Move _ansible directory into main directory
This commit is contained in:
parent
519882db43
commit
40742e3214
GPG key ID:
13AD60C237A28DFE
124 changed files with 246 additions and 141 deletions
3
roles/backup/files/Dockerfile
Normal file
3
roles/backup/files/Dockerfile
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
FROM restic/restic
|
||||
|
||||
RUN apk add curl
|
||||
4
roles/backup/files/backup.timer
Normal file
4
roles/backup/files/backup.timer
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
[Timer]
|
||||
OnCalendar=*-*-* 04:10:00
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
30
roles/backup/files/docker-compose.yml
Normal file
30
roles/backup/files/docker-compose.yml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
backup:
|
||||
build:
|
||||
context: .
|
||||
image: backup
|
||||
restart: never
|
||||
env_file:
|
||||
- service.env
|
||||
volumes:
|
||||
- /tmp/backup-misc:/backup/misc
|
||||
- gitea_data:/backup/volumes/gitea_data
|
||||
- influxdb_data:/backup/volumes/influxdb_data
|
||||
- reitanlage_data:/backup/volumes/reitanlage_data
|
||||
- synapse_media_store:/backup/volumes/synapse_media_store
|
||||
- tandoor_mediafiles:/backup/volumes/tandoor_mediafiles
|
||||
command: restic backup /backup
|
||||
|
||||
volumes:
|
||||
gitea_data:
|
||||
external: true
|
||||
influxdb_data:
|
||||
external: true
|
||||
reitanlage_data:
|
||||
external: true
|
||||
synapse_media_store:
|
||||
external: true
|
||||
tandoor_mediafiles:
|
||||
external: true
|
||||
3
roles/backup/files/node001/mailcow.sh
Executable file
3
roles/backup/files/node001/mailcow.sh
Executable file
|
|
@ -0,0 +1,3 @@
|
|||
export MAILCOW_BACKUP_LOCATION="$BACKUP_LOCATION/mailcow"
|
||||
mkdir -p "$MAILCOW_BACKUP_LOCATION"
|
||||
/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
|
||||
14
roles/backup/files/node002/postgres.sh
Executable file
14
roles/backup/files/node002/postgres.sh
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
mkdir -p "$BACKUP_LOCATION/postgres"
|
||||
cd "$BACKUP_LOCATION/postgres" || exit
|
||||
|
||||
postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WHERE datistemplate = false;")
|
||||
|
||||
for i in $postgres_tables
|
||||
do
|
||||
printf "dumping %s ..." "$i"
|
||||
sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.gz"
|
||||
echo " done"
|
||||
done
|
||||
|
||||
echo "dumping all"
|
||||
sudo -u postgres pg_dumpall | gzip >"pg_dumpall.gz"
|
||||
84
roles/backup/tasks/main.yml
Normal file
84
roles/backup/tasks/main.yml
Normal file
|
|
@ -0,0 +1,84 @@
|
|||
---
|
||||
- name: Set common facts
|
||||
ansible.builtin.import_tasks: tasks/set-default-facts.yml
|
||||
|
||||
- name: Deploy {{ svc.name }}
|
||||
vars:
|
||||
svc: "{{ backup_svc }}"
|
||||
env: "{{ backup_env }}"
|
||||
compose: "{{ backup_compose }}"
|
||||
block:
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Copy the Dockerfile
|
||||
ansible.builtin.copy:
|
||||
src: Dockerfile
|
||||
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
|
||||
mode: "0644"
|
||||
register: cmd_result
|
||||
|
||||
- name: Set the docker rebuild flag
|
||||
ansible.builtin.set_fact:
|
||||
docker_rebuild: true
|
||||
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
|
||||
|
||||
- name: Set backup.d path
|
||||
ansible.builtin.set_fact:
|
||||
backup_d_path: "{{ (service_path, 'backup.d') | path_join }}"
|
||||
|
||||
- name: Create backup.d directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ backup_d_path }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Copy the additional backup scripts
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ backup_d_path }}"
|
||||
mode: "0755"
|
||||
with_fileglob:
|
||||
- "{{ ansible_facts.hostname }}/*"
|
||||
|
||||
- name: Copy the main backup scripts
|
||||
ansible.builtin.template:
|
||||
src: "backup.sh.j2"
|
||||
dest: "{{ (service_path, 'backup.sh') | path_join }}"
|
||||
mode: "0755"
|
||||
|
||||
- name: Copy the system service
|
||||
ansible.builtin.template:
|
||||
src: backup.service.j2
|
||||
dest: /etc/systemd/system/backup.service
|
||||
mode: "0644"
|
||||
become: true
|
||||
- name: Copy the system timer
|
||||
ansible.builtin.copy:
|
||||
src: backup.timer
|
||||
dest: /etc/systemd/system/backup.timer
|
||||
mode: "0644"
|
||||
become: true
|
||||
- name: Enable the system timer
|
||||
ansible.builtin.systemd_service:
|
||||
name: backup.timer
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
- name: Import tasks create a service.env file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
|
||||
|
||||
- name: Build service
|
||||
ansible.builtin.command:
|
||||
cmd: docker compose build --pull
|
||||
chdir: "{{ service_path }}"
|
||||
register: cmd_result
|
||||
changed_when: true # TODO
|
||||
|
||||
- name: Verify service
|
||||
ansible.builtin.command:
|
||||
cmd: docker compose run --rm app check
|
||||
chdir: "{{ service_path }}"
|
||||
changed_when: false
|
||||
4
roles/backup/templates/backup.service.j2
Normal file
4
roles/backup/templates/backup.service.j2
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ service_path }}/backup.sh
|
||||
WorkingDirectory={{ service_path }}
|
||||
50
roles/backup/templates/backup.sh.j2
Executable file
50
roles/backup/templates/backup.sh.j2
Executable file
|
|
@ -0,0 +1,50 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
set -a
|
||||
. "{{ service_path }}/service.env"
|
||||
set +a
|
||||
|
||||
hc_url="https://hc-ping.com/$HC_UID"
|
||||
_hc_ping () {
|
||||
curl -fsSL --retry 3 "$hc_url$1" >/dev/null
|
||||
}
|
||||
|
||||
_hc_fail () {
|
||||
_hc_ping "/fail"
|
||||
exit 1
|
||||
}
|
||||
|
||||
_hc_ping "/start"
|
||||
duration_start=$(date +%s)
|
||||
|
||||
BACKUP_LOCATION="$(mktemp -d)"
|
||||
export BACKUP_LOCATION
|
||||
cd "$BACKUP_LOCATION" || exit
|
||||
|
||||
shopt -s nullglob
|
||||
for file in "{{ service_path }}/backup.d/"*
|
||||
do
|
||||
echo ""
|
||||
echo "running $file"
|
||||
time "$file" || _hc_fail
|
||||
done || true
|
||||
|
||||
cd "{{ service_path }}"
|
||||
docker compose run --rm -v "$BACKUP_LOCATION:/backup/misc" app backup /backup || _hc_fail
|
||||
|
||||
duration_end=$(date +%s)
|
||||
_hc_ping
|
||||
|
||||
duration=$((duration_end - duration_start))
|
||||
curl -fsSL --retry 3 "https://status.serguzim.me/api/push/$UPTIME_KUMA_TOKEN?status=up&msg=OK&ping=${duration}000"
|
||||
|
||||
rm -rf "$BACKUP_LOCATION"
|
||||
|
||||
echo "forgetting old backups for $(hostname)"
|
||||
docker compose run --rm app forget --host "$(hostname)" --prune \
|
||||
--keep-daily 14 \
|
||||
--keep-weekly 28 \
|
||||
--keep-monthly 12 \
|
||||
--keep-yearly 2
|
||||
28
roles/backup/vars/main.yml
Normal file
28
roles/backup/vars/main.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
backup_svc:
|
||||
name: backup
|
||||
|
||||
backup_volumes_service: "{{ host_backup.backup.volumes | map_backup_volumes_service }}"
|
||||
|
||||
backup_env:
|
||||
HC_UID: "{{ host_backup.backup.hc_uid }}"
|
||||
UPTIME_KUMA_TOKEN: "{{ host_backup.backup.uptime_kuma_token }}"
|
||||
|
||||
RESTIC_REPOSITORY: "{{ vault_backup.restic.repository }}"
|
||||
RESTIC_PASSWORD: "{{ vault_backup.restic.password }}"
|
||||
|
||||
AWS_ACCESS_KEY_ID: "{{ vault_backup.aws_secret.key_id }}"
|
||||
AWS_SECRET_ACCESS_KEY: "{{ vault_backup.aws_secret.access_key }}"
|
||||
|
||||
backup_compose:
|
||||
watchtower: false
|
||||
image: backup
|
||||
volumes: "{{ backup_volumes_service }}"
|
||||
file:
|
||||
services:
|
||||
app:
|
||||
build:
|
||||
context: .
|
||||
restart: never
|
||||
hostname: "{{ ansible_facts.hostname }}"
|
||||
volumes: "{{ host_backup.backup.volumes | map_backup_volumes }}"
|
||||
Reference in a new issue