initial commit

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Manuel Riel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,34 @@
+# Ansible Role: BorgBackup Client
+
+An Ansible Role that installs that sets up BorgBackup on Debian/Ubuntu.
+
+## Role Variables
+
+- `borg_repository` (required): Full path to repository.
+- `borg_encryption_passphrase` (optional): Password to use for repokey or keyfile. Empty if repo is unencrypted.
+- `borg_source_directories` (required): List of local folders to back up.
+- `borg_exclude_patterns` (optional): List of local folders to exclude.
+
+
+## Example Playbook
+
+```
+- hosts: webservers
+  roles:
+  - role: borgbackup
+    borg_encryption_passphrase: CHANGEME
+    borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
+    borg_source_directories:
+      - /srv/www
+      - /var/lib/automysqlbackup
+    borg_exclude_patterns:
+      - /srv/www/upload
+```
+
+## License
+
+MIT/BSD
+
+## Author
+
+This role was created by Manuel Riel, founder of [BorgBase.com](https://www.borgbase.com) - Simple and Secure Hosting for your Borg Repositories.

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+borg_encryption_passphrase: ''
+borg_exclude_patterns: []

tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Regenerate apt-cache and update packages
+  apt: update_cache=yes upgrade=dist cache_valid_time=120
+
+- name: Install required System Packages
+  apt: 
+    pkg: "{{ item }}"
+    state: installed
+  with_items: "{{ borg_apt_packages }}"
+
+- name: Install required Python Packages
+  pip:
+    name: "{{ item }}"
+    executable: pip3
+  with_items: "{{ borg_python_packages }}"
+
+- name: Ensure root has SSH key.
+  user:
+    name: "root"
+    generate_ssh_key: yes
+    ssh_key_file: .ssh/id_ed25519
+    ssh_key_type: ed25519
+  register: root_user
+
+- debug:
+    var: root_user['ssh_public_key']
+
+- name: Ensures /etc/borgmatic exists
+  file:
+    path: /etc/borgmatic
+    state: directory
+    mode: 0700
+    owner: root
+
+- name: Add Borgmatic Configuration
+  template:
+    src: config.yaml.j2
+    dest: "/etc/borgmatic/config.yaml"
+    mode: 0600
+
+- name: Add cron-job for borgmatic
+  cron: 
+    name: "borgmatic"
+    hour: "{{ 4 |random }}"
+    minute: "{{ 59 |random }}"
+    user: "root"
+    cron_file: borgmatic
+    job: "/usr/local/bin/borgmatic"

templates/config.yaml.j2

@@ -0,0 +1,115 @@
+location:
+    source_directories:
+{% for dir in borg_source_directories %}
+        - {{ dir }}
+{% endfor %}
+    
+    one_file_system: true
+    repositories:
+        - {{ borg_repository }}
+
+    # Any paths matching these patterns are excluded from backups. Globs and tildes
+    # are expanded. See the output of "borg help patterns" for more details.
+    exclude_patterns:
+{% for dir in borg_exclude_patterns %}
+        - {{ dir }}
+{% endfor %}
+
+    # Exclude directories that contain a CACHEDIR.TAG file. See
+    # http://www.brynosaurus.com/cachedir/spec.html for details.
+    exclude_caches: true
+
+    # Exclude directories that contain a file with the given filename.
+    exclude_if_present: .nobackup
+
+# Repository storage options. See
+# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
+# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
+# details.
+storage:
+    encryption_passphrase: {{ borg_encryption_passphrase }}
+    # Type of compression to use when creating archives. See
+    # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
+    # Defaults to no compression.
+    compression: auto,zstd
+
+    # Remote network upload rate limit in kiBytes/second.
+    #remote_rate_limit: 5000
+
+    # Command to use instead of just "ssh". This can be used to specify ssh options.
+    # ssh_command: ssh -i ~/.ssh/id_ed25519
+
+    # Umask to be used for borg create.
+    umask: 0077
+
+    # Maximum seconds to wait for acquiring a repository/cache lock.
+    lock_wait: 5
+
+    # Name of the archive. Borg placeholders can be used. See the output of
+    # "borg help placeholders" for details. Default is
+    # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
+    # also specify a prefix in the retention section to avoid accidental pruning of
+    # archives with a different archive name format. And you should also specify a
+    # prefix in the consistency section as well.
+    archive_name_format: '{hostname}-{now}'
+
+# Retention policy for how many backups to keep in each category. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
+# At least one of the "keep" options is required for pruning to work.
+retention:
+    # Number of hourly archives to keep.
+    keep_hourly: 3
+
+    # Number of daily archives to keep.
+    keep_daily: 7
+
+    # Number of weekly archives to keep.
+    keep_weekly: 4
+
+    # Number of monthly archives to keep.
+    keep_monthly: 6
+
+    # When pruning, only consider archive names starting with this prefix.
+    # Borg placeholders can be used. See the output of "borg help placeholders" for
+    # details. Default is "{hostname}-".
+    prefix: '{hostname}-'
+
+# Consistency checks to run after backups. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
+consistency:
+    # List of one or more consistency checks to run: "repository", "archives", and/or
+    # "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
+    # all consistency checks. "repository" checks the consistency of the repository,
+    # "archive" checks all of the archives, and "extract" does an extraction dry-run
+    # of just the most recent archive.
+    checks:
+        - disabled
+        # - repository
+        # - archives
+
+    # Restrict the number of checked archives to the last n. Applies only to the "archives" check.
+    check_last: 3
+
+    # When performing the "archives" check, only consider archive names starting with
+    # this prefix. Borg placeholders can be used. See the output of
+    # "borg help placeholders" for details. Default is "{hostname}-".
+    prefix: '{hostname}-'
+
+# Shell commands or scripts to execute before and after a backup or if an error has occurred.
+# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
+# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
+# prevent potential shell injection or privilege escalation.
+hooks:
+    # List of one or more shell commands or scripts to execute before creating a backup.
+    before_backup:
+        - echo "`date` - Starting backup."
+
+    # List of one or more shell commands or scripts to execute after creating a backup.
+    after_backup:
+        - echo "`date` - Finished backup."
+
+    # List of one or more shell commands or scripts to execute in case an exception has occurred.
+    on_error:
+        - echo "`date` - Error while creating a backup."
+

tests/inventory

@@ -0,0 +1,2 @@
+[gce]
+debian9 ansible_ssh_host=35.231.187.214 ansible_ssh_user=erlebnishengst_gmail_com

tests/playbook.yml

@@ -0,0 +1,12 @@
+---
+- hosts: all
+  become: yes
+  roles:
+    - role: borgbackup
+      borg_encryption_passphrase: CHANGEME
+      borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
+      borg_source_directories:
+        - /srv/www
+        - /var/lib/automysqlbackup
+      borg_exclude_patterns:
+        - /srv/www/upload

vars/main.yml

@@ -0,0 +1,14 @@
+---
+borg_apt_packages:
+  - libssl-dev
+  - libacl1-dev
+  - libacl1
+  - build-essential
+  - python3-dev
+  - python3-pip
+  - python3-msgpack
+
+borg_python_packages:
+  - borgbackup
+  - borgmatic
+