623261356137633066663937646565326439336532616436666336 -3137626464343636650a653064383038363231656136353532396436316363643235653739666631 -33316437333131636434383130376231366562323765343763343164303234386562333962346235 -61333865313138313462613738363231333536386639313433396533636433663432633236366232 -33643137306536626164353338623234393461373339333763356232376431363062373233303762 -38326239306535623237623634363439383838306263343964636637333865346261653639313030 -63353437343237346461313364336461633466383832363637643662633633633665383565623062 -34346338363936336163336431613634616136333163353961653436396332636332323832656338 -37653364366235636663626231636462663836343566343337346461633562663262626135303633 -36333366613033623836623064323238626661323037343266613530306439653535333032636336 -61316133383962353530383133323237333562336463623963613330373762636230616130633738 -31363232353937333536313266346266393233376236373834393232353362646266666336646134 -33323239636464313561646238656337333633366161336266353130343061323963356531356563 -62643136343535346538613738373561313362323833303739636637323366356430376135326132 -6666 +30393035323263633263323838313237383366363831366633623462353564353666613933633232 +3635323233396236373239326633633966656362626431370a386238326635303363343932653530 +63383263383766333637323139306130623263366532363137393362623336626166353834636536 +3738376635613261360a366330353033633436373165656662613836643131373538373563356635 +34643434653631386231346363636632353431616464643436383734326132346566393636323336 +64336135363331336531343062303837643830303732636663383338326636373631343463623834 +31613332656263376632316134373239383435303337346433356562626561336438306637653934 +62623730373737393730613632626363336466633861626137386135393866333763333433383361 +33383034613737316161393364373837323134613933346436316237353466336239353737323230 +37386664633362623037626235663564323930663636373139643766383263633165643032326366 +33333833353937393833383235383663316333336364376337346630323964623337633964333563 +64633233656331636135363434326163656165653736323839663835373038376631383639363761 +3132 diff --git a/playbooks/apps/files/nextcloud-aio-rclone.conf b/playbooks/apps/files/nextcloud-aio-rclone.conf new file mode 100644 index 0000000..21df135 --- /dev/null +++ b/playbooks/apps/files/nextcloud-aio-rclone.conf @@ -0,0 +1,5 @@ +[borgbase-nextcloud-aio] +type = sftp +host = s6frw41d.repo.borgbase.com +user = s6frw41d +key_file = ~/.ssh/id_ed25519 diff --git a/playbooks/apps/nextcloud-aio.yaml b/playbooks/apps/nextcloud-aio.yaml index 0bec723..b73b936 100644 --- a/playbooks/apps/nextcloud-aio.yaml +++ b/playbooks/apps/nextcloud-aio.yaml @@ -6,6 +6,17 @@ - name: Docker ansible.builtin.include_role: name: docker + - name: Install rclone + become: true + ansible.builtin.apt: + name: + - rclone + - name: Copy config file + become: true + ansible.builtin.copy: + src: files/nextcloud-aio-rclone.conf + dest: /root/.config/rclone/rclone.conf + mode: "0600" vars: docker_app_name: nextcloud-aio diff --git a/playbooks/system/all.yaml b/playbooks/system/all.yaml index 153c583..291c69e 100644 --- a/playbooks/system/all.yaml +++ b/playbooks/system/all.yaml @@ -1,5 +1,4 @@ --- - import_playbook: update.yaml # noqa: name[play] -- import_playbook: borg.yaml # noqa: name[play] - import_playbook: cron.yaml # noqa: name[play] - import_playbook: cron-root.yaml # noqa: name[play] diff --git a/playbooks/system/borg.yaml b/playbooks/system/borg.yaml deleted file mode 100644 index c875fee..0000000 --- a/playbooks/system/borg.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Borgmatic - hosts: servers - pre_tasks: - - name: Install system deps - become: true - ansible.builtin.apt: - pkg: - - liblz4-dev - - libzstd-dev - - libxxhash-dev - roles: - - role: borgbase.ansible_role_borgbackup - become: true - borg_encryption_passphrase: "{{ borg_encryption_key }}" - borg_repository: - - ssh://ch78x32l@ch78x32l.repo.borgbase.com/./repo - borg_source_directories: - - /mnt/data/nextcloud-aio/backups/borg - borgmatic_timer_hour: 5 - borgmatic_timer_minute: 30 - borgmatic_hooks: - before_backup: - - /mnt/data/bin/borgmatic_on_before_backup.sh - after_backup: - - /mnt/data/bin/borgmatic_on_after_backup.sh - on_error: - - /mnt/data/bin/borgmatic_on_error_backup.sh {repository} {error} {output} - borg_retention_policy: - keep_daily: 7 - keep_weekly: 4 - keep_monthly: 6 - - vars: - borg_encryption_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386462653063386665316566303864353630386161393931343962613438626163326439626364 - 3262303034306539396163396461386366303262653265630a663335323737646465643538613666 - 34396131373834616265353336346261333362333735643963323762356234623234656166356239 - 6362333266326666300a393435376135623136346537393532336337363264386361643330323038 - 65373362393063333464316235343538316661636138356462336164613262616265646263396136 - 39376534656239643539613663626261616637393737636337653936663837656636613963346164 - 353537353131636139303061613137353065 diff --git a/roles/borgbase.ansible_role_borgbackup/.ansible-lint b/roles/borgbase.ansible_role_borgbackup/.ansible-lint deleted file mode 100644 index 2aea330..0000000 --- a/roles/borgbase.ansible_role_borgbackup/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ ---- -skip_list: - - fqcn-builtins diff --git a/roles/borgbase.ansible_role_borgbackup/.github/workflows/main.yml b/roles/borgbase.ansible_role_borgbackup/.github/workflows/main.yml deleted file mode 100644 index ef664fc..0000000 --- a/roles/borgbase.ansible_role_borgbackup/.github/workflows/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Test - -on: [push, pull_request] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.10" - - name: Install Molecule - run: | - pip install -U pip setuptools wheel - pip install -r requirements-dev.txt - # - name: Debugging with tmate - # uses: mxschmitt/action-tmate@v3.5 - - name: Test using Molecule - run: molecule test diff --git a/roles/borgbase.ansible_role_borgbackup/.gitignore b/roles/borgbase.ansible_role_borgbackup/.gitignore deleted file mode 100644 index 16d3c4d..0000000 --- a/roles/borgbase.ansible_role_borgbackup/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.cache diff --git a/roles/borgbase.ansible_role_borgbackup/.yamllint b/roles/borgbase.ansible_role_borgbackup/.yamllint deleted file mode 100644 index 09db584..0000000 --- a/roles/borgbase.ansible_role_borgbackup/.yamllint +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Based on ansible-lint config -ignore: | - .direnv - -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/roles/borgbase.ansible_role_borgbackup/EXAMPLES.md b/roles/borgbase.ansible_role_borgbackup/EXAMPLES.md deleted file mode 100644 index 9e63152..0000000 --- a/roles/borgbase.ansible_role_borgbackup/EXAMPLES.md +++ /dev/null @@ -1,129 +0,0 @@ -# Additional Examples - -## Custom SSH key for backups only - -``` -- hosts: webservers - roles: - - role: borgbase.ansible_role_borgbackup - borg_encryption_passphrase: CHANGEME - borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo - borgmatic_timer: systemd - borg_ssh_key_name: id_backup - borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new" - borg_user: backupuser - borg_group: backupuser -``` - -## Use service user and copy SSH key to target server - -Installs and configures the Borgmatic client and also initializes the repo on the -remote backup server. (not tested) - -``` -- name: Configure backup - hosts: test.lab - pre_tasks: - - name: Get home of {{ borg_user }} - ansible.builtin.user: - name: "{{ borg_user }}" - state: present - register: user_info - changed_when: false - check_mode: true # Important, otherwise user will be created - - - name: Save the user_info, we need them for the home_dir - ansible.builtin.set_fact: - backup_user_info: "{{ user_info }}" - vars_files: [] - vars: - borg_encryption_passphrase: "CHANGEME" - borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP" - borg_user: "srv_backup" - borg_group: "srv_backup" - borg_ssh_key_name: id_backup - borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new" - borgmatic_timer: systemd - borg_source_directories: - - /srv/www - - /var/lib/automysqlbackup - borg_exclude_patterns: - - /srv/www/old-sites - borg_retention_policy: - keep_hourly: 3 - keep_daily: 7 - keep_weekly: 4 - keep_monthly: 6 - borgmatic_hooks: - before_backup: - - echo "`date` - Starting backup." - tasks: - - name: Configure Borg Backup and Backupmatic - tags: - - always - - install_backup - ansible.builtin.include_role: - name: ansible_role_borgbackup - apply: - tags: - - always - - - - name: Copy SSH-Key to Target {{ borg_repository }} and Init Repo - tags: - - never - - backup_init_repo - block: - - name: Read ssh key - ansible.builtin.slurp: - src: "{{ borg_ssh_key_file_path }}.pub" - register: backup_local_ssh_key - - - name: Set authorized key taken from file - ansible.posix.authorized_key: - # example: - # borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo - # have three parts: "username"@"FQDN":"path/to/store/backup", specific: - # a) user: m5vz9gp4 - # b) fqdn: m5vz9gp4.repo.borgbase.co - # c) dir: repo - user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a) - state: present - key: "{{ backup_local_ssh_key['content'] | b64decode }}" - delegate_to: "{{ borg_repository | regex_search('@(.*):', '\\1') | first }}" # part b) - - - name: Init repository - ansible.builtin.command: - cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'" - - - name: Activate systemd service and timer - when: - - borgmatic_timer is defined and borgmatic_timer == "systemd" - tags: - - never - - backup_init_repo - block: - - name: Populate service facts - ansible.builtin.service_facts: - - - name: Start borgmatic services - ansible.builtin.systemd: - name: "{{ item }}" - state: started - enabled: true - masked: false - daemon_reload: true - when: "item in services" - with_items: - - borgmatic.service - - # bug: Need own section without masked else the timer are skipped - - name: Start borgmatic timers - ansible.builtin.systemd: - name: "{{ item }}" - state: started - enabled: true - daemon_reload: true - with_items: - - "borgmatic.timer" -``` diff --git a/roles/borgbase.ansible_role_borgbackup/LICENSE b/roles/borgbase.ansible_role_borgbackup/LICENSE deleted file mode 100644 index 523eac0..0000000 --- a/roles/borgbase.ansible_role_borgbackup/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2018 Manuel Riel - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/roles/borgbase.ansible_role_borgbackup/README.md b/roles/borgbase.ansible_role_borgbackup/README.md deleted file mode 100644 index 5707a04..0000000 --- a/roles/borgbase.ansible_role_borgbackup/README.md +++ /dev/null @@ -1,136 +0,0 @@ -# Ansible Role: BorgBackup Client - -[![Test](https://github.com/borgbase/ansible-role-borgbackup/actions/workflows/main.yml/badge.svg)](https://github.com/borgbase/ansible-role-borgbackup/actions/workflows/main.yml) [![Ansible Galaxy](https://img.shields.io/ansible/role/48519)](https://galaxy.ansible.com/borgbase/ansible_role_borgbackup) - -Set up encrypted, compressed and deduplicated backups using [BorgBackup](https://borgbackup.readthedocs.io/en/stable/) and [Borgmatic](https://github.com/witten/borgmatic). Currently supports Debian/Ubuntu, CentOS/Red Hat/Fedora, Archlinux and Manjaro. - -Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Hosting for your Borg Repositories. To manage BorgBase repos via Ansible, also see Andy Hawkins' [BorgBase Collection](https://galaxy.ansible.com/adhawkins/borgbase). - -**Main features** -- Install Borg and Borgmatic from PyPi or distro packages -- Set up Borgmatic config -- Schedule regular backups using Cron or Systemd timer - -## Breaking changes -- Older versions of this role set up a separate Cron job for creating and checking - backups. With recent Borgmatic version, this feature is now managed in Borgmatic. - As a result the extra Cron job will be removed by this role. -- Older versions of this role only supported Cron for scheduling. If you use - Systemd timers, be sure to remove the Cron job in `/etc/cron.d/borgmatic` first. - The role will also alert you when trying to use both timers. - -## Example playbook with root as backup user and Cron timer - -``` -- hosts: all - roles: - - role: borgbase.ansible_role_borgbackup - borg_encryption_passphrase: CHANGEME - borg_repository: ssh://xxxxxx@xxxxxx.repo.borgbase.com/./repo - borg_source_directories: - - /var/www - borgmatic_hooks: - before_backup: - - echo "`date` - Starting backup." - postgresql_databases: - - name: users - hostname: database1.example.org - port: 5433 -``` - -## Example playbook with service user and Systemd timer - -``` -- hosts: all - roles: - - role: borgbase.ansible_role_borgbackup - borg_encryption_passphrase: CHANGEME - borg_repository: ssh://xxxxxx@xxxxxx.repo.borgbase.com/./repo - borgmatic_timer: systemd - borg_user: "backupuser" - borg_group: "backupuser" - borg_source_directories: - - /var/www - borg_retention_policy: - keep_hourly: 3 - keep_daily: 7 - keep_weekly: 4 - keep_monthly: 6 -``` - - - -## Installation - -Download from Ansible Galaxy -``` -$ ansible-galaxy install borgbase.ansible_role_borgbackup -``` - -Clone latest version from Github -``` -$ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansible_role_borgbackup -``` - - -## Role Variables - -### Required Variables -- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo. - Can be a list if you want to backup to multiple repositories. - -### Optional Variables -- `borg_dep_packages`: Dependency Packages to install `borg(backup)` and `borgmatic`. -- `borg_distro_packages`: contains the names of distributions packages for `borg(backup)` and `borgmatic`, only used if `borg_install_method` is set to `package`. -- `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key. -- `borg_encryption_passphrase`: Password to use for repokey or keyfile. Empty if repo is unencrypted. -- `borg_exclude_from`: Read exclude patterns from one or more separate named files, one pattern per line. -- `borg_exclude_patterns`: Paths or patterns to exclude from backup. See [official documentation](https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-help-patterns) for more. -- `borg_install_method`: By default `pip` is used to install borgmatic. To install via your distributions package manager set this to `package` and (if needed) overwrite the `borg_distro_packages` variable to contain your distributions package names required to install borgmatic. Note that many distributions ship outdated versions of borgbackup and borgmatic; use at your own risk. -- `borg_require_epel`: When using `borg_install_method: package` on RHEL-based distributions, the EPEL repo is required. To disable the check (e.g. when using a custom mirror instead of the `epel-release` package), set this to `false`. Defaults to `{{ ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' }}` (i.e. `true` on Enterprise Linux-based distros). -- `borg_lock_wait_time`: Config maximum seconds to wait for acquiring a repository/cache lock. Defaults to 5 seconds. -- `borg_one_file_system`: Don't cross file-system boundaries. Defaults to `true` -- `borg_pip_packages`: Dependancy Packages (pip) to install `borg(backup)` and `borgmatic`. -- `borg_remote_path`: Path to the borg executable on the remote. It will default to `borg`. -- `borg_remote_rate_limit`: Remote network upload rate limit in kiBytes/second. -- `borg_retention_policy`: Retention policy for how many backups to keep in each category (daily, weekly, monthly, etc). -- `borg_source_directories`: List of local folders to back up. Default is `/etc/hostname` to prevent an empty backup. -- `borg_ssh_key_name`: Name of the SSH public and pivate key. Default `id_ed25519` -- `borg_ssh_key_file_path`: SSH-key to be used. Default `~/.ssh/{{ borg_ssh_key_name }}` -- `borg_ssh_key_type`: The algorithm used to generate the SSH private key. Choose: `rsa`, `dsa`, `rsa1`, `ecdsa`, `ed25519`. Default: `ed25519` -- `borg_ssh_command`: Command to use instead of just "ssh". This can be used to specify SSH options. -- `borg_version`: Force a specific borg version to be installed -- `borg_venv_path`: Path to store the venv for `borg(backup)` and `borgmatic` - -- `borgmatic_check_last`: Number of archives to check. Defaults to `3` -- `borgmatic_checks`: List of consistency checks. Defaults to monthly checks. See [docs](https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/#check-frequency) for all options. -- `borgmatic_config_name`: Name to use for the Borgmatic config file. Defaults to `config.yaml` -- `borgmatic_timer_hour`: Hour when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 6 | random }}` -- `borgmatic_timer_minute`: Minute when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 59 | random }}` -- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more. -- `borgmatic_timer`: If the variable is set, a timer is installed. A choice must be made between `cron` and `systemd`. -- `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false` -- `borgmatic_store_atime`: Store atime into archive. Defaults to `true` -- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true` -- `borgmatic_version`: Force a specific borgmatic version to be installed - -- `borg_user`: Name of the User to create Backups (service account) -- `borg_group`: Name of the Group to create Backups (service account) - - -## Contributing - -Pull requests (PR) are welcome, as long as they add features that are relevant for a meaningful number of users. All PRs are tested for style and functionality. To run tests locally (needs Docker): - -``` -$ pip install -r requirements-dev.txt -$ molecule test -``` - -## License - -MIT/BSD - -## Author - -© 2018-2023 Manuel Riel and contributors. diff --git a/roles/borgbase.ansible_role_borgbackup/defaults/main.yml b/roles/borgbase.ansible_role_borgbackup/defaults/main.yml deleted file mode 100755 index 02e0a65..0000000 --- a/roles/borgbase.ansible_role_borgbackup/defaults/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -borg_encryption_passphrase: '' -borg_exclude_patterns: [] -borg_one_file_system: true -borg_exclude_from: [] -borg_encryption_passcommand: false -borg_lock_wait_time: 5 -borg_ssh_key_type: "ed25519" -borg_ssh_key_name: "id_{{ borg_ssh_key_type }}" -borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/{{ borg_ssh_key_name }}" -borg_ssh_command: false -borg_remote_path: false -borg_remote_rate_limit: 0 -borg_retention_policy: - keep_hourly: 3 - keep_daily: 7 - keep_weekly: 4 - keep_monthly: 6 -borg_version: false -borgmatic_timer_cron_name: "borgmatic" -borgmatic_timer: cron -borgmatic_timer_hour: "{{ range(0, 5) | random(seed=inventory_hostname) }}" -borgmatic_timer_minute: "{{ range(0, 59) | random(seed=inventory_hostname) }}" -borg_install_method: "pip" -borg_require_epel: "{{ ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' }}" - -borgmatic_config_name: config.yaml -borgmatic_hooks: - on_error: - - echo "`date` - Error while creating a backup." - before_backup: - - echo "`date` - Starting backup." - after_backup: - - echo "`date` - Finished backup." -borgmatic_checks: - - name: repository - frequency: "4 weeks" - - name: archives - frequency: "6 weeks" -borgmatic_check_last: 3 -borgmatic_store_atime: true -borgmatic_store_ctime: true -borgmatic_relocated_repo_access_is_ok: false -borgmatic_version: ">=1.7.11" - -borg_venv_path: "/opt/borgmatic" -borg_user: "root" -borg_group: "root" -... diff --git a/roles/borgbase.ansible_role_borgbackup/meta/.galaxy_install_info b/roles/borgbase.ansible_role_borgbackup/meta/.galaxy_install_info deleted file mode 100644 index 063077d..0000000 --- a/roles/borgbase.ansible_role_borgbackup/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Sun Oct 13 17:15:12 2024 -version: v1.0.1 diff --git a/roles/borgbase.ansible_role_borgbackup/meta/arguments_specs.yml b/roles/borgbase.ansible_role_borgbackup/meta/arguments_specs.yml deleted file mode 100644 index 2908b4f..0000000 --- a/roles/borgbase.ansible_role_borgbackup/meta/arguments_specs.yml +++ /dev/null @@ -1,182 +0,0 @@ -argument_specs: - main: - # https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html#role-argument-validation - # https://docs.ansible.com/ansible/latest/dev_guide/developing_program_flow_modules.html#argument-spec - short_description: Role to install borgbackup and borgmatic. - description: Role to install borgbackup and borgmatic - author: - - 2018-2020 Manuel Riel and contributors. - - Frank Dornheim - options: - borg_dep_packages: - type: str - required: false - description: Dependancy Packages to install borg(backup) and borgmatic. - borg_distro_packages: - type: str - required: false - description: | - Contains the names of distributions packages for borg(backup) and borgmatic, - only used if `borg_install_method` is set to package - borg_pip_packages: - type: str - required: false - description: Dependancy Packages (pip) to install borg(backup) and borgmatic. - borg_venv_path: - type: str - required: false - description: Path to store the venv for borg(backup) and borgmatic. - borg_install_method: - type: str - required: false - default: pip - description: | - By default pip is used to install borgmatic. - To install via your distributions package manager set this to package and (if needed) - overwrite the borg_distro_packages variable to contain your distributions package names - required to install borgmatic. - Note that many distributions ship outdated versions of borgbackup and borgmatic; use at your own risk. - borgmatic_config_name: - type: str - required: false - default: config.yaml - description: Name to use for the borgmatic config file. - borg_user: - type: str - default: root - description: Name of the User to create Backups (Service Account) - borg_group: - type: str - default: root - description: Name of the Group to create Backups (Service Account) - borg_source_directories: - type: List - default: "/etc/hostname" - required: false - description: List of local folders to back up. - borg_one_file_system: - type: str - required: false - description: Don't cross file-system boundaries. - borg_repository: - type: List - required: true - description: | - Full path to repository. - Your own server or [BorgBase.com](https://www.borgbase.com) repo. - Not required when using auto creation of repositories. - Can be a list if you want to backup to multiple repositories. - borgmatic_store_atime: - type: bool - required: false - description: Store atime into archive. - borgmatic_store_ctime: - type: bool - required: false - description: Store ctime into archive. - borg_exclude_patterns: - type: List - required: false - description: Any paths matching these patterns are excluded from backups. Globs and tildes are expanded. - borg_exclude_from: - type: List - required: false - description: Read exclude patterns from one or more separate named files, one pattern per line. - borg_remote_path: - type: str - required: false - description: Alternate Borg remote executable. Defaults to "borg" - borg_encryption_passphrase: - type: str - description: | - The standard output of this command is used to unlock the encryption key. - Only use on repositories that were initialized with passcommand/repokey encryption. - Note that if both encryption_passcommand and encryption_passphrase are set, - then encryption_passphrase takes precedence. - borg_encryption_passcommand: - type: str - required: false - description: secret-tool lookup borg-repository repo-name - borg_remote_rate_limit: - type: int - required: false - description: Remote network upload rate limit in kiBytes/second. - borg_ssh_key_file_path: - type: str - required: false - description: Path to ssh-key - borg_ssh_command: - type: str - description: Command to use instead of just ssh. This can be used to specify ssh options. - borg_lock_wait_time: - type: int - description: Maximum seconds to wait for acquiring a repository/cache lock. - borgmatic_relocated_repo_access_is_ok: - type: bool - description: Bypass Borg error about a repository that has been moved. - borg_retention_policy: - keep_secondly: - type: int - required: false - description: Number of secondly archives to keep. - keep_minutely: - type: int - required: false - description: Number of minutely archives to keep. - keep_hourly: - type: int - required: false - description: Number of hourly archives to keep. - keep_daily: - type: int - required: false - description: Number of daily archives to keep. - keep_weekly: - type: int - required: false - description: Number of weekly archives to keep. - keep_monthly: - type: int - required: false - description: Number of monthly archives to keep. - keep_yearly: - type: int - required: false - description: Number of yearly archives to keep. - borgmatic_checks: - type: List - required: false - description: | - List of one or more consistency checks to run - "repository", "archives", "data", and/or "extract". - Defaults to "repository" and "archives". - Set to "disabled" to disable all consistency checks. - "repository" checks the consistency of the repository, - "archives" checks all of the archives, "data" verifies - the integrity of the data within the archives, and - "extract" does an extraction dry-run of the most recent archive. - Note that "data" implies "archives". - borgmatic_check_last: - type: int - required: false - description: Restrict the number of checked archives to the last n. Applies only to the "archives" check. - borgmatic_hooks: - type: dict - required: false - description: Shell commands or scripts to execute before and after a backup or if an error has occurred. - borgmatic_timer_cron_name: - type: str - required: false - description: Name of the cron Job - borgmatic_timer: - type: str - required: false - description: If the variable is set, a timer is installed. A choice must be made between "cron" and "systemd". - borg_ssh_key_type: - type: str - required: false - description: The algorithm used to generate the SSH private key - borg_ssh_key_name: - type: str - required: false - description: Name of the SSH public and private key diff --git a/roles/borgbase.ansible_role_borgbackup/meta/main.yml b/roles/borgbase.ansible_role_borgbackup/meta/main.yml deleted file mode 100644 index 0438447..0000000 --- a/roles/borgbase.ansible_role_borgbackup/meta/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - author: Manuel Riel - role_name: ansible_role_borgbackup - namespace: borgbase - description: Set up backup to remote machine using Borg and Borgmatic. - company: "BorgBase.com" - license: license (BSD, MIT) - min_ansible_version: "2.0" - platforms: - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - trusty - - xenial - - bionic - - name: ArchLinux - versions: - - all - galaxy_tags: - - backup - - cloud - - system - - security - -allow_duplicates: true diff --git a/roles/borgbase.ansible_role_borgbackup/molecule/default/Dockerfile.j2 b/roles/borgbase.ansible_role_borgbackup/molecule/default/Dockerfile.j2 deleted file mode 100644 index 0b331c5..0000000 --- a/roles/borgbase.ansible_role_borgbackup/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,23 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -{% if item.env is defined %} -{% for var, value in item.env.items() %} -{% if value %} -ENV {{ var }} {{ value }} -{% endif %} -{% endfor %} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-pip sudo bash ca-certificates iproute2 python3-apt aptitude && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v pacman) ]; then pacman --noconfirm -Suy python python-pip sudo openssh; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi diff --git a/roles/borgbase.ansible_role_borgbackup/molecule/default/INSTALL.rst b/roles/borgbase.ansible_role_borgbackup/molecule/default/INSTALL.rst deleted file mode 100644 index 6a44bde..0000000 --- a/roles/borgbase.ansible_role_borgbackup/molecule/default/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/borgbase.ansible_role_borgbackup/molecule/default/converge.yml b/roles/borgbase.ansible_role_borgbackup/molecule/default/converge.yml deleted file mode 100644 index 394383f..0000000 --- a/roles/borgbase.ansible_role_borgbackup/molecule/default/converge.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Converge - hosts: all - pre_tasks: - - name: Set ssh server package name for non-Archlinux ansible_os_family - set_fact: - openssh_package: "openssh-server" - when: ansible_os_family != "Archlinux" - - - name: Set ssh server package name for Archlinux ansible_os_family - set_fact: - openssh_package: "openssh" - when: ansible_os_family == "Archlinux" - - - name: Install openssh - package: - name: "{{ openssh_package }}" - state: present - - roles: - - role: borgbase.ansible_role_borgbackup - borg_install_method: pip - borgmatic_timer: cron - borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo - borg_encryption_passphrase: CHANGEME - borg_source_directories: - - /srv/www - - /var/lib/automysqlbackup - borg_exclude_patterns: - - /srv/www/old-sites - borg_retention_policy: - keep_hourly: 3 - keep_daily: 7 - keep_weekly: 4 - keep_monthly: 6 - borgmatic_hooks: - before_backup: - - echo "`date` - Starting backup." - postgresql_databases: - - name: users - hostname: database1.example.org - port: 5433 - - post_tasks: - - name: Install yamllint for checking config file - pip: - name: yamllint - executable: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/molecule/default/molecule.yml b/roles/borgbase.ansible_role_borgbackup/molecule/default/molecule.yml deleted file mode 100644 index 9c8fa0e..0000000 --- a/roles/borgbase.ansible_role_borgbackup/molecule/default/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: archlinux-latest - image: archlinux:latest - - name: almalinux-9 - image: almalinux:9 - - name: fedora-latest - image: fedora:latest - - name: debian-bullseye - image: debian:bullseye - - name: ubuntu-latest - image: ubuntu:latest -provisioner: - name: ansible -verifier: - name: ansible -lint: | - set -e - yamllint . - ansible-lint . diff --git a/roles/borgbase.ansible_role_borgbackup/molecule/default/verify.yml b/roles/borgbase.ansible_role_borgbackup/molecule/default/verify.yml deleted file mode 100644 index f816e3f..0000000 --- a/roles/borgbase.ansible_role_borgbackup/molecule/default/verify.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Verify - hosts: all - tasks: - - name: Ensure Borgmatic is installed correctly - command: borgmatic --version - - - name: Ensure Borg is installed correctly - command: borgmatic borg --version - - - name: Ensure produced YAML is valid - command: | - yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" /etc/borgmatic/config.yaml diff --git a/roles/borgbase.ansible_role_borgbackup/requirements-dev.txt b/roles/borgbase.ansible_role_borgbackup/requirements-dev.txt deleted file mode 100644 index a10d42b..0000000 --- a/roles/borgbase.ansible_role_borgbackup/requirements-dev.txt +++ /dev/null @@ -1,4 +0,0 @@ -ansible -ansible-lint -molecule -molecule-plugins[docker] diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/01_install.yml b/roles/borgbase.ansible_role_borgbackup/tasks/01_install.yml deleted file mode 100644 index e4478d9..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/01_install.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Install borgbackup - block: - - name: Ensure legacy hooks aren't used - ansible.builtin.assert: - that: - - borgmatic_failure_command is undefined - - borgmatic_before_backup_command is undefined - - borgmatic_after_backup_command is undefined - msg: Please use the new borgmatic_hooks variable instead of individual before/after/failure hooks. - - - name: Include OS-specific variables - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - - "{{ ansible_lsb.id }}.yml" - - - name: Install general dependencies (openssh) - ansible.builtin.package: - name: "{{ borg_dep_packages }}" - state: present - - - name: Install Borg and Borgmatic - ansible.builtin.include_tasks: - file: noauto_install_{{ borg_install_method }}.yml -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/02_user_management.yml b/roles/borgbase.ansible_role_borgbackup/tasks/02_user_management.yml deleted file mode 100644 index fb396d1..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/02_user_management.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# So in different positions in that role we need the user home -# Since we cannot be sure that this FSH is compatible we will determine it. -- name: Get home dir - when: - - borg_user == "root" - block: - - name: Get home if borg_user == "root" - ansible.builtin.user: - name: "{{ borg_user }}" - state: present - register: user_info - changed_when: false - check_mode: true # Important, otherwise user will be created - - - name: Save the user_info, we need them for the home_dir - ansible.builtin.set_fact: - backup_user_info: "{{ user_info }}" - -- name: Create user if borg_user != "root" - when: - - borg_user != "root" - ansible.builtin.include_tasks: - file: noauto_create_backup_user_and_group.yml -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/03_create_key.yml b/roles/borgbase.ansible_role_borgbackup/tasks/03_create_key.yml deleted file mode 100644 index 3827d77..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/03_create_key.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Create SSH key (if neeeded) for {{ borg_user }} - block: - - name: Ensure directory exist - ansible.builtin.file: - path: "{{ backup_user_info.home }}/.ssh/" - state: directory - mode: "0700" - owner: "{{ borg_user }}" - group: "{{ borg_group }}" - - - name: Generate an OpenSSH keypair - community.crypto.openssh_keypair: - path: "{{ borg_ssh_key_file_path }}" - mode: "0600" - type: "{{ borg_ssh_key_type }}" - owner: "{{ borg_user }}" - group: "{{ borg_group }}" - - - name: Read SSH key - ansible.builtin.slurp: - src: "{{ borg_ssh_key_file_path }}.pub" - register: backup_local_ssh_key - - - name: Print key - ansible.builtin.debug: - msg: "The generated key is: {{ backup_local_ssh_key['content'] | b64decode }}" -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/05_configure.yml b/roles/borgbase.ansible_role_borgbackup/tasks/05_configure.yml deleted file mode 100755 index e055c20..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/05_configure.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Add Borgmatic config file - block: - - name: Ensure /etc/borgmatic exists - ansible.builtin.file: - path: /etc/borgmatic - state: directory - mode: "0700" - owner: "{{ borg_user }}" - group: "{{ borg_group }}" - - - name: Add Borgmatic configuration - ansible.builtin.template: - src: config.yaml.j2 - dest: "/etc/borgmatic/{{ borgmatic_config_name }}" - mode: "0600" - owner: "{{ borg_user }}" - group: "{{ borg_group }}" -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/07_install_timer.yml b/roles/borgbase.ansible_role_borgbackup/tasks/07_install_timer.yml deleted file mode 100644 index 4ca6afa..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/07_install_timer.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install timer to run Borgmatic - when: - - borgmatic_timer is defined and borgmatic_timer | length > 0 - block: - - name: Start timer install script - ansible.builtin.include_tasks: - file: noauto_create_timer_{{ borgmatic_timer }}.yml diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/main.yml b/roles/borgbase.ansible_role_borgbackup/tasks/main.yml deleted file mode 100644 index d6b56c1..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Add and run all plays - include_tasks: "{{ bak_element }}" - with_items: "{{ lookup('ansible.builtin.fileglob', '*.yml').split(',') | reject('search', 'main.yml') | reject('search', 'noauto_*') | sort }}" - loop_control: - loop_var: bak_element -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_backup_user_and_group.yml b/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_backup_user_and_group.yml deleted file mode 100644 index d11526e..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_backup_user_and_group.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Setup backup environment - when: - - backup_create_local_user is not defined or backup_create_local_user - - borg_user != "root" - block: - - name: Add local backup group - ansible.builtin.group: - name: "{{ borg_group }}" - state: present - - - name: Add local backup user - ansible.builtin.user: - name: "{{ borg_user }}" - shell: "/bin/bash" - groups: "{{ borg_group }}" - comment: "Backup User Account" - append: true - register: user_info - - - name: Save the user_info, we need them for the home_dir - ansible.builtin.set_fact: - backup_user_info: "{{ user_info }}" - - - name: Add sudo users - community.general.sudoers: - name: "backup" - state: present - user: "{{ borg_user }}" - nopassword: true - commands: - - "/opt/borgmatic/bin/borg" - - "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}" -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_cron.yml b/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_cron.yml deleted file mode 100644 index 6a557a4..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_cron.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Ensure Cron is installed - ansible.builtin.package: - name: "{{ borg_cron_package }}" - state: present - -- name: Add Cron job for borgmatic - block: - - name: Add single Cron job for borgmatic - cron: - name: "{{ borgmatic_timer_cron_name }}" - hour: "{{ borgmatic_timer_hour }}" - minute: "{{ borgmatic_timer_minute }}" - user: "{{ borg_user }}" - cron_file: "{{ borgmatic_timer_cron_name }}" - job: "borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}" - - - name: Ensure separate check cron job is absent - cron: - name: "{{ borgmatic_timer_cron_name }}-check" - cron_file: "{{ borgmatic_timer_cron_name }}" - state: absent - -- name: Set PATH for borgmatic cron job. - cron: - user: "{{ borg_user }}" - cron_file: "{{ borgmatic_timer_cron_name }}" - name: PATH - env: yes - value: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_systemd.yml b/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_systemd.yml deleted file mode 100644 index 53e0b6b..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_create_timer_systemd.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -- name: Register existence of Borgmatic cron file. - cron: - name: "{{ borgmatic_timer_cron_name }}" - cron_file: "{{ borgmatic_timer_cron_name }}" - state: absent - check_mode: true - register: cron_file_exists - -- name: Ensure no Borgmatic Cron file exists. - ansible.builtin.assert: - that: - - not cron_file_exists.changed - fail_msg: Found an existing Borgmatic Cron job. Please remove before using Systemd timer. - -- name: Create borgbackup timer - block: - - name: Copy systemd files - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - backup: true - mode: "{{ item.mode }}" - with_items: - - { src: "borgmatic.timer.j2", dest: "/usr/lib/systemd/system/borgmatic.timer", mode: "0644" } - - { src: "borgmatic.service.j2", dest: "/usr/lib/systemd/system/borgmatic.service", mode: "0644" } - - - name: Populate service facts - ansible.builtin.service_facts: - - # If the role is running and the repo is not yet initialized, an error will occur. - # Therefore the service is stopped by default and must be started manually. - - name: Stop fresh installed borgmatic.timer and borgmatic.service - when: "'borgmatic.service' not in ansible_facts.services" - block: - - name: Set borgmatic services to stopped - newly installed - ansible.builtin.systemd: - name: "{{ item }}" - state: stopped - enabled: false - masked: false - daemon_reload: true - when: item in ansible_facts.services - with_items: - - borgmatic.service - - # bug: Need own section without masked else the timer are skipped - - name: Set borgmatic timers to stopped - newly installed - ansible.builtin.systemd: - name: "{{ item }}" - state: stopped - enabled: false - daemon_reload: true - with_items: - - "borgmatic.timer" - - - name: Show hints - when: "'backup_init_repo' not in ansible_run_tags" - ansible.builtin.debug: - msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (borgmatic.timer) are not activated." -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_package.yml b/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_package.yml deleted file mode 100644 index 5f28a58..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_package.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Install borgbackup by distro - block: - - name: Check if EPEL repo is enabled, if installation from distro is requested - when: borg_require_epel - block: - - name: Get list of installed packages - ansible.builtin.package_facts: - manager: auto - - name: Ensure EPEL is enabled - ansible.builtin.assert: - that: - - "'epel-release' in ansible_facts.packages" - fail_msg: Need EPEL repo to install via distro package. - - - name: Install borgmatic and borg via distribution package manager - ansible.builtin.package: - name: "{{ item }}" - state: present - loop: "{{ borg_distro_packages }}" -... diff --git a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_pip.yml b/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_pip.yml deleted file mode 100644 index 0cf26c1..0000000 --- a/roles/borgbase.ansible_role_borgbackup/tasks/noauto_install_pip.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Install Borg and Borgmatic via pip - block: - - name: Install build dependencies - ansible.builtin.package: - name: "{{ borg_pip_packages }}" - state: present - - - name: Create virtualenv for borg # noqa package-latest - ansible.builtin.pip: - name: - - pip - - setuptools - state: latest - virtualenv: "{{ borg_venv_path }}" - virtualenv_command: "{{ python_bin }} -m venv" - - - name: Install dependent Python packages - ansible.builtin.pip: - name: "{{ borg_dependent_python_packages }}" - virtualenv: "{{ borg_venv_path }}" - when: borg_dependent_python_packages is defined - - - name: Install main Python packages - ansible.builtin.pip: - name: "{{ item.name }}" - version: "{{ item.version | default(omit, true) }}" - virtualenv: "{{ borg_venv_path }}" - when: borg_python_packages is defined - loop: "{{ borg_python_packages }}" - -- name: Create links to Borgmatic and Borg binaries - block: - - name: Create borgmatic command in /usr/local/bin - ansible.builtin.copy: - content: | - #!/bin/bash - . "{{ borg_venv_path }}"/bin/activate - borgmatic "$@" - dest: /usr/local/bin/borgmatic - mode: "0755" - - - name: Create borg command in /usr/local/bin - ansible.builtin.copy: - content: | - #!/bin/bash - . "{{ borg_venv_path }}"/bin/activate - borg "$@" - dest: /usr/local/bin/borg - mode: "0755" -... diff --git a/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.service.j2 b/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.service.j2 deleted file mode 100644 index 4e4406c..0000000 --- a/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.service.j2 +++ /dev/null @@ -1,60 +0,0 @@ -# Managed by Ansible, please don't edit manually - -[Unit] -Description=borgmatic backup -Wants=backup_normal_repo.timer -Wants=network-online.target -After=network-online.target -# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you -# want to allow borgmatic to run anytime. -ConditionACPower=true - -[Service] -Type=oneshot -User={{ borg_user }} -ExecStart=borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }} - -# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service -# Security settings for systemd running as root, optional but recommended to improve security. You -# can disable individual settings if they cause problems for your use case. For more details, see -# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -LockPersonality=true -# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off. -# But you can try setting it to "yes" for improved security if you don't use those features. -MemoryDenyWriteExecute=no -NoNewPrivileges=yes -PrivateDevices=yes -PrivateTmp=yes -ProtectClock=yes -ProtectControlGroups=yes -ProtectHostname=yes -ProtectKernelLogs=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -SystemCallArchitectures=native -SystemCallFilter=@system-service -SystemCallErrorNumber=EPERM -# To restrict write access further, change "ProtectSystem" to "strict" and uncomment -# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository -# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This -# leaves most of the filesystem read-only to borgmatic. -ProtectSystem=full -# ReadWritePaths=-/mnt/my_backup_drive -# ReadOnlyPaths=-/var/lib/my_backup_source -# This will mount a tmpfs on top of /root and pass through needed paths -# ProtectHome=tmpfs -# BindPaths=-/root/.cache/borg -/root/.config/borg -/root/.borgmatic - -# May interfere with running external programs within borgmatic hooks. -# CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW - -# Lower CPU and I/O priority. -Nice=19 -CPUSchedulingPolicy=batch -IOSchedulingClass=best-effort -IOSchedulingPriority=7 -IOWeight=100 diff --git a/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.timer.j2 b/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.timer.j2 deleted file mode 100644 index 2ff402c..0000000 --- a/roles/borgbase.ansible_role_borgbackup/templates/borgmatic.timer.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Managed by Ansible, please don't edit manually - -[Unit] -Description=Start creating of Backups - see: https://www.freedesktop.org/software/systemd/man/systemd.time.html# - -[Timer] -# Day-of-the-Week Year-Month-Day Hour:Minutes:Seconds -# Persistent -> resume backup after shutdown -OnCalendar= *-*-* {{ borgmatic_timer_hour }}:{{ borgmatic_timer_minute }}:00 -Persistent=true - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/roles/borgbase.ansible_role_borgbackup/templates/config.yaml.j2 b/roles/borgbase.ansible_role_borgbackup/templates/config.yaml.j2 deleted file mode 100644 index dc7b485..0000000 --- a/roles/borgbase.ansible_role_borgbackup/templates/config.yaml.j2 +++ /dev/null @@ -1,180 +0,0 @@ -#jinja2: lstrip_blocks: "True", trim_blocks: "True" ---- -# Managed by Ansible, please don't edit manually - -# Full config: https://torsion.org/borgmatic/docs/reference/config.yaml -location: -{% if borg_source_directories is not defined or borg_source_directories | length == 0 %} - source_directories: - - /etc/hostname # prevent empty backupconfig -{% else %} - source_directories: - {% for dir in borg_source_directories %} - - {{ dir }} - {% endfor %} -{% endif %} - - # Stay in same file system (do not cross mount points). - one_file_system: {{ borg_one_file_system }} - repositories: -{% if borg_repository is iterable and (borg_repository is not string and borg_repository is not mapping) %} - {% for repo in borg_repository %} - - {{ repo }} - {% endfor %} -{% elif borg_repository is defined and borg_repository is string %} - - {{ borg_repository }} -{% endif %} - - # Store atime into archive. - atime: {{ borgmatic_store_atime }} - - # Store ctime into archive. - ctime: {{ borgmatic_store_ctime }} - -{% if borg_exclude_patterns %} - # Any paths matching these patterns are excluded from backups. Globs and tildes - # are expanded. See the output of "borg help patterns" for more details. - exclude_patterns: -{% for dir in borg_exclude_patterns %} - - '{{ dir }}' -{% endfor %} -{% endif %} -{% if borg_exclude_from %} - # Read exclude patterns from one or more separate named files, one pattern per - # line. See the output of "borg help patterns" for more details. - exclude_from: -{% for dir in borg_exclude_from %} - - {{ dir }} -{% endfor %} -{% endif %} - - # Exclude directories that contain a CACHEDIR.TAG file. See - # http://www.brynosaurus.com/cachedir/spec.html for details. - exclude_caches: true - - # Exclude directories that contain a file with the given filename. - exclude_if_present: .nobackup - - # Alternate Borg remote executable. Defaults to "borg". - # remote_path: borg1 -{% if borg_remote_path %} - remote_path: {{ borg_remote_path }} -{% endif %} - -# Repository storage options. See -# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and -# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for -# details. -storage: - encryption_passphrase: {{ borg_encryption_passphrase }} - - # The standard output of this command is used to unlock the encryption key. Only - # use on repositories that were initialized with passcommand/repokey encryption. - # Note that if both encryption_passcommand and encryption_passphrase are set, - # then encryption_passphrase takes precedence. - # encryption_passcommand: secret-tool lookup borg-repository repo-name -{% if borg_encryption_passcommand %} - encryption_passcommand: {{ borg_encryption_passcommand }} -{% endif %} - - # Type of compression to use when creating archives. See - # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details. - # Defaults to no compression. - compression: auto,zstd - - # Remote network upload rate limit in kiBytes/second. -{% if borg_remote_rate_limit %} - remote_rate_limit: {{ borg_remote_rate_limit }} -{% endif %} - - # Command to use instead of just "ssh". This can be used to specify ssh options. - # ssh_command: ssh -i ~/.ssh/id_ed25519 -{% if borg_ssh_command %} - ssh_command: {{ borg_ssh_command }} -{% endif %} - - # Umask to be used for borg create. - umask: 0077 - - # Maximum seconds to wait for acquiring a repository/cache lock. - lock_wait: {{ borg_lock_wait_time }} - - # Name of the archive. Borg placeholders can be used. See the output of - # "borg help placeholders" for details. Default is - # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must - # also specify a prefix in the retention section to avoid accidental pruning of - # archives with a different archive name format. And you should also specify a - # prefix in the consistency section as well. - archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}' - - # Bypass Borg error about a repository that has been moved. - relocated_repo_access_is_ok: {{ borgmatic_relocated_repo_access_is_ok }} - -# Retention policy for how many backups to keep in each category. See -# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details. -# At least one of the "keep" options is required for pruning to work. -retention: -{% if borg_retention_policy.keep_secondly is defined %} - # Number of secondly archives to keep. - keep_secondly: {{ borg_retention_policy.keep_secondly }} -{% endif %} - -{% if borg_retention_policy.keep_minutely is defined %} - # Number of minutely archives to keep. - keep_minutely: {{ borg_retention_policy.keep_minutely }} -{% endif %} - -{% if borg_retention_policy.keep_hourly is defined %} - # Number of hourly archives to keep. - keep_hourly: {{ borg_retention_policy.keep_hourly }} -{% endif %} - -{% if borg_retention_policy.keep_daily is defined %} - # Number of daily archives to keep. - keep_daily: {{ borg_retention_policy.keep_daily }} -{% endif %} - -{% if borg_retention_policy.keep_weekly is defined %} - # Number of weekly archives to keep. - keep_weekly: {{ borg_retention_policy.keep_weekly }} -{% endif %} - -{% if borg_retention_policy.keep_monthly is defined %} - # Number of monthly archives to keep. - keep_monthly: {{ borg_retention_policy.keep_monthly }} -{% endif %} - -{% if borg_retention_policy.keep_yearly is defined %} - # Number of yearly archives to keep. - keep_yearly: {{ borg_retention_policy.keep_yearly }} -{% endif %} - -# Consistency checks to run after backups. See -# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and -# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details. -consistency: - # List of one or more consistency checks to run: "repository", - # "archives", "data", and/or "extract". Defaults to - # "repository" and "archives". Set to "disabled" to disable - # all consistency checks. "repository" checks the consistency - # of the repository, "archives" checks all of the archives, - # "data" verifies the integrity of the data within the - # archives, and "extract" does an extraction dry-run of the - # most recent archive. Note that "data" implies "archives". - checks: - {% for checks in borgmatic_checks %} - - {{ checks }} - {% endfor %} - - # Restrict the number of checked archives to the last n. Applies only to the "archives" check. - check_last: {{ borgmatic_check_last }} - -# Shell commands or scripts to execute before and after a backup or if an error has occurred. -# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic. -# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to -# prevent potential shell injection or privilege escalation. -hooks: -{% for hook in borgmatic_hooks %} - {{ hook }}: - {{ borgmatic_hooks[hook] | to_nice_yaml(indent=2) | trim | indent(8) }} -{% endfor %} diff --git a/roles/borgbase.ansible_role_borgbackup/vars/Archlinux.yml b/roles/borgbase.ansible_role_borgbackup/vars/Archlinux.yml deleted file mode 100644 index 48c3688..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/Archlinux.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -borg_dep_packages: - - openssh - -borg_cron_package: cronie - -borg_pip_packages: - - gcc - - pkgconfig - - python-pip - - python-setuptools - -borg_distro_packages: - - borg - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/Debian.yml b/roles/borgbase.ansible_role_borgbackup/vars/Debian.yml deleted file mode 100644 index c5fb44b..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/Debian.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -borg_dep_packages: - - openssh-client - -borg_cron_package: cron - -borg_pip_packages: - - libssl-dev - - libacl1-dev - - libacl1 - - build-essential - - python3-setuptools - - python3-dev - - python3-pip - - python3-pkgconfig - - python3-msgpack - - python3-venv - -borg_distro_packages: - - borgbackup - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/Fedora.yml b/roles/borgbase.ansible_role_borgbackup/vars/Fedora.yml deleted file mode 100644 index a5583ec..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/Fedora.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -borg_dep_packages: - - openssh-clients - -borg_cron_package: cronie - -borg_pip_packages: - - libacl-devel - - libacl - - gcc - - gcc-c++ - - openssl-devel - - python3-pip - - python3-wheel - - python3-devel - - python3-setuptools - - python3-Cython - -borg_distro_packages: - - borgbackup - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/ManjaroLinux.yml b/roles/borgbase.ansible_role_borgbackup/vars/ManjaroLinux.yml deleted file mode 100644 index fd4a65b..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/ManjaroLinux.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -borg_dep_packages: - - openssh - -borg_cron_package: cronie - -borg_pip_packages: # untested - - libssl-dev - - libacl1-dev - - libacl1 - - build-essential - - python3-setuptools - - python3-dev - - python3-pip - - python3-pkgconfig - - python3-msgpack - - python3-venv - -borg_distro_packages: - - borg - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/RedHat-8.yml b/roles/borgbase.ansible_role_borgbackup/vars/RedHat-8.yml deleted file mode 100644 index 4497b8d..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/RedHat-8.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -borg_dep_packages: - - openssh-clients - -borg_cron_package: cronie - -borg_pip_packages: - - libacl-devel - - libacl - - gcc - - gcc-c++ - - openssl-devel - - python3-pip - - python3-wheel - - python3-devel - - python3-setuptools - - python3-virtualenv - -borg_distro_packages: - - borgbackup - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/RedHat-9.yml b/roles/borgbase.ansible_role_borgbackup/vars/RedHat-9.yml deleted file mode 100644 index 2b900f4..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/RedHat-9.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -borg_dep_packages: - - openssh-clients - -borg_cron_package: cronie - -borg_pip_packages: - - libacl-devel - - libacl - - gcc - - gcc-c++ - - openssl-devel - - python3-pip - # - python3-wheel - - python3-devel - - python3-setuptools - # - python3-virtualenv - -borg_distro_packages: - - borgbackup - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/RedHat.yml b/roles/borgbase.ansible_role_borgbackup/vars/RedHat.yml deleted file mode 100644 index 3115a75..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/RedHat.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -borg_dep_packages: - - openssh-clients - -borg_cron_package: cronie - -borg_pip_packages: - - libacl-devel - - libacl - - gcc - - gcc-c++ - - openssl-devel - - python36-pip - - python36-wheel - - python36-devel - - python-setuptools - -borg_distro_packages: - - borgbackup - - borgmatic - -python_bin: python3 -pip_bin: pip3 diff --git a/roles/borgbase.ansible_role_borgbackup/vars/main.yml b/roles/borgbase.ansible_role_borgbackup/vars/main.yml deleted file mode 100644 index 9f34550..0000000 --- a/roles/borgbase.ansible_role_borgbackup/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -borg_dependent_python_packages: - - cython - - pkgconfig - -borg_python_packages: - - name: borgbackup - version: "{{ borg_version }}" - - name: borgmatic - version: "{{ borgmatic_version }}"