mirror of
https://github.com/roles-ansible/ansible_role_restic_archiver.git
synced 2024-08-16 10:09:49 +02:00
ansible role to cleanup restic backup at the writeonly restic rest-server
4e5a6c67d2
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> |
||
---|---|---|
.github | ||
defaults | ||
files | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
vars | ||
.gitignore | ||
.yamllint | ||
LICENSE | ||
README.md |
ansible_role_restic_archiver
ansible role to "archive" restic backups.
The scenario for this role is:
- You have the restic rest server running in write-only mode
- you send backups from other servers to your restic backup server
Now you don't want to store all backups indefinitely, but only for the last days a daily backup and otherwise weekly, monthly, yearly a few... just like you do it.
Of course you don't want to give access to others, so you solve the whole thing with a local cronjob. And this cronjob is built with this Ansible role.
As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view.
this role does not install restic. For that, we recommend this ansible role. We have had good experience with this role for the restic rest server.
Variables:
---
# which repos should we cleanup by default
restic_archiver__repos: {}
# - name: example_server:
# location: /srv/restic/example_server_repo
# password: securepassword4eXaMpleSserver
# - name: other_server
# location: /srv/restic/other_server_repo
# password: xtrasecuredifferentpassword4other
# archive: true
# archive_location: /mnt/archive/other_server_repo
# archive_password: archive4other_server_password
# archive_cleanup: true
# keep_last: 5
# keep_hourly: 4
# keep_daily: 1
# keep_weekly: 1
# keep_monthly: 1
# keep_yearly: 1
# keep_within: 1
# prune: true
# how long should we store all backups by default
restic_archiver__keep: 5
restic_archiver__keep_hourly: 16
restic_archiver__keep_daily: 14
restic_archiver__keep_weekly: 8
restic_archiver__keep_monthly: 16
restic_archiver__keep_yearly: 12
# owner and user of all restic stuff
restic_archiver__owner: 'root'
restic_archiver__group: 'root'
# shedule restic cronjob
restic_archiver__hour: '3'
restic_archiver__minute: '32'
# validate if disk is mounted
restic_archiver__mount_required: false
# which disk have to be mounted
restic_archiver__mount_disk: '/mnt/'
# umount after use?
restic_archiver__umount_after_usage: false
# required packages
restic_archiver__package:
- cron
restic_archiver__log_output: true
restic_archiver__logrotate: true
restic_archiver__mailsummary: false
restic_archiver__mail_on_error: false
restic_archiver__mailaddress: 'root@localhost'
# restic default options
restic_archiver__default_opt: ''
# additional msgs
restic_archiver__additional_mail_msg: ''
# version check for this playbook (true is recomended)
submodules_versioncheck: false
restic_archiver__cache_config: false
restic_archiver__cache_dir: '~/.cache/restic'
restic_archiver__prune: false