added missing parts for the backup
This commit is contained in:
parent
60d07548dc
commit
3dc1886a55
28 changed files with 664 additions and 0 deletions
12
roles/unhb_backup_scripts/files/98-backup-conf
Normal file
12
roles/unhb_backup_scripts/files/98-backup-conf
Normal file
|
@ -0,0 +1,12 @@
|
|||
# allow members of the sudo group to run backups, but without password
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
|
||||
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check --read-data
|
||||
|
||||
echo "done! :)"
|
6
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-check.sh
Executable file
6
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-check.sh
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check
|
||||
|
||||
echo "done! :)"
|
6
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-mount.sh
Executable file
6
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-mount.sh
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic mount /mnt/restic
|
||||
|
||||
echo "done! :)"
|
4
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-unlock.sh
Executable file
4
roles/unhb_backup_scripts/files/restic-backup-scripts/restic-unlock.sh
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
restic unlock
|
||||
echo "done! :)"
|
|
@ -0,0 +1,12 @@
|
|||
# allow members of the sudo group to run backups, but without password
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
|
||||
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
|
||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
|
||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check --read-data
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic check
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic mount /mnt/restic
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
restic unlock
|
||||
echo "done! :)"
|
111
roles/unhb_backup_scripts/restic_scripts/tasks/main.yml
Normal file
111
roles/unhb_backup_scripts/restic_scripts/tasks/main.yml
Normal file
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
|
||||
- name: "Install restic"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- restic
|
||||
state: latest
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: "Ensure /opt/scripts/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/scripts
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Ensure /opt/db_dumps/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/db_dumps/
|
||||
state: directory
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: '0774'
|
||||
ignore_errors: true #to do: auf mautrix-signal kein User "postgres" weil in Docker, muss gelöst werden
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names and 'mautrix-signal' not in inventory_hostname"
|
||||
|
||||
- name: "Copy restic backup scripts"
|
||||
ansible.builtin.copy:
|
||||
src: "restic-backup-scripts/"
|
||||
dest: /opt/scripts/restic/.
|
||||
owner: root
|
||||
group: root
|
||||
mode: u+rwx
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
|
||||
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
||||
|
||||
#- name: "Template restic backup script ENTWURF"
|
||||
# ansible.builtin.template:
|
||||
# src: ../templates/restic-backup_ENTWURF.sh.j2
|
||||
# dest: /opt/scripts/restic/restic-backup_ENTWURF.sh
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 'u+rwx'
|
||||
|
||||
- name: "Template restic backup script restic-backup_desktops.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-backup_desktops.sh.j2
|
||||
dest: /opt/scripts/restic/restic-backup_desktops.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
||||
|
||||
- name: "Template restic prune script restic-prune.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-prune.sh.j2
|
||||
dest: /opt/scripts/restic/restic-prune.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template environment variable file restic.env"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic.env.j2
|
||||
dest: /opt/scripts/restic/restic.env
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic password file restic-password-repo"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-password-repo.j2
|
||||
dest: /opt/scripts/restic/restic-password-repo
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0440'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Cronjob for Backups"
|
||||
ansible.builtin.cron:
|
||||
name: "Restic Backup"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
||||
|
||||
- name: "Cronjob for Backups"
|
||||
ansible.builtin.cron:
|
||||
name: "Restic Backup"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
job: "/opt/scripts/restic/restic-backup_desktops.sh"
|
||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
source {{ restic_env_file }}
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
|
||||
{% if restic_execute_before is defined %}
|
||||
{{ restic_execute_before }}
|
||||
{% else %}
|
||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
restic backup --verbose {{ restic_backup_paths }}
|
||||
{% if restic_execute_after is defined %}
|
||||
{{ restic_execute_after }}
|
||||
{% else %}
|
||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
{{ restic_env_file }}
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
|
||||
{% if restic_execute_before is defined %}
|
||||
{{ restic_execute_before }}
|
||||
{% else %}
|
||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
restic backup --verbose {{ restic_backup_paths }}
|
||||
{% if restic_execute_after is defined %}
|
||||
{{ restic_execute_after }}
|
||||
{% else %}
|
||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
||||
{% endif %}
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,45 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose / \
|
||||
--exclude /home/{{ user }}/.cache \
|
||||
--exclude /home/{{ user }}/cache \
|
||||
--exclude /home/{{ user }}/.config/Element/Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Element/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/Element/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Signal/attachments.noindex \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/Cache \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/SchildiChat/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.config/Signal/Cache \
|
||||
--exclude /home/{{ user }}/.config/Signal/GPUCache \
|
||||
--exclude /home/{{ user }}/.config/Signal/Code\ Cache/ \
|
||||
--exclude /home/{{ user }}/.local/share/Trash \
|
||||
--exclude /home/{{ user }}/Bilder \
|
||||
--exclude /home/{{ user }}/Downloads \
|
||||
--exclude /home/{{ user }}/gPodder/Downloads/ \
|
||||
--exclude /home/{{ user }}/Nextcloud \
|
||||
--exclude /home/{{ user }}/no-backup \
|
||||
--exclude /home/{{ user }}/synced_folders \
|
||||
--exclude /home/{{ user }}/sync \
|
||||
--exclude /home/{{ user }}/Signal_Backups \
|
||||
--exclude /lost+found \
|
||||
--exclude /media \
|
||||
--exclude /mnt \
|
||||
--exclude /proc \
|
||||
--exclude /run \
|
||||
--exclude /root/.cache \
|
||||
--exclude /sys \
|
||||
--exclude /tmp \
|
||||
--exclude /var/cache \
|
||||
--exclude /var/tmp
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
su - postgres --session-command 'pg_dump "{{ matrix_db_name }}" -f /opt/db_dumps/db-dump-{{ matrix_db_name }}.sql'
|
||||
su - postgres --session-command 'pg_dump "mautrix_googlechat" -f /opt/db_dumps/db-dump-mautrix_googlechat.sql'
|
||||
su - postgres --session-command 'pg_dump "mautrix_slack" -f /opt/db_dumps/db-dump-mautrix_slack.sql'
|
||||
|
||||
restic backup --verbose \
|
||||
/etc/matrix-synapse \
|
||||
/opt \
|
||||
/var/lib/matrix-synapse
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,24 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
# systemctl disable --now mautrix-signal.service
|
||||
|
||||
su - postgres --session-command 'pg_dump "{{ database_vars.mautrix_signal.db }}" -f /opt/db_dumps/db-dump-mautrix-signal.sql'
|
||||
|
||||
restic backup --verbose \
|
||||
/data-usb \
|
||||
/etc/matrix-synapse \
|
||||
/opt \
|
||||
/var/lib/matrix-synapse
|
||||
|
||||
# systemctl enable --now mautrix-signal.service
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
29
roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb2.sh.j2
Executable file
29
roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb2.sh.j2
Executable file
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
|
||||
#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
42
roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb4.sh.j2
Executable file
42
roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb4.sh.j2
Executable file
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
#
|
||||
# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
|
||||
#
|
||||
#
|
||||
source /opt/scripts/restic/restic.env
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
|
||||
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
||||
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
||||
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
||||
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
||||
docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
|
||||
docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
|
||||
docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
|
||||
docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
|
||||
docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
|
||||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
|
@ -0,0 +1 @@
|
|||
{{ restic_password_repo[inventory_hostname]["password"] }}
|
6
roles/unhb_backup_scripts/restic_scripts/templates/restic-prune.sh.j2
Executable file
6
roles/unhb_backup_scripts/restic_scripts/templates/restic-prune.sh.j2
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
|
||||
restic forget --prune --keep-within 1m --host={{ ansible_hostname }}
|
||||
|
||||
echo "done! :)"
|
3
roles/unhb_backup_scripts/restic_scripts/templates/restic.env.j2
Executable file
3
roles/unhb_backup_scripts/restic_scripts/templates/restic.env.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
export RESTIC_REPOSITORY="{{ restic_repository_location }}{{ inventory_hostname }}"
|
||||
export RESTIC_PASSWORD_FILE="/opt/scripts/restic/restic-password-repo"
|
|
@ -1,5 +1,138 @@
|
|||
---
|
||||
|
||||
- name: "Install restic"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- restic
|
||||
state: latest
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: "Ensure /opt/scripts/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/scripts
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Ensure /opt/db_dumps/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /opt/db_dumps/
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Copy restic backup scripts"
|
||||
ansible.builtin.copy:
|
||||
src: "restic-backup-scripts/"
|
||||
dest: /opt/scripts/restic/.
|
||||
owner: root
|
||||
group: root
|
||||
mode: u+rwx
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
|
||||
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic prune script restic-prune.sh"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-prune.sh.j2
|
||||
dest: /opt/scripts/restic/restic-prune.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template environment variable file restic.env"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic.env.j2
|
||||
dest: /opt/scripts/restic/restic.env
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template restic password file restic-password-repo"
|
||||
ansible.builtin.template:
|
||||
src: ../templates/restic-password-repo.j2
|
||||
dest: /opt/scripts/restic/restic-password-repo
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0440'
|
||||
force: true
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template systemd units for restic"
|
||||
ansible.builtin.template:
|
||||
src: "restic-wasabi.service.j2"
|
||||
dest: "/etc/systemd/system/restic@.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Template systemd timers for restic"
|
||||
ansible.builtin.template:
|
||||
src: "restic-wasabi.timer.j2"
|
||||
dest: "/etc/systemd/system/restic@.timer"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u+rwx'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: "Reload systemd units"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when: unit.changed
|
||||
|
||||
- name: "Restart systemd units for restic"
|
||||
ansible.builtin.systemd:
|
||||
state: restarted
|
||||
enabled: true
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- "restic@{{ inventory_hostname }}.service"
|
||||
- "restic@{{ inventory_hostname }}.timer"
|
||||
when: unit.changed
|
||||
|
||||
- name: "Enable systemd units for restic-wasabi"
|
||||
ansible.builtin.systemd:
|
||||
state: started
|
||||
enabled: true
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- "restic@{{ inventory_hostname }}.service"
|
||||
- "restic@{{ inventory_hostname }}.timer"
|
||||
|
||||
#- name: "Cronjob for Backups"
|
||||
# ansible.builtin.cron:
|
||||
# name: "Restic Backup"
|
||||
# minute: "0"
|
||||
# hour: "3"
|
||||
# job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
|
||||
# when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
||||
|
||||
#- name: "Cronjob for Backups"
|
||||
# ansible.builtin.cron:
|
||||
# name: "Restic Backup"
|
||||
# minute: "0"
|
||||
# hour: "3"
|
||||
# job: "/opt/scripts/restic/restic-backup_desktops.sh"
|
||||
# when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
||||
|
||||
- name: "Template restic_db_passwords.env"
|
||||
ansible.builtin.template:
|
||||
src: "restic_db_passwords.env_{{ inventory_hostname }}.j2"
|
||||
|
|
20
roles/unhb_backup_scripts/templates/restic-backup_unhb-proxmox-local.sh.j2
Executable file
20
roles/unhb_backup_scripts/templates/restic-backup_unhb-proxmox-local.sh.j2
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
29
roles/unhb_backup_scripts/templates/restic-backup_unhb2.sh.j2
Executable file
29
roles/unhb_backup_scripts/templates/restic-backup_unhb2.sh.j2
Executable file
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
source /opt/scripts/restic/restic.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
|
||||
#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
42
roles/unhb_backup_scripts/templates/restic-backup_unhb4.sh.j2
Executable file
42
roles/unhb_backup_scripts/templates/restic-backup_unhb4.sh.j2
Executable file
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
#
|
||||
# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
|
||||
#
|
||||
#
|
||||
source /opt/scripts/restic/restic.env
|
||||
source /opt/scripts/restic/restic_db_passwords.env
|
||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
||||
restic snapshots
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
echo "Repo is already initialized, no need to do that."
|
||||
else
|
||||
echo "We need to initialize the repo first." && restic init
|
||||
fi
|
||||
|
||||
echo "Now dumping databases, this might take a while..."
|
||||
set -x
|
||||
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
|
||||
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
||||
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
||||
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
||||
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
||||
docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
|
||||
docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
|
||||
docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
|
||||
docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
|
||||
docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
|
||||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
||||
set +x
|
||||
|
||||
restic backup --verbose \
|
||||
/etc \
|
||||
/home \
|
||||
/opt \
|
||||
/root \
|
||||
/srv \
|
||||
/var/lib/docker/volumes/ \
|
||||
/var/www
|
||||
|
||||
echo "done! :)"
|
11
roles/unhb_backup_scripts/templates/restic.service.j2
Normal file
11
roles/unhb_backup_scripts/templates/restic.service.j2
Normal file
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=This unit will start the restic backup
|
||||
After=
|
||||
Wants=
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
Type=simple
|
||||
ExecStart=/opt/scripts/restic/restic-backup_%i.sh
|
||||
|
||||
[Install]
|
9
roles/unhb_backup_scripts/templates/restic.timer.j2
Normal file
9
roles/unhb_backup_scripts/templates/restic.timer.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Timer starting restic-wasabi.service
|
||||
|
||||
[Timer]
|
||||
OnCalendar={{ restic_start_time }}
|
||||
Unit=restic-wasabi@%i.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue