finish borg setup

README.md

@@ -17,6 +17,7 @@ All services below are running under Docker, except NSD because I couldn't figur
 - Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
 - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
 - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
+- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
 
 ## Possible future services
 
@@ -37,15 +38,6 @@ Could make automatic key rollovers with cron or some other tool.
 Currently I always resign zones.
 But for idempotency I should probably only do it if the zone has changed or the keys have changed.
 
-### Borg Backup
-
-Ideal situation is to backup all of (and only) /data.
-Issue with Mastodon: the cache is saved at /data as well. Should put this in a location that is not backed up.
-
-After investigating, borg backup with borgmatic is excellent.
-Instead of cron, I will use systemd timers to schedule borgmatic.
-https://dev.to/bowmanjd/schedule-jobs-with-systemd-timers-a-cron-alternative-15l8
-
 ### Firewall
 
 A little more difficult because of docker networking but probably doable.

roles/borg/tasks/main.yml

@@ -8,8 +8,8 @@
     path: "{{ service_dir }}"
     state: directory
 - name: Copy borg backup configuration
-  copy:
+  template:
-    src: "{{ role_path }}/files/backup.yml"
+    src: "{{ role_path }}/templates/backup.yml.j2"
     dest: "{{ service_dir }}/backup.yml"
 - name: Copy public key
   copy:
@@ -22,8 +22,8 @@
     dest: "{{ service_dir }}/id_ed25519"
     mode: 0600
 - name: Copy systemd timer backup service
-  copy:
+  template:
-    src: "{{ role_path }}/files/backup.service"
+    src: "{{ role_path }}/templates/backup.service.j2"
     dest: "/etc/systemd/system/backup.service"
   register: service
 - name: Copy systemd timer backup timer

roles/borg/templates/backup.service.j2

@@ -2,5 +2,5 @@
 Description=Backup data using borgmatic
 
 [Service]
-ExecStart=/usr/bin/borgmatic --config /srv/borg/backup.yml
+ExecStart=/usr/bin/borgmatic --config {{ service_dir }}/backup.yml
 Type=oneshot

roles/borg/templates/backup.yml.j2

@@ -1,8 +1,8 @@
 location:
     source_directories:
-        - /srv/borg # TEMP to test
+        - {{ base_data_dir }}
     repositories:
-        - ssh://root@lewis.lan/root/maxtest
+        - ssh://root@lewis.lan/root/homeserver_backup
 retention:
     keep_daily: 7
     keep_weekly: 4
@@ -10,3 +10,8 @@ retention:
 storage:
     ssh_command: ssh -i /srv/borg/id_ed25519
     unknown_unencrypted_repo_access_is_ok: true
+hooks:
+    before_everything:
+        - systemctl stop docker docker.socket
+    after_everything:
+        - systemctl start docker