Created basic playbook skeleton and setup scripts

roles/client/files/backup.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Setting this, so the repo does not need to be given on the commandline:
+# Example:
+# ssh://username@example.com:2022/~/backup/main
+if [ "$EUID" != "0" ]; then
+	printf "%s must be run as root\n" "$0"
+	exit 1
+fi
+
+source /opt/backup/etc/borg_env
+# some helpers and error handling:
+info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
+trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM
+
+info "Starting backup"
+
+# Backup the most important directories into an archive named after
+# the machine this script is currently running on:
+
+borg create                         \
+    --verbose                       \
+    --filter AME                    \
+    --list                          \
+    --stats                         \
+    --show-rc                       \
+    --compression $BORG_COMPRESSION \
+    --exclude-caches                \
+    --exclude 'home/*/.cache/*'     \
+    --exclude 'var/tmp/*'           \
+                                    \
+    ::'{hostname}-{now}'            \
+    /etc                            \
+    /home                           \
+    /root                           \
+    /var
+
+backup_exit=$?
+
+info "Pruning repository"
+
+# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly
+# archives of THIS machine. The '{hostname}-*' matching is very important to
+# limit prune's operation to this machine's archives and not apply to
+# other machines' archives also:
+
+borg prune                          \
+    --list                          \
+    --glob-archives '{hostname}-*'  \
+    --show-rc                       \
+    --keep-daily    7               \
+    --keep-weekly   4               \
+    --keep-monthly  6
+
+prune_exit=$?
+
+# actually free repo disk space by compacting segments
+
+info "Compacting repository"
+
+borg compact
+
+compact_exit=$?
+
+# use highest exit code as global exit code
+global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
+global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
+
+if [ ${global_exit} -eq 0 ]; then
+    info "Backup, Prune, and Compact finished successfully"
+elif [ ${global_exit} -eq 1 ]; then
+    info "Backup, Prune, and/or Compact finished with warnings"
+else
+    info "Backup, Prune, and/or Compact finished with errors"
+fi
+
+exit ${global_exit}
+

roles/client/files/backupenv

@@ -0,0 +1,2 @@
+export PATH="$PATH:/opt/backup/bin"
+

roles/client/tasks/main.yml

@@ -0,0 +1,51 @@
+---
+
+- name: Update system
+  ansible.builtin.dnf5:
+    name: "*"
+    state: latest
+
+
+- name: Install borgbackup
+  ansible.builtin.dnf5:
+    name: borgbackup
+    state: present
+
+- name: Create directory structure
+  ansible.builtin.file:
+    path: "{{ item.path }}" 
+    owner: root
+    group: root
+    mode: "{{ item.mode }}" 
+    state: directory
+  loop: "{{ install_dirs }}"
+
+- name: Install backup script
+  ansible.builtin.file:
+    path: /opt/backup/bin/backup.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Install environment for path
+  ansible.builtin.command:
+    cmd: "echo 'source /etc/backupenv' >> /etc/environment && touch /opt/backup/etc/environment_created"
+    creates: /opt/backup/etc/environment_created
+
+- name: Install path environment file
+  ansible.builtin.file:
+    path: /etc/backupenv
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install environment file
+  ansible.builtin.template:
+    src: borg_env.j2
+    dest: /opt/backup/etc/borg_env
+    backup: yes
+    owner: root
+    group: root
+    mode: 0600
+
+

roles/client/templates/borg_env.j2

@@ -0,0 +1,3 @@
+export BORG_COMPRESSION="{{ backup.compression }}"
+export BORG_REPO="{{ backup.repo }}"
+export BORG_PASSPHRASE='{{ backup.passphrase }}'

roles/server/files/.gitignore

@@ -0,0 +1 @@
+authorized_keys

roles/server/tasks/sshd.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Enable sshd service
+  ansible.builtin.systemd_service:
+    name: sshd
+    enabled: true
+    state: started

roles/server/tasks/user.yml

@@ -0,0 +1,13 @@
+---
+- name: Create backup user
+  ansible.builtin.user:
+    name: "{{ user }}"
+    password_lock: "{{ password_locked }}"
+
+- name: Install authorized keys file
+  ansible.builtin.file:
+    path: "/home/{{ user }}/.ssh/authorized_keys"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: "0600"
+    backup: true