initial version: hadoly's

2025-10-19 18:36:48 +02:00
commit 1ce512d844
14 changed files with 303 additions and 0 deletions
--- a/tasks/cleanup.yml
+++ b/tasks/cleanup.yml
@@ -0,0 +1,6 @@
+---
+- name: remove old cron entry
+  lineinfile:
+    path: /etc/crontab
+    regexp: '.*/root/bin/borg.sh.*'
+    state: absent
--- a/tasks/cron.yml
+++ b/tasks/cron.yml
@@ -0,0 +1,32 @@
+- name: Deploy cronjob backup_temoin
+  vars:
+    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
+  cron:
+    name: backup_temoin
+    cron_file: backup_temoin
+    user: root
+    hour: "7"
+    minute: "{{ minutes }}"
+    job: "/bin/touch /root/temoinbackup"
+
+- name: Deploy cronjob backup_extract
+  vars:
+    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
+  cron:
+    name: backup_extract
+    cron_file: backup_extract
+    user: root
+    hour: "8"
+    minute: "{{ minutes }}"
+    job: 'cd /tmp/ ; {{ borg_script_dir }}/borg.sh extract {{ ansible_hostname }}_$( date +\%Y\%m\%d) root/temoinbackup ; chmod 755 /tmp/root'
+
+- name: Deploy cronjob backup_tout_court
+  vars:
+    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
+  cron:
+    name: backup
+    cron_file: backup
+    user: root
+    hour: "2"
+    minute: "{{ minutes }}"
+    job: "{{ borg_script_dir }}/borg.sh"
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -0,0 +1,28 @@
+---
+- name: get borg binary
+  get_url:
+    dest: /usr/bin/borg
+    owner: root
+    group: backup
+    mode: "0750"
+    url: https://github.com/borgbackup/borg/releases/download/{{ borg_release }}/borg-linux64
+
+- name: ensure /root/bin exists
+  file:
+    path: "{{ borg_script_dir }}"
+    state: directory
+
+- name: get borgbackup script
+  tags: wip
+  get_url:
+    url: "{{ item.url }}"
+    mode: "{{ item.mode }}"
+    dest: "{{ borg_script_dir }}"
+  loop:
+  - { url: "https://git.hadoly.fr/CS_CT/borg/raw/tag/1.0/borg.sh", mode: "0700" }
+
+- name: get borgbackup config
+  template:
+    src: borg.conf.jj
+    dest: "{{ borg_script_dir }}/borg.conf"
+    mode: 0600
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+# tasks file for borg_client
+- include_tasks: cleanup.yml
+- include_tasks: install.yml
+- include_tasks: cron.yml
+- include_tasks: repo.yml
--- a/tasks/repo.yml
+++ b/tasks/repo.yml
@@ -0,0 +1,39 @@
+---
+# Here we mostly work on {{ borg_server }} to:
+# * create repository
+# * configure authorized key for backup user
+- name: create root ssh private key
+  openssh_keypair:
+    comment: "passwordless access to vm2, as backup user"
+    path: /root/.ssh/id_rsa
+    owner: root
+    group: root
+
+- name: create repo
+  file:
+    path: "/var/backups/borg/{{ ansible_hostname }}"
+    state: directory
+    owner: backup
+    group: backup
+  delegate_to: "{{ borg_server }}"
+
+- name: get public key
+  command: "cat /root/.ssh/id_rsa.pub"
+  register: pubkey
+
+- name: set pubkey as variable
+  set_fact:
+    public_key: "{{ pubkey.stdout }}"
+
+# can't use authorized_key module here
+- name: install ssh key
+  lineinfile:
+    path: /var/backups/.ssh/authorized_keys
+    line: 'command="borg serve --restrict-to-path /var/backups/borg/" {{ public_key }} from {{ ansible_hostname }}'
+    create: true
+    owner: backup
+    group: backup
+    mode: 0600
+  delegate_to: "{{ borg_server }}"
+
+