ansible-roles/backup
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
backup/tasks/duplicity.yml

278 lines
8.9 KiB
YAML
Raw Blame History

---
- name: duplicity | check vars are defined
assert:
that:
- duplicity_archive_dir is defined
- duplicity_s3_path is defined
- duplicity_s3_passphrase is defined
- duplicity_s3_access_key is defined
- duplicity_s3_secret_key is defined
when:
- duplicity_backend == 's3'
tags: ['backup_duplicity']
- name: duplicity | check vars are defined
assert:
that:
- duplicity_archive_dir is defined
- duplicity_azure_path is defined
when:
- duplicity_backend == 'azure'
tags: ['backup_duplicity']
- name: duplicity | install packages
apt:
name:
- duplicity
- python3-boto
state: present
tags: ['backup_duplicity']
- name: duplicity | check for dedicated GPG key standalone
shell: |
gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
register: duplicity_get_key
when:
- duplicity_oneforall_key == False
tags: ['backup_duplicity']
- name: duplicity | check for dedicated GPG key infra
shell: |
gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
register: duplicity_get_key
delegate_to: localhost
when:
- duplicity_oneforall_key == True
tags: ['backup_duplicity']
- set_fact:
duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"
when:
- duplicity_oneforall_key == False
- duplicity_get_key.stdout != ''
tags: ['backup_duplicity']
- set_fact:
duplicity_gpg_key: "{{ duplicity_get_key.stdout }}"
delegate_to: localhost
when:
- duplicity_oneforall_key == True
- duplicity_get_key.stdout != ''
tags: ['backup_duplicity']
- name: duplicity | generate dedicated GPG key standalone
shell: |
gpg --batch --gen-key <<EOF
%echo Generating a OpenPGP key
%no-protection
Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: cert
Subkey-Type: ecdh
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Name-Real: "{{ duplicity_gpg_real_name }}"
Name-Email: "{{ duplicity_gpg_email }}"
Expire-Date: 0
%commit
EOF
when:
- duplicity_oneforall_key == False
- duplicity_gpg_key is undefined
tags: ['backup_duplicity']
- name: duplicity | generate dedicated GPG key infra
shell: |
gpg --batch --gen-key <<EOF
%echo Generating a OpenPGP key
%no-protection
Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: cert
Subkey-Type: ecdh
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Name-Real: "{{ duplicity_gpg_real_name }}"
Name-Email: "{{ duplicity_gpg_email }}"
Expire-Date: 0
%commit
EOF
delegate_to: localhost
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key is undefined
tags: ['backup_duplicity']
- name: duplicity | check for dedicated GPG key infra on remote
shell: |
gpg --list-options show-only-fpr-mbox --list-secret-keys -a "{{ duplicity_gpg_real_name }}" | awk '{print $1}'
register: duplicity_get_key_remote
when:
- duplicity_oneforall_key == True
tags: ['backup_duplicity']
- set_fact:
duplicity_gpg_key_remote: "{{ duplicity_get_key_remote.stdout }}"
when:
- duplicity_oneforall_key == True
- duplicity_get_key_remote.stdout != ''
tags: ['backup_duplicity']
- name: duplicity | export public key
shell: |
gpg --export -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_public.key
delegate_to: localhost
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | export private key
shell: |
gpg --export-secret-key -a "{{ duplicity_gpg_real_name }}" > /home/ansible/{{ duplicity_gpg_real_name }}_private.key
delegate_to: localhost
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | copy keys to the server
copy:
src: "{{ item }}"
dest: "{{ item }}"
with_items:
- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | import keys to the server
shell: |
gpg --import {{ item }}
with_items:
- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | import ownertrust
shell: "/usr/bin/echo '{{ duplicity_gpg_key }}:6:' |/usr/bin/gpg --import-ownertrust"
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | delete exported keys
ansible.builtin.file:
path: '{{ item }}'
state: absent
with_items:
- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
delegate_to: localhost
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | delete exported keys on remote
ansible.builtin.file:
path: '{{ item }}'
state: absent
with_items:
- "/home/ansible/{{ duplicity_gpg_real_name }}_public.key"
- "/home/ansible/{{ duplicity_gpg_real_name }}_private.key"
when:
- duplicity_oneforall_key == True
- duplicity_gpg_key_remote is undefined
tags: ['backup_duplicity']
- name: duplicity | create configuration directory
file:
path: /etc/duplicity
state: directory
mode: '0755'
tags: ['backup_duplicity']
- name: duplicity | copy configuration file
template:
src: duplicity.cnf.j2
dest: /etc/duplicity/duplicity.cnf
owner: root
group: root
mode: 0600
tags: ['backup_duplicity']
- name: duplicity | copy exclude.list
template:
src: exclude.list.j2
dest: /etc/duplicity/exclude.list
owner: root
group: root
mode: 0644
tags: ['backup_duplicity']
- name: duplicity | create backup cronjob
cron:
name: duplicity backup
minute: "{{ duplicity_cron_backup_minute }}"
hour: "{{ duplicity_cron_backup_hour }}"
day: "{{ duplicity_cron_backup_day }}"
month: "{{ duplicity_cron_backup_month }}"
weekday: "{{ duplicity_cron_backup_weekday }}"
user: "{{ duplicity_cron_backup_user }}"
job: ". /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --s3-use-new-style -v 4 --archive-dir={{ duplicity_archive_dir }} --full-if-older-than {{ duplicity_full_older_than }}D / \"{{ duplicity_s3_path }}\" --exclude-filelist {{ duplicity_exclude_filelist }}"
when:
- duplicity_gpg_key is defined
- '"s3" in duplicity_backend'
tags: ['backup_duplicity']
- name: duplicity | create cleanup cronjob
cron:
name: duplicity cleanup
minute: "{{ duplicity_cron_backup_minute+30 }}"
hour: "{{ duplicity_cron_backup_hour+3 }}"
day: "{{ duplicity_cron_backup_day }}"
month: "{{ duplicity_cron_backup_month }}"
weekday: "{{ duplicity_cron_backup_weekday }}"
user: "{{ duplicity_cron_backup_user }}"
job: ". /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --force --s3-use-new-style -v 4 --archive-dir={{ duplicity_archive_dir }} remove-older-than {{ duplicity_remove_older_than }}D \"{{ duplicity_s3_path }}\""
when:
- duplicity_gpg_key is defined
- '"s3" in duplicity_backend'
tags: ['backup_duplicity']
- name: duplicity | create backup cronjob
cron:
name: duplicity backup
minute: "{{ duplicity_cron_backup_minute }}"
hour: "{{ duplicity_cron_backup_hour }}"
day: "{{ duplicity_cron_backup_day }}"
month: "{{ duplicity_cron_backup_month }}"
weekday: "{{ duplicity_cron_backup_weekday }}"
user: "{{ duplicity_cron_backup_user }}"
job: ". /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --archive-dir={{ duplicity_archive_dir }} --full-if-older-than {{ duplicity_full_older_than }}D / \"{{ duplicity_azure_path }}\" --exclude-filelist {{ duplicity_exclude_filelist }}"
when:
- duplicity_gpg_key is defined
- '"azure" in duplicity_backend'
tags: ['backup_duplicity']
- name: duplicity | create cleanup cronjob
cron:
name: duplicity cleanup
minute: "{{ duplicity_cron_backup_minute+30 }}"
hour: "{{ duplicity_cron_backup_hour+3 }}"
day: "{{ duplicity_cron_backup_day }}"
month: "{{ duplicity_cron_backup_month }}"
weekday: "{{ duplicity_cron_backup_weekday }}"
user: "{{ duplicity_cron_backup_user }}"
job: ". /etc/duplicity/duplicity.cnf && duplicity --encrypt-key {{ duplicity_gpg_key }} --archive-dir={{ duplicity_archive_dir }} --force remove-older-than {{ duplicity_remove_older_than }}D \"{{ duplicity_azure_path }}\""
when:
- duplicity_gpg_key is defined
- '"azure" in duplicity_backend'
tags: ['backup_duplicity']
Reference in New Issue View Git Blame Copy Permalink