initial commit

This commit is contained in:
Manu 2018-10-06 20:04:20 +08:00
commit fecacf36d9
8 changed files with 248 additions and 0 deletions

20
LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2018 Manuel Riel
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

34
README.md Normal file
View File

@ -0,0 +1,34 @@
# Ansible Role: BorgBackup Client
An Ansible Role that installs that sets up BorgBackup on Debian/Ubuntu.
## Role Variables
- `borg_repository` (required): Full path to repository.
- `borg_encryption_passphrase` (optional): Password to use for repokey or keyfile. Empty if repo is unencrypted.
- `borg_source_directories` (required): List of local folders to back up.
- `borg_exclude_patterns` (optional): List of local folders to exclude.
## Example Playbook
```
- hosts: webservers
roles:
- role: borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_source_directories:
- /srv/www
- /var/lib/automysqlbackup
borg_exclude_patterns:
- /srv/www/upload
```
## License
MIT/BSD
## Author
This role was created by Manuel Riel, founder of [BorgBase.com](https://www.borgbase.com) - Simple and Secure Hosting for your Borg Repositories.

3
defaults/main.yml Executable file
View File

@ -0,0 +1,3 @@
---
borg_encryption_passphrase: ''
borg_exclude_patterns: []

48
tasks/main.yml Executable file
View File

@ -0,0 +1,48 @@
---
- name: Regenerate apt-cache and update packages
apt: update_cache=yes upgrade=dist cache_valid_time=120
- name: Install required System Packages
apt:
pkg: "{{ item }}"
state: installed
with_items: "{{ borg_apt_packages }}"
- name: Install required Python Packages
pip:
name: "{{ item }}"
executable: pip3
with_items: "{{ borg_python_packages }}"
- name: Ensure root has SSH key.
user:
name: "root"
generate_ssh_key: yes
ssh_key_file: .ssh/id_ed25519
ssh_key_type: ed25519
register: root_user
- debug:
var: root_user['ssh_public_key']
- name: Ensures /etc/borgmatic exists
file:
path: /etc/borgmatic
state: directory
mode: 0700
owner: root
- name: Add Borgmatic Configuration
template:
src: config.yaml.j2
dest: "/etc/borgmatic/config.yaml"
mode: 0600
- name: Add cron-job for borgmatic
cron:
name: "borgmatic"
hour: "{{ 4 |random }}"
minute: "{{ 59 |random }}"
user: "root"
cron_file: borgmatic
job: "/usr/local/bin/borgmatic"

115
templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,115 @@
location:
source_directories:
{% for dir in borg_source_directories %}
- {{ dir }}
{% endfor %}
one_file_system: true
repositories:
- {{ borg_repository }}
# Any paths matching these patterns are excluded from backups. Globs and tildes
# are expanded. See the output of "borg help patterns" for more details.
exclude_patterns:
{% for dir in borg_exclude_patterns %}
- {{ dir }}
{% endfor %}
# Exclude directories that contain a CACHEDIR.TAG file. See
# http://www.brynosaurus.com/cachedir/spec.html for details.
exclude_caches: true
# Exclude directories that contain a file with the given filename.
exclude_if_present: .nobackup
# Repository storage options. See
# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
# details.
storage:
encryption_passphrase: {{ borg_encryption_passphrase }}
# Type of compression to use when creating archives. See
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
# Defaults to no compression.
compression: auto,zstd
# Remote network upload rate limit in kiBytes/second.
#remote_rate_limit: 5000
# Command to use instead of just "ssh". This can be used to specify ssh options.
# ssh_command: ssh -i ~/.ssh/id_ed25519
# Umask to be used for borg create.
umask: 0077
# Maximum seconds to wait for acquiring a repository/cache lock.
lock_wait: 5
# Name of the archive. Borg placeholders can be used. See the output of
# "borg help placeholders" for details. Default is
# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
# also specify a prefix in the retention section to avoid accidental pruning of
# archives with a different archive name format. And you should also specify a
# prefix in the consistency section as well.
archive_name_format: '{hostname}-{now}'
# Retention policy for how many backups to keep in each category. See
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
# At least one of the "keep" options is required for pruning to work.
retention:
# Number of hourly archives to keep.
keep_hourly: 3
# Number of daily archives to keep.
keep_daily: 7
# Number of weekly archives to keep.
keep_weekly: 4
# Number of monthly archives to keep.
keep_monthly: 6
# When pruning, only consider archive names starting with this prefix.
# Borg placeholders can be used. See the output of "borg help placeholders" for
# details. Default is "{hostname}-".
prefix: '{hostname}-'
# Consistency checks to run after backups. See
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
consistency:
# List of one or more consistency checks to run: "repository", "archives", and/or
# "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
# all consistency checks. "repository" checks the consistency of the repository,
# "archive" checks all of the archives, and "extract" does an extraction dry-run
# of just the most recent archive.
checks:
- disabled
# - repository
# - archives
# Restrict the number of checked archives to the last n. Applies only to the "archives" check.
check_last: 3
# When performing the "archives" check, only consider archive names starting with
# this prefix. Borg placeholders can be used. See the output of
# "borg help placeholders" for details. Default is "{hostname}-".
prefix: '{hostname}-'
# Shell commands or scripts to execute before and after a backup or if an error has occurred.
# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
# prevent potential shell injection or privilege escalation.
hooks:
# List of one or more shell commands or scripts to execute before creating a backup.
before_backup:
- echo "`date` - Starting backup."
# List of one or more shell commands or scripts to execute after creating a backup.
after_backup:
- echo "`date` - Finished backup."
# List of one or more shell commands or scripts to execute in case an exception has occurred.
on_error:
- echo "`date` - Error while creating a backup."

2
tests/inventory Normal file
View File

@ -0,0 +1,2 @@
[gce]
debian9 ansible_ssh_host=35.231.187.214 ansible_ssh_user=erlebnishengst_gmail_com

12
tests/playbook.yml Normal file
View File

@ -0,0 +1,12 @@
---
- hosts: all
become: yes
roles:
- role: borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_source_directories:
- /srv/www
- /var/lib/automysqlbackup
borg_exclude_patterns:
- /srv/www/upload

14
vars/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
borg_apt_packages:
- libssl-dev
- libacl1-dev
- libacl1
- build-essential
- python3-dev
- python3-pip
- python3-msgpack
borg_python_packages:
- borgbackup
- borgmatic