Add a quick and dirty S3 restore script for when you need manual help in a pinch

roles/backup/defaults/main.yml

@@ -1,5 +1,6 @@
 # Which backup script to use. Configuration is somewhat unique to each script
 backup_script: s3backup
+restore_script: s3restore
 # When to kick off backups using the systemd timer
 backup_time: "*-*-* 02:00:00"
 # What format should the datestamps in the filenames of any backups be in?

roles/backup/tasks/main.yml

@@ -3,6 +3,8 @@
 ---
 - name: template out backup script
   template: src={{ backup_script }}.sh dest=/opt/backup.sh mode=0700 owner=root group=root
+- name: template out restore script
+  template: src={{ restore_script }}.sh dest=/opt/restore.sh mode=0700 owner=root group=root
 - name: configure systemd service
   template: src=backup.service dest=/etc/systemd/system/backup.service mode=0644
 - name: configure systemd timer

roles/backup/templates/s3restore.sh

@@ -0,0 +1,64 @@
+#! /bin/bash
+#
+# s3restore.sh
+# Companion script to s3backup.sh, this script obtains a listing of recent
+# backups and offers the user a choice to restore from.
+#
+# This script offers no automation; it is intended for use by hand.
+#
+# NOTICE: THIS FILE CONTAINS SECRETS
+# This file may contain the following secrets depending on configuration:
+# * An AWS access key
+# * An AWS session token
+# These are NOT things you want arbitrary readers to access! Ansible will
+# attempt to ensure this file has 0700 permissions, but that won't stop you
+# from changing that yourself
+# DO NOT ALLOW THIS FILE TO BE READ BY NON-ROOT USERS
+
+# NOTICE: DO NOT MODIFY THIS FILE
+# Any changes made will be clobbered by Ansible
+# Please make any configuration changes in the main repo
+
+set -e
+url="s3://{{ backup_s3_bucket}}/{{ inventory_hostname }}/"
+
+# AWS S3 configuration
+# NOTE: THIS IS SECRET INFORMATION
+export AWS_ACCESS_KEY_ID="{{ backup_s3_aws_access_key_id }}"
+export AWS_SECRET_ACCESS_KEY="{{ backup_s3_aws_secret_access_key }}"
+
+# Obtain a list possible restorable for this host
+declare -a BACKUPS
+printf "Querying S3 for restoreable backups (\e[35m$url\e[0m)...\n"
+while read line; do
+	filename="$(echo "$line" | awk '{print $NF}')"
+	BACKUPS+=("$filename")
+done < <(aws s3 ls "$url")
+
+# Present the user with some options
+printf "Possible restorable backups:\n"
+printf "\e[37m\t%s\t%s\n\e[0m" "Index" "Filename"
+for index in "${!BACKUPS[@]}"; do
+	printf "\t\e[32m%s\e[0m\t\e[34m%s\e[0m\n" "$index" "${BACKUPS[$index]}"
+done
+
+# Ensure we can write to pwd
+if ! [ -w "$PWD" ]; then
+	printf "To restore a backup, please navigate to a writeable directory\n"
+	exit 1
+fi
+
+# Query for a backup to pull down
+printf "Please select a backup by \e[32mindex\e[0m to pull down\n"
+printf "It will be copied into the current directory as a tarball\n"
+read -p "?" restoreindex
+
+# Sanity check user input
+if [ -z "${BACKUPS[$restoreindex]}" ]; then
+	printf "Invalid selection, aborting: $restoreindex\n"
+	exit 2
+fi
+
+# Copy the thing
+printf "Pulling backup...\n"
+aws s3 cp "$url${BACKUPS[$restoreindex]}" ./