av/pet-project-server
1
0
Fork 0
Code Pull Requests Actions Activity
Files
08fda175613af36ea5efb61242a7a3aee535f838
pet-project-server/playbook-backups.yml
Anton Vakhrushev a95da35389
Some checks failed
Linting / YAML Lint (push) Has been cancelled
Details
Linting / Ansible Lint (push) Has been cancelled
Details
Backups: move secrets to config file 
Allow run backup script with sudo
2025-12-07 15:14:55 +03:00

80 lines
2.4 KiB
YAML
Raw Blame History

---
- name: "Configure restic and backup schedule"
hosts: all
vars_files:
- vars/secrets.yml
vars:
backup_config_dir: "/etc/backup"
backup_config_file: "{{ (backup_config_dir, 'config.ini') | path_join }}"
restic_shell_script: "{{ (bin_prefix, 'restic-shell.sh') | path_join }}"
backup_all_script: "{{ (bin_prefix, 'backup-all.py') | path_join }}"
tasks:
- name: "Create backup config directory"
ansible.builtin.file:
path: "{{ backup_config_dir }}"
state: "directory"
owner: root
group: root
mode: "0755"
- name: "Create backup config file"
ansible.builtin.template:
src: "files/backups/config.template.ini"
dest: "{{ backup_config_file }}"
owner: root
group: root
mode: "0640"
- name: "Allow user to run the backup script without a password"
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
line: "{{ primary_user }} ALL=(ALL) NOPASSWD: {{ backup_all_script }}"
validate: /usr/sbin/visudo -cf %s # ВАЖНО: проверка синтаксиса перед сохранением
create: no # Файл уже должен существовать
- name: "Copy restic shell script"
ansible.builtin.template:
src: "files/backups/restic-shell.sh.j2"
dest: "{{ restic_shell_script }}"
owner: root
group: root
mode: "0700"
- name: "Copy backup all script"
ansible.builtin.copy:
src: "files/backups/backup-all.py"
dest: "{{ backup_all_script }}"
owner: root
group: root
mode: "0700"
- name: "Setup paths for backup cron file"
ansible.builtin.cron:
cron_file: "ansible_restic_backup"
user: "root"
env: true
name: "PATH"
job: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
- name: "Setup mail for backup cron file"
ansible.builtin.cron:
cron_file: "ansible_restic_backup"
user: "root"
env: true
name: "MAILTO"
job: ""
- name: "Creates a cron file for backups under /etc/cron.d"
ansible.builtin.cron:
name: "restic backup"
minute: "0"
hour: "1"
job: "{{ backup_all_script }} 2>&1 | logger -t backup"
cron_file: "ansible_restic_backup"
user: "root"
View Git Blame Copy Permalink