borgmatic automation -> pubnix

This commit is contained in:
Arya 2024-11-03 19:10:17 +05:30
parent 2fc77684e5
commit 3115119147
Signed by: arya
GPG Key ID: 842D12BDA50DF120

43
all/pubnix.yaml Normal file
View File

@ -0,0 +1,43 @@
# IMPORTANT: Inventory file for pubnix is stored in semaphore, not inventory.yml
---
- name: Borgmatic Setup
hosts: pubnix
vars:
bkp_source_directories:
- /usr
- /var
- /root
- /boot
- /etc
- /configs
- /aquota.user
- /aquota.group
- /home
- /nix
bkp_exclude_patterns:
- /var/log
bkp_hc_uuid: 94c410f3-22f4-49f6-9f7f-e6f7b6409ced
tasks:
- name: "Remove useless passphrase line (runs after borgmatic role)"
ansible.builtin.lineinfile:
dest: "/etc/borgmatic/config.yaml"
state: "absent"
regexp: "^.*encryption_passphrase"
roles:
- role: borgbase.ansible_role_borgbackup
borg_repository:
- ssh://zh3117@zh3117.rsync.net/data1/home/zh3117/backups/pubnix
borg_source_directories: "{{bkp_source_directories}}"
borg_exclude_patterns: "{{bkp_exclude_patterns}}"
borg_remote_path: /usr/local/bin/borg_1.2.4/borg1
borgmatic_hooks:
healthchecks:
ping_url: https://healthchecks.projectsegfau.lt/ping/{{bkp_hc_uuid}}
states:
- finish
borg_retention_policy:
keep_daily: 7
keep_weekly: 4
keep_monthly: 3
# very secure I know; it has to be plain text anyway for automated backups, unless there is a better way (in which case please email me@aryak.me)
borg_encryption_passcommand: "cat /etc/borgmatic/passphrase"