wytch/borg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Created basic playbook skeleton and setup scripts

Browse Source
This commit is contained in:
Elia Farin
2025-12-16 16:15:29 -06:00
parent 24f742fbbe
commit d7dec88cf6
15 changed files with 331 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,3 +1,4 @@
# ---> Ansible
*.retry
group_vars/secret.yml
**/authorized_keys

9
client.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- hosts: client
remote_user: root
vars_files:
- group_vars/client.yml
- group_vars/secret.yml
roles:
- client

20
group_vars/client.yml Normal file
View File

@@ -0,0 +1,20 @@
---
os:
family: "FAMILY"
version: "VERSION"
backup:
repo: "REPO"
encrypt: "ENCRYPT"
allocate_space: "yes"
additional_space: "50"
compression: "COMPRESSION"
tailscale:
install: "false"
enable: "true"
install_dirs:
- { path: "/opt/backup", mode: "0755" }
- { path: "/opt/backup/bin", mode: "0755" }
- { path: "/opt/backup/etc", mode: "0700" }

3
group_vars/secret.yml.example Normal file
View File

@@ -0,0 +1,3 @@
---
backup:
passphrase: "PASSPHRASE"

6
group_vars/server.yml Normal file
View File

@@ -0,0 +1,6 @@
---
user: backup
password_locked: true
install_key: true

126
install.sh Normal file
View File

@@ -0,0 +1,126 @@
#!/usr/bin/env bash
setup_encryption() {
sed -i 's/ENCRYPT/true/' group_vars/client.yml
pass_reprompt="1"
while [ pass_reprompt == 1 ]; do
printf 'Please enter a passphrase to use for your backup\n Password: '
read -s password1
printf '\nVerify Password: '
read -s password2
if [ "$password1" -eq "$password2" ]; then
pass_reprompt=0
else
printf 'Passwords do not match. Please try again\n'
fi
done
SECRET="---\\nbackup:\\n passphrase: '$password'\\n"
printf '%s' "$SECRET" | tee group_vars/secret.yml
}
setup_ssh() {
printf 'What is the IP or hostname of your remote backup?\n'
cont=0
while [ $cont != 1 ]; do
read -p "IP/hostname: " address
printf '\nIs %s correct? ' "$address"
read -p "[y/N]: " ans
case "$ans" in
[yY].*) cont=1
;;
*) cont=0
;;
esac
done
cont=0
printf 'What is the backup location?\n'
while [ "$cont" != 1 ]; do
read -p "Absolute path: " path
printf '\nIs %s correct? ' "$path"
read -p "[y/N]: " ans
case "$ans" in
[yY].*) cont=1
;;
*) cont=0
esac
done
printf 's/REPO/ssh://backup@%s:%s/\n' "$address" "$path" > /tmp/backupssh.sed
sed -i -s /tmp/backupssh.sed group_vars/client.yml
rm /tmp/backupssh.sed
}
setup_remote() {
case "$1" in
"ssh") setup_ssh
;;
"local") setup_local
;;
*)
printf 'Error in setup_remote()\n'
printf 'Case %s not understood\n' "$1"
exit 1
;;
esac
setup_environment() {
printf 'Setting up environment...\n'
printf 'What is your backup location?\n'
printf '0: cancel\n'
printf '1: ssh\n'
printf '2: local\n'
read -p "(0-2)" ans
case "$ans" in
"0") printf 'Cancelling...\n' && exit
;;
"1") setup_remote "ssh"
;;
"2") setup_remote "local"
;;
*) printf 'Answer not understood. Please rerun this script' && exit
;;
esac
read -p "Would you like to set up encryption? [y/N]" ans
case "$ans" in
[yY].*) setup_encryption
;;
*) sed -i 's/ENCRYPT/false/' group_vars/client.yml
;;
esac
printf 'Would you like to set up a "reserve" file?\n'
printf 'This file will be an empty file 50GB in size\n'
printf 'that you can delete to free up space should you run out.\n\n'
printf 'This is highly recommended\n'
read -p "Setup Reserved Space [Y/n]: " reserved
case "$reserved" in
[nN].*) sed -i 's/ALLOCATE/true/' group_vars/client.yml
;;
*) sed -i 's/ALLOCATE/false/' group_vars/client.yml
;;
esac
printf 'The setup will now install required packages\n'
printf 'You will be prompted for your sudo password\n'
sudo dnf install -y ansible ansible-playbook
read -p "Would you like to set up the environment files?: [Y/n]: " ans
case $ans in
[yY].*) setup_environment
;;
*) printf 'No environment set up. You will need to do this manually\n'
;;
esac

3
inventory Normal file
View File

@@ -0,0 +1,3 @@
[install]
localhost

78
roles/client/files/backup.sh Normal file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/env bash
# Setting this, so the repo does not need to be given on the commandline:
# Example:
# ssh://username@example.com:2022/~/backup/main
if [ "$EUID" != "0" ]; then
printf "%s must be run as root\n" "$0"
exit 1
fi
source /opt/backup/etc/borg_env
# some helpers and error handling:
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM
info "Starting backup"
# Backup the most important directories into an archive named after
# the machine this script is currently running on:
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression $BORG_COMPRESSION \
--exclude-caches \
--exclude 'home/*/.cache/*' \
--exclude 'var/tmp/*' \
\
::'{hostname}-{now}' \
/etc \
/home \
/root \
/var
backup_exit=$?
info "Pruning repository"
# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly
# archives of THIS machine. The '{hostname}-*' matching is very important to
# limit prune's operation to this machine's archives and not apply to
# other machines' archives also:
borg prune \
--list \
--glob-archives '{hostname}-*' \
--show-rc \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 6
prune_exit=$?
# actually free repo disk space by compacting segments
info "Compacting repository"
borg compact
compact_exit=$?
# use highest exit code as global exit code
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
if [ ${global_exit} -eq 0 ]; then
info "Backup, Prune, and Compact finished successfully"
elif [ ${global_exit} -eq 1 ]; then
info "Backup, Prune, and/or Compact finished with warnings"
else
info "Backup, Prune, and/or Compact finished with errors"
fi
exit ${global_exit}

2
roles/client/files/backupenv Normal file
View File

@@ -0,0 +1,2 @@
export PATH="$PATH:/opt/backup/bin"

51
roles/client/tasks/main.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Update system
ansible.builtin.dnf5:
name: "*"
state: latest
- name: Install borgbackup
ansible.builtin.dnf5:
name: borgbackup
state: present
- name: Create directory structure
ansible.builtin.file:
path: "{{ item.path }}"
owner: root
group: root
mode: "{{ item.mode }}"
state: directory
loop: "{{ install_dirs }}"
- name: Install backup script
ansible.builtin.file:
path: /opt/backup/bin/backup.sh
owner: root
group: root
mode: 0755
- name: Install environment for path
ansible.builtin.command:
cmd: "echo 'source /etc/backupenv' >> /etc/environment && touch /opt/backup/etc/environment_created"
creates: /opt/backup/etc/environment_created
- name: Install path environment file
ansible.builtin.file:
path: /etc/backupenv
owner: root
group: root
mode: 0644
- name: Install environment file
ansible.builtin.template:
src: borg_env.j2
dest: /opt/backup/etc/borg_env
backup: yes
owner: root
group: root
mode: 0600

3
roles/client/templates/borg_env.j2 Normal file
View File

@@ -0,0 +1,3 @@
export BORG_COMPRESSION="{{ backup.compression }}"
export BORG_REPO="{{ backup.repo }}"
export BORG_PASSPHRASE='{{ backup.passphrase }}'

1
roles/server/files/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
authorized_keys

7
roles/server/tasks/sshd.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: Enable sshd service
ansible.builtin.systemd_service:
name: sshd
enabled: true
state: started

13
roles/server/tasks/user.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Create backup user
ansible.builtin.user:
name: "{{ user }}"
password_lock: "{{ password_locked }}"
- name: Install authorized keys file
ansible.builtin.file:
path: "/home/{{ user }}/.ssh/authorized_keys"
owner: "{{ user }}"
group: "{{ user }}"
mode: "0600"
backup: true

7
server.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- hosts: server
remote_user: root
vars_files:
- group_vars/server.yml
roles:
- server