Switch to per-application backup and append-only mode

0cc9e82b · jurgenhaas · 67849341 · 0cc9e82b · 0cc9e82b · 0cc9e82b
Commit 0cc9e82b authored 5 years ago by jurgenhaas
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,4 +2,4 @@
 # file: roles/borgbackup/handlers/main.yml

 - name: Init Borgs
-  command: borgmatic init --encryption repokey
+  command: borgmatic init --encryption repokey --append-only
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -9,6 +9,18 @@
  notify:
    - Init Borgs

+- name: Add Borgmatic Configuration for Drupal
+  include_tasks: config_drupal.yml
+  with_items: '{{ drupal_settings|default([]) }}'
+  loop_control:
+    loop_var: drupal
+
+- name: Add Borgmatic Configuration for NextCloud
+  include_tasks: config_nextcloud.yml
+  with_items: '{{ nextcloud_settings|default([]) }}'
+  loop_control:
+    loop_var: nextcloud
+
 - name: Add cron job for create, check and prune
  cron:
    name: borgmatic
@@ -16,7 +28,7 @@
    minute: 0
    cron_file: borgmatic
    user: root
-    job: /usr/local/bin/borgmatic
+    job: /usr/local/bin/borgmatic -v 1 >> /var/log/borg.log 2>&1

 - name: Set PATH for borgmatic cron job.
  cron:

--- a/tasks/config_drupal.yml
+++ b/tasks/config_drupal.yml
+---
+# file: roles/borgbackup/tasks/config_drupal.yml
+
+- name: Set facts
+  set_fact:
+    application: 'drupal'
+    application_id: '{{ drupal.id }}'
+    application_remote_repo: '{{ drupal.borg_repo|default(false) }}'
+- name: Set facts without jails
+  set_fact:
+    application_dir: '/var/www{{ drupal.webRoot|default("") }}/files'
+  when: drupal.jail is not defined
+- name: Set facts with jails
+  set_fact:
+    application_dir: '{{ jailroot|default("/jails") }}/{{ drupal.jail.name }}/var/www{{ drupal.webRoot|default("") }}/files'
+  when: drupal.jail is defined
+- name: Set facts with overwrite
+  set_fact:
+    application_dir: '{{ drupal.backup_root }}'
+  when: drupal.backup_root is defined
+
+- name: Configure Drupal Backup
+  template:
+    src: application.yaml
+    dest: /etc/borgmatic.d/{{ application }}_{{ application_id }}.yaml
+    mode: 0600
+  notify:
+    - Init Borgs
+  when: drupal.mountpoints is not defined
--- a/tasks/config_nextcloud.yml
+++ b/tasks/config_nextcloud.yml
+---
+# file: roles/borgbackup/tasks/config_nextcloud.yml
+
+- name: Set facts
+  set_fact:
+    application: 'nextcloud'
+    application_id: '{{ nextcloud.id }}'
+    application_remote_repo: '{{ nextcloud.borg_repo|default(false) }}'
+- name: Set facts without jails
+  set_fact:
+    application_dir: '{{ nextcloud_data_dir|default("/var/www/nextcloud/_data") }}/{{ nextcloud.id }}'
+  when: nextcloud.jail is not defined
+- name: Set facts with jails
+  set_fact:
+    application_dir: '{{ jailroot }}/{{ nextcloud.id }}/var/www/datanextcloud'
+  when: nextcloud.jail is defined
+
+- name: Configure NextCloud Backup
+  template:
+    src: application.yaml
+    dest: /etc/borgmatic.d/{{ application }}_{{ application_id }}.yaml
+    mode: 0600
+  notify:
+    - Init Borgs
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -41,5 +41,6 @@
    state: directory
    mode: 0700
  with_items:
+    - /var/backups/borg
    - /etc/borgmatic
    - /etc/borgmatic.d
--- a/templates/application.yaml
+++ b/templates/application.yaml
+location:
+    source_directories:
+        - {{ application_dir }}
+    repositories:
+        - /var/backups/borg/{{ application }}_{{ application_id }}
+{% if application_remote_repo %}
+        - {{ application_remote_repo }}
+{% endif %}
+    exclude_patterns:
+        - '*.pyc'
+        - '*/.git'
+        - '*/.svn'
+        - '*/vendor/*'
+        - '*/node_modules/*'
+storage:
+    encryption_passphrase: '{{ borgbackup.passphrase }}'
+retention:
+    keep_daily: 7
+    keep_weekly: 8
+    keep_monthly: 12
+    keep_yearly: 30
+consistency:
+    checks:
+        - repository
+        - archives
+hooks:
+    on_error:
+        - /usr/local/bin/alertalerta.py{% if netdata_alerta_project_id is defined %} --pid={{ netdata_alerta_project_id }}{% endif %} {{ inventory_hostname }} {{ netdata_alerta_environment|default("production") }} {{ netdata_alerta_webhook }} {{ netdata_alerta_apikey }} '{"resource":"{{ inventory_hostname }}","event":"Borg Backup Exception {{ application }} {{ application_id }}"}'
--- a/templates/config.yaml
+++ b/templates/config.yaml
@@ -3,16 +3,14 @@ location:
 {% for dir in backup_include|default([]) %}
        - {{ dir }}
 {% endfor %}
-{% for drupal in drupal_settings|default([]) %}
-{% if drupal.jail is defined and drupal.mountpoints is not defined %}
-        - {{ jailroot|default('/jails') }}/{{ drupal.jail.name }}/var/www/files
-{% endif %}
-{% endfor %}
 {% if groups['dbserver_mysql'] is defined and inventory_hostname in groups['dbserver_mysql'] %}
        - /var/backups/mysql
 {% endif %}
    repositories:
-        - /var/backups/borg
+        - /var/backups/borg/default
+{% if borgbackup.remote_repo is defined %}
+        - {{ borgbackup.remote_repo }}
+{% endif %}
    exclude_patterns:
        - '*.pyc'
        - '*/.git'
@@ -32,4 +30,4 @@ consistency:
        - archives
 hooks:
    on_error:
-        - /usr/local/bin/alertalerta.py{% if netdata_alerta_project_id is defined %} --pid={{ netdata_alerta_project_id }}{% endif %} {{ inventory_hostname }} {{ netdata_alerta_environment|default("production") }} {{ netdata_alerta_webhook }} {{ netdata_alerta_apikey }} '{"resource":"Borg Backup"}'
+        - /usr/local/bin/alertalerta.py{% if netdata_alerta_project_id is defined %} --pid={{ netdata_alerta_project_id }}{% endif %} {{ inventory_hostname }} {{ netdata_alerta_environment|default("production") }} {{ netdata_alerta_webhook }} {{ netdata_alerta_apikey }} '{"resource":"{{ inventory_hostname }}","event":"Borg Backup Exception Default"}'