diff options
-rw-r--r-- | roles/restic/files/backup.sh | 8 | ||||
-rw-r--r-- | roles/restic/tasks/main.yml | 59 | ||||
-rw-r--r-- | roles/restic/templates/backup.env.j2 | 15 |
3 files changed, 82 insertions, 0 deletions
diff --git a/roles/restic/files/backup.sh b/roles/restic/files/backup.sh new file mode 100644 index 00000000..5c304637 --- /dev/null +++ b/roles/restic/files/backup.sh @@ -0,0 +1,8 @@ +#!/bin/sh -e + +source /root/restic.env + +restic backup -q --hostname=obs $BACKUP_DIRS +for DB in $BACKUP_DBS; do + mysqldump $DB|restic backup -q --hostname=obs --stdin-filename=$DB --stdin +done diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml new file mode 100644 index 00000000..bb59d914 --- /dev/null +++ b/roles/restic/tasks/main.yml @@ -0,0 +1,59 @@ +- name: Install restic requirements + apt: pkg={{item}} state=installed + with_items: + - ca-certificates + - openssh-client + - bzip2 + tags: + - update + +- name: Download restic + get_url: + url: https://github.com/restic/restic/releases/download/v0.8.0/restic_0.8.0_linux_arm64.bz2 + dest: /srv/restic.bz2 + checksum: sha256:b095c8ae34961ed96ebd2cfb8d99d0aae0c9194beee50efcb55743a56a3f2527 + +- name: Install restic + shell: "bzcat /srv/restic.bz2 > /usr/local/bin/restic && chmod a+x /usr/local/bin/restic" + args: + creates: /usr/local/bin/restic + +- name: Set up backup env + template: + src: backup.env.j2 + dest: /srv/backup.env + owner: root + group: root + mode: 0700 + +- name: Install backup script + copy: + src: backup.sh + dest: /srv/backup.sh + owner: root + group: root + mode: 0700 + +- name: set up .ssh for backups + file: + path: /root/.ssh + state: directory + owner: root + group: root + mode: 0700 + +- name: set up restic password + copy: + src: "{{secrets_dir}}/files/obs/restic" + dest: /root/restic-password + owner: root + group: root + mode: 0600 + +- name: install ssh key for backups + copy: + src: "{{secrets_dir}}/files/obs/id_rsa" + dest: /root/.ssh/id_rsa + owner: root + group: root + mode: 0600 diff --git a/roles/restic/templates/backup.env.j2 b/roles/restic/templates/backup.env.j2 new file mode 100644 index 00000000..28f2877e --- /dev/null +++ b/roles/restic/templates/backup.env.j2 @@ -0,0 +1,15 @@ +#!/bin/sh -e + +export RESTIC_PASSWORD_FILE=/root/restic-password +export RESTIC_REPOSITORY=sftp:{{backup_user}}@{{backup_host}}:obs + +export BACKUP_DIRS="\ +{% for directory in backup_dirs %} + {{directory}} \ +{% endfor %}" + +export BACKUP_DBS=" \ +{% for db in backup_db %} + db \ +{% endfor %}" + |