diff --git a/restic.yml b/restic.yml new file mode 100644 index 0000000..02ca41a --- /dev/null +++ b/restic.yml @@ -0,0 +1,6 @@ +--- + +- hosts: resticservers + diff: true + roles: + - restic diff --git a/roles/restic/defaults/main.yml b/roles/restic/defaults/main.yml new file mode 100644 index 0000000..fc714e1 --- /dev/null +++ b/roles/restic/defaults/main.yml @@ -0,0 +1,13 @@ +--- + +restic_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62333166623737363731663766353330633335306532306366356536376232396664376430613434 + 3966376539303238376461386262663066376338386537660a376365643761653463393539316232 + 30653130383761653432306136333733653062356635643662616133366663646132383136313530 + 3866343664393330610a623930316330626166343934623230313232626131386132393866373661 + 6336 +restic_backup_path: ["/srv", "/home", "/etc"] +restic_backup_excluded_path: ["/srv/NOBACKUP"] +restic_backup_hour: 6 +restic_backup_minute: 0 diff --git a/roles/restic/tasks/install.yml b/roles/restic/tasks/install.yml new file mode 100644 index 0000000..c38eab9 --- /dev/null +++ b/roles/restic/tasks/install.yml @@ -0,0 +1,17 @@ +--- + +- name: download restic + get_url: + url: "{{ restic_download_url }}" + dest: "/tmp" + +- name: uncompress restic + shell: + cmd: "bzip2 -dc /tmp/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2 > {{ restic_path }}" + +- name: check restic exe + file: + path: "{{ restic_path }}" + mode: 0755 + owner: root + group: root diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml new file mode 100644 index 0000000..6ccf4b1 --- /dev/null +++ b/roles/restic/tasks/main.yml @@ -0,0 +1,33 @@ +--- + +## TEMP +- name: remove borg + include_tasks: remove_borg.yml + +- name: install restic + include_tasks: install.yml + +- name: put backup script + template: + src: resticbackup.sh.j2 + dest: "{{ restic_script_path }}" + owner: root + group: root + mode: '0750' + +- name: cron the backup script + cron: + name: "restic backup script" + hour: "{{ restic_backup_hour }}" + minute: "{{ restic_backup_minute }}" + job: "{{ restic_script_path }}" + +- name: init restic + shell: + cmd: "restic init && restic stats" + creates: "/root/.cache/restic" + environment: + RESTIC_REPOSITORY: "{{ restic_repository }}" + RESTIC_PASSWORD: "{{ restic_pass }}" + AWS_ACCESS_KEY_ID: "{{ restic_aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ restic_aws_secret_access_key }}" diff --git a/roles/restic/tasks/remove_borg.yml b/roles/restic/tasks/remove_borg.yml new file mode 100644 index 0000000..c6db158 --- /dev/null +++ b/roles/restic/tasks/remove_borg.yml @@ -0,0 +1,24 @@ +--- + +- name: remove borg packet + package: + name: borgbackup + state: absent + +- name: remove borg script + file: + path: /usr/local/bin/borgbackup.sh + state: absent + +- name: remove cache dirs + file: + path: "{{ item }}" + state: absent + loop: + - "/root/.cache/borg" + - "/root/.config/borg" + +- name: remove cron + cron: + name: "borg backup script" + state: absent diff --git a/roles/restic/templates/resticbackup.sh.j2 b/roles/restic/templates/resticbackup.sh.j2 new file mode 100644 index 0000000..df715f4 --- /dev/null +++ b/roles/restic/templates/resticbackup.sh.j2 @@ -0,0 +1,13 @@ +#!/bin/sh + +## Variable +RESTIC_PASSWORD="{{ restic_pass }}" +RESTIC_REPOSITORY="{{ restic_repository }}" +AWS_ACCESS_KEY_ID="{{ restic_aws_access_key_id }}" +AWS_SECRET_ACCESS_KEY="{{ restic_aws_secret_access_key }}" + +## lancement de la sauvegarde +{{ restic_path }} backup --exclude-caches {% for i in restic_backup_excluded_path %} -e {{ i }} {% endfor %} {% for i in restic_backup_path %}{{ i }} {% endfor %} + +## récupération de l'espace +{{ restic_path }} forget --prune -d 7 -w 4 -m 3 diff --git a/roles/restic/vars/main.yml b/roles/restic/vars/main.yml new file mode 100644 index 0000000..c2e4978 --- /dev/null +++ b/roles/restic/vars/main.yml @@ -0,0 +1,11 @@ +--- + +restic_version: "0.15.1" +restic_architecture: "amd64" +restic_system: "{{ ansible_facts['system'] | lower }}" +restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2" + +restic_path: "/usr/local/bin/restic" +restic_script_path: "/usr/local/bin/resticbackup.sh" + +restic_repository: "s3:{{ restic_s3_url }}/{{ inventory_hostname }}"