finish borg setup
This commit is contained in:
parent
898e9b1c16
commit
9598341a81
4 changed files with 13 additions and 16 deletions
10
README.md
10
README.md
|
|
@ -17,6 +17,7 @@ All services below are running under Docker, except NSD because I couldn't figur
|
|||
- Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
|
||||
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
|
||||
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
|
||||
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
|
||||
|
||||
## Possible future services
|
||||
|
||||
|
|
@ -37,15 +38,6 @@ Could make automatic key rollovers with cron or some other tool.
|
|||
Currently I always resign zones.
|
||||
But for idempotency I should probably only do it if the zone has changed or the keys have changed.
|
||||
|
||||
### Borg Backup
|
||||
|
||||
Ideal situation is to backup all of (and only) /data.
|
||||
Issue with Mastodon: the cache is saved at /data as well. Should put this in a location that is not backed up.
|
||||
|
||||
After investigating, borg backup with borgmatic is excellent.
|
||||
Instead of cron, I will use systemd timers to schedule borgmatic.
|
||||
https://dev.to/bowmanjd/schedule-jobs-with-systemd-timers-a-cron-alternative-15l8
|
||||
|
||||
### Firewall
|
||||
|
||||
A little more difficult because of docker networking but probably doable.
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@
|
|||
path: "{{ service_dir }}"
|
||||
state: directory
|
||||
- name: Copy borg backup configuration
|
||||
copy:
|
||||
src: "{{ role_path }}/files/backup.yml"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/backup.yml.j2"
|
||||
dest: "{{ service_dir }}/backup.yml"
|
||||
- name: Copy public key
|
||||
copy:
|
||||
|
|
@ -22,8 +22,8 @@
|
|||
dest: "{{ service_dir }}/id_ed25519"
|
||||
mode: 0600
|
||||
- name: Copy systemd timer backup service
|
||||
copy:
|
||||
src: "{{ role_path }}/files/backup.service"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/backup.service.j2"
|
||||
dest: "/etc/systemd/system/backup.service"
|
||||
register: service
|
||||
- name: Copy systemd timer backup timer
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
Description=Backup data using borgmatic
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/borgmatic --config /srv/borg/backup.yml
|
||||
ExecStart=/usr/bin/borgmatic --config {{ service_dir }}/backup.yml
|
||||
Type=oneshot
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
location:
|
||||
source_directories:
|
||||
- /srv/borg # TEMP to test
|
||||
- {{ base_data_dir }}
|
||||
repositories:
|
||||
- ssh://root@lewis.lan/root/maxtest
|
||||
- ssh://root@lewis.lan/root/homeserver_backup
|
||||
retention:
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
|
|
@ -10,3 +10,8 @@ retention:
|
|||
storage:
|
||||
ssh_command: ssh -i /srv/borg/id_ed25519
|
||||
unknown_unencrypted_repo_access_is_ok: true
|
||||
hooks:
|
||||
before_everything:
|
||||
- systemctl stop docker docker.socket
|
||||
after_everything:
|
||||
- systemctl start docker
|
||||
Reference in a new issue