1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_restic_archiver.git synced 2024-08-16 10:09:49 +02:00
ansible role to cleanup restic backup at the writeonly restic rest-server
Find a file
dependabot[bot] 4e5a6c67d2
Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 03:14:45 +00:00
.github Bump actions/checkout from 3 to 4 2023-09-05 03:14:45 +00:00
defaults Archiv settings expanded 2022-02-02 13:03:37 +01:00
files implement logrotate 2020-12-14 15:50:39 +01:00
handlers introducing systemd timer 2021-12-07 19:50:02 +01:00
meta updating... 2021-10-04 18:12:38 +02:00
tasks update linting 2022-03-27 22:41:36 +02:00
templates improve pruning 2022-03-11 14:07:28 +01:00
vars update linting 2022-03-27 22:41:36 +02:00
.gitignore improve prune settings 2021-07-15 23:33:03 +02:00
.yamllint improve linting 2021-02-17 16:54:16 +01:00
LICENSE start preparing role for archiv cleanup functions 2020-11-20 11:03:53 +01:00
README.md improve prune settings 2021-07-15 23:33:03 +02:00

ansible_role_restic_archiver

ansible role to "archive" restic backups.

The scenario for this role is:

  • You have the restic rest server running in write-only mode
  • you send backups from other servers to your restic backup server

Now you don't want to store all backups indefinitely, but only for the last days a daily backup and otherwise weekly, monthly, yearly a few... just like you do it.

Of course you don't want to give access to others, so you solve the whole thing with a local cronjob. And this cronjob is built with this Ansible role.

As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view.

this role does not install restic. For that, we recommend this ansible role. We have had good experience with this role for the restic rest server.

Variables:

---
# which repos should we cleanup by default
restic_archiver__repos: {}
#  - name: example_server:
#    location: /srv/restic/example_server_repo
#    password: securepassword4eXaMpleSserver
#  - name: other_server
#    location: /srv/restic/other_server_repo
#    password: xtrasecuredifferentpassword4other
#    archive: true
#    archive_location: /mnt/archive/other_server_repo
#    archive_password: archive4other_server_password
#    archive_cleanup: true
#    keep_last: 5
#    keep_hourly: 4
#    keep_daily: 1
#    keep_weekly: 1
#    keep_monthly: 1
#    keep_yearly: 1
#    keep_within: 1
#    prune: true

# how long should we store all backups by default
restic_archiver__keep: 5
restic_archiver__keep_hourly: 16
restic_archiver__keep_daily: 14
restic_archiver__keep_weekly: 8
restic_archiver__keep_monthly: 16
restic_archiver__keep_yearly: 12

# owner and user of all restic stuff
restic_archiver__owner: 'root'
restic_archiver__group: 'root'

# shedule restic cronjob
restic_archiver__hour: '3'
restic_archiver__minute: '32'

# validate if disk is mounted
restic_archiver__mount_required: false
# which disk have to be mounted
restic_archiver__mount_disk: '/mnt/'
# umount after use?
restic_archiver__umount_after_usage: false

# required packages
restic_archiver__package:
  - cron

  restic_archiver__log_output: true
  restic_archiver__logrotate: true

  restic_archiver__mailsummary: false
  restic_archiver__mail_on_error: false
  restic_archiver__mailaddress: 'root@localhost'

# restic default options
restic_archiver__default_opt: ''

# additional msgs
restic_archiver__additional_mail_msg: ''
# version check for this playbook (true is recomended)
submodules_versioncheck: false

restic_archiver__cache_config: false
restic_archiver__cache_dir: '~/.cache/restic'
restic_archiver__prune: false