3 files changed, 82 insertions, 0 deletions

diff --git a/roles/restic/files/backup.sh b/roles/restic/files/backup.sh
new file mode 100644
index 00000000..5c304637
--- /dev/null
+++ b/roles/restic/files/backup.sh
@@ -0,0 +1,8 @@
+#!/bin/sh -e
+
+source /root/restic.env
+
+restic backup -q --hostname=obs $BACKUP_DIRS
+for DB in $BACKUP_DBS; do
+    mysqldump $DB|restic backup -q --hostname=obs --stdin-filename=$DB --stdin
+done
diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml
new file mode 100644
index 00000000..bb59d914
--- /dev/null
+++ b/roles/restic/tasks/main.yml
@@ -0,0 +1,59 @@
+- name: Install restic requirements
+  apt: pkg={{item}} state=installed
+  with_items:
+    - ca-certificates
+    - openssh-client
+    - bzip2
+  tags:
+    - update
+
+- name: Download restic
+  get_url:
+    url: https://github.com/restic/restic/releases/download/v0.8.0/restic_0.8.0_linux_arm64.bz2
+    dest: /srv/restic.bz2
+    checksum: sha256:b095c8ae34961ed96ebd2cfb8d99d0aae0c9194beee50efcb55743a56a3f2527
+
+- name: Install restic
+  shell: "bzcat /srv/restic.bz2 > /usr/local/bin/restic && chmod a+x /usr/local/bin/restic"
+  args:
+    creates: /usr/local/bin/restic
+
+- name: Set up backup env
+  template:
+    src: backup.env.j2
+    dest: /srv/backup.env
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Install backup script
+  copy:
+    src: backup.sh
+    dest: /srv/backup.sh
+    owner: root
+    group: root
+    mode: 0700
+
+- name: set up .ssh for backups
+  file:
+    path: /root/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: set up restic password
+  copy:
+    src: "{{secrets_dir}}/files/obs/restic"
+    dest: /root/restic-password
+    owner: root
+    group: root
+    mode: 0600
+
+- name: install ssh key for backups
+  copy:
+    src: "{{secrets_dir}}/files/obs/id_rsa"
+    dest: /root/.ssh/id_rsa
+    owner: root
+    group: root
+    mode: 0600
diff --git a/roles/restic/templates/backup.env.j2 b/roles/restic/templates/backup.env.j2
new file mode 100644
index 00000000..28f2877e
--- /dev/null
+++ b/roles/restic/templates/backup.env.j2
@@ -0,0 +1,15 @@
+#!/bin/sh -e
+
+export RESTIC_PASSWORD_FILE=/root/restic-password
+export RESTIC_REPOSITORY=sftp:{{backup_user}}@{{backup_host}}:obs
+
+export BACKUP_DIRS="\
+{% for directory in backup_dirs %}
+    {{directory}} \
+{% endfor %}"
+
+export BACKUP_DBS=" \
+{% for db in backup_db %}
+    db  \
+{% endfor %}"
+