cleaned up restic role a bit
This commit is contained in:
parent
c37af9a00a
commit
10750ffbe9
21 changed files with 4 additions and 390 deletions
|
@ -1,12 +0,0 @@
|
|||
# allow members of the sudo group to run backups, but without password
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
|
||||
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check --read-data
|
||||
|
||||
echo "done! :)"
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check
|
||||
|
||||
echo "done! :)"
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic mount /mnt/restic
|
||||
|
||||
echo "done! :)"
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
restic unlock
|
||||
echo "done! :)"
|
|
@ -1,111 +0,0 @@
|
|||
---
|
||||
|
||||
- name: "Install restic"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- restic
|
||||
state: latest
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: "Ensure /opt/scripts/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/scripts
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Ensure /opt/db_dumps/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/db_dumps/
|
||||
state: directory
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: '0774'
|
||||
ignore_errors: true #to do: auf mautrix-signal kein User "postgres" weil in Docker, muss gelöst werden
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names and 'mautrix-signal' not in inventory_hostname"
|
||||
|
||||
- name: "Copy restic backup scripts"
|
||||
ansible.builtin.copy:
|
||||
src: "restic-backup-scripts/"
|
||||
dest: /opt/scripts/restic/.
|
||||
owner: root
|
||||
group: root
|
||||
mode: u+rwx
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
|
||||
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
||||
|
||||
#- name: "Template restic backup script ENTWURF"
|
||||
# ansible.builtin.template:
|
||||
# src: ../templates/restic-backup_ENTWURF.sh.j2
|
||||
# dest: /opt/scripts/restic/restic-backup_ENTWURF.sh
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 'u+rwx'
|
||||
|
||||
- name: "Template restic backup script restic-backup_desktops.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-backup_desktops.sh.j2
|
||||
dest: /opt/scripts/restic/restic-backup_desktops.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
||||
|
||||
- name: "Template restic prune script restic-prune.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-prune.sh.j2
|
||||
dest: /opt/scripts/restic/restic-prune.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template environment variable file restic.env"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic.env.j2
|
||||
dest: /opt/scripts/restic/restic.env
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic password file restic-password-repo"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-password-repo.j2
|
||||
dest: /opt/scripts/restic/restic-password-repo
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0440'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Cronjob for Backups"
|
||||
ansible.builtin.cron:
|
||||
name: "Restic Backup"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
||||
|
||||
- name: "Cronjob for Backups"
|
||||
ansible.builtin.cron:
|
||||
name: "Restic Backup"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
job: "/opt/scripts/restic/restic-backup_desktops.sh"
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
source {{ restic_env_file }}
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
|
||||
{% if restic_execute_before is defined %}
|
||||
{{ restic_execute_before }}
|
||||
{% else %}
|
||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
restic backup --verbose {{ restic_backup_paths }}
|
||||
{% if restic_execute_after is defined %}
|
||||
{{ restic_execute_after }}
|
||||
{% else %}
|
||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
|
||||
echo "done! :)"
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
{{ restic_env_file }}
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
|
||||
{% if restic_execute_before is defined %}
|
||||
{{ restic_execute_before }}
|
||||
{% else %}
|
||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
restic backup --verbose {{ restic_backup_paths }}
|
||||
{% if restic_execute_after is defined %}
|
||||
{{ restic_execute_after }}
|
||||
{% else %}
|
||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
|
||||
echo "done! :)"
|
|
@ -1,45 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose / \
|
||||
--exclude /home/{{ user }}/.cache \
|
||||
--exclude /home/{{ user }}/cache \
|
||||
--exclude /home/{{ user }}/.config/Element/Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Element/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/Element/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Signal/attachments.noindex \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/Cache \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Signal/Cache \
|
||||
--exclude /home/{{ user }}/.config/Signal/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/Signal/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.local/share/Trash \
|
||||
--exclude /home/{{ user }}/Bilder \
|
||||
--exclude /home/{{ user }}/Downloads \
|
||||
--exclude /home/{{ user }}/gPodder/Downloads/ \
|
||||
--exclude /home/{{ user }}/Nextcloud \
|
||||
--exclude /home/{{ user }}/no-backup \
|
||||
--exclude /home/{{ user }}/synced_folders \
|
||||
--exclude /home/{{ user }}/sync \
|
||||
--exclude /home/{{ user }}/Signal_Backups \
|
||||
--exclude /lost+found \
|
||||
--exclude /media \
|
||||
--exclude /mnt \
|
||||
--exclude /proc \
|
||||
--exclude /run \
|
||||
--exclude /root/.cache \
|
||||
--exclude /sys \
|
||||
--exclude /tmp \
|
||||
--exclude /var/cache \
|
||||
--exclude /var/tmp
|
||||
|
||||
echo "done! :)"
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
su - postgres --session-command 'pg_dump "{{ matrix_db_name }}" -f /opt/db_dumps/db-dump-{{ matrix_db_name }}.sql'
|
||||
su - postgres --session-command 'pg_dump "mautrix_googlechat" -f /opt/db_dumps/db-dump-mautrix_googlechat.sql'
|
||||
su - postgres --session-command 'pg_dump "mautrix_slack" -f /opt/db_dumps/db-dump-mautrix_slack.sql'
|
||||
|
||||
restic backup --verbose \
|
||||
/etc/matrix-synapse \
|
||||
/opt \
|
||||
/var/lib/matrix-synapse
|
||||
|
||||
echo "done! :)"
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
# systemctl disable --now mautrix-signal.service
|
||||
|
||||
su - postgres --session-command 'pg_dump "{{ database_vars.mautrix_signal.db }}" -f /opt/db_dumps/db-dump-mautrix-signal.sql'
|
||||
|
||||
restic backup --verbose \
|
||||
/data-usb \
|
||||
/etc/matrix-synapse \
|
||||
/opt \
|
||||
/var/lib/matrix-synapse
|
||||
|
||||
# systemctl enable --now mautrix-signal.service
|
||||
|
||||
echo "done! :)"
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
|
||||
#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
#
|
||||
# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
|
||||
#
|
||||
#
|
||||
source /opt/scripts/restic/restic.env
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
|
||||
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
||||
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
||||
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
||||
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
||||
docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
|
||||
docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
|
||||
docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
|
||||
docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
|
||||
docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
|
||||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
|
@ -1 +0,0 @@
|
|||
{{ restic_password_repo[inventory_hostname]["password"] }}
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic forget --prune --keep-within 1m --host={{ ansible_hostname }}
|
||||
|
||||
echo "done! :)"
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
export RESTIC_REPOSITORY="{{ restic_repository_location }}{{ inventory_hostname }}"
|
||||
export RESTIC_PASSWORD_FILE="/opt/scripts/restic/restic-password-repo"
|
|
@ -9,7 +9,7 @@ else
|
|||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose \
|
||||
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
|
|
|
@ -19,7 +19,7 @@ docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -uroot --
|
|||
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
|
|
|
@ -30,7 +30,7 @@ docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot
|
|||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ ansible_hostname }}
|
||||
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ inventory_hostname }}
|
||||
|
||||
echo "done! :)"
|
||||
|
|
Loading…
Reference in a new issue