90 lines
2.7 KiB
YAML
90 lines
2.7 KiB
YAML
# vim: ft=yaml.ansible
|
|
---
|
|
- name: Create SSH directory
|
|
file:
|
|
path: "{{ services.restic.volume_folder }}/ssh"
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
state: directory
|
|
|
|
- name: Copy private SSH key
|
|
copy:
|
|
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
content: "{{ restic_secrets.ssh_privkey }}"
|
|
|
|
- name: Derive public SSH key
|
|
shell: >-
|
|
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
|
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
|
args:
|
|
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
|
|
- name: Set file permissions on public SSH key
|
|
file:
|
|
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
state: touch
|
|
|
|
- name: Create SSH config
|
|
template:
|
|
src: restic/ssh.config.j2
|
|
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
- name: Create SSH known_hosts file
|
|
template:
|
|
src: restic/ssh.known_hosts.j2
|
|
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
- name: Setup restic backup
|
|
docker_compose:
|
|
project_name: restic
|
|
pull: true
|
|
definition:
|
|
version: '3.6'
|
|
services:
|
|
backup:
|
|
image: mazzolino/restic:{{ services.restic.version }}
|
|
restart: always
|
|
environment:
|
|
RUN_ON_STARTUP: "false"
|
|
BACKUP_CRON: "0 30 3 * * *"
|
|
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
|
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
|
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
|
RESTIC_BACKUP_ARGS: >-
|
|
--tag datacoop-volumes
|
|
--exclude '*.tmp'
|
|
--verbose
|
|
RESTIC_FORGET_ARGS: >-
|
|
--keep-last 10
|
|
--keep-daily 7
|
|
--keep-weekly 5
|
|
--keep-monthly 12
|
|
TZ: Europe/Copenhagen
|
|
volumes:
|
|
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"
|
|
- /docker-volumes:/mnt/volumes:ro
|
|
|
|
prune:
|
|
image: "mazzolino/restic:{{ services.restic.version }}"
|
|
environment:
|
|
RUN_ON_STARTUP: "false"
|
|
PRUNE_CRON: "0 0 4 * * *"
|
|
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
|
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
|
TZ: Europe/copenhagen
|
|
volumes:
|
|
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"
|