Integrate restic backup system
parent
c38bda8dfd
commit
a6e4beefb3
|
@ -0,0 +1,12 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
data_dir='/mnt/data1/lander'
|
||||
snapshot_dir="${data_dir}.snapshot"
|
||||
|
||||
# Read-only snapshot for atomic backup
|
||||
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
|
||||
|
||||
restic backup "$snapshot_dir"
|
||||
|
||||
# Always remove snapshot subvolume, even if restic fails
|
||||
btrfs subvolume delete "$snapshot_dir"
|
|
@ -23,7 +23,12 @@
|
|||
system: true
|
||||
create_home: false
|
||||
|
||||
- name: Ensure data directory is present
|
||||
# Only one BTRFS file system should be mounted, so this will match that one
|
||||
- name: Ensure data subvolume is present
|
||||
community.general.btrfs_subvolume:
|
||||
name: '/lander'
|
||||
|
||||
- name: Ensure data subvolume permissions are correct
|
||||
ansible.builtin.file:
|
||||
path: '/mnt/data1/lander'
|
||||
state: directory
|
||||
|
@ -48,6 +53,14 @@
|
|||
mode: '0644'
|
||||
notify: lander-restart
|
||||
|
||||
- name: Ensure backup script is present
|
||||
ansible.builtin.copy:
|
||||
src: 'lander.backup.sh'
|
||||
dest: '/etc/backups/lander.backup.sh'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
|
||||
- name: Ensure service file is present
|
||||
ansible.builtin.copy:
|
||||
src: 'lander.service'
|
||||
|
|
|
@ -40,7 +40,11 @@
|
|||
system: true
|
||||
create_home: false
|
||||
|
||||
- name: Ensure data directory is present
|
||||
- name: Ensure data subvolume is present
|
||||
community.general.btrfs_subvolume:
|
||||
name: '/restic-rest'
|
||||
|
||||
- name: Ensure data subvolume permissions are correct
|
||||
ansible.builtin.file:
|
||||
path: '/mnt/data1/restic-rest'
|
||||
state: directory
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33666438313237356564363136333933633035303531653464643766373434623834663736386463
|
||||
3464643731366237633334616536613864396162353264360a316130333032316437393333396466
|
||||
34356638393834316235633062646330336438376135346666663064303831666632353834663465
|
||||
6636663930356138640a323433613263393939303833616637336436366630386133386338613736
|
||||
34353433643539306238663638656539373731616238656635353561356632366332623532396465
|
||||
3936373534643966616131616161633234663430633233653435
|
|
@ -25,3 +25,32 @@
|
|||
group: 'root'
|
||||
mode: '0755'
|
||||
when: 'res.changed'
|
||||
|
||||
- name: Ensure backup scripts directory is present
|
||||
ansible.builtin.file:
|
||||
path: '/etc/backups'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Ensure Restic backups password file is present
|
||||
ansible.builtin.copy:
|
||||
src: 'restic_backups_passwd'
|
||||
dest: '/etc/backups/restic_backups_passwd'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
|
||||
- name: Ensure backup-all script is present
|
||||
ansible.builtin.template:
|
||||
src: "backup-all.sh.j2"
|
||||
dest: '/etc/backups/backup-all.sh'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Ensure backup cronjob is enabled
|
||||
ansible.builtin.cron:
|
||||
name: 'Perform nightly backups'
|
||||
minute: '0'
|
||||
hour: '2'
|
||||
job: 'bash /etc/backups/backup-all.sh'
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# This script sequentially executes all shell scripts matching
|
||||
# /etc/backups/*.backup.sh, with environment variables configured to publish
|
||||
# backups to the local Restic REST server.
|
||||
|
||||
# Get passed along to subcalls to bash
|
||||
export RESTIC_REPOSITORY='rest:http://{{ groups['nas'][0] }}:8000/backups'
|
||||
export RESTIC_PASSWORD_FILE='/etc/backups/restic_backups_passwd'
|
||||
|
||||
for script in $(find /etc/backups -name '*.backup.sh'); do
|
||||
bash "$script"
|
||||
done
|
||||
|
||||
# Prune older backups
|
||||
restic forget --keep-last 7 && \
|
||||
restic prune
|
Loading…
Reference in New Issue