diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-26 11:02:22 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-26 11:02:22 +0100 |
commit | 37e93cced23e0ee726309e841b1dac19e9ccdac4 (patch) | |
tree | 8c692652c0a5fdbd0d95510dabd58c95e1805541 /ansible/roles | |
parent | 72811f0f48cad07351ab5c5224616383a6920add (diff) | |
download | infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.gz infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.bz2 infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.xz infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.zip |
o Working borg setup.
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/borg-client/defaults/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/borg-client/tasks/main.yml | 93 | ||||
-rw-r--r-- | ansible/roles/borg-client/templates/bin/create-backup | 23 | ||||
-rw-r--r-- | ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup | 5 | ||||
-rw-r--r-- | ansible/roles/borg-server/defaults/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/borg-server/tasks/borg-server.yml | 30 | ||||
-rw-r--r-- | ansible/roles/borg-server/tasks/main.yml | 43 | ||||
-rw-r--r-- | ansible/roles/linode-dns-update/templates/linode-dns-update.j2 | 3 |
8 files changed, 171 insertions, 29 deletions
diff --git a/ansible/roles/borg-client/defaults/main.yml b/ansible/roles/borg-client/defaults/main.yml new file mode 100644 index 0000000..b450b4d --- /dev/null +++ b/ansible/roles/borg-client/defaults/main.yml @@ -0,0 +1 @@ +ssh_key: /etc/borg/id_ed25519 diff --git a/ansible/roles/borg-client/tasks/main.yml b/ansible/roles/borg-client/tasks/main.yml index 79a9406..a65ae3e 100644 --- a/ansible/roles/borg-client/tasks/main.yml +++ b/ansible/roles/borg-client/tasks/main.yml @@ -1,8 +1,95 @@ --- - name: packages + become: yes tags: packages apt: - name: "{{ item }}" + name: "{{ items }}" install_recommends: no - with_items: - - borgbackup + vars: + items: + - borgbackup + +- name: mkdir /etc/borg + become: yes + file: + path: /etc/borg + state: directory + mode: u=rwx,go= + +- name: Generate SSH keys + become: yes + command: ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "for borg @ {{ ansible_hostname }}" + args: + creates: "{{ ssh_key }}" + register: ssh_key_generated + +- when: ssh_key_generated.changed + become: yes + fetch: + src: "{{ ssh_key }}.pub" + dest: "files" + +- name: /etc/borg/env + become: yes + copy: + dest: /etc/borg/env + content: | + BORG_REPO="borg@{{ borg_client__server }}:{{ ansible_hostname }}" + BORG_RSH="ssh -i {{ ssh_key}}" + +# " + +- name: /etc/borg/excludes + become: yes + when: borg_client__state == "absent" + file: + path: /etc/borg/excludes + state: absent + +- name: /etc/borg/excludes + when: borg_client__state == "present" + become: yes + copy: + dest: /etc/borg/excludes + content: | + /proc + /dev + /sys + +- name: /etc/borg/patterns + become: yes + copy: + dest: /etc/borg/patterns + content: | + P sh + R / + {% for item in borg_client__patterns %} + {{ item }} + {% endfor %} + +- name: /usr/local/bin/create-backup + become: yes + template: + dest: /usr/local/bin/create-backup + src: bin/create-backup + mode: u=rx,go= + owner: root + group: root + +- become: yes + copy: + dest: /etc/systemd/system/create-backup.service + content: | + [Unit] + Description=Create backup + + [Service] + Type=oneshot + WorkingDirectory=/ + ExecStart=/usr/local/bin/create-backup + register: create_backup_service + +- when: create_backup_service.changed + become: yes + systemd: + daemon_reload: yes diff --git a/ansible/roles/borg-client/templates/bin/create-backup b/ansible/roles/borg-client/templates/bin/create-backup new file mode 100644 index 0000000..dfbe72d --- /dev/null +++ b/ansible/roles/borg-client/templates/bin/create-backup @@ -0,0 +1,23 @@ +#!/bin/bash + +set -euo pipefail + +cd / + +. /etc/borg/env +export BORG_REPO +export BORG_RSH + +cmd=() +cmd+=(borg create) +cmd+=(--stats) +cmd+=(--progress) +cmd+=(--json) +cmd+=(--exclude-from=/etc/borg/excludes) +cmd+=(--patterns-from=/etc/borg/patterns) +cmd+=(::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}') + +echo BORG_REPO=$BORG_REPO + +set -x +time "${cmd[@]}" diff --git a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup deleted file mode 100644 index 7f3e218..0000000 --- a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -/usr/bin/borg diff --git a/ansible/roles/borg-server/defaults/main.yml b/ansible/roles/borg-server/defaults/main.yml new file mode 100644 index 0000000..8d25395 --- /dev/null +++ b/ansible/roles/borg-server/defaults/main.yml @@ -0,0 +1,2 @@ +borg_server__home: /borg +borg_server__shell: /bin/bash diff --git a/ansible/roles/borg-server/tasks/borg-server.yml b/ansible/roles/borg-server/tasks/borg-server.yml new file mode 100644 index 0000000..253aa4a --- /dev/null +++ b/ansible/roles/borg-server/tasks/borg-server.yml @@ -0,0 +1,30 @@ +- debug: var=groups[borg_server__clients_ansible_group] + +- become: yes + become_user: borg + vars: + clients: "{{ groups[borg_server__clients_ansible_group] }}" + block: + - name: mkdir repos + file: + path: "{{ borg_server__home }}/repos" + state: directory + mode: u=rwx,go= + + - name: mkdir repos/{{ item.key }} + with_items: "{{ clients }}" + command: borg init "{{ item }}" -e none + args: + creates: "{{ borg_server__home }}/repos/{{ item }}" + chdir: "{{ borg_server__home }}/repos" + + - name: authorized_keys + with_items: "{{ clients }}" + vars: + client: "{{hostvars[ansible_hostname]['borg_' + item]}}" + authorized_key: + user: borg + state: "{{ client.state }}" + key: "{{ lookup('file', item + '/etc/borg/id_ed25519.pub') }}" + path: "{{ borg_server__home }}/.ssh/authorized_keys" + key_options: "command=\"cd {{ borg_server__home }}/repos; borg serve --append-only --restrict-to-path {{ borg_server__home }}/repos/{{ item }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc" diff --git a/ansible/roles/borg-server/tasks/main.yml b/ansible/roles/borg-server/tasks/main.yml index 9ef5635..c975803 100644 --- a/ansible/roles/borg-server/tasks/main.yml +++ b/ansible/roles/borg-server/tasks/main.yml @@ -1,23 +1,26 @@ -- name: authorized_keys - with_dict: "{{ borg_clients }}" - authorized_key: - user: borg - manage_dir: False - state: "{{ item.value.state }}" - key: "{{ borg_ssh_keys[item.key].public }}" - path: "{{ borg_basedir }}/.ssh/authorized_keys2" - key_options: "command=\"cd {{ borg_basedir }}/repos; borg serve --append-only --restrict-to-path {{ borg_basedir }}/repos/{{ item.key }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc" +- name: packages + tags: borg-server + become: yes + apt: + name: "{{ items }}" + install_recommends: no + vars: + items: + - borgbackup -- name: mkdir repos - file: - path: "{{ borg_basedir }}/repos" - state: directory - mode: u=rwx,go= - owner: borg +- name: Create unix group + become: yes + group: + name: borg + system: yes + +- name: Create unix user + become: yes + user: + name: borg + system: yes group: borg + shell: "{{ borg_server__shell }}" + home: "{{ borg_server__home }}" -#- name: mkdir repos/{{ item.key }} -# with_dict: "{{ borg_clients }}" -# file: -# path: "{{ borg_basedir }}/repos" -# state: directory +- import_tasks: borg-server.yml diff --git a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 index 97ab7c9..975c061 100644 --- a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 +++ b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 @@ -35,11 +35,12 @@ domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv4_resource }}" "A" "[remo {% if linode_dns__ipv6_resource is defined %} q='' #q='map(select(.ifname=="wlx00e01d0808b2"))' -q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true) | .local) | first' +q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true and (.local|test("^fd")|not)) | .local) | first' ip=$(ip -6 -json addr | jq -r -c "$q") if [[ ! -z $ip ]] then + echo "Setting IPv6 to $ip." domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv6_resource }}" "AAAA" "$ip" fi {% endif %} |