From ecfb6b92f4b9a948947e146d6c146957916293cc Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 10 Jan 2023 23:55:25 +0100
Subject: [PATCH] add borg backup test

---
 Makefile                        |  3 +++
 playbooks/all.yml               |  1 +
 playbooks/borg.yml              |  4 ++++
 roles/borg/files/backup.service |  6 +++++
 roles/borg/files/backup.timer   | 10 +++++++++
 roles/borg/files/backup.yml     | 12 ++++++++++
 roles/borg/files/id_ed25519     | 25 +++++++++++++++++++++
 roles/borg/files/id_ed25519.pub |  1 +
 roles/borg/meta/main.yml        |  2 ++
 roles/borg/tasks/main.yml       | 39 +++++++++++++++++++++++++++++++++
 roles/borg/vars/main.yml        |  2 ++
 roles/nsd/meta/main.yml         |  2 ++
 12 files changed, 107 insertions(+)
 create mode 100644 playbooks/borg.yml
 create mode 100644 roles/borg/files/backup.service
 create mode 100644 roles/borg/files/backup.timer
 create mode 100644 roles/borg/files/backup.yml
 create mode 100644 roles/borg/files/id_ed25519
 create mode 100644 roles/borg/files/id_ed25519.pub
 create mode 100644 roles/borg/meta/main.yml
 create mode 100644 roles/borg/tasks/main.yml
 create mode 100644 roles/borg/vars/main.yml
 create mode 100644 roles/nsd/meta/main.yml

diff --git a/Makefile b/Makefile
index bf5bee0..d322db2 100644
--- a/Makefile
+++ b/Makefile
@@ -28,4 +28,7 @@ traefik:
 kms:
 	ansible-playbook playbooks/kms.yml -i inventory/hosts.yml
 
+borg:
+	ansible-playbook playbooks/borg.yml -i inventory/hosts.yml --ask-vault-pass
+
 .PHONY: run
diff --git a/playbooks/all.yml b/playbooks/all.yml
index 4740010..c6ed8b0 100644
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@@ -2,6 +2,7 @@
   hosts: homeservers
   roles:
     - ssh
+    - borg
     - nsd
     - syncthing
     - kms
diff --git a/playbooks/borg.yml b/playbooks/borg.yml
new file mode 100644
index 0000000..8cad627
--- /dev/null
+++ b/playbooks/borg.yml
@@ -0,0 +1,4 @@
+- name: Install borg
+  hosts: homeservers
+  roles:
+    - borg
diff --git a/roles/borg/files/backup.service b/roles/borg/files/backup.service
new file mode 100644
index 0000000..c08cd5b
--- /dev/null
+++ b/roles/borg/files/backup.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Backup data using borgmatic
+
+[Service]
+ExecStart=/usr/bin/borgmatic --config /srv/borg/backup.yml
+Type=oneshot
diff --git a/roles/borg/files/backup.timer b/roles/borg/files/backup.timer
new file mode 100644
index 0000000..cc54943
--- /dev/null
+++ b/roles/borg/files/backup.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Backup data daily 
+
+[Timer]
+OnCalendar=*-*-* 3:00:00
+Persistent=true
+RandomizedDelaySec=1h
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/borg/files/backup.yml b/roles/borg/files/backup.yml
new file mode 100644
index 0000000..29b4502
--- /dev/null
+++ b/roles/borg/files/backup.yml
@@ -0,0 +1,12 @@
+location:
+    source_directories:
+        - /srv/borg # TEMP to test
+    repositories:
+        - ssh://root@lewis.lan/root/maxtest
+retention:
+    keep_daily: 7
+    keep_weekly: 4
+    keep_monthly: 6
+storage:
+    ssh_command: ssh -i /srv/borg/id_ed25519
+    unknown_unencrypted_repo_access_is_ok: true
diff --git a/roles/borg/files/id_ed25519 b/roles/borg/files/id_ed25519
new file mode 100644
index 0000000..1dd2cb2
--- /dev/null
+++ b/roles/borg/files/id_ed25519
@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+39646436383433653539316135323332303832633864366363313031636534353531386638323037
+6364366663313964633239613261373733333736316534390a306262373634303536353365396138
+35626433353935633534353636613232623531303765636139363139646265653361353164656363
+3465316438373734330a636563346263633332353962353033336565356435353739646263343339
+38633832343230393631633434323231313438336537383930646562356264346534663235323035
+31643861306134663662353938643861393861333838633338613131363136333766353131313666
+30393437616539643263386331343166636434323435666636386562353239373330336462653636
+38306161393634356636613334323038366365626138326365303063313564653365313063643432
+66306664356662326638363736366462343636393466303432323661323431393337306132386531
+65663736643565363634373461666631356439373935353734636535636538626630666462653636
+33363730626662313336633132393437666533363136643464653462646561393861376464366238
+35383136333939653265366336356234613166353162366365346462633639396335653432353964
+35303964633339356531343437393231303936623465383265666134316335666531636337383563
+30326530396439363438396439313264643765366663343439646333326664633231626662666463
+38616235353730346239396265306230623135626332636330666461333864306664346637396233
+61343535396230363938306162313938363063353934323764656538666337656431363634333739
+62373234356131373931333736373136343166636465643065643337386539376361383965343762
+33633837626637393832366332343332303361306230626131346539323538383365316535666532
+30666439643263653835666430393439396239333464336133316264323234643361336434343763
+61306133373335353563646331303562326139613133356139366632363738316461633739333161
+33666531653239626362363364346566373430656538356166346363333531656433393034333232
+65353139623435383330353864336132313031656362386538626464313264333231653831373834
+33363632616430303763616366356131323265313337323836396264623539316436616333383933
+62653865623831626330
diff --git a/roles/borg/files/id_ed25519.pub b/roles/borg/files/id_ed25519.pub
new file mode 100644
index 0000000..238b751
--- /dev/null
+++ b/roles/borg/files/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max
diff --git a/roles/borg/meta/main.yml b/roles/borg/meta/main.yml
new file mode 100644
index 0000000..9711b33
--- /dev/null
+++ b/roles/borg/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: common
diff --git a/roles/borg/tasks/main.yml b/roles/borg/tasks/main.yml
new file mode 100644
index 0000000..ae8baeb
--- /dev/null
+++ b/roles/borg/tasks/main.yml
@@ -0,0 +1,39 @@
+- name: Install borg
+  apt:
+    pkg:
+      - borgbackup
+      - borgmatic
+- name: Create borg service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy borg backup configuration
+  copy:
+    src: "{{ role_path }}/files/backup.yml"
+    dest: "{{ service_dir }}/backup.yml"
+- name: Copy public key
+  copy:
+    src: "{{ role_path }}/files/id_ed25519.pub"
+    dest: "{{ service_dir }}/id_ed25519.pub"
+    mode: 0644
+- name: Copy private key
+  copy:
+    src: "{{ role_path }}/files/id_ed25519"
+    dest: "{{ service_dir }}/id_ed25519"
+    mode: 0600
+- name: Copy systemd timer backup service
+  copy:
+    src: "{{ role_path }}/files/backup.service"
+    dest: "/etc/systemd/system/backup.service"
+  register: service
+- name: Copy systemd timer backup timer
+  copy:
+    src: "{{ role_path }}/files/backup.timer"
+    dest: "/etc/systemd/system/backup.timer"
+  register: timer
+- name: Enable systemd timer
+  systemd:
+    name: backup.timer
+    enabled: true
+    state: started
+    daemon_reload: "{{ 'yes' if service.changed or timer.changed else 'no' }}"
diff --git a/roles/borg/vars/main.yml b/roles/borg/vars/main.yml
new file mode 100644
index 0000000..63faed1
--- /dev/null
+++ b/roles/borg/vars/main.yml
@@ -0,0 +1,2 @@
+service_name: borg
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml
new file mode 100644
index 0000000..9711b33
--- /dev/null
+++ b/roles/nsd/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: common