add new and improved backup-scripts system

2026-04-04 20:48:50 +02:00 · 2026-04-04 20:48:50 +02:00 · 77e6f77aba
commit 77e6f77aba
parent 6c77886916
8 changed files with 173 additions and 0 deletions
--- a/roles/any.tools.backup-scripts/templates/backup.service.j2
+++ b/roles/any.tools.backup-scripts/templates/backup.service.j2
@ -0,0 +1,20 @@
+[Unit]
+Description=Backup: {{ item.name }}
+After=network.target
+
+[Service]
+Type=oneshot
+User={{ item.user | default('root') }}
+Group={{ item.group | default('backups') }}
+
+Environment="RESTIC_REPOSITORY={{ backup_restic_repository }}"
+Environment="RESTIC_PASSWORD_FILE={{ backup_restic_password_file }}"
+Environment="OTEL_EXPORTER_OTLP_ENDPOINT={{ backup_otel_endpoint }}"
+Environment="OTEL_SERVICE_NAME={{ backup_otel_service_name }}"
+
+ExecStart=/usr/bin/otel-cli exec \
+    --name "{{ item.name }}" \
+    --attrs 'backup.type={{ item.type }}' -- /usr/bin/bash {{ backup_scripts_dir }}/{{ item.name }}.backup.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/any.tools.backup-scripts/templates/backup.timer.j2
+++ b/roles/any.tools.backup-scripts/templates/backup.timer.j2
@ -0,0 +1,10 @@
+[Unit]
+Description=Timer for backup: {{ item.name }}
+
+[Timer]
+OnCalendar=*-*-* {{ backup_timer_hour }}:{{ backup_timer_minute }}:00
+RandomizedDelaySec={{ backup_timer_delay_sec | default('0') }}
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/roles/any.tools.backup-scripts/templates/btrfs-subvolume.backup.sh.j2
+++ b/roles/any.tools.backup-scripts/templates/btrfs-subvolume.backup.sh.j2
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+data_dir='{{ item.path }}'
+snapshot_dir="${data_dir}.snapshot"
+
+# Read-only snapshot for atomic backup
+otel-cli exec --name "btrfs subvolume snapshot" -- btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
+
+otel-cli exec --name "restic backup directory" -- /usr/local/bin/restic backup "$snapshot_dir"
+
+# Always remove snapshot subvolume, even if restic fails
+otel-cli exec --name "btrfs subvolume delete" -- btrfs subvolume delete "$snapshot_dir"
--- a/roles/any.tools.backup-scripts/templates/podman-postgres.backup.sh.j2
+++ b/roles/any.tools.backup-scripts/templates/podman-postgres.backup.sh.j2
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+podman exec -i {{ item.container }} pg_dump -U {{ item.pg_user }} {{ item.database }} |
+    /usr/bin/gzip --rsyncable |
+    /usr/local/bin/restic backup --stdin --stdin-filename {{ item.name }}.sql.gz