aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-12-26 11:02:22 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2018-12-26 11:02:22 +0100
commit37e93cced23e0ee726309e841b1dac19e9ccdac4 (patch)
tree8c692652c0a5fdbd0d95510dabd58c95e1805541 /ansible/roles
parent72811f0f48cad07351ab5c5224616383a6920add (diff)
downloadinfra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.gz
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.bz2
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.tar.xz
infra-37e93cced23e0ee726309e841b1dac19e9ccdac4.zip
o Working borg setup.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/borg-client/defaults/main.yml1
-rw-r--r--ansible/roles/borg-client/tasks/main.yml93
-rw-r--r--ansible/roles/borg-client/templates/bin/create-backup23
-rw-r--r--ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup5
-rw-r--r--ansible/roles/borg-server/defaults/main.yml2
-rw-r--r--ansible/roles/borg-server/tasks/borg-server.yml30
-rw-r--r--ansible/roles/borg-server/tasks/main.yml43
-rw-r--r--ansible/roles/linode-dns-update/templates/linode-dns-update.j23
8 files changed, 171 insertions, 29 deletions
diff --git a/ansible/roles/borg-client/defaults/main.yml b/ansible/roles/borg-client/defaults/main.yml
new file mode 100644
index 0000000..b450b4d
--- /dev/null
+++ b/ansible/roles/borg-client/defaults/main.yml
@@ -0,0 +1 @@
+ssh_key: /etc/borg/id_ed25519
diff --git a/ansible/roles/borg-client/tasks/main.yml b/ansible/roles/borg-client/tasks/main.yml
index 79a9406..a65ae3e 100644
--- a/ansible/roles/borg-client/tasks/main.yml
+++ b/ansible/roles/borg-client/tasks/main.yml
@@ -1,8 +1,95 @@
---
- name: packages
+ become: yes
tags: packages
apt:
- name: "{{ item }}"
+ name: "{{ items }}"
install_recommends: no
- with_items:
- - borgbackup
+ vars:
+ items:
+ - borgbackup
+
+- name: mkdir /etc/borg
+ become: yes
+ file:
+ path: /etc/borg
+ state: directory
+ mode: u=rwx,go=
+
+- name: Generate SSH keys
+ become: yes
+ command: ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "for borg @ {{ ansible_hostname }}"
+ args:
+ creates: "{{ ssh_key }}"
+ register: ssh_key_generated
+
+- when: ssh_key_generated.changed
+ become: yes
+ fetch:
+ src: "{{ ssh_key }}.pub"
+ dest: "files"
+
+- name: /etc/borg/env
+ become: yes
+ copy:
+ dest: /etc/borg/env
+ content: |
+ BORG_REPO="borg@{{ borg_client__server }}:{{ ansible_hostname }}"
+ BORG_RSH="ssh -i {{ ssh_key}}"
+
+# "
+
+- name: /etc/borg/excludes
+ become: yes
+ when: borg_client__state == "absent"
+ file:
+ path: /etc/borg/excludes
+ state: absent
+
+- name: /etc/borg/excludes
+ when: borg_client__state == "present"
+ become: yes
+ copy:
+ dest: /etc/borg/excludes
+ content: |
+ /proc
+ /dev
+ /sys
+
+- name: /etc/borg/patterns
+ become: yes
+ copy:
+ dest: /etc/borg/patterns
+ content: |
+ P sh
+ R /
+ {% for item in borg_client__patterns %}
+ {{ item }}
+ {% endfor %}
+
+- name: /usr/local/bin/create-backup
+ become: yes
+ template:
+ dest: /usr/local/bin/create-backup
+ src: bin/create-backup
+ mode: u=rx,go=
+ owner: root
+ group: root
+
+- become: yes
+ copy:
+ dest: /etc/systemd/system/create-backup.service
+ content: |
+ [Unit]
+ Description=Create backup
+
+ [Service]
+ Type=oneshot
+ WorkingDirectory=/
+ ExecStart=/usr/local/bin/create-backup
+ register: create_backup_service
+
+- when: create_backup_service.changed
+ become: yes
+ systemd:
+ daemon_reload: yes
diff --git a/ansible/roles/borg-client/templates/bin/create-backup b/ansible/roles/borg-client/templates/bin/create-backup
new file mode 100644
index 0000000..dfbe72d
--- /dev/null
+++ b/ansible/roles/borg-client/templates/bin/create-backup
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+cd /
+
+. /etc/borg/env
+export BORG_REPO
+export BORG_RSH
+
+cmd=()
+cmd+=(borg create)
+cmd+=(--stats)
+cmd+=(--progress)
+cmd+=(--json)
+cmd+=(--exclude-from=/etc/borg/excludes)
+cmd+=(--patterns-from=/etc/borg/patterns)
+cmd+=(::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}')
+
+echo BORG_REPO=$BORG_REPO
+
+set -x
+time "${cmd[@]}"
diff --git a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup
deleted file mode 100644
index 7f3e218..0000000
--- a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-/usr/bin/borg
diff --git a/ansible/roles/borg-server/defaults/main.yml b/ansible/roles/borg-server/defaults/main.yml
new file mode 100644
index 0000000..8d25395
--- /dev/null
+++ b/ansible/roles/borg-server/defaults/main.yml
@@ -0,0 +1,2 @@
+borg_server__home: /borg
+borg_server__shell: /bin/bash
diff --git a/ansible/roles/borg-server/tasks/borg-server.yml b/ansible/roles/borg-server/tasks/borg-server.yml
new file mode 100644
index 0000000..253aa4a
--- /dev/null
+++ b/ansible/roles/borg-server/tasks/borg-server.yml
@@ -0,0 +1,30 @@
+- debug: var=groups[borg_server__clients_ansible_group]
+
+- become: yes
+ become_user: borg
+ vars:
+ clients: "{{ groups[borg_server__clients_ansible_group] }}"
+ block:
+ - name: mkdir repos
+ file:
+ path: "{{ borg_server__home }}/repos"
+ state: directory
+ mode: u=rwx,go=
+
+ - name: mkdir repos/{{ item.key }}
+ with_items: "{{ clients }}"
+ command: borg init "{{ item }}" -e none
+ args:
+ creates: "{{ borg_server__home }}/repos/{{ item }}"
+ chdir: "{{ borg_server__home }}/repos"
+
+ - name: authorized_keys
+ with_items: "{{ clients }}"
+ vars:
+ client: "{{hostvars[ansible_hostname]['borg_' + item]}}"
+ authorized_key:
+ user: borg
+ state: "{{ client.state }}"
+ key: "{{ lookup('file', item + '/etc/borg/id_ed25519.pub') }}"
+ path: "{{ borg_server__home }}/.ssh/authorized_keys"
+ key_options: "command=\"cd {{ borg_server__home }}/repos; borg serve --append-only --restrict-to-path {{ borg_server__home }}/repos/{{ item }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc"
diff --git a/ansible/roles/borg-server/tasks/main.yml b/ansible/roles/borg-server/tasks/main.yml
index 9ef5635..c975803 100644
--- a/ansible/roles/borg-server/tasks/main.yml
+++ b/ansible/roles/borg-server/tasks/main.yml
@@ -1,23 +1,26 @@
-- name: authorized_keys
- with_dict: "{{ borg_clients }}"
- authorized_key:
- user: borg
- manage_dir: False
- state: "{{ item.value.state }}"
- key: "{{ borg_ssh_keys[item.key].public }}"
- path: "{{ borg_basedir }}/.ssh/authorized_keys2"
- key_options: "command=\"cd {{ borg_basedir }}/repos; borg serve --append-only --restrict-to-path {{ borg_basedir }}/repos/{{ item.key }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc"
+- name: packages
+ tags: borg-server
+ become: yes
+ apt:
+ name: "{{ items }}"
+ install_recommends: no
+ vars:
+ items:
+ - borgbackup
-- name: mkdir repos
- file:
- path: "{{ borg_basedir }}/repos"
- state: directory
- mode: u=rwx,go=
- owner: borg
+- name: Create unix group
+ become: yes
+ group:
+ name: borg
+ system: yes
+
+- name: Create unix user
+ become: yes
+ user:
+ name: borg
+ system: yes
group: borg
+ shell: "{{ borg_server__shell }}"
+ home: "{{ borg_server__home }}"
-#- name: mkdir repos/{{ item.key }}
-# with_dict: "{{ borg_clients }}"
-# file:
-# path: "{{ borg_basedir }}/repos"
-# state: directory
+- import_tasks: borg-server.yml
diff --git a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
index 97ab7c9..975c061 100644
--- a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
+++ b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2
@@ -35,11 +35,12 @@ domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv4_resource }}" "A" "[remo
{% if linode_dns__ipv6_resource is defined %}
q=''
#q='map(select(.ifname=="wlx00e01d0808b2"))'
-q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true) | .local) | first'
+q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true and (.local|test("^fd")|not)) | .local) | first'
ip=$(ip -6 -json addr | jq -r -c "$q")
if [[ ! -z $ip ]]
then
+ echo "Setting IPv6 to $ip."
domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv6_resource }}" "AAAA" "$ip"
fi
{% endif %}