Compare commits
No commits in common. "da13d96bf7b317aeafe2235c6027c37a9e99be15" and "3988a26d93013747854a6883b3ab15375b87e11d" have entirely different histories.
da13d96bf7
...
3988a26d93
13 changed files with 122 additions and 0 deletions
|
@ -20,6 +20,7 @@ All services below are running under Docker, except NSD and Borg.
|
||||||
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
|
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
|
||||||
- Cyberchef (https://cyberchef.geokunis2.nl)
|
- Cyberchef (https://cyberchef.geokunis2.nl)
|
||||||
- Jitsi Meet (https://meet.jit.si)
|
- Jitsi Meet (https://meet.jit.si)
|
||||||
|
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
|
||||||
- RSS feed reader using [FreshRSS](https://miniflux.app/)
|
- RSS feed reader using [FreshRSS](https://miniflux.app/)
|
||||||
- Metrics using [Prometheus](https://prometheus.io/)
|
- Metrics using [Prometheus](https://prometheus.io/)
|
||||||
|
|
||||||
|
|
8
inventory/group_vars/all.yml
Normal file
8
inventory/group_vars/all.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
|
||||||
|
dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
|
||||||
|
kingston1tb_mount_point: "/mnt/kingston1TB"
|
||||||
|
backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
|
||||||
|
|
||||||
|
admin_public_keys:
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
|
|
@ -3,6 +3,7 @@
|
||||||
roles:
|
roles:
|
||||||
- {role: 'ssh', tags: 'ssh'}
|
- {role: 'ssh', tags: 'ssh'}
|
||||||
- {role: 'watchtower', tags: 'watchtower'}
|
- {role: 'watchtower', tags: 'watchtower'}
|
||||||
|
- {role: 'borg', tags: 'borg'}
|
||||||
- {role: 'forgejo', tags: 'forgejo'}
|
- {role: 'forgejo', tags: 'forgejo'}
|
||||||
- {role: 'syncthing', tags: 'syncthing'}
|
- {role: 'syncthing', tags: 'syncthing'}
|
||||||
- {role: 'kms', tags: 'kms'}
|
- {role: 'kms', tags: 'kms'}
|
7
playbooks/backup.yml
Normal file
7
playbooks/backup.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
- name: Create backup
|
||||||
|
hosts: homeserver
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Create backup
|
||||||
|
command:
|
||||||
|
cmd: systemctl start backup.service
|
10
roles/borg/files/backup.timer
Normal file
10
roles/borg/files/backup.timer
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Backup data daily
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=*-*-* 3:00:00
|
||||||
|
Persistent=true
|
||||||
|
RandomizedDelaySec=1h
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
25
roles/borg/files/id_ed25519
Normal file
25
roles/borg/files/id_ed25519
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39646436383433653539316135323332303832633864366363313031636534353531386638323037
|
||||||
|
6364366663313964633239613261373733333736316534390a306262373634303536353365396138
|
||||||
|
35626433353935633534353636613232623531303765636139363139646265653361353164656363
|
||||||
|
3465316438373734330a636563346263633332353962353033336565356435353739646263343339
|
||||||
|
38633832343230393631633434323231313438336537383930646562356264346534663235323035
|
||||||
|
31643861306134663662353938643861393861333838633338613131363136333766353131313666
|
||||||
|
30393437616539643263386331343166636434323435666636386562353239373330336462653636
|
||||||
|
38306161393634356636613334323038366365626138326365303063313564653365313063643432
|
||||||
|
66306664356662326638363736366462343636393466303432323661323431393337306132386531
|
||||||
|
65663736643565363634373461666631356439373935353734636535636538626630666462653636
|
||||||
|
33363730626662313336633132393437666533363136643464653462646561393861376464366238
|
||||||
|
35383136333939653265366336356234613166353162366365346462633639396335653432353964
|
||||||
|
35303964633339356531343437393231303936623465383265666134316335666531636337383563
|
||||||
|
30326530396439363438396439313264643765366663343439646333326664633231626662666463
|
||||||
|
38616235353730346239396265306230623135626332636330666461333864306664346637396233
|
||||||
|
61343535396230363938306162313938363063353934323764656538666337656431363634333739
|
||||||
|
62373234356131373931333736373136343166636465643065643337386539376361383965343762
|
||||||
|
33633837626637393832366332343332303361306230626131346539323538383365316535666532
|
||||||
|
30666439643263653835666430393439396239333464336133316264323234643361336434343763
|
||||||
|
61306133373335353563646331303562326139613133356139366632363738316461633739333161
|
||||||
|
33666531653239626362363364346566373430656538356166346363333531656433393034333232
|
||||||
|
65353139623435383330353864336132313031656362386538626464313264333231653831373834
|
||||||
|
33363632616430303763616366356131323265313337323836396264623539316436616333383933
|
||||||
|
62653865623831626330
|
2
roles/borg/meta/main.yml
Normal file
2
roles/borg/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
dependencies:
|
||||||
|
- role: common
|
38
roles/borg/tasks/main.yml
Normal file
38
roles/borg/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
- name: Install borg
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- borgbackup
|
||||||
|
- borgmatic
|
||||||
|
- name: Create borg service directory
|
||||||
|
file:
|
||||||
|
path: "{{ service_dir }}"
|
||||||
|
state: directory
|
||||||
|
- name: Copy borg backup configuration
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/backup.yml.j2"
|
||||||
|
dest: "{{ service_dir }}/backup.yml"
|
||||||
|
- name: Copy private key
|
||||||
|
copy:
|
||||||
|
src: "{{ role_path }}/files/id_ed25519"
|
||||||
|
dest: "{{ service_dir }}/id_ed25519"
|
||||||
|
mode: 0600
|
||||||
|
- name: Copy systemd timer backup service
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/backup.service.j2"
|
||||||
|
dest: "/etc/systemd/system/backup.service"
|
||||||
|
register: service
|
||||||
|
- name: Copy systemd timer backup timer
|
||||||
|
copy:
|
||||||
|
src: "{{ role_path }}/files/backup.timer"
|
||||||
|
dest: "/etc/systemd/system/backup.timer"
|
||||||
|
register: timer
|
||||||
|
- name: Enable systemd timer
|
||||||
|
systemd:
|
||||||
|
name: backup.timer
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: "{{ 'yes' if service.changed or timer.changed else 'no' }}"
|
||||||
|
- name: Restore backup
|
||||||
|
command:
|
||||||
|
cmd: "borgmatic extract --archive latest --destination / --config {{ service_dir }}/backup.yml"
|
||||||
|
creates: /data
|
6
roles/borg/templates/backup.service.j2
Normal file
6
roles/borg/templates/backup.service.j2
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Backup data using borgmatic
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/borgmatic --config {{ service_dir }}/backup.yml
|
||||||
|
Type=oneshot
|
17
roles/borg/templates/backup.yml.j2
Normal file
17
roles/borg/templates/backup.yml.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
location:
|
||||||
|
source_directories:
|
||||||
|
- {{ base_data_dir }}
|
||||||
|
repositories:
|
||||||
|
- ssh://root@lewis.dmz/{{ backup_location }}
|
||||||
|
retention:
|
||||||
|
keep_daily: 7
|
||||||
|
keep_weekly: 4
|
||||||
|
keep_monthly: 6
|
||||||
|
storage:
|
||||||
|
ssh_command: ssh -i {{ service_dir }}/id_ed25519
|
||||||
|
unknown_unencrypted_repo_access_is_ok: true
|
||||||
|
hooks:
|
||||||
|
before_everything:
|
||||||
|
- systemctl stop docker docker.socket
|
||||||
|
after_everything:
|
||||||
|
- systemctl start docker
|
2
roles/borg/vars/main.yml
Normal file
2
roles/borg/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
service_name: borg
|
||||||
|
service_dir: "{{ base_service_dir }}/{{ service_name }}"
|
|
@ -19,3 +19,8 @@
|
||||||
src: "{{ role_path }}/files/resolv.conf"
|
src: "{{ role_path }}/files/resolv.conf"
|
||||||
dest: /etc/resolv.conf
|
dest: /etc/resolv.conf
|
||||||
follow: true
|
follow: true
|
||||||
|
- name: Add dataserver to known hosts
|
||||||
|
known_hosts:
|
||||||
|
name: "lewis.dmz"
|
||||||
|
key: "lewis.dmz ssh-ed25519 {{ dataserver_public_key }}"
|
||||||
|
state: present
|
||||||
|
|
Reference in a new issue