data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

Use Fedder's TrueNAS for Restic backups #153

Merged
samsapti merged 8 commits from restic_fedder into main 2023-03-05 22:01:54 +00:00
Conversation 1 Commits 8 Files changed 5 +12 -6
2 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 00f03ec5a8 - Show all commits

1
roles/docker/defaults/main.yml
View file

@ -53,7 +53,6 @@ services:
domain: "rynkeby.skovgaard.tel" domain: "rynkeby.skovgaard.tel"
volume_folder: "{{ volume_root_folder }}/restic" volume_folder: "{{ volume_root_folder }}/restic"
repository: "/mnt/SpinningRust/data.coop-backup/restic" repository: "/mnt/SpinningRust/data.coop-backup/restic"
ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
version: "1.6.0" version: "1.6.0"
disabled_in_vagrant: true disabled_in_vagrant: true

17
roles/docker/tasks/services/restic_backup.yml
View file

@ -2,7 +2,7 @@
--- ---
- name: Create SSH directory - name: Create SSH directory
file: file:
name: "{{ services.restic.volume_folder }}/ssh" path: "{{ services.restic.volume_folder }}/ssh"
owner: root owner: root
samsapti marked this conversation as resolved
reynir commented 2023-02-09 08:14:02 +00:00
Review
Copy link

It's probably correct seeing what most containers do, but we could confirm it's running as root.

It's probably correct seeing what most containers do, but we could confirm it's running as root.
samsapti commented 2023-02-11 17:41:57 +00:00
Review
Copy link

It's also possible with this location, since mode: '0700' denies read permission for everyone else.

It's also possible with this location, since `mode: '0700'` denies read permission for everyone else.
group: root group: root
mode: '0700' mode: '0700'
@ -16,13 +16,20 @@
mode: '0600' mode: '0600'
content: "{{ restic_secrets.ssh_privkey }}" content: "{{ restic_secrets.ssh_privkey }}"
- name: Copy public SSH key - name: Derive public SSH key
copy: shell: >
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub" ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
args:
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
- name: Set file permissions on public SSH key
file:
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
content: "{{ services.restic.ssh_pubkey }}" state: touch
- name: Setup restic backup - name: Setup restic backup
docker_compose: docker_compose: