diff --git a/README.md b/README.md index dbda648..ef4504a 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,10 @@ An Ansible Role that installs that sets up BorgBackup on Debian/Ubuntu. - `borg_encryption_passphrase` (optional): Password to use for repokey or keyfile. Empty if repo is unencrypted. - `borgmatic_config_name` (optional): Name to use for the borgmatic config file. Defaults to `config.yml` - `borg_exclude_patterns` (optional): Paths or patterns to exclude from backup. See [official documentation](https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-help-patterns) for more. - +- `borg_one_file_system` (optional): Don't cross file-system boundaries. Defaults to `true` +- `borg_exclude_from` (optional): Read exclude patterns from one or more separate named files, one pattern per line. +- `borg_ssh_command` (optional): Command to use instead of just "ssh". This can be used to specify ssh options. +- `borg_encryption_passcommand` (optional): The standard output of this command is used to unlock the encryption key. ## Example Playbook diff --git a/defaults/main.yml b/defaults/main.yml index da06b4e..2b73eb5 100755 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,8 @@ --- borg_encryption_passphrase: '' borg_exclude_patterns: [] -borgmatic_config_name: config.yaml \ No newline at end of file +borgmatic_config_name: config.yaml +borg_one_file_system: true +borg_exclude_from: [] +borg_encryption_passcommand: false +borg_ssh_command: false \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index b5c6bd3..726562c 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -54,4 +54,3 @@ name: PATH env: yes value: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -4 \ No newline at end of file diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 index 22b1766..62dd1f9 100644 --- a/templates/config.yaml.j2 +++ b/templates/config.yaml.j2 @@ -4,7 +4,8 @@ location: - {{ dir }} {% endfor %} - one_file_system: true + # Stay in same file system (do not cross mount points). + one_file_system: {{ borg_one_file_system }} repositories: - {{ borg_repository }} @@ -15,6 +16,13 @@ location: - {{ dir }} {% endfor %} + # Read exclude patterns from one or more separate named files, one pattern per + # line. See the output of "borg help patterns" for more details. + exclude_from: +{% for dir in borg_exclude_from %} + - {{ dir }} +{% endfor %} + # Exclude directories that contain a CACHEDIR.TAG file. See # http://www.brynosaurus.com/cachedir/spec.html for details. exclude_caches: true @@ -28,6 +36,16 @@ location: # details. storage: encryption_passphrase: {{ borg_encryption_passphrase }} + + # The standard output of this command is used to unlock the encryption key. Only + # use on repositories that were initialized with passcommand/repokey encryption. + # Note that if both encryption_passcommand and encryption_passphrase are set, + # then encryption_passphrase takes precedence. + # encryption_passcommand: secret-tool lookup borg-repository repo-name +{% if borg_encryption_passcommand %} + encryption_passcommand: {{ borg_encryption_passcommand }} +{% endif %} + # Type of compression to use when creating archives. See # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details. # Defaults to no compression. @@ -38,6 +56,9 @@ storage: # Command to use instead of just "ssh". This can be used to specify ssh options. # ssh_command: ssh -i ~/.ssh/id_ed25519 +{% if borg_ssh_command %} + encryption_passcommand: {{ borg_ssh_command }} +{% endif %} # Umask to be used for borg create. umask: 0077