Add restic-rest server role

main
Jef Roosens 2024-01-09 21:11:31 +01:00
parent 04e9f8438d
commit 74f9120957
Signed by: Jef Roosens
GPG Key ID: B75D4F293C7052DB
5 changed files with 95 additions and 13 deletions

View File

@ -1,8 +1,13 @@
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978' raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
lambroek_password: "{{ vault_lambroek_password }}" lambroek_password: "{{ vault_lambroek_password }}"
s3_access_key_id: "{{ vault_s3_access_key_id }}" s3_access_key_id: "{{ vault_s3_access_key_id }}"
s3_secret_access_key: "{{ vault_s3_secret_access_key }}" s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
rclone_obf_pass: "{{ vault_rclone_obf_pass }}" rclone_obf_pass: "{{ vault_rclone_obf_pass }}"
rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}" rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}"
lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6' lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
lander_api_key: "{{ vault_lander_api_key }}" lander_api_key: "{{ vault_lander_api_key }}"
restic_rest_version: '0.12.1'

View File

@ -55,3 +55,10 @@
roles: roles:
- lander - lander
tags: lander tags: lander
- name: Install Restic REST server
hosts: nas
become: yes
roles:
- restic-rest
tags: restic-rest

View File

@ -1,13 +0,0 @@
---
- name: Install NFS client.
apt:
name: nfs-common
state: present
- name: Mount NFS share.
ansible.posix.mount:
src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
path: /mnt/data
fstype: nfs4
opts: defaults,user,exec
state: mounted

View File

@ -0,0 +1,14 @@
[Unit]
Description=Restic REST server
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=exec
User=restic
Group=restic
ExecStart=/usr/local/bin/restic-rest-server --path /mnt/data1/restic-rest --no-auth
Restart=always
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,69 @@
---
- name: Ensure download directory is present
ansible.builtin.file:
path: "/home/debian/restic-rest-{{ restic_rest_version }}"
state: directory
mode: '0755'
- name: Ensure binary is downloaded
ansible.builtin.unarchive:
src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64.tar.gz"
remote_src: true
dest: "/home/debian/restic-rest-{{ restic_rest_version }}"
creates: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
include:
- "rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
register: res
- name: Ensure binary is copied to correct location
ansible.builtin.copy:
src: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
remote_src: true
dest: '/usr/local/bin/restic-rest-server'
owner: 'root'
group: 'root'
mode: '0755'
when: 'res.changed'
- name: Ensure system group exists
ansible.builtin.group:
name: 'restic'
gid: 202
system: true
state: present
- name: Ensure system user exists
ansible.builtin.user:
name: 'restic'
group: 'restic'
uid: 202
system: true
create_home: false
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/restic-rest'
state: directory
mode: '0755'
owner: 'restic'
group: 'restic'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'restic-rest-server.service'
dest: '/lib/systemd/system/restic-rest-server.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure service is enabled
ansible.builtin.service:
name: 'restic-rest-server'
state: started
enabled: true