backup/tasks/duplicity.yml

---
- name: duplicity | check vars are defined
  assert:
    that:
      - duplicity_archive_dir is defined
      - duplicity_s3_path is defined
      - duplicity_s3_passphrase is defined
      - duplicity_s3_access_key is defined
      - duplicity_s3_secret_key is defined
  tags: ['backup']

- name: duplicity | install packages
  apt:
    name: 
      - duplicity
    state: present
  tags: ['backup']

- name: duplicity | check for dedicated GPG key standalone
  shell: |
    gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
  register: duplicity_get_key
  when:
    - duplicity_oneforall_key == False
  tags: ['backup']

- name: duplicity | check for dedicated GPG key infra
  shell: |
    gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
  register: duplicity_get_key
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
  tags: ['backup']

- set_fact:
    duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"
  when:
    - duplicity_oneforall_key == False
    - duplicity_get_key.stdout != ''
  tags: ['backup']

- set_fact:
    duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
    - duplicity_get_key.stdout != ''
  tags: ['backup']

- name: duplicity | generate dedicated GPG key standalone
  shell: |
    gpg --batch --gen-key <<EOF
    %echo Generating a OpenPGP key
    %no-protection
    Key-Type: eddsa
    Key-Curve: Ed25519
    Key-Usage: cert
    Subkey-Type: ecdh
    Subkey-Curve: Curve25519
    Subkey-Usage: encrypt
    Name-Real: "{{ duplicity_gpg_real_name }}"
    Name-Email: "{{ duplicity_gpg_email }}"
    Expire-Date: 0
    %commit
    EOF
  when:
    - duplicity_oneforall_key == False
    - duplicity_gpg_key is undefined
  tags: ['backup']

- name: duplicity | generate dedicated GPG key infra
  shell: |
    gpg --batch --gen-key <<EOF
    %echo Generating a OpenPGP key
    %no-protection
    Key-Type: eddsa
    Key-Curve: Ed25519
    Key-Usage: cert
    Subkey-Type: ecdh
    Subkey-Curve: Curve25519
    Subkey-Usage: encrypt
    Name-Real: "{{ duplicity_gpg_real_name }}"
    Name-Email: "{{ duplicity_gpg_email }}"
    Expire-Date: 0
    %commit
    EOF
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key is undefined
  tags: ['backup']

- name: duplicity | check for dedicated GPG key infra on remote
  shell: |
    gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
  register: duplicity_get_key_remote
  when:
    - duplicity_oneforall_key == True
  tags: ['backup']

- set_fact:
    duplicity_gpg_key_remote: "{{ duplicity_get_key_remote.stdout }}"
  when:
    - duplicity_oneforall_key == True
    - duplicity_get_key_remote.stdout != ''
  tags: ['backup']

- name: duplicity | export public key
  shell: |
    gpg --export -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_public.key
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | export private key
  shell: |
    gpg --export-secret-key -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_private.key
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | copy keys to the server
  copy:
    src: "{{ item }}"
    dest: "{{ item }}"
  with_items:
   - "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
   - "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | import keys to the server
  shell: |
    gpg --import {{ item }}
  with_items:
   - "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
   - "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | import ownertrust
  shell: "/usr/bin/echo '{{ duplicity_gpg_key }}:6:' |/usr/bin/gpg --import-ownertrust"
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | delete exported keys
  ansible.builtin.file:
    path: '{{ item }}'
    state: absent
  with_items:
   - "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
   - "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
  delegate_to: localhost
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | delete exported keys on remote
  ansible.builtin.file:
    path: '{{ item }}'
    state: absent
  with_items:
   - "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
   - "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
  when:
    - duplicity_oneforall_key == True
    - duplicity_gpg_key_remote is undefined
  tags: ['backup']

- name: duplicity | create configuration directory
  file:
    path: /etc/duplicity
    state: directory
    mode: '0755'
  tags: ['backup']

- name: duplicity | copy configuration file
  template:
    src: duplicity.cnf.j2
    dest: /etc/duplicity/duplicity.cnf
    owner: root
    group: root
    mode: 0600
  tags: ['backup']

- name: duplicity | copy exclude.list
  template:
    src: exclude.list.j2
    dest: /etc/duplicity/exclude.list
    owner: root
    group: root
    mode: 0644
  tags: ['backup']

- name: duplicity | create backup cronjob
  cron:
    name: duplicity backup
    minute: "{{ duplicity_cron_backup_minute }}"
    hour: "{{ duplicity_cron_backup_hour }}"
    day: "{{ duplicity_cron_backup_day }}"
    month: "{{ duplicity_cron_backup_month }}"
    weekday: "{{ duplicity_cron_backup_weekday }}"
    user: "{{ duplicity_cron_backup_user }}"
    job: "source /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --s3-use-new-style -v 4 --archive-dir={{ duplicity_archive_dir }} --full-if-older-than {{ duplicity_full_older_than }}D / \"{{ duplicity_s3_path }}\" --exclude-filelist {{ duplicity_exclude_filelist }}"
  when: 
    - duplicity_gpg_key is defined
  tags: ['backup']

- name: duplicity | create cleanup cronjob
  cron:
    name: duplicity cleanup
    minute: "{{ duplicity_cron_backup_minute }}"
    hour: "{{ duplicity_cron_backup_hour }}"
    day: "{{ duplicity_cron_backup_day }}"
    month: "{{ duplicity_cron_backup_month }}"
    weekday: "{{ duplicity_cron_backup_weekday }}"
    user: "{{ duplicity_cron_backup_user }}"
    job: "source /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --force --s3-use-new-style -v 4 remove-older-than {{ duplicity_remove_older_than }}D \"{{ duplicity_s3_path }}\""
  when: 
    - duplicity_gpg_key is defined
  tags: ['backup']
initial commit 2022-09-07 17:53:38 +02:00			`---`
			`- name: duplicity \| check vars are defined`
			`assert:`
			`that:`
			`- duplicity_archive_dir is defined`
			`- duplicity_s3_path is defined`
			`- duplicity_s3_passphrase is defined`
			`- duplicity_s3_access_key is defined`
			`- duplicity_s3_secret_key is defined`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- name: duplicity \| install packages`
			`apt:`
			`name:`
			`- duplicity`
			`state: present`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`- name: duplicity \| check for dedicated GPG key standalone`
initial commit 2022-09-07 17:53:38 +02:00			`shell: \|`
			`gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" \| awk '{print $1}'`
			`register: duplicity_get_key`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`when:`
			`- duplicity_oneforall_key == False`
			`tags: ['backup']`

			`- name: duplicity \| check for dedicated GPG key infra`
			`shell: \|`
			`gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" \| awk '{print $1}'`
			`register: duplicity_get_key`
			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`tags: ['backup']`

			`- set_fact:`
			`duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"`
			`when:`
			`- duplicity_oneforall_key == False`
			`- duplicity_get_key.stdout != ''`
			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- set_fact:`
			`duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_get_key.stdout != ''`
			`tags: ['backup']`

			`- name: duplicity \| generate dedicated GPG key standalone`
			`shell: \|`
			`gpg --batch --gen-key <<EOF`
			`%echo Generating a OpenPGP key`
			`%no-protection`
			`Key-Type: eddsa`
			`Key-Curve: Ed25519`
			`Key-Usage: cert`
			`Subkey-Type: ecdh`
			`Subkey-Curve: Curve25519`
			`Subkey-Usage: encrypt`
			`Name-Real: "{{ duplicity_gpg_real_name }}"`
			`Name-Email: "{{ duplicity_gpg_email }}"`
			`Expire-Date: 0`
			`%commit`
			`EOF`
			`when:`
			`- duplicity_oneforall_key == False`
			`- duplicity_gpg_key is undefined`
			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`- name: duplicity \| generate dedicated GPG key infra`
initial commit 2022-09-07 17:53:38 +02:00			`shell: \|`
			`gpg --batch --gen-key <<EOF`
			`%echo Generating a OpenPGP key`
			`%no-protection`
			`Key-Type: eddsa`
			`Key-Curve: Ed25519`
			`Key-Usage: cert`
			`Subkey-Type: ecdh`
			`Subkey-Curve: Curve25519`
			`Subkey-Usage: encrypt`
			`Name-Real: "{{ duplicity_gpg_real_name }}"`
			`Name-Email: "{{ duplicity_gpg_email }}"`
			`Expire-Date: 0`
			`%commit`
			`EOF`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key is undefined`
			`tags: ['backup']`

			`- name: duplicity \| check for dedicated GPG key infra on remote`
			`shell: \|`
			`gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" \| awk '{print $1}'`
			`register: duplicity_get_key_remote`
			`when:`
			`- duplicity_oneforall_key == True`
			`tags: ['backup']`

			`- set_fact:`
			`duplicity_gpg_key_remote: "{{ duplicity_get_key_remote.stdout }}"`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_get_key_remote.stdout != ''`
			`tags: ['backup']`

			`- name: duplicity \| export public key`
			`shell: \|`
			`gpg --export -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_public.key`
			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| export private key`
			`shell: \|`
			`gpg --export-secret-key -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_private.key`
			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| copy keys to the server`
			`copy:`
			`src: "{{ item }}"`
			`dest: "{{ item }}"`
			`with_items:`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| import keys to the server`
			`shell: \|`
			`gpg --import {{ item }}`
			`with_items:`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| import ownertrust`
			`shell: "/usr/bin/echo '{{ duplicity_gpg_key }}:6:' \|/usr/bin/gpg --import-ownertrust"`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| delete exported keys`
			`ansible.builtin.file:`
			`path: '{{ item }}'`
			`state: absent`
			`with_items:`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"`
			`delegate_to: localhost`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`

			`- name: duplicity \| delete exported keys on remote`
			`ansible.builtin.file:`
			`path: '{{ item }}'`
			`state: absent`
			`with_items:`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"`
			`- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"`
			`when:`
			`- duplicity_oneforall_key == True`
			`- duplicity_gpg_key_remote is undefined`
			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
correct wrong char 2022-09-07 18:02:19 +02:00			`- name: duplicity \| create configuration directory`
initial commit 2022-09-07 17:53:38 +02:00			`file:`
			`path: /etc/duplicity`
			`state: directory`
			`mode: '0755'`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- name: duplicity \| copy configuration file`
			`template:`
			`src: duplicity.cnf.j2`
			`dest: /etc/duplicity/duplicity.cnf`
			`owner: root`
			`group: root`
			`mode: 0600`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- name: duplicity \| copy exclude.list`
			`template:`
			`src: exclude.list.j2`
			`dest: /etc/duplicity/exclude.list`
			`owner: root`
			`group: root`
			`mode: 0644`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- name: duplicity \| create backup cronjob`
			`cron:`
			`name: duplicity backup`
correct wrong char 2022-09-07 18:02:19 +02:00			`minute: "{{ duplicity_cron_backup_minute }}"`
			`hour: "{{ duplicity_cron_backup_hour }}"`
			`day: "{{ duplicity_cron_backup_day }}"`
			`month: "{{ duplicity_cron_backup_month }}"`
			`weekday: "{{ duplicity_cron_backup_weekday }}"`
			`user: "{{ duplicity_cron_backup_user }}"`
initial commit 2022-09-07 17:53:38 +02:00			`job: "source /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --s3-use-new-style -v 4 --archive-dir={{ duplicity_archive_dir }} --full-if-older-than {{ duplicity_full_older_than }}D / \"{{ duplicity_s3_path }}\" --exclude-filelist {{ duplicity_exclude_filelist }}"`
			`when:`
			`- duplicity_gpg_key is defined`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`
initial commit 2022-09-07 17:53:38 +02:00
			`- name: duplicity \| create cleanup cronjob`
			`cron:`
			`name: duplicity cleanup`
correct wrong char 2022-09-07 18:02:19 +02:00			`minute: "{{ duplicity_cron_backup_minute }}"`
			`hour: "{{ duplicity_cron_backup_hour }}"`
			`day: "{{ duplicity_cron_backup_day }}"`
			`month: "{{ duplicity_cron_backup_month }}"`
			`weekday: "{{ duplicity_cron_backup_weekday }}"`
			`user: "{{ duplicity_cron_backup_user }}"`
initial commit 2022-09-07 17:53:38 +02:00			`job: "source /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --force --s3-use-new-style -v 4 remove-older-than {{ duplicity_remove_older_than }}D \"{{ duplicity_s3_path }}\""`
			`when:`
			`- duplicity_gpg_key is defined`
add feature to use only one key for many servers and some improvements 2023-01-03 16:55:38 +01:00			`tags: ['backup']`