Initial commit

2024-12-14 13:08:21 +01:00
commit 5c23ca311e
29 changed files with 1054 additions and 0 deletions
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -0,0 +1,25 @@
+---
+- name: Create /etc/borgmatic directory
+  ansible.builtin.file:
+    state: 'directory'
+    path: '/etc/borgmatic'
+    owner: '{{ borg_user }}'
+    group: '{{ borg_user }}'
+    mode: '0700'
+
+- name: Copy borgmatic exclude file
+  ansible.builtin.template:
+    src: '{{ borg_exclude_template }}'
+    dest: '/etc/borgmatic/{{ borg_exclude_template|basename }}'
+    owner: '{{ borg_user }}'
+    group: '{{ borg_user }}'
+    mode: '0600'
+
+- name: Copy borgmatic config file
+  ansible.builtin.template:
+    src: '{{ borg_conf_template }}'
+    dest: '/etc/borgmatic/{{ borg_conf_template|basename }}'
+    owner: '{{ borg_user }}'
+    group: '{{ borg_user }}'
+    mode: '0600'
+    validate: borgmatic config validate -c %s
--- a/tasks/extra.yml
+++ b/tasks/extra.yml
@ -0,0 +1,76 @@
+---
+- name: Set up borg cron job
+  ansible.builtin.cron:
+    name: 'Borgbackup'
+    cron_file: borgbackup
+    user: "{{ borg_user }}"
+    hour: '{{ borg_cron.hour }}'
+    minute: '{{ borg_cron.minute }}'
+    day: "{{ borg_cron.day }}"
+    weekday: "{{ borg_cron.weekday }}"
+    month: "{{ borg_cron.month }}"
+    job: >
+      PATH=$PATH:/usr/local/bin
+      nice -n {{ borg_cron_nice }}
+      ionice -c {{ borg_cron_ionice }}
+      borgmatic {{ borg_cron_action }} --log-file {{ borg_cron_log }} --log-file-verbosity 2 -c /etc/borgmatic/config.yaml >>{{ borg_cron_log }} 2>&1
+  when: borg_cron_enable
+
+- name: Set up borg prune cron job
+  ansible.builtin.cron:
+    name: 'Borgbackup Prune'
+    cron_file: borgbackup
+    user: "{{ borg_user }}"
+    hour: >-
+      {% if borg_cron.hour in range(0, 22) %}
+        {{ '%02d' | format(borg_cron.hour + 2) }}
+      {%- elif borg_cron.hour in [22, 23] -%}
+        {% if borg_cron.hour == 22 %}0{% else %}1{% endif %}
+      {%- endif -%}
+    minute: '{{ borg_cron.minute }}'
+    day: "{{ borg_cron.day }}"
+    weekday: "{{ borg_cron.weekday }}"
+    month: "{{ borg_cron.month }}"
+    job: >
+      PATH=$PATH:/usr/local/bin
+      nice -n {{ borg_cron_nice }}
+      ionice -c {{ borg_cron_ionice }}
+      borgmatic prune --log-file {{ borg_cron_log }} --log-file-verbosity 2 -c /etc/borgmatic/config.yaml >>{{ borg_cron_log }} 2>&1
+  when:
+    - borg_cron_enable
+    - borg_cron_action != 'prune'
+
+- name: Create borg_cron_log file
+  ansible.builtin.file:
+    state: touch
+    modification_time: preserve
+    access_time: preserve
+    path: '{{ borg_cron_log }}'
+    owner: '{{ borg_user }}'
+    group: '{{ borg_user }}'
+    mode: '0600'
+  when: borg_cron_enable
+
+- name: Copy s3-synchronize.sh scripts
+  ansible.builtin.copy:
+    src: files/s3-synchronize.sh
+    dest: /usr/local/bin/s3-synchronize.sh
+    mode: '0755'
+  when: borg_scripts
+
+- name: Setup logrotate
+  ansible.builtin.copy:
+    dest: /etc/logrotate.d/borg
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+     {{ borg_cron_log }} {
+     daily
+     rotate 7
+     missingok
+     notifempty
+     compress
+     delaycompress
+     }
+  when: borg_logrotate
--- a/tasks/init.yml
+++ b/tasks/init.yml
@ -0,0 +1,14 @@
+---
+- name: Init local borg repository
+  ansible.builtin.shell: 'BORG_PASSPHRASE={{ borg_encryption_passphrase }} borg init {{ borg_local_repository }} -e {{ borg_encryption_type }}'
+  args:
+    creates: "{{ borg_local_repository }}/data"
+  no_log: "{{ no_log|default('true') }}"
+  when: not borg_no_local_repository
+
+- name: Init remote borg repository
+  ansible.builtin.shell: 'sudo -u {{ borg_user }} BORG_PASSPHRASE={{ borg_encryption_passphrase }} borg init {{ borg_remote_repository }} -e {{ borg_encryption_type }}'
+  no_log: "{{ no_log|default('true') }}"
+  when:
+    - borg_remote_repository is defined
+    - borg_init_remote_repository
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -0,0 +1,24 @@
+---
+- name: Setup apt pref
+  ansible.builtin.copy:
+    dest: /etc/apt/preferences.d/borgbackup.pref
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+      # Ansible managed
+      Package: borgbackup
+      Pin: release a={{ ansible_distribution_release|lower }}-backports
+      Pin-Priority: 990
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Install main packages
+  ansible.builtin.package:
+    name: "{{ borg_packages }}"
+
+- name: Install pip3 packages
+  ansible.builtin.pip:
+    name: "{{ borg_packages_pip }}"
+    state: latest
+    executable: pip3
+    break_system_packages: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,24 @@
+---
+- name: assert variables
+  ansible.builtin.assert:
+    that: borg_encryption_passphrase is defined
+
+- include_tasks: install.yml
+  tags:
+    - borg
+    - borg_install
+
+- include_tasks: init.yml
+  tags:
+    - borg
+    - borg_init
+
+- include_tasks: config.yml
+  tags:
+    - borg
+    - borg_config
+
+- include_tasks: extra.yml
+  tags:
+    - borg
+    - borg_extra