diff --git a/.github/workflows/ansible-debian-buster.yml b/.github/workflows/ansible-debian-buster.yml new file mode 100644 index 0000000..a7650ad --- /dev/null +++ b/.github/workflows/ansible-debian-buster.yml @@ -0,0 +1,16 @@ +name: Ansible check debian:buster + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: ansible check with debian:buster + uses: roles-ansible/check-ansible-debian-buster-action@master + with: + targets: "./" diff --git a/.github/workflows/ansible-debian-latest.yml b/.github/workflows/ansible-debian-latest.yml new file mode 100644 index 0000000..d0ad4ca --- /dev/null +++ b/.github/workflows/ansible-debian-latest.yml @@ -0,0 +1,16 @@ +name: Ansible check debian:latest + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: ansible check with debian:latest + uses: roles-ansible/check-ansible-debian-latest-action@master + with: + targets: "./" diff --git a/.github/workflows/ansible-debian-sid.yml b/.github/workflows/ansible-debian-sid.yml new file mode 100644 index 0000000..72fe3a8 --- /dev/null +++ b/.github/workflows/ansible-debian-sid.yml @@ -0,0 +1,16 @@ +name: Ansible check debian:sid + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: ansible check with debian:sid + uses: roles-ansible/check-ansible-debian-sid-action@master + with: + targets: "./" diff --git a/.github/workflows/ansible-debian-stable.yml b/.github/workflows/ansible-debian-stable.yml new file mode 100644 index 0000000..97076ae --- /dev/null +++ b/.github/workflows/ansible-debian-stable.yml @@ -0,0 +1,16 @@ +name: Ansible check debian:stable + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: ansible check with debian:stable + uses: roles-ansible/check-ansible-debian-stable-action@master + with: + targets: "./" diff --git a/.github/workflows/ansible-debian-stretch.yml b/.github/workflows/ansible-debian-stretch.yml new file mode 100644 index 0000000..19ac5fb --- /dev/null +++ b/.github/workflows/ansible-debian-stretch.yml @@ -0,0 +1,16 @@ +name: Ansible check debian:stretch + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: ansible check with debian:stretch + uses: roles-ansible/check-ansible-debian-stretch-action@master + with: + targets: "./" diff --git a/README.md b/README.md index 7d79832..b6191c3 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,58 @@ ansible_role_restic_archiver ====================== -## **ATTENTION** This role is under developement - +Now you don't want to store all backups indefinitely, but only for the last days a daily backup and otherwise weekly, monthly, yearly a few... just like you do it. +Of course you don't want to give access to others, so you solve the whole thing with a local cronjob. And this cronjob is built with this Ansible role. + +As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view. + + Variables: +--------- +```ini +# which repos should we 'cleanup' by default +restic_archiver__repos: {} +# - name: example_server: +# location: /srv/restic/example_server_repo +# password: securepassword4eXaMpleSserver +# - name: other_server +# location: /srv/restic/other_server_repo +# password: xtrasecuredifferentpassword4other +# archive: true +# archive_location: /mnt/archive/other_server_repo +# archive_password: archive4other_server_password +# archive_cleanup: true +# keep_last: 5 +# keep_hourly: 4 +# keep_daily: 1 +# keep_weekly: 1 +# keep_monthly: 1 +# keep_yearly: 1 +# keep_within: 1 + +# how long should we store all backups by default +restic_archiver__keep: 9 +restic_archiver__keep_hourly: 28 +restic_archiver__keep_daily: 26 +restic_archiver__keep_weekly: 8 +restic_archiver__keep_monthly: 13 +restic_archiver__keep_yearly: 12 + +# owner and user of all restic stuff +restic_archiver__owner: 'root' +restic_archiver__group: 'root' + +# shedule restic cronjob +restic_archiver__hour: '3' +restic_archiver__minute: '32' + +# version check for this playbook (true is recomended) +submodules_versioncheck: false +``` diff --git a/defaults/main.yml b/defaults/main.yml index 20db4e5..35b02f7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -27,17 +27,13 @@ restic_archiver__keep_weekly: 8 restic_archiver__keep_monthly: 13 restic_archiver__keep_yearly: 12 +# owner and user of all restic stuff +restic_archiver__owner: 'root' +restic_archiver__group: 'root' +# shedule restic cronjob +restic_archiver__hour: '3' +restic_archiver__minute: '32' -# defaults file for skeleton -restic_install_path: '/usr/bin' -restic_script_dir: '~/restic' -restic_repos: {} -restic_archiver__backups: [] -restic_create_cron: false - -restic_archiver__dir_owner: '{{ ansible_user | default(ansible_user_id) }}' -restic_archiver__dir_group: '{{ ansible_user | default(ansible_user_id) }}' - -# version check for this playbook +# version check for this playbook (true is recomended) submodules_versioncheck: false diff --git a/tasks/main.yml b/tasks/main.yml index 941f4e0..7812209 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,45 +2,21 @@ - include_tasks: versioncheck.yml when: submodules_versioncheck|bool -- name: use template +- name: deploy restic template template: src: templates/restic_forget_snapshots.j2 - dest: /tmp/test - group: "{{ restic_archiver__dir_owner }}" - owner: "{{ restic_archiver__dir_group }}" + dest: /opt/restic-backup.sh + group: "{{ restic_archiver__owner }}" + owner: "{{ restic_archiver__group }}" mode: 0700 -# no_log: true + become: true - -#- include_tasks: template.yml - -#- name: add OS specific variables -# include_vars: '{{ loop_vars }}' -# with_first_found: -# - files: -# - '{{ distribution }}-{{ distribution_version }}.yml' -# - '{{ distribution }}-{{ distribution_major_version }}.yml' -# - '{{ distribution }}.yml' -# - '{{ ansible_os_family }}.yml' -# - '{{ ansible_system }}.yml' -# - 'defaults.yml' -# paths: -## - 'vars' - # loop_control: - # loop_var: loop_vars -# vars: -# distribution: '{{ ansible_distribution }}' -# distribution_version: '{{ ansible_distribution_version }}' -# distribution_major_version: '{{ ansible_distribution_major_version }}' -# tags: -# - configuration -# - packages - -#- name: Ensure restic directories exist -# file: -# state: 'directory' -# path: '{{ item }}' -# mode: '0755' -# owner: '{{ restic_dir_owner }}' -# group: '{{ restic_dir_group }}' -# with_items: '{{ restic_create_paths }}' +- name: setup cronjob for restic + become: true + cron: + name: "archive restic backup with ansible_role_restic_archiver" + job: /opt/restic-backup.sh + cron_file: /tec/crontab + hour: "{{ restic_archiver__hour }}" + minute: "{{ restic_archiver__minute }}" + user: "{{ restic_archiver__user }}" diff --git a/vars/main.yml b/vars/main.yml index 4d7db3a..4da99f7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 20 # should be over ninethousand +playbook_version_number: 23 # should be over ninethousand playbook_version_path: 'role-restic_archiver_roles-ansible_github.com.version'