Remote backup implemented

ansible/bootstrap.yml

@@ -1,6 +1,6 @@
 ---
-- name: Setup headscale nginx
+- name: Setup forgejo
   hosts:
-    - olympus_entry
+    - forgejo
   roles:
-    - olympus_entry
+    - forgejo

ansible/environments/remote/all.yml

@@ -0,0 +1 @@
+k3s_version: v1.31.3+k3s1

ansible/environments/remote/hosts

@@ -0,0 +1,96 @@
+[all:vars]
+ansible_connection=ssh
+ansible_user=ansible
+
+[cronus]
+100.64.0.5 ansible_user=root
+
+[hermes]
+100.64.0.13 cloudinit_id=9004
+
+[ares]
+100.64.0.12 cloudinit_id=9003
+
+[poseidon]
+100.64.0.9 cloudinit_id=9001
+
+[hades]
+100.64.0.11 cloudinit_id=9002
+
+[oceanus]
+100.64.0.14 cloudinit_id=9005
+
+[zeus]
+100.64.0.4 cloudinit_id=9000
+
+[hyperion]
+100.64.0.19
+
+[soteria]
+100.64.0.2
+
+[proxmox]
+
+[proxmox:children]
+zeus
+ares
+hades
+hermes
+oceanus
+poseidon
+hyperion
+
+[polsevev]
+100.64.0.6
+
+[grafana]
+100.64.0.16
+
+[olympus_entry]
+100.64.0.3
+
+[byggmester]
+100.64.0.20
+
+[brevgress]
+100.64.0.15
+
+[havneboks]
+100.64.0.10
+
+[fabrikken]
+
+[umami]
+100.64.0.17
+
+[forgejo]
+100.64.0.18
+
+[arkivet]
+100.64.0.22
+
+[mestere]
+
+
+[agenter]
+
+
+[vms]
+
+[vms:children]
+grafana
+brevgress
+havneboks
+fabrikken
+polsevev
+umami
+forgejo
+byggmester
+arkivet
+agenter
+mestere
+
+[vps]
+
+[vps:children]
+olympus_entry

ansible/roles/forgejo/meta/main.yml

@@ -3,3 +3,10 @@ dependencies:
   - role: nginx
     nginx_acme_sh_domains:
       - code.polsevev.dev
+  - role: restic_backup
+    repo_name: forgejo
+    cron_file_name: forgejo_backup
+    directories_to_backup:
+      - /var/lib/forgejo
+      - /usr/local/bin/forgejo
+    repo_password: "{{ forgejo_backup_password }}"

ansible/roles/forgejo/vars/main/vault.yml

@@ -1,18 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-39663035646364323765396237376133353964646634663036373630633130303761333136336166
-6638666433653436636433373563393034633737356266370a363961353431653162396631383161
-31383138646164316166313563323366366137656366663564356633643033393666343436396239
-6466613932653562300a393065316139623233643733623464313934306364633638363437333063
-61663230633264643563623035396332663238376139643735646465633765353934633363623231
-34373632646162383333613632643732366230343135623966623061313036306432663465383666
-38363233656439346431663334336164346566656462396632663664663265623134666231373832
-32383236636333643263306334353332383964303535616233326339376532316665666333316235
-64663431363063663635303237323566366235636433373863646139666538653561623333353834
-66626661666236353363663433336333623536393765383637626333303935396539393635623963
-61303133303139313061383134373639323766373261623962653533343339346634636635616662
-36333233363938383732633436363733356664643133666265656363613434353930326165343131
-37356339623638313733376237303632663537613964646234316130333631636566613238313334
-37316339336431343638656464323433393035633834323531353363363264653233376362376561
-31383164303234616133313030623535353834616431313466616334323665303563663232363963
-30356361643136656361663730656238346236663439333433623333353934623336316536633739
-63346461626532653463653962386338623566616636636137366633663434386236
+30646537356136323837363930613139363034626263366164333664333035396238663766306534
+3635313839343834353931663266613139393534336439360a353563386638366562616163323733
+62356361633263383462366539353336366337666430613265386133623062323365346364616332
+6538336638393231640a306335373138613266356335383865656666303361623336313965633938
+34343765323436393266383065393535646665323762646561393363383862616138373430333837
+39376464643561336562333230313437373663316338373733333866393762356562636237313938
+30653165336431373661303237623865373738383534336364313434393939346262623838666265
+31653238656132303439373533363364643839306231656661373838653039313434356538353638
+33326138303534383063333836666135383632316634656334626532663536393431613438326332
+66396239383862323862386563633035323132393131343831626165633764646563666535626234
+37316630613163613063333132646434313531396531316262653666653334623631353532636638
+64333939636635333266613562613135386138303932316337336133313233643436656636643932
+36336136656630356137643534303831623432633364636263623862326138383165663465383632
+34313833363066366630613332613365363963333239356432376539313035346631626136353264
+36663434653331363331373333626335636631383931653366343734356661333566633063626463
+31343734373737326430353634353434633030326630316337323066313162393262656132376336
+39383861633137396232353265383866333766346232666330623135343566396131326564303064
+61613934383561613062333539313633336330366661626637613439383165656364306236646233
+303731663765393364336462303734646330

ansible/roles/restic_backup/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+restic_backup_remote: 192.168.1.100:8000
+restic_remote_backup_remote: 100.64.0.5:8000

ansible/roles/restic_backup/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+- name: Ensure restic is installed
+  ansible.builtin.apt:
+    pkg:
+      - restic
+  become: true
+
+- name: Write password file
+  ansible.builtin.copy:
+    dest: /root/restic_password
+    mode: "0700"
+    content: "{{ repo_password }}"
+  become: true
+
+- name: See if already initialized
+  ansible.builtin.shell:
+    cmd: "restic -r '{{ restic_backup_repo_string }}' init --password-file /root/restic_password"
+  failed_when: false
+  become: true
+
+- name: Register crontab entry
+  ansible.builtin.cron:
+    name: "{{ cron_file_name }}"
+    cron_file: "{{ cron_file_name }}"
+    state: present
+    job: "restic -r '{{ restic_backup_repo_string }}' backup {{ directories_to_backup | join(' ') }} --password-file /root/restic_password; restic -r '{{ restic_backup_repo_string }}' forget --keep-last 10 --password-file /root/restic_password"
+    minute: "0"
+    hour: "1"
+    user: root
+  become: true
+
+- name: Set up mirroring this repo to remote backup
+  block:
+    - name: Ensure restic is installed
+      ansible.builtin.apt:
+        pkg:
+          - restic
+          - cron
+      become: true
+
+    - name: Write password to file
+      ansible.builtin.copy:
+        dest: /root/restic_password
+        mode: "0700"
+        content: "{{ repo_password }}"
+      become: true
+
+    - name: Initialize repo locally
+      ansible.builtin.shell:
+        cmd: "restic -r /mnt/backup/{{ repo_name }} init --password-file /root/restic_password"
+      failed_when: false
+      become: true
+
+    - name: Register cronjob for daily remote backup
+      ansible.builtin.cron:
+        name: "{{ cron_file_name }}"
+        cron_file: "{{ cron_file_name }}"
+        state: present
+        hour: "1"
+        minute: "30"
+        user: root
+        job: "restic -r /mnt/backup/{{ repo_name }} copy --from-repo '{{ restic_remote_backup_repo_string }}' --from-password-file /root/restic_password --password-file /root/restic_password; restic -r /mnt/backup/{{ repo_name }} forget --keep-last 10 --password-file /root/restic_password"
+
+      become: true
+
+  delegate_to: soteria

ansible/roles/restic_backup/vars/main/vars.yml

@@ -0,0 +1,2 @@
+restic_backup_repo_string: "rest:http://{{ restic_backup_user }}:{{ restic_backup_pass }}@{{ restic_backup_remote }}/{{ repo_name }}"
+restic_remote_backup_repo_string: "rest:http://{{ restic_backup_user}}:{{ restic_backup_pass}}@{{ restic_remote_backup_remote }}/{{ repo_name }}"

ansible/roles/restic_backup/vars/main/vault.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+34393364363339636430306233353132356136613033326166313066616261373765633462356137
+6634643264393632313064346530323730366431323738350a366537376335646133666361616632
+32366134303232393436326661366661343663626139333663363638643639663436316166373566
+3133343437353630300a646538373030623439333033306565333830386165343133663464373466
+64333532363933383135353563356335663530653965343231356462346565333536303031383834
+66633038303833333766346136663362643535643332333666653761353365313665386138326561
+653361643534643365393039373232326437

ansible/setup.yml

@@ -5,6 +5,12 @@
   roles:
     - common
 
+- name: Soteria stuffs
+  hosts:
+    - soteria
+  roles:
+    - upgrade
+
 - name: Setup postgres
   hosts:
     - brevgress