diff options
20 files changed, 233 insertions, 150 deletions
diff --git a/ansible/borg-clients.yml b/ansible/borg-clients.yml deleted file mode 100644 index 7731505..0000000 --- a/ansible/borg-clients.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- hosts: - - birgitte - tasks: - - name: borg-client - import_role: name=borg-client - tags: borg-client - become: true diff --git a/ansible/borg-server.yml b/ansible/borg-server.yml deleted file mode 100644 index e30f01f..0000000 --- a/ansible/borg-server.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: - - birgitte - tasks: - - name: packages - tags: packages - apt: - name: "{{ item }}" - install_recommends: no - with_items: - - borgbackup - - name: borg-server - import_role: name=borg-server - tags: borg-server - become: true - become_user: borg diff --git a/ansible/borg.yml b/ansible/borg.yml new file mode 100644 index 0000000..b68b342 --- /dev/null +++ b/ansible/borg.yml @@ -0,0 +1,10 @@ +--- +- hosts: + - borg_servers + roles: + - borg-server + +- hosts: + - borg_clients + roles: + - borg-client diff --git a/ansible/files/birgitte/etc/borg/id_ed25519.pub b/ansible/files/birgitte/etc/borg/id_ed25519.pub new file mode 100644 index 0000000..f4b79b5 --- /dev/null +++ b/ansible/files/birgitte/etc/borg/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINVpbC77vXGiv1PYPRDpIC9GpRuQNQdYfKOTO1eBPQx7 for borg @ birgitte diff --git a/ansible/files/conflatorio/etc/borg/id_ed25519.pub b/ansible/files/conflatorio/etc/borg/id_ed25519.pub new file mode 100644 index 0000000..7bdbe0c --- /dev/null +++ b/ansible/files/conflatorio/etc/borg/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOFPpZthu5br8GFccV9/RtMrm/A3hsM92g8IwSLli+J for borg @ conflatorio diff --git a/ansible/files/fuckaduck/etc/borg/id_ed25519.pub b/ansible/files/fuckaduck/etc/borg/id_ed25519.pub new file mode 100644 index 0000000..2b3cc69 --- /dev/null +++ b/ansible/files/fuckaduck/etc/borg/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+nB33MTjbXI5P5wpanz0M/OO+2fClfVfkEdKPQJ4n4 for borg @ fuckaduck diff --git a/ansible/group_vars/all/borg_ssh_keys.yml b/ansible/group_vars/all/borg_ssh_keys.yml deleted file mode 100644 index c3e3092..0000000 --- a/ansible/group_vars/all/borg_ssh_keys.yml +++ /dev/null @@ -1,93 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -39306531386635336332626362313532303832666335376533636664313930346261323266373233 -3561303938616135366161643036666235633632646332630a623535333663313635616564386436 -62383566623631366339613234613963323231393262623530383564653563646535346663306336 -3231353665346537310a316361336433373834363762643232333264316363636462666636393966 -31336430653266366362383539323731643764646561316463633665666561383534336565336535 -37386262366132336135343137306332356533393139666630316665653166353936346566626637 -65646363623332623636343963353035363162396565653435653663393338346331643563373036 -38626466306334363138323637303631646133353836623631373932656165636432323336373137 -37373231396132653130643237366235303337336237303335333535613834623033643031376662 -65336363633031643337306634346338356437656461373838373937333465663036653932333666 -66626237613466326239646364366163303633326333636262623534343130626538666562626661 -36643932373030333066326264366630333236633036386462623536616536356463386431326334 -35643132623331363132636537363538616539633564316438353635303330616432616464333930 -39363536343331666630653739646662636261313039396461636164366266383963336463616636 -35376366643663323461623737343866643266346162646234616662326561613962623434366264 -63653737633662343133386233343138653161303135376130643038646536323666383762393436 -39653463313866313535636630393938313266646632636436613366613562663962633165663136 -30643733663331396266323135666561323039353739383330343532303339376333653463616133 -33313837353138626430643833663137643333356666646466666461666137343434383264346332 -37636537623630616136666137663965643863343263663437303031363061653139646363373761 -38366237646430623931663661383439373932353934303732393862613963393932366237343664 -62356264323433626662303236613535333534396162646337636165653766633431323135346565 -38633932333335316264383831316239653035386134343739323761323634666530353734306663 -62373138613134613336333362616664393864376430656265346334303062323434303862306230 -33373332396264616663643563396362663434613435353732343063363035393632646237643765 -35376131623666663435653963356134346431306662326434303239303532363833363334666539 -63633430376565643964323562663164636466323665396430306662396364323633636333336566 -30343936333238343136616331363837646261306265313539396666356235616337386163636238 -61666535326139643036363261666635353233616132366662663035356338316430343962626664 -37323933303362353163313964623534393631393564613134363463343039623761383531326362 -62633336306464623639636666626233393562633135353630343937653631613262333662353666 -34333263343561303939303265313630396434386465313131393433333235653866343139303933 -33636462613365353936353435643137653037313831633337613736626663653934396431343265 -35303665353033616339303934666563353739303537356534333061356466653965376130363936 -63643037376163336164366436646263373438363866373161376362646365646331626139366138 -65363034643861306330366464653133653935616137303033366233306235656462343362613731 -65626634363339616231646266333162373733333730633166663164616661613463626638613561 -36363636333534616635636639346462656366373137383035376565306366343535623236626161 -63663762323662373031336262303039303366643830346463333563383738323832333935303735 -66646236353731323833633063343465336331656561333765343361623861376332636435663434 -38643436313030653136336535663263323464366466616631373163323461643635336333323261 -33303539373033316663313064356262633864373131386463313235353931326262373635346533 -64393066353965333931633465633637353537353062353031396464386464366664666138653462 -31633138356661363366383536353139316438353134653931343238356631366563383136616635 -33666536323865313235346434346563656135316662613836313262613533623539633035663563 -30366461663962616366396336383730306637396238313931363765633335346130373638326231 -61646136313132336133366561613865356139626132643764633462333338343334323534353062 -32373664336135383332646166333039366139383962663939353639616333373430653065366263 -62653565306435653230313236396639353164373435386535303965366333643766643730383261 -66396233383734656338346362316366626435383130383539376636343735643036643339356666 -31356361663431656666343965613632663136326162303162363936656339316635333962396238 -61313430383334393863383131616532376133386263336531396336303561363964623063323262 -37373131343762643632636432633739323165333338646462663732643133393061393735646462 -32663539393730333230303862343536333238303064656636393536333136653766616135353634 -38646262653234356533646232666331366465346265616239373433663066653431306331373937 -32373433656237343837383664366335373966343362643432633332663637396232323330393834 -34616539616462366236613930383933383435356537613032323839616130616137613661643233 -35316165396438396661356562336664613931613034646164316663396633663466336566633266 -65613535303866663362373130303463363332623763396464313437393937626264313833373836 -39666434643135303238316165343532613731643461306633653866306333366533346232623661 -66653238323066613834393939653562386333386438383961366635303162373461323333383663 -61393236323035643935393732393264393032343330363165363733613331653033653939323130 -31306435666539613934373161643136353162633434383734393261393566666265623232393939 -36316439336438613164393239336262376364313364363239366363363735333464313166333337 -36653861663865363165643932353563373666353030646361666166633361323938383563623834 -64343763323438326236343439346661623032616537363465386431643833393634316565646639 -64336531643031343638623630623736656330306138303961636332303735633938306165663435 -33393432653430656336613065323831336365623661616532303734383963643637363431613134 -61373331316363316261626430643833393837646563626535343839353631383561383638333530 -39343837306432653262336139653930626162303431393233316135346239363538643062643531 -65613432636534626665613634346166323666356665653534336564303632613164316666306162 -61396237376438653665653763353237613861626434346138623737343239393738633838303638 -63636437346535663436623963373565306636353466663661383838643665366333646362613736 -62376362363830653730643530373264316331636430613165346234643762353161366431346664 -61366263623661333066373038663739353861376537393763636664663739333332656137303461 -31326461653431646533656539356533396561663065643033613431303334393266316337623063 -61386564323066646365616435303966306634323163663065386131623034316232323064656435 -34353030633938303534346562363163643266613235386138333565616364663737623930336562 -66386532366638333864643866623666333030336461323836346464306664636433643131383466 -34303162383931646534333337373438323534666339386136663262353537366166353034653631 -33313365363264616536623166393163636161376338393935373761626135346232353464363864 -39323065656436383663613035313236356636613038643030386139346265313439336164633566 -37303961613066613530363834613532316266353832396331653762373937623263653937353739 -36643233353338313965323132633766303765366336353335396339353836373163393765616464 -63623965326661653836336633366430663236306237383934376634626539323163303037323561 -33653332353833633334333332306637366332663562653133353437323735666565636634356236 -66363130376230343361643265656233386636613831356262383733623533303331643832663265 -64303839386639633731303962623661313939623239343830666535636133653138333635343065 -30366539633430333132656564376563613762396333323932346665393163666234653538393939 -62646138613630333064346631356166626636653936363165646236613935313165643733613633 -61313736326137376134333362626337376465376635353131366130613862373335303731666131 -30346266366236393736 diff --git a/ansible/host_vars/birgitte/borg.yml b/ansible/host_vars/birgitte/borg.yml index d3ba2fe..fb5058a 100644 --- a/ansible/host_vars/birgitte/borg.yml +++ b/ansible/host_vars/birgitte/borg.yml @@ -1,4 +1,11 @@ -borg_basedir: /disk1/borg -borg_clients: - conflatorio: - state: present +borg_client__state: present +borg_client__patterns: + - -/proc + - -/dev + - -/run + - -/sys + - -/home/*/.cache + - -/pool0 + - -/disk1 + - -/disk2 + - -/sda1 diff --git a/ansible/host_vars/conflatorio/borg.yml b/ansible/host_vars/conflatorio/borg.yml new file mode 100644 index 0000000..c4165ff --- /dev/null +++ b/ansible/host_vars/conflatorio/borg.yml @@ -0,0 +1,7 @@ +borg_client__state: present +borg_client__patterns: + - -/proc + - -/dev + - -/run + - -/sys + - -/home/*/.cache diff --git a/ansible/host_vars/fuckaduck/borg.yml b/ansible/host_vars/fuckaduck/borg.yml new file mode 100644 index 0000000..c4165ff --- /dev/null +++ b/ansible/host_vars/fuckaduck/borg.yml @@ -0,0 +1,7 @@ +borg_client__state: present +borg_client__patterns: + - -/proc + - -/dev + - -/run + - -/sys + - -/home/*/.cache diff --git a/ansible/host_vars/malabaricus/borg-server.yml b/ansible/host_vars/malabaricus/borg-server.yml new file mode 100644 index 0000000..bb7a961 --- /dev/null +++ b/ansible/host_vars/malabaricus/borg-server.yml @@ -0,0 +1,6 @@ +borg_birgitte: + state: present +borg_conflatorio: + state: present +borg_fuckaduck: + state: present diff --git a/ansible/inventory b/ansible/inventory index 9b9ff78..6319cd4 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -72,4 +72,22 @@ all: ansible_connection: lxc_ssh ansible_ssh_extra_args: sz-test +# Borg + borg_servers: + hosts: + malabaricus: + vars: + borg_server__clients_ansible_group: borg_nas + borg_nas: + hosts: + fuckaduck: + birgitte: + conflatorio: + vars: + borg_client__server: malabaricus.trygvis.io + + borg_clients: + children: + borg_nas: + # vim: set filetype=yaml: diff --git a/ansible/roles/borg-client/defaults/main.yml b/ansible/roles/borg-client/defaults/main.yml new file mode 100644 index 0000000..b450b4d --- /dev/null +++ b/ansible/roles/borg-client/defaults/main.yml @@ -0,0 +1 @@ +ssh_key: /etc/borg/id_ed25519 diff --git a/ansible/roles/borg-client/tasks/main.yml b/ansible/roles/borg-client/tasks/main.yml index 79a9406..a65ae3e 100644 --- a/ansible/roles/borg-client/tasks/main.yml +++ b/ansible/roles/borg-client/tasks/main.yml @@ -1,8 +1,95 @@ --- - name: packages + become: yes tags: packages apt: - name: "{{ item }}" + name: "{{ items }}" install_recommends: no - with_items: - - borgbackup + vars: + items: + - borgbackup + +- name: mkdir /etc/borg + become: yes + file: + path: /etc/borg + state: directory + mode: u=rwx,go= + +- name: Generate SSH keys + become: yes + command: ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "for borg @ {{ ansible_hostname }}" + args: + creates: "{{ ssh_key }}" + register: ssh_key_generated + +- when: ssh_key_generated.changed + become: yes + fetch: + src: "{{ ssh_key }}.pub" + dest: "files" + +- name: /etc/borg/env + become: yes + copy: + dest: /etc/borg/env + content: | + BORG_REPO="borg@{{ borg_client__server }}:{{ ansible_hostname }}" + BORG_RSH="ssh -i {{ ssh_key}}" + +# " + +- name: /etc/borg/excludes + become: yes + when: borg_client__state == "absent" + file: + path: /etc/borg/excludes + state: absent + +- name: /etc/borg/excludes + when: borg_client__state == "present" + become: yes + copy: + dest: /etc/borg/excludes + content: | + /proc + /dev + /sys + +- name: /etc/borg/patterns + become: yes + copy: + dest: /etc/borg/patterns + content: | + P sh + R / + {% for item in borg_client__patterns %} + {{ item }} + {% endfor %} + +- name: /usr/local/bin/create-backup + become: yes + template: + dest: /usr/local/bin/create-backup + src: bin/create-backup + mode: u=rx,go= + owner: root + group: root + +- become: yes + copy: + dest: /etc/systemd/system/create-backup.service + content: | + [Unit] + Description=Create backup + + [Service] + Type=oneshot + WorkingDirectory=/ + ExecStart=/usr/local/bin/create-backup + register: create_backup_service + +- when: create_backup_service.changed + become: yes + systemd: + daemon_reload: yes diff --git a/ansible/roles/borg-client/templates/bin/create-backup b/ansible/roles/borg-client/templates/bin/create-backup new file mode 100644 index 0000000..dfbe72d --- /dev/null +++ b/ansible/roles/borg-client/templates/bin/create-backup @@ -0,0 +1,23 @@ +#!/bin/bash + +set -euo pipefail + +cd / + +. /etc/borg/env +export BORG_REPO +export BORG_RSH + +cmd=() +cmd+=(borg create) +cmd+=(--stats) +cmd+=(--progress) +cmd+=(--json) +cmd+=(--exclude-from=/etc/borg/excludes) +cmd+=(--patterns-from=/etc/borg/patterns) +cmd+=(::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}') + +echo BORG_REPO=$BORG_REPO + +set -x +time "${cmd[@]}" diff --git a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup deleted file mode 100644 index 7f3e218..0000000 --- a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -/usr/bin/borg diff --git a/ansible/roles/borg-server/defaults/main.yml b/ansible/roles/borg-server/defaults/main.yml new file mode 100644 index 0000000..8d25395 --- /dev/null +++ b/ansible/roles/borg-server/defaults/main.yml @@ -0,0 +1,2 @@ +borg_server__home: /borg +borg_server__shell: /bin/bash diff --git a/ansible/roles/borg-server/tasks/borg-server.yml b/ansible/roles/borg-server/tasks/borg-server.yml new file mode 100644 index 0000000..253aa4a --- /dev/null +++ b/ansible/roles/borg-server/tasks/borg-server.yml @@ -0,0 +1,30 @@ +- debug: var=groups[borg_server__clients_ansible_group] + +- become: yes + become_user: borg + vars: + clients: "{{ groups[borg_server__clients_ansible_group] }}" + block: + - name: mkdir repos + file: + path: "{{ borg_server__home }}/repos" + state: directory + mode: u=rwx,go= + + - name: mkdir repos/{{ item.key }} + with_items: "{{ clients }}" + command: borg init "{{ item }}" -e none + args: + creates: "{{ borg_server__home }}/repos/{{ item }}" + chdir: "{{ borg_server__home }}/repos" + + - name: authorized_keys + with_items: "{{ clients }}" + vars: + client: "{{hostvars[ansible_hostname]['borg_' + item]}}" + authorized_key: + user: borg + state: "{{ client.state }}" + key: "{{ lookup('file', item + '/etc/borg/id_ed25519.pub') }}" + path: "{{ borg_server__home }}/.ssh/authorized_keys" + key_options: "command=\"cd {{ borg_server__home }}/repos; borg serve --append-only --restrict-to-path {{ borg_server__home }}/repos/{{ item }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc" diff --git a/ansible/roles/borg-server/tasks/main.yml b/ansible/roles/borg-server/tasks/main.yml index 9ef5635..c975803 100644 --- a/ansible/roles/borg-server/tasks/main.yml +++ b/ansible/roles/borg-server/tasks/main.yml @@ -1,23 +1,26 @@ -- name: authorized_keys - with_dict: "{{ borg_clients }}" - authorized_key: - user: borg - manage_dir: False - state: "{{ item.value.state }}" - key: "{{ borg_ssh_keys[item.key].public }}" - path: "{{ borg_basedir }}/.ssh/authorized_keys2" - key_options: "command=\"cd {{ borg_basedir }}/repos; borg serve --append-only --restrict-to-path {{ borg_basedir }}/repos/{{ item.key }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc" +- name: packages + tags: borg-server + become: yes + apt: + name: "{{ items }}" + install_recommends: no + vars: + items: + - borgbackup -- name: mkdir repos - file: - path: "{{ borg_basedir }}/repos" - state: directory - mode: u=rwx,go= - owner: borg +- name: Create unix group + become: yes + group: + name: borg + system: yes + +- name: Create unix user + become: yes + user: + name: borg + system: yes group: borg + shell: "{{ borg_server__shell }}" + home: "{{ borg_server__home }}" -#- name: mkdir repos/{{ item.key }} -# with_dict: "{{ borg_clients }}" -# file: -# path: "{{ borg_basedir }}/repos" -# state: directory +- import_tasks: borg-server.yml diff --git a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 index 97ab7c9..975c061 100644 --- a/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 +++ b/ansible/roles/linode-dns-update/templates/linode-dns-update.j2 @@ -35,11 +35,12 @@ domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv4_resource }}" "A" "[remo {% if linode_dns__ipv6_resource is defined %} q='' #q='map(select(.ifname=="wlx00e01d0808b2"))' -q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true) | .local) | first' +q='map(.addr_info) | flatten | map(select(.scope=="global" and .deprecated != true and .mngtmpaddr != true and (.local|test("^fd")|not)) | .local) | first' ip=$(ip -6 -json addr | jq -r -c "$q") if [[ ! -z $ip ]] then + echo "Setting IPv6 to $ip." domain_resource_update "$DOMAIN_ID" "{{ linode_dns__ipv6_resource }}" "AAAA" "$ip" fi {% endif %} |