ansible/roles/docker/tasks/services/restic_backup.yml

90 lines
2.7 KiB
YAML
Raw Permalink Normal View History

# vim: ft=yaml.ansible
---
- name: Create SSH directory
file:
path: "{{ services.restic.volume_folder }}/ssh"
owner: root
group: root
2023-03-07 20:54:02 +00:00
mode: '0755'
state: directory
- name: Copy private SSH key
copy:
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
owner: root
group: root
mode: '0600'
content: "{{ restic_secrets.ssh_privkey }}"
- name: Derive public SSH key
shell: >-
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
args:
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
- name: Set file permissions on public SSH key
file:
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
owner: root
group: root
mode: '0644'
state: touch
- name: Create SSH config
template:
src: restic.ssh.config.j2
dest: "{{ services.restic.volume_folder }}/ssh/config"
owner: root
group: root
mode: '0600'
2023-03-06 12:33:18 +00:00
- name: Create SSH known_hosts file
template:
src: restic.ssh.known_hosts.j2
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
owner: root
group: root
mode: '0600'
2022-11-25 20:41:37 +00:00
- name: Setup restic backup
docker_compose:
2021-01-26 19:40:22 +00:00
project_name: restic_backup
2022-11-25 20:41:37 +00:00
pull: true
2021-01-26 19:40:22 +00:00
definition:
version: '3.6'
services:
restic-backup:
image: mazzolino/restic:{{ services.restic.version }}
2021-01-26 19:40:22 +00:00
restart: always
environment:
2023-01-21 20:33:39 +00:00
RUN_ON_STARTUP: "false"
2021-01-26 19:40:22 +00:00
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
2022-11-08 19:45:03 +00:00
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
2021-01-26 19:40:22 +00:00
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
RESTIC_BACKUP_ARGS: >-
--tag datacoop-volumes
--exclude '*.tmp'
2021-01-26 19:40:22 +00:00
--verbose
RESTIC_FORGET_ARGS: >-
--keep-last 10
--keep-daily 7
--keep-weekly 5
--keep-monthly 12
TZ: Europe/Copenhagen
volumes:
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"
2021-01-26 19:40:22 +00:00
- /docker-volumes:/mnt/volumes:ro
2022-11-25 20:41:37 +00:00
2021-01-26 19:40:22 +00:00
restic-prune:
image: "mazzolino/restic:{{ services.restic.version }}"
2021-01-26 19:40:22 +00:00
environment:
2023-01-21 20:33:39 +00:00
RUN_ON_STARTUP: "false"
2021-01-26 19:40:22 +00:00
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
2022-11-08 19:45:03 +00:00
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
2021-01-26 19:40:22 +00:00
TZ: Europe/copenhagen
volumes:
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"