feat: remove borg

2024-07-05 11:53:39 +02:00
parent befa7f4169
commit 88a52e2134
14 changed files with 22 additions and 120 deletions
--- a/debian_version.yml
+++ b/debian_version.yml
@@ -1,7 +1,7 @@
 ---

 - name: Check Debian version
-  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa
+  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa!frederica.dmz.mateu.be
  tasks:
    - name: Print Debian version
      ansible.builtin.debug:
--- a/host_vars/frederica.dmz.mateu.be.yml
+++ b/host_vars/frederica.dmz.mateu.be.yml
@@ -1,12 +1,15 @@
 ---

-restic_aws_access_key_id: "SCWPE8TZQF1DYZD9H28N"
+ansible_python_interpreter: /usr/local/bin/python3
+
+restic_aws_access_key_id: "SCW0VAFXE5MN9N8KVHTQ"
 restic_aws_secret_access_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
-          38323833363833313664333032643631373963623434373266353065323634633139343032323336
-          3963623030373063616463333338646132326666623931630a643739346139353032303132373962
-          36303038383732623864366634643961323833333935313034643663343864656139316439326333
-          3036666630326331310a623465326465326536303130303237643863643563353339386236633165
-          32373736623230373735393066333463646439663465366139343466623563653839333131316233
-          6131656565643663333738333234393363386231383131313132
+          33656263333731333833613461336230626332666534376235643735373862663530393433396130
+          6161343663633037663033613135333232393364643533320a383630363938313435356261396662
+          36303063616264383530643638366332323061333835376131323666633234313833353662626438
+          3235353961303739390a323332376235363734373838613632376232383861613761616437316564
+          61333532656135333731313561663062323133613662373061666266383031343964623838336264
+          3936393838396163626438303962313931333165386363666139
 restic_s3_url: "https://s3.fr-par.scw.cloud/backup-libertus"
+restic_exe_group: "wheel"
--- a/production.yml
+++ b/production.yml
@@ -65,6 +65,11 @@ resticservers:
      restic_backup_path:
        - /etc
        - /var/lib/private/garage
+    frederica.dmz.mateu.be:
+      restic_backup_path:
+        - /mnt/tank
+      restic_backup_hour: 6
+      restic_backup_minute: 45
    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
      restic_backup_path:
        - /srv
--- a/roles/bittorrent/tasks/subliminal.yml
+++ b/roles/bittorrent/tasks/subliminal.yml
@@ -1,7 +1,7 @@
 ---

 - name: Install subliminal
-  package:
+  ansible.builtin.package:
    name: subliminal
    state: present

--- a/roles/borg_client/defaults/main.yml
+++ b/roles/borg_client/defaults/main.yml
@@ -1,13 +0,0 @@
---
-
-borg_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62333166623737363731663766353330633335306532306366356536376232396664376430613434
-          3966376539303238376461386262663066376338386537660a376365643761653463393539316232
-          30653130383761653432306136333733653062356635643662616133366663646132383136313530
-          3866343664393330610a623930316330626166343934623230313232626131386132393866373661
-          6336
-borg_backup_path: ["/srv", "/home", "/etc"]
-borg_backup_excluded_path: ["/srv/NOBACKUP"]
-borg_backup_hour: 6
-borg_backup_minute: 0
--- a/roles/borg_client/tasks/main.yml
+++ b/roles/borg_client/tasks/main.yml
@@ -1,30 +0,0 @@
---
-
- name: Create SSH key
-  community.crypto.openssh_keypair:
-    path: ~/.ssh/id_rsa
-
- name: Get SSH pub key
-  ansible.builtin.command:
-    cmd: cat ~/.ssh/id_rsa.pub
-  changed_when: true
-  register: ssh_keys
-
- name: Put backup script
-  ansible.builtin.template:
-    src: borgbackup.sh.j2
-    dest: /usr/local/bin/borgbackup.sh
-    owner: root
-    group: root
-    mode: '0750'
-
- name: Cron the backup script
-  ansible.builtin.cron:
-    name: "borg backup script"
-    hour: "{{ borg_backup_hour }}"
-    minute: "{{ borg_backup_minute }}"
-    job: /usr/local/bin/borgbackup.sh
-
- name: Warns about borg init
-  ansible.builtin.debug:
-    msg: "Borg has been installed. Don’t forget to init with: \nborg init --encryption=repokey-blake2 backup@{{ hostvars[groups['borg_server'][0]]['ansible_fqdn'] }}:home"
--- a/roles/borg_client/templates/borgbackup.sh.j2
+++ b/roles/borg_client/templates/borgbackup.sh.j2
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-## Variable
-export BORG_PASSPHRASE="{{ borg_pass }}"
-
-## lancement de la sauvegarde
-borg create --exclude-caches {% for f in borg_backup_excluded_path %}-e {{ f }} {% endfor %} -s backup@{{ hostvars[groups['borg_server'][0]]['ansible_fqdn'] }}:home::{now:%Y-%m-%d} {% for f in borg_backup_path %}{{ f }} {% endfor %}
-
-
-## récupération de l'espace
-borg prune -d 7 -w 4 -m 3 backup@{{ hostvars[groups['borg_server'][0]]['ansible_fqdn'] }}:home
-
--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@@ -1,36 +0,0 @@
---
-
- name: Mount backup disk
-  ansible.posix.mount:
-    path: /backup
-    src: LABEL=BACKUP
-    fstype: xfs
-    opts: noatime,nofail
-    state: mounted
-
- name: Create backup user
-  ansible.builtin.user:
-    name: backup
-    comment: Backup
-    create_home: true
-    home: /backup
-    shell: /bin/bash
-    system: true
-    state: present
-
- name: Create directory for borg clients
-  ansible.builtin.file:
-    path: "/backup/repos/{{ hostvars[item]['ansible_fqdn'] }}"
-    state: directory
-    mode: '0750'
-    owner: backup
-    group: backup
-  loop: "{{ groups['borg_client'] }}"
-
- name: Set authorized_keys for borg clients
-  ansible.posix.authorized_key:
-    user: backup
-    key: "{{ hostvars[item]['ssh_keys']['stdout'] }}"
-    key_options: "command=\"cd /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}; borg serve --restrict-to-path /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}\""
-    state: present
-  loop: "{{ groups['borg_client'] }}"
--- a/roles/borgbackup/tasks/main.yml
+++ b/roles/borgbackup/tasks/main.yml
@@ -1,16 +0,0 @@
---
-
- name: Set borg fact
-  ansible.builtin.set_fact:
-    borgbackup: borg
-    when: ansible_facts['distribution'] == "Archlinux"
-
- name: Set borgbackup fact
-  ansible.builtin.set_fact:
-    borgbackup: borgbackup
-    when: ansible_facts['distribution'] == "Debian"
-
- name: Install borg package
-  ansible.builtin.package:
-    name: "{{ borgbackup }}"
-    state: present
--- a/roles/restic/defaults/main.yml
+++ b/roles/restic/defaults/main.yml
@@ -11,3 +11,4 @@ restic_backup_path: ["/srv", "/home", "/etc"]
 restic_backup_excluded_path: ["/srv/NOBACKUP"]
 restic_backup_hour: 6
 restic_backup_minute: 0
+restic_exe_group: "root"
--- a/roles/restic/tasks/install.yml
+++ b/roles/restic/tasks/install.yml
@@ -16,4 +16,4 @@
    path: "{{ restic_path }}"
    mode: 0755
    owner: root
-    group: root
+    group: "{{ restic_exe_group }}"
--- a/roles/restic/tasks/main.yml
+++ b/roles/restic/tasks/main.yml
@@ -12,7 +12,7 @@
    src: resticbackup.sh.j2
    dest: "{{ restic_script_path }}"
    owner: root
-    group: root
+    group: "{{ restic_exe_group }}"
    mode: '0750'

 - name: Cron backup script
--- a/smtprelay.yml
+++ b/smtprelay.yml
@@ -1,7 +1,7 @@
 ---

 - name: Deploy smtp relay
-  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!mail.dmz.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa
+  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!mail.dmz.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa:!frederica.dmz.mateu.be
  diff: true
  roles:
    - smtprelay
--- a/system.yml
+++ b/system.yml
@@ -1,7 +1,7 @@
 ---

 - name: Deploy system tools
-  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa
+  hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be:!muse-HP-EliteBook-820-G2.home.arpa!frederica.dmz.mateu.be
  diff: true
  roles:
    - system