cleaned up restic role a bit

This commit is contained in:
erebion 2024-08-27 11:08:18 +02:00
parent c37af9a00a
commit 10750ffbe9
21 changed files with 4 additions and 390 deletions

View file

@ -1,12 +0,0 @@
# allow members of the sudo group to run backups, but without password
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh

View file

@ -1,6 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic check --read-data
echo "done! :)"

View file

@ -1,6 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic check
echo "done! :)"

View file

@ -1,6 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic mount /mnt/restic
echo "done! :)"

View file

@ -1,4 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic unlock
echo "done! :)"

View file

@ -1,111 +0,0 @@
---
- name: "Install restic"
ansible.builtin.apt:
name:
- restic
state: latest
update_cache: true
become: true
when: ansible_os_family == 'Debian'
- name: "Ensure /opt/scripts/ exists"
ansible.builtin.file:
path: /opt/scripts
state: directory
mode: '0755'
when: "ansible_os_family == 'Debian'"
- name: "Ensure /opt/db_dumps/ exists"
ansible.builtin.file:
path: /opt/db_dumps/
state: directory
owner: postgres
group: postgres
mode: '0774'
ignore_errors: true #to do: auf mautrix-signal kein User "postgres" weil in Docker, muss gelöst werden
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names and 'mautrix-signal' not in inventory_hostname"
- name: "Copy restic backup scripts"
ansible.builtin.copy:
src: "restic-backup-scripts/"
dest: /opt/scripts/restic/.
owner: root
group: root
mode: u+rwx
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
ansible.builtin.template:
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
owner: root
group: root
mode: 'u+rwx'
force: true
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
#- name: "Template restic backup script ENTWURF"
# ansible.builtin.template:
# src: ../templates/restic-backup_ENTWURF.sh.j2
# dest: /opt/scripts/restic/restic-backup_ENTWURF.sh
# owner: root
# group: root
# mode: 'u+rwx'
- name: "Template restic backup script restic-backup_desktops.sh"
ansible.builtin.template:
src: ../templates/restic-backup_desktops.sh.j2
dest: /opt/scripts/restic/restic-backup_desktops.sh
owner: root
group: root
mode: 'u+rwx'
force: true
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
- name: "Template restic prune script restic-prune.sh"
ansible.builtin.template:
src: ../templates/restic-prune.sh.j2
dest: /opt/scripts/restic/restic-prune.sh
owner: root
group: root
mode: 'u+rwx'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template environment variable file restic.env"
ansible.builtin.template:
src: ../templates/restic.env.j2
dest: /opt/scripts/restic/restic.env
owner: root
group: root
mode: '0644'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template restic password file restic-password-repo"
ansible.builtin.template:
src: ../templates/restic-password-repo.j2
dest: /opt/scripts/restic/restic-password-repo
owner: root
group: root
mode: '0440'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Cronjob for Backups"
ansible.builtin.cron:
name: "Restic Backup"
minute: "0"
hour: "3"
job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
- name: "Cronjob for Backups"
ansible.builtin.cron:
name: "Restic Backup"
minute: "0"
hour: "3"
job: "/opt/scripts/restic/restic-backup_desktops.sh"
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"

View file

@ -1,25 +0,0 @@
#!/bin/bash
source {{ restic_env_file }}
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
{% if restic_execute_before is defined %}
{{ restic_execute_before }}
{% else %}
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
{% endif %}
restic backup --verbose {{ restic_backup_paths }}
{% if restic_execute_after is defined %}
{{ restic_execute_after }}
{% else %}
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
{% endif %}
echo "done! :)"

View file

@ -1,25 +0,0 @@
#!/bin/bash
{{ restic_env_file }}
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
{% if restic_execute_before is defined %}
{{ restic_execute_before }}
{% else %}
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
{% endif %}
restic backup --verbose {{ restic_backup_paths }}
{% if restic_execute_after is defined %}
{{ restic_execute_after }}
{% else %}
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
{% endif %}
echo "done! :)"

View file

@ -1,45 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
restic backup --verbose / \
--exclude /home/{{ user }}/.cache \
--exclude /home/{{ user }}/cache \
--exclude /home/{{ user }}/.config/Element/Cache/ \
--exclude /home/{{ user }}/.config/Element/GPUCache \
--exclude /home/{{ user }}/.config/Element/Code\ Cache/ \
--exclude /home/{{ user }}/.config/Signal/attachments.noindex \
--exclude /home/{{ user }}/.config/SchildiChat/Cache \
--exclude /home/{{ user }}/.config/SchildiChat/GPUCache \
--exclude /home/{{ user }}/.config/SchildiChat/Code\ Cache/ \
--exclude /home/{{ user }}/.config/Signal/Cache \
--exclude /home/{{ user }}/.config/Signal/GPUCache \
--exclude /home/{{ user }}/.config/Signal/Code\ Cache/ \
--exclude /home/{{ user }}/.local/share/Trash \
--exclude /home/{{ user }}/Bilder \
--exclude /home/{{ user }}/Downloads \
--exclude /home/{{ user }}/gPodder/Downloads/ \
--exclude /home/{{ user }}/Nextcloud \
--exclude /home/{{ user }}/no-backup \
--exclude /home/{{ user }}/synced_folders \
--exclude /home/{{ user }}/sync \
--exclude /home/{{ user }}/Signal_Backups \
--exclude /lost+found \
--exclude /media \
--exclude /mnt \
--exclude /proc \
--exclude /run \
--exclude /root/.cache \
--exclude /sys \
--exclude /tmp \
--exclude /var/cache \
--exclude /var/tmp
echo "done! :)"

View file

@ -1,21 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
su - postgres --session-command 'pg_dump "{{ matrix_db_name }}" -f /opt/db_dumps/db-dump-{{ matrix_db_name }}.sql'
su - postgres --session-command 'pg_dump "mautrix_googlechat" -f /opt/db_dumps/db-dump-mautrix_googlechat.sql'
su - postgres --session-command 'pg_dump "mautrix_slack" -f /opt/db_dumps/db-dump-mautrix_slack.sql'
restic backup --verbose \
/etc/matrix-synapse \
/opt \
/var/lib/matrix-synapse
echo "done! :)"

View file

@ -1,24 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
# systemctl disable --now mautrix-signal.service
su - postgres --session-command 'pg_dump "{{ database_vars.mautrix_signal.db }}" -f /opt/db_dumps/db-dump-mautrix-signal.sql'
restic backup --verbose \
/data-usb \
/etc/matrix-synapse \
/opt \
/var/lib/matrix-synapse
# systemctl enable --now mautrix-signal.service
echo "done! :)"

View file

@ -1,20 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
restic backup --verbose \
/etc \
/home \
/opt \
/root \
/srv \
/var/www
echo "done! :)"

View file

@ -1,29 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
echo "Now dumping databases, this might take a while..."
set -x
docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
source /opt/scripts/restic/restic_db_passwords.env
docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
set +x
restic backup --verbose \
/etc \
/home \
/opt \
/root \
/srv \
/var/lib/docker/volumes/ \
/var/www
echo "done! :)"

View file

@ -1,42 +0,0 @@
#!/bin/bash
#
#
# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
#
#
source /opt/scripts/restic/restic.env
source /opt/scripts/restic/restic_db_passwords.env
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
restic snapshots
if [ "$?" -eq "0" ]
then
echo "Repo is already initialized, no need to do that."
else
echo "We need to initialize the repo first." && restic init
fi
echo "Now dumping databases, this might take a while..."
set -x
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
set +x
restic backup --verbose \
/etc \
/home \
/opt \
/root \
/srv \
/var/lib/docker/volumes/ \
/var/www
echo "done! :)"

View file

@ -1 +0,0 @@
{{ restic_password_repo[inventory_hostname]["password"] }}

View file

@ -1,6 +0,0 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic forget --prune --keep-within 1m --host={{ ansible_hostname }}
echo "done! :)"

View file

@ -1,3 +0,0 @@
#!/bin/bash
export RESTIC_REPOSITORY="{{ restic_repository_location }}{{ inventory_hostname }}"
export RESTIC_PASSWORD_FILE="/opt/scripts/restic/restic-password-repo"

View file

@ -9,7 +9,7 @@ else
echo "We need to initialize the repo first." && restic init
fi
restic backup --verbose \
restic backup --host="{{ inventory_hostname }}" --verbose \
/etc \
/home \
/opt \

View file

@ -19,7 +19,7 @@ docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -uroot --
set +x
restic backup --verbose \
restic backup --host="{{ inventory_hostname }}" --verbose \
/etc \
/home \
/opt \

View file

@ -30,7 +30,7 @@ docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
set +x
restic backup --verbose \
restic backup --host="{{ inventory_hostname }}" --verbose \
/etc \
/home \
/opt \

View file

@ -1,6 +1,6 @@
#!/bin/bash
source /opt/scripts/restic/restic.env
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ ansible_hostname }}
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ inventory_hostname }}
echo "done! :)"