diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml index b369c27..77e07ce 100644 --- a/inventories/production/group_vars/all.yml +++ b/inventories/production/group_vars/all.yml @@ -50,7 +50,29 @@ backup_s3_aws_secret_access_key: !vault | 3635616437373236650a353661343131303332376161316664333833393833373830623130666633 66356130646434653039363863346630363931383832353637636131626530616434 backup_s3_aws_endpoint_url: "https://s3.us-east-005.backblazeb2.com" - +backup_kopia_bucket_name: desultd-kopia +backup_kopia_access_key_id: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34633366656134376166636164643233353461396263313237653032353764613737393865373763 + 6665633239396333633132323936343030346362333734640a356631373230383663383530333434 + 32386639393135373236373263363365366163346234643135363766666666373938373135653663 + 3836623735393563610a613332623965633032356266643638386230323965366233353930313239 + 38666562326232353165323934303966643630383235393830613939616330333839 +backup_kopia_secret_access_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31373662326464396136346663626635363332303862613466316236333431636136373038666531 + 6630616565613431323464373862373963356335643435360a353665356163313635393137363330 + 66383531326535653066386432646464346161336363373334313064303261616238613564396439 + 6439333432653862370a303461346438623263636364633437356432613831366462666666303633 + 63643862643033376363353836616137366432336339383931363837353161373036 +backup_kopia_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34306564393161336162633833356464373065643633343935373566316465373939663838343537 + 3831343963666432323538636665663733353435636337340a633738306463646133643730333032 + 33303962306136636163623930306238666633333738373435636366666339623562323531323732 + 3330633238386336330a346431383233383533303131323736306636353033356538303264383963 + 37306461613834643063383965356664326265383431336332303333636365316163363437343634 + 6439613537396535656361616365386261336139366133393637 # For zerotier zerotier_personal_network_id: !vault | diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 54d1d14..e68ac68 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -14,3 +14,50 @@ notify: restart backup timer - name: enable timer ansible.builtin.systemd: name=backup.timer state=started enabled=yes daemon_reload=yes +- name: deploy kopia + block: + - name: ensure kopia dirs + ansible.builtin.file: + state: directory + owner: root + group: root + mode: "0750" + path: "{{ item }}" + with_items: + - /data/kopia/config + - /data/kopia/cache + - /data/kopia/logs + - name: template out password file + copy: + content: "{{ backup_kopia_password }}" + owner: root + group: root + mode: "0600" + dest: /data/kopia/config/repository.config.kopia-password + - name: template out configuration file + template: + src: repository.config.j2 + owner: root + group: root + mode: "0600" + dest: /data/kopia/config/repository.config + - name: deploy kopia + community.docker.docker_container: + name: kopia + image: kopia/kopia:latest + env: + KOPIA_PASSWORD: "{{ backup_kopia_password }}" + command: + - "repository" + - "connect" + - "from-config" + - "--file" + - "/app/config/repository.config" + volumes: + - /data/kopia/config:/app/config + - /data/kopia/cache:/app/cache + - /data/kopia/logs:/app/logs + # Shared tmp so Kopia can dump restorable backups to the host + - /tmp:/tmp:shared + # And a RO mount for the host so it can be backed up + - /:/host:ro,rslave diff --git a/roles/backup/templates/repository.config.j2 b/roles/backup/templates/repository.config.j2 new file mode 100644 index 0000000..ed0cdc3 --- /dev/null +++ b/roles/backup/templates/repository.config.j2 @@ -0,0 +1,21 @@ +{ + "storage": { + "type": "b2", + "config": { + "bucket": "desultd-kopia", + "keyID": "{{ backup_kopia_access_key_id }}", + "key": "{{ backup_kopia_secret_access_key }}" + } + }, + "caching": { + "cacheDirectory": "/app/cache/cachedir", + "maxCacheSize": 5242880000, + "maxMetadataCacheSize": 5242880000, + "maxListCacheDuration": 30 + }, + "hostname": "{{ inventory_hostname }}", + "username": "salt", + "description": "Desu LTD Backups", + "enableActions": false, + "formatBlobCacheDuration": 900000000000 +}