Newer
Older
- name: parse config
set_fact:
backup_backend: "{% if backups.mode in ['standalone-restic', 'hypervisor-restic'] %}restic{% else %}False{% endif %}"
backup_executor: "{% if backups.mode in ['vm-via-hypervisor'] %}False{% else %}True{% endif %}"
- name: create config folder
file:
path: /etc/backup-client/
state: directory
owner: root
group: root
mode: 0700
- name: setup hosts that actualy run backup code (not vms for example)
when: backup_executor
block:
community.crypto.openssh_keypair:
path: /etc/backup-client/id_ed25519
type: ed25519
- name: create retention file
copy:
dest: /etc/backup-client/retention.env
owner: root
group: root
mode: 0700
content: |
export BACKUP_RETENTION_HOURS={{ backups.retention.hours }}
export BACKUP_RETENTION_DAYS={{ backups.retention.days }}
export BACKUP_RETENTION_WEEKS={{ backups.retention.weeks }}
export BACKUP_RETENTION_MONTHS={{ backups.retention.months }}
export BACKUP_RETENTION_YEARS={{ backups.retention.years }}
- name: copy backup config
loop:
- name: 'enabled'
flag: '{{ backups.enabled }}'
file:
path: /etc/backup-client/{{ item.name }}
owner: root
group: root
mode: 0600
state: "{% if item.flag %}touch{% else %}absent{% endif %}"
- name: copy scripts
loop:
- backup-retention
- backup-standalone
- backup-vm
- backup-all-vms
- backup-full
- backup-cronjob
template:
src: "{{ item }}.j2"
dest: "/usr/local/bin/{{ item }}"
owner: root
group: root
- name: copy systemd services
notify:
- reload systemd
loop:
- backup-check
- backup-retention
- backup-run
template:
src: "{{ item }}.service.j2"
dest: "/etc/systemd/system/{{ item }}.service"
owner: root
group: root
mode: 0644
# validate: /usr/bin/systemd-analyze verify %s
- name: copy timers
notify:
- reload systemd
- enable timers
loop:
- check
- retention
- run
template:
src: "timer.j2"
dest: "/etc/systemd/system/backup-{{ item }}.timer"
owner: root
group: root
mode: 0644
- name: create data folder
file:
path: /var/backup-client/
state: directory
owner: root
group: root
mode: 0700
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
- name: create a remote sftp user if enabled
when:
- backups.remote_sftp_user.enabled
- backup_executor
delegate_to: "{{ backups.remote_sftp_user.host }}"
block:
- name: "create user {{ backups.remote_sftp_user.name }}"
user:
name: "{{ backups.remote_sftp_user.name }}"
createhome: yes
shell: /sbin/nologin
system: false
group: "{{ backups.remote_sftp_user.group }}"
groups: "{{backups.remote_sftp_user.groups }}"
- name: add ssh key to user
when: not ansible_check_mode
ansible.posix.authorized_key:
user: "{{ backups.remote_sftp_user.name }}"
state: present
key: '{{ backup_ssh_key_task.public_key }}'
- name: create chroot folder
file:
path: "{{ backups.remote_sftp_user.chroot_basepath }}"
owner: root
group: root
mode: 0755
state: directory
- name: create bind mount point in chroot folder
file:
path: "{{ backups.remote_sftp_user.chroot_basepath }}/backups"
owner: "{{ backups.remote_sftp_user.name }}"
group: "{{ backups.remote_sftp_user.group }}"
mode: 0700
state: directory
- name: create storage folder
when: backups.remote_sftp_user.create_storage_folder
file:
path: "{{ backups.remote_sftp_user.storage_path }}"
owner: "{{ backups.remote_sftp_user.name }}"
group: "{{ backups.remote_sftp_user.group }}"
mode: 0700
state: directory
- name: "setup bindmount"
loop:
- mounted
- present
mount:
path: "{{ backups.remote_sftp_user.chroot_basepath }}/backups"
src: "{{ backups.remote_sftp_user.storage_path }}"
opts: "rw,bind,noauto,x-systemd.automount"
fstype: auto
passno: "0"
state: "{{ item }}"
when:
- backup_backend == 'restic'
- backup_executor
block:
- name: install backend tools (restic)
apt:
pkg:
- restic
- name: copy exclude file
copy:
dest: /etc/backup-client/exclude_files
owner: root
group: root
mode: 0600
content: "{{ backups.exclude_files|filterEnabled|join('\n') }}"
- name: copy include file
copy:
dest: /etc/backup-client/include_files
owner: root
group: root
mode: 0600
content: "{{ backups.include_files|filterEnabled|join('\n') }}"
- name: create repo key for restic
shell: "umask 177; dd if=/dev/urandom of=/etc/backup-client/restic.key bs=1k count=16"
- name: set repo key permissions
file:
path: /etc/backup-client/restic.key
owner: root
group: root
mode: 0600
- name: create restic env file
copy:
dest: /etc/backup-client/restic.env
owner: root
group: root
mode: 0700
content: |
export RESTIC_REPOSITORY="{{ backups.backends.restic.url }}"
export RESTIC_PASSWORD_FILE="/etc/backup-client/restic.key"
- name: create restic repository folder
when:
- backups.backends.restic.repo_type == 'local'
- backups.backends.restic.repo_folder_create
file:
path: "{{ backups.backends.restic.url }}"
state: directory
owner: root
group: root
mode: 0700
- name: create repo for restic
shell: 'source /etc/backup-client/restic.env; restic snapshots > /dev/null || restic init'
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
args:
executable: /bin/bash
- name: handle hypervisor mode
when: backups.mode == 'hypervisor-restic'
block:
- name: create vms config folder
file:
path: /etc/backup-client/vms/
state: directory
owner: root
group: root
mode: 0700
- name: create vm mount point
file:
path: /var/backup-client/vm-mountpoint/
state: directory
owner: root
group: root
mode: 0700
- name: handle vm-via-hypervisor mode
when: backups.mode == 'vm-via-hypervisor'
block:
- name: create config folder on vm host
delegate_to: "{{ vm['host'] }}"
file:
dest: /etc/backup-client/vms/{{ vm['name'] }}
state: directory
owner: root
group: root
mode: 0700
- name: copy exclude file to vm host
delegate_to: "{{ vm['host'] }}"
copy:
dest: /etc/backup-client/vms/{{ vm['name'] }}/exclude_files
owner: root
group: root
mode: 0600
content: "{{ backups.exclude_files|filterEnabled|vmpath2hostpath(mountpoint='/var/backup-client/vm-mountpoint')|join('\n') }}"
- name: copy include file to vm host
delegate_to: "{{ vm['host'] }}"
copy:
dest: /etc/backup-client/vms/{{ vm['name'] }}/include_files
owner: root
group: root
mode: 0600
content: "{{ backups.include_files|filterEnabled|vmpath2hostpath(mountpoint='/var/backup-client/vm-mountpoint')|join('\n') }}"
- name: copy vm backup config to vm host
delegate_to: "{{ vm['host'] }}"
loop:
- name: 'enabled'
flag: '{{ backups.enabled }}'
file:
path: /etc/backup-client/vms/{{ vm['name'] }}/{{ item.name }}
owner: root
group: root
mode: 0600
state: "{% if item.flag %}touch{% else %}absent{% endif %}"