o Working borg setup.

author: Trygve Laugstøl <trygvis@inamo.no> 2018-12-26 11:02:22 +0100
committer: Trygve Laugstøl <trygvis@inamo.no> 2018-12-26 11:02:22 +0100
commit: 37e93cced23e0ee726309e841b1dac19e9ccdac4 (patch)
tree: 8c692652c0a5fdbd0d95510dabd58c95e1805541
parent: 72811f0f48cad07351ab5c5224616383a6920add (diff)
download: infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.gz
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.bz2
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.xz
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.zip
20 files changed, 233 insertions, 150 deletions
diff --git a/ansible/borg-clients.yml b/ansible/borg-clients.yml
deleted file mode 100644
index 7731505..0000000
--- a/ansible/borg-clients.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- hosts:
-    - birgitte
-  tasks:
-    - name: borg-client
-      import_role: name=borg-client
-      tags: borg-client
-      become: true
diff --git a/ansible/borg-server.yml b/ansible/borg-server.yml
deleted file mode 100644
index e30f01f..0000000
--- a/ansible/borg-server.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- hosts:
-    - birgitte
-  tasks:
-    - name: packages
-      tags: packages
-      apt:
-        name: "{{ item }}"
-        install_recommends: no
-      with_items:
-        - borgbackup
-    - name: borg-server
-      import_role: name=borg-server
-      tags: borg-server
-      become: true
-      become_user: borg
diff --git a/ansible/borg.yml b/ansible/borg.yml
new file mode 100644
index 0000000..b68b342
--- /dev/null
+++ b/ansible/borg.yml
@@ -0,0 +1,10 @@
+---
+- hosts:
+    - borg_servers
+  roles:
+    - borg-server
+
+- hosts:
+    - borg_clients
+  roles:
+    - borg-client
diff --git a/ansible/files/birgitte/etc/borg/id_ed25519.pub b/ansible/files/birgitte/etc/borg/id_ed25519.pub
new file mode 100644
index 0000000..f4b79b5
--- /dev/null
+++ b/ansible/files/birgitte/etc/borg/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINVpbC77vXGiv1PYPRDpIC9GpRuQNQdYfKOTO1eBPQx7 for borg @ birgitte
diff --git a/ansible/files/conflatorio/etc/borg/id_ed25519.pub b/ansible/files/conflatorio/etc/borg/id_ed25519.pub
new file mode 100644
index 0000000..7bdbe0c
--- /dev/null
+++ b/ansible/files/conflatorio/etc/borg/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOFPpZthu5br8GFccV9/RtMrm/A3hsM92g8IwSLli+J for borg @ conflatorio
diff --git a/ansible/files/fuckaduck/etc/borg/id_ed25519.pub b/ansible/files/fuckaduck/etc/borg/id_ed25519.pub
new file mode 100644
index 0000000..2b3cc69
--- /dev/null
+++ b/ansible/files/fuckaduck/etc/borg/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+nB33MTjbXI5P5wpanz0M/OO+2fClfVfkEdKPQJ4n4 for borg @ fuckaduck
diff --git a/ansible/group_vars/all/borg_ssh_keys.yml b/ansible/group_vars/all/borg_ssh_keys.yml
deleted file mode 100644
index c3e3092..0000000
--- a/ansible/group_vars/all/borg_ssh_keys.yml
+++ /dev/null
@@ -1,93 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39306531386635336332626362313532303832666335376533636664313930346261323266373233
-3561303938616135366161643036666235633632646332630a623535333663313635616564386436
-62383566623631366339613234613963323231393262623530383564653563646535346663306336
-3231353665346537310a316361336433373834363762643232333264316363636462666636393966
-31336430653266366362383539323731643764646561316463633665666561383534336565336535
-37386262366132336135343137306332356533393139666630316665653166353936346566626637
-65646363623332623636343963353035363162396565653435653663393338346331643563373036
-38626466306334363138323637303631646133353836623631373932656165636432323336373137
-37373231396132653130643237366235303337336237303335333535613834623033643031376662
-65336363633031643337306634346338356437656461373838373937333465663036653932333666
-66626237613466326239646364366163303633326333636262623534343130626538666562626661
-36643932373030333066326264366630333236633036386462623536616536356463386431326334
-35643132623331363132636537363538616539633564316438353635303330616432616464333930
-39363536343331666630653739646662636261313039396461636164366266383963336463616636
-35376366643663323461623737343866643266346162646234616662326561613962623434366264
-63653737633662343133386233343138653161303135376130643038646536323666383762393436
-39653463313866313535636630393938313266646632636436613366613562663962633165663136
-30643733663331396266323135666561323039353739383330343532303339376333653463616133
-33313837353138626430643833663137643333356666646466666461666137343434383264346332
-37636537623630616136666137663965643863343263663437303031363061653139646363373761
-38366237646430623931663661383439373932353934303732393862613963393932366237343664
-62356264323433626662303236613535333534396162646337636165653766633431323135346565
-38633932333335316264383831316239653035386134343739323761323634666530353734306663
-62373138613134613336333362616664393864376430656265346334303062323434303862306230
-33373332396264616663643563396362663434613435353732343063363035393632646237643765
-35376131623666663435653963356134346431306662326434303239303532363833363334666539
-63633430376565643964323562663164636466323665396430306662396364323633636333336566
-30343936333238343136616331363837646261306265313539396666356235616337386163636238
-61666535326139643036363261666635353233616132366662663035356338316430343962626664
-37323933303362353163313964623534393631393564613134363463343039623761383531326362
-62633336306464623639636666626233393562633135353630343937653631613262333662353666
-34333263343561303939303265313630396434386465313131393433333235653866343139303933
-33636462613365353936353435643137653037313831633337613736626663653934396431343265
-35303665353033616339303934666563353739303537356534333061356466653965376130363936
-63643037376163336164366436646263373438363866373161376362646365646331626139366138
-65363034643861306330366464653133653935616137303033366233306235656462343362613731
-65626634363339616231646266333162373733333730633166663164616661613463626638613561
-36363636333534616635636639346462656366373137383035376565306366343535623236626161
-63663762323662373031336262303039303366643830346463333563383738323832333935303735
-66646236353731323833633063343465336331656561333765343361623861376332636435663434
-38643436313030653136336535663263323464366466616631373163323461643635336333323261
-33303539373033316663313064356262633864373131386463313235353931326262373635346533
-64393066353965333931633465633637353537353062353031396464386464366664666138653462
-31633138356661363366383536353139316438353134653931343238356631366563383136616635
-33666536323865313235346434346563656135316662613836313262613533623539633035663563
-30366461663962616366396336383730306637396238313931363765633335346130373638326231
-61646136313132336133366561613865356139626132643764633462333338343334323534353062
-32373664336135383332646166333039366139383962663939353639616333373430653065366263
-62653565306435653230313236396639353164373435386535303965366333643766643730383261
-66396233383734656338346362316366626435383130383539376636343735643036643339356666
-31356361663431656666343965613632663136326162303162363936656339316635333962396238
-61313430383334393863383131616532376133386263336531396336303561363964623063323262
-37373131343762643632636432633739323165333338646462663732643133393061393735646462
-32663539393730333230303862343536333238303064656636393536333136653766616135353634
-38646262653234356533646232666331366465346265616239373433663066653431306331373937
-32373433656237343837383664366335373966343362643432633332663637396232323330393834
-34616539616462366236613930383933383435356537613032323839616130616137613661643233
-35316165396438396661356562336664613931613034646164316663396633663466336566633266
-65613535303866663362373130303463363332623763396464313437393937626264313833373836
-39666434643135303238316165343532613731643461306633653866306333366533346232623661
-66653238323066613834393939653562386333386438383961366635303162373461323333383663
-61393236323035643935393732393264393032343330363165363733613331653033653939323130
-31306435666539613934373161643136353162633434383734393261393566666265623232393939
-36316439336438613164393239336262376364313364363239366363363735333464313166333337
-36653861663865363165643932353563373666353030646361666166633361323938383563623834
-64343763323438326236343439346661623032616537363465386431643833393634316565646639
-64336531643031343638623630623736656330306138303961636332303735633938306165663435
-33393432653430656336613065323831336365623661616532303734383963643637363431613134
-61373331316363316261626430643833393837646563626535343839353631383561383638333530
-39343837306432653262336139653930626162303431393233316135346239363538643062643531
-65613432636534626665613634346166323666356665653534336564303632613164316666306162
-61396237376438653665653763353237613861626434346138623737343239393738633838303638
-63636437346535663436623963373565306636353466663661383838643665366333646362613736
-62376362363830653730643530373264316331636430613165346234643762353161366431346664
-61366263623661333066373038663739353861376537393763636664663739333332656137303461
-31326461653431646533656539356533396561663065643033613431303334393266316337623063
-61386564323066646365616435303966306634323163663065386131623034316232323064656435
-34353030633938303534346562363163643266613235386138333565616364663737623930336562
-66386532366638333864643866623666333030336461323836346464306664636433643131383466
-34303162383931646534333337373438323534666339386136663262353537366166353034653631
-33313365363264616536623166393163636161376338393935373761626135346232353464363864
-39323065656436383663613035313236356636613038643030386139346265313439336164633566
-37303961613066613530363834613532316266353832396331653762373937623263653937353739
-36643233353338313965323132633766303765366336353335396339353836373163393765616464
-63623965326661653836336633366430663236306237383934376634626539323163303037323561
-33653332353833633334333332306637366332663562653133353437323735666565636634356236
-66363130376230343361643265656233386636613831356262383733623533303331643832663265
-64303839386639633731303962623661313939623239343830666535636133653138333635343065
-30366539633430333132656564376563613762396333323932346665393163666234653538393939
-62646138613630333064346631356166626636653936363165646236613935313165643733613633
-61313736326137376134333362626337376465376635353131366130613862373335303731666131
-30346266366236393736
diff --git a/ansible/host_vars/birgitte/borg.yml b/ansible/host_vars/birgitte/borg.yml
index d3ba2fe..fb5058a 100644
--- a/ansible/host_vars/birgitte/borg.yml
+++ b/ansible/host_vars/birgitte/borg.yml
@@ -1,4 +1,11 @@
-borg_basedir: /disk1/borg
-borg_clients:
-  conflatorio:
-    state: present
+borg_client__state: present
+borg_client__patterns:
+  - -/proc
+  - -/dev
+  - -/run
+  - -/sys
+  - -/home/*/.cache
+  - -/pool0
+  - -/disk1
+  - -/disk2
+  - -/sda1
diff --git a/ansible/host_vars/conflatorio/borg.yml b/ansible/host_vars/conflatorio/borg.yml
new file mode 100644
index 0000000..c4165ff
--- /dev/null
+++ b/ansible/host_vars/conflatorio/borg.yml
@@ -0,0 +1,7 @@
+borg_client__state: present
+borg_client__patterns:
+  - -/proc
+  - -/dev
+  - -/run
+  - -/sys
+  - -/home/*/.cache
diff --git a/ansible/host_vars/fuckaduck/borg.yml b/ansible/host_vars/fuckaduck/borg.yml
new file mode 100644
index 0000000..c4165ff
--- /dev/null
+++ b/ansible/host_vars/fuckaduck/borg.yml
@@ -0,0 +1,7 @@
+borg_client__state: present
+borg_client__patterns:
+  - -/proc
+  - -/dev
+  - -/run
+  - -/sys
+  - -/home/*/.cache
diff --git a/ansible/host_vars/malabaricus/borg-server.yml b/ansible/host_vars/malabaricus/borg-server.yml
new file mode 100644
index 0000000..bb7a961
--- /dev/null
+++ b/ansible/host_vars/malabaricus/borg-server.yml
@@ -0,0 +1,6 @@
+borg_birgitte:
+  state: present
+borg_conflatorio:
+  state: present
+borg_fuckaduck:
+  state: present
diff --git a/ansible/inventory b/ansible/inventory
index 9b9ff78..6319cd4 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -72,4 +72,22 @@ all:
           ansible_connection: lxc_ssh
           ansible_ssh_extra_args: sz-test
 
+# Borg
+    borg_servers:
+      hosts:
+        malabaricus:
+      vars:
+        borg_server__clients_ansible_group: borg_nas
+    borg_nas:
+      hosts:
+        fuckaduck:
+        birgitte:
+        conflatorio:
+      vars:
+        borg_client__server: malabaricus.trygvis.io
+
+    borg_clients:
+      children:
+        borg_nas:
+
 # vim: set filetype=yaml:
diff --git a/ansible/roles/borg-client/defaults/main.yml b/ansible/roles/borg-client/defaults/main.yml
new file mode 100644
index 0000000..b450b4d
--- /dev/null
+++ b/ansible/roles/borg-client/defaults/main.yml
@@ -0,0 +1 @@
+ssh_key: /etc/borg/id_ed25519
diff --git a/ansible/roles/borg-client/tasks/main.yml b/ansible/roles/borg-client/tasks/main.yml
index 79a9406..a65ae3e 100644
--- a/ansible/roles/borg-client/tasks/main.yml
+++ b/ansible/roles/borg-client/tasks/main.yml
@@ -1,8 +1,95 @@
 ---
 - name: packages
+  become: yes
   tags: packages
   apt:
-    name: "{{ item }}"
+    name: "{{ items }}"
     install_recommends: no
-  with_items:
-    - borgbackup
+  vars:
+    items:
+      - borgbackup
+
+- name: mkdir /etc/borg
+  become: yes
+  file:
+    path: /etc/borg
+    state: directory
+    mode: u=rwx,go=
+
+- name: Generate SSH keys
+  become: yes
+  command: ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "for borg @ {{ ansible_hostname }}"
+  args:
+    creates: "{{ ssh_key }}"
+  register: ssh_key_generated
+
+- when: ssh_key_generated.changed
+  become: yes
+  fetch:
+    src: "{{ ssh_key }}.pub"
+    dest: "files"
+
+- name: /etc/borg/env
+  become: yes
+  copy:
+    dest: /etc/borg/env
+    content: |
+      BORG_REPO="borg@{{ borg_client__server }}:{{ ansible_hostname }}"
+      BORG_RSH="ssh -i {{ ssh_key}}"
+
+# "
+
+- name: /etc/borg/excludes
+  become: yes
+  when: borg_client__state == "absent"
+  file:
+    path: /etc/borg/excludes
+    state: absent
+
+- name: /etc/borg/excludes
+  when: borg_client__state == "present"
+  become: yes
+  copy:
+    dest: /etc/borg/excludes
+    content: |
+      /proc
+      /dev
+      /sys
+
+- name: /etc/borg/patterns
+  become: yes
+  copy:
+    dest: /etc/borg/patterns
+    content: |
+      P sh
+      R /
+      {% for item in borg_client__patterns %}
+      {{ item }}
+      {% endfor %}
+
+- name: /usr/local/bin/create-backup
+  become: yes
+  template:
+    dest: /usr/local/bin/create-backup
+    src: bin/create-backup
+    mode: u=rx,go=
+    owner: root
+    group: root
+
+- become: yes
+  copy:
+    dest: /etc/systemd/system/create-backup.service
+    content: |
+      [Unit]
+      Description=Create backup
+
+      [Service]
+      Type=oneshot
+      WorkingDirectory=/
+      ExecStart=/usr/local/bin/create-backup
+  register: create_backup_service
+
+- when: create_backup_service.changed
+  become: yes
+  systemd:
+    daemon_reload: yes
diff --git a/ansible/roles/borg-client/templates/bin/create-backup b/ansible/roles/borg-client/templates/bin/create-backup
new file mode 100644
index 0000000..dfbe72d
--- /dev/null
+++ b/ansible/roles/borg-client/templates/bin/create-backup
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+cd /
+
+. /etc/borg/env
+export BORG_REPO
+export BORG_RSH
+
+cmd=()
+cmd+=(borg create)
+cmd+=(--stats)
+cmd+=(--progress)
+cmd+=(--json)
+cmd+=(--exclude-from=/etc/borg/excludes)
+cmd+=(--patterns-from=/etc/borg/patterns)
+cmd+=(::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}')
+
+echo BORG_REPO=$BORG_REPO
+
+set -x
+time "${cmd[@]}"
diff --git a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup
deleted file mode 100644
index 7f3e218..0000000
--- a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-/usr/bin/borg
diff --git a/ansible/roles/borg-server/defaults/main.yml b/ansible/roles/borg-server/defaults/main.yml
new file mode 100644
index 0000000..8d25395
--- /dev/null
+++ b/ansible/roles/borg-server/defaults/main.yml
@@ -0,0 +1,2 @@
+borg_server__home: /borg
+borg_server__shell: /bin/bash
diff --git a/ansible/roles/borg-server/tasks/borg-server.yml b/ansible/roles/borg-server/tasks/borg-server.yml
new file mode 100644
index 0000000..253aa4a
--- /dev/null
+++ b/ansible/roles/borg-server/tasks/borg-server.yml
@@ -0,0 +1,30 @@
+- debug: var=groups[borg_server__clients_ansible_group]
+
+- become: yes
+  become_user: borg
+  vars:
+    clients: "{{ groups[borg_server__clients_ansible_group] }}"
+  block:
+    - name: mkdir repos
+      file:
+        path: "{{ borg_server__home }}/repos"
+        state: directory
+        mode: u=rwx,go=
+
+    - name: mkdir repos/{{ item.key }}
+      with_items: "{{ clients }}"
+      command: borg init "{{ item }}" -e none
+      args:
+        creates: "{{ borg_server__home }}/repos/{{ item }}"
+        chdir: "{{ borg_server__home }}/repos"
+
+    - name: authorized_keys
+      with_items: "{{ clients }}"
+      vars:
+        client: "{{hostvars[ansible_hostname]['borg_' + item]}}"
+      authorized_key:
+        user: borg
+        state: "{{ client.state }}"
+        key: "{{ lookup('file', item + '/etc/borg/id_ed25519.pub') }}"
+        path: "{{ borg_server__home }}/.ssh/authorized_keys"
+        key_options: "command=\"cd {{ borg_server__home }}/repos; borg serve --append-only --restrict-to-path {{ borg_server__home }}/repos/{{ item }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc"
diff --git a/ansible/roles/borg-server/tasks/main.yml b/ansible/roles/borg-server/tasks/main.yml
index 9ef5635..c975803 100644
--- a/ansible/roles/borg-server/tasks/main.yml
+++ b/ansible/roles/borg-server/tasks/main.yml
@@ -1,23 +1,26 @@
-- name: authorized_keys
-  with_dict: "{{ borg_clients }}"
-  authorized_key:
-    user: borg
-    manage_dir: False
-    state: "{{ item.value.state }}"
-    key: "{{ borg_ssh_keys[item.key].public }}"
-    path: "{{ borg_basedir }}/.ssh/authorized_keys2"
-    key_options: "command=\"cd {{ borg_basedir }}/repos; borg serve --append-only --restrict-to-path {{ borg_basedir }}/repos/{{ item.key }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc"
+- name: packages
+  tags: borg-server
+  become: yes
+  apt:
+    name: "{{ items }}"
+    install_recommends: no
+  vars:
+    items:
+      - borgbackup
 
-- name: mkdir repos
-  file:
-    path: "{{ borg_basedir }}/repos"
-    state: directory
-    mode: u=rwx,go=
-    owner: borg
+- name: Create unix group
+  become: yes
+  group:
+    name: borg
+    system: yes
+
+- name: Create unix user
+  become: yes
+  user:
+    name: borg
+    system: yes
     group: borg
+    shell: "{{ borg_server__shell }}"
+    home: "{{ borg_server__home }}"
 
-#- name: mkdir repos/{{ item.key }}
-#  with_dict: "{{ borg_clients }}"
-#  file:
-#    path: "{{ borg_basedir }}/repos"
-#    state: directory
+- import_tasks: borg-server.yml
diff --git a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
index 97ab7c9..975c061 100644
--- a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
+++ b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
@@ -35,11 +35,12 @@ domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv4_resource }}" "A" "[remo
 {% if linode_dns__ipv6_resource is defined %}
 q=''
 #q='map(select(.ifname=="wlx00e01d0808b2"))'
-q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true) | .local) | first'
+q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true and (.local|test("^fd")|not)) | .local) | first'
 ip=$(ip -6 -json addr | jq -r -c "$q")
 
 if [[ ! -z $ip ]]
 then
+  echo "Setting IPv6 to $ip."
   domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv6_resource }}" "AAAA" "$ip"
 fi
 {% endif %}
author	Trygve Laugstøl <trygvis@inamo.no>	2018-12-26 11:02:22 +0100
committer	Trygve Laugstøl <trygvis@inamo.no>	2018-12-26 11:02:22 +0100
commit	37e93cced23e0ee726309e841b1dac19e9ccdac4 (patch)
tree	8c692652c0a5fdbd0d95510dabd58c95e1805541
parent	72811f0f48cad07351ab5c5224616383a6920add (diff)
download	infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.gz infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.bz2 infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.xz infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.zip