feat: add restic role and pb

2024-07-05 11:53:32 +02:00
parent 3d853e2d33
commit 02ee407244
7 changed files with 117 additions and 0 deletions
--- a/restic.yml
+++ b/restic.yml
@@ -0,0 +1,6 @@
+---
+
+- hosts: resticservers
+  diff: true
+  roles:
+    - restic
--- a/roles/restic/defaults/main.yml
+++ b/roles/restic/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+
+restic_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62333166623737363731663766353330633335306532306366356536376232396664376430613434
+          3966376539303238376461386262663066376338386537660a376365643761653463393539316232
+          30653130383761653432306136333733653062356635643662616133366663646132383136313530
+          3866343664393330610a623930316330626166343934623230313232626131386132393866373661
+          6336
+restic_backup_path: ["/srv", "/home", "/etc"]
+restic_backup_excluded_path: ["/srv/NOBACKUP"]
+restic_backup_hour: 6
+restic_backup_minute: 0
--- a/roles/restic/tasks/install.yml
+++ b/roles/restic/tasks/install.yml
@@ -0,0 +1,17 @@
+---
+
+- name: download restic
+  get_url:
+    url: "{{ restic_download_url }}"
+    dest: "/tmp"
+
+- name: uncompress restic
+  shell:
+    cmd: "bzip2 -dc /tmp/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2 > {{ restic_path }}"
+
+- name: check restic exe
+  file:
+    path: "{{ restic_path }}"
+    mode: 0755
+    owner: root
+    group: root
--- a/roles/restic/tasks/main.yml
+++ b/roles/restic/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+## TEMP
+- name: remove borg
+  include_tasks: remove_borg.yml
+
+- name: install restic
+  include_tasks: install.yml
+
+- name: put backup script
+  template:
+    src: resticbackup.sh.j2
+    dest: "{{ restic_script_path }}"
+    owner: root
+    group: root
+    mode: '0750'
+
+- name: cron the backup script
+  cron:
+    name: "restic backup script"
+    hour: "{{ restic_backup_hour }}"
+    minute: "{{ restic_backup_minute }}"
+    job: "{{ restic_script_path }}"
+
+- name: init restic
+  shell:
+    cmd: "restic init && restic stats"
+    creates: "/root/.cache/restic"
+  environment:
+    RESTIC_REPOSITORY: "{{ restic_repository }}"
+    RESTIC_PASSWORD: "{{ restic_pass }}"
+    AWS_ACCESS_KEY_ID: "{{ restic_aws_access_key_id }}"
+    AWS_SECRET_ACCESS_KEY: "{{ restic_aws_secret_access_key }}"
--- a/roles/restic/tasks/remove_borg.yml
+++ b/roles/restic/tasks/remove_borg.yml
@@ -0,0 +1,24 @@
+---
+
+- name: remove borg packet
+  package:
+    name: borgbackup
+    state: absent
+
+- name: remove borg script
+  file:
+    path: /usr/local/bin/borgbackup.sh
+    state: absent
+
+- name: remove cache dirs
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/root/.cache/borg"
+    - "/root/.config/borg"
+
+- name: remove cron
+  cron:
+    name: "borg backup script"
+    state: absent
--- a/roles/restic/templates/resticbackup.sh.j2
+++ b/roles/restic/templates/resticbackup.sh.j2
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+## Variable
+RESTIC_PASSWORD="{{ restic_pass }}"
+RESTIC_REPOSITORY="{{ restic_repository }}"
+AWS_ACCESS_KEY_ID="{{ restic_aws_access_key_id }}"
+AWS_SECRET_ACCESS_KEY="{{ restic_aws_secret_access_key }}"
+
+## lancement de la sauvegarde
+{{ restic_path }} backup --exclude-caches {% for i in restic_backup_excluded_path %} -e {{ i }} {% endfor %} {% for i in restic_backup_path %}{{ i }} {% endfor %}
+
+## récupération de l'espace
+{{ restic_path }} forget --prune -d 7 -w 4 -m 3
--- a/roles/restic/vars/main.yml
+++ b/roles/restic/vars/main.yml
@@ -0,0 +1,11 @@
+---
+
+restic_version: "0.15.1"
+restic_architecture: "amd64"
+restic_system: "{{ ansible_facts['system'] | lower }}"
+restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2"
+
+restic_path: "/usr/local/bin/restic"
+restic_script_path: "/usr/local/bin/resticbackup.sh"
+
+restic_repository: "s3:{{ restic_s3_url }}/{{ inventory_hostname }}"