parent
f81aa4a927
commit
78c35136b2
@ -1,107 +0,0 @@
|
|||||||
---
|
|
||||||
# Project source code URL: https://gitlab.com/etke.cc/borgmatic
|
|
||||||
|
|
||||||
matrix_backup_borg_enabled: true
|
|
||||||
|
|
||||||
matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
|
|
||||||
matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
|
|
||||||
|
|
||||||
matrix_backup_borg_container_image_self_build: false
|
|
||||||
matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
|
|
||||||
matrix_backup_borg_docker_repo_version: main
|
|
||||||
matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
|
|
||||||
|
|
||||||
# image and postgres version determined automatically, based on detected postgres server version (if enabled), otherwise latest is used
|
|
||||||
matrix_backup_borg_version: ""
|
|
||||||
matrix_backup_borg_postgres_version: ""
|
|
||||||
matrix_backup_borg_borg_version: 1.2.3
|
|
||||||
matrix_backup_borg_borgmatic_version: 1.7.6
|
|
||||||
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
|
|
||||||
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
|
|
||||||
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"
|
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
|
||||||
matrix_backup_borg_container_extra_arguments: []
|
|
||||||
|
|
||||||
# List of systemd services that matrix-backup-borg.service depends on
|
|
||||||
matrix_backup_borg_systemd_required_services_list: ['docker.service']
|
|
||||||
|
|
||||||
# List of systemd services that matrix-backup-borg.service wants
|
|
||||||
matrix_backup_borg_systemd_wanted_services_list: []
|
|
||||||
|
|
||||||
# systemd calendar configuration for the backup job
|
|
||||||
# the actual job may run with a delay (see matrix_backup_borg_schedule_randomized_delay_sec)
|
|
||||||
matrix_backup_borg_schedule: "*-*-* 04:00:00"
|
|
||||||
# the delay with which the systemd timer may run in relation to the `matrix_backup_borg_schedule` schedule
|
|
||||||
matrix_backup_borg_schedule_randomized_delay_sec: 2h
|
|
||||||
|
|
||||||
# what directories should be added to backup
|
|
||||||
matrix_backup_borg_location_source_directories: []
|
|
||||||
|
|
||||||
# postgres db backup
|
|
||||||
matrix_backup_borg_postgresql_enabled: true
|
|
||||||
matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
|
|
||||||
matrix_backup_borg_postgresql_databases: []
|
|
||||||
matrix_backup_borg_postgresql_databases_hostname: ''
|
|
||||||
matrix_backup_borg_postgresql_databases_username: "matrix"
|
|
||||||
matrix_backup_borg_postgresql_databases_password: ""
|
|
||||||
matrix_backup_borg_postgresql_databases_port: 5432
|
|
||||||
|
|
||||||
# target repositories
|
|
||||||
matrix_backup_borg_location_repositories: []
|
|
||||||
|
|
||||||
# exclude following paths:
|
|
||||||
matrix_backup_borg_location_exclude_patterns: []
|
|
||||||
|
|
||||||
# borg encryption mode, only "repokey-*" and "none" are supported
|
|
||||||
matrix_backup_borg_encryption: repokey-blake2
|
|
||||||
|
|
||||||
# private ssh key used to connect to the borg repo
|
|
||||||
matrix_backup_borg_ssh_key_private: ""
|
|
||||||
|
|
||||||
# allow unencrypted repo access
|
|
||||||
matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
|
|
||||||
|
|
||||||
# borg ssh command with ssh key
|
|
||||||
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
|
|
||||||
|
|
||||||
# compression algorithm
|
|
||||||
matrix_backup_borg_storage_compression: lz4
|
|
||||||
|
|
||||||
# archive name format
|
|
||||||
matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
|
|
||||||
|
|
||||||
# repository passphrase
|
|
||||||
matrix_backup_borg_storage_encryption_passphrase: ""
|
|
||||||
|
|
||||||
# retention configuration
|
|
||||||
matrix_backup_borg_retention_keep_hourly: 0
|
|
||||||
matrix_backup_borg_retention_keep_daily: 7
|
|
||||||
matrix_backup_borg_retention_keep_weekly: 4
|
|
||||||
matrix_backup_borg_retention_keep_monthly: 12
|
|
||||||
matrix_backup_borg_retention_keep_yearly: 2
|
|
||||||
|
|
||||||
# retention prefix
|
|
||||||
matrix_backup_borg_retention_prefix: matrix-
|
|
||||||
|
|
||||||
# Default borgmatic configuration template which covers the generic use case.
|
|
||||||
# You can customize it by controlling the various variables inside it.
|
|
||||||
#
|
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`)
|
|
||||||
# or completely replace this variable with your own template.
|
|
||||||
matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
|
||||||
|
|
||||||
matrix_backup_borg_configuration_extension_yaml: |
|
|
||||||
# Your custom YAML configuration for borgmatic goes here.
|
|
||||||
# This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`).
|
|
||||||
#
|
|
||||||
# You can override individual variables from the default configuration, or introduce new ones.
|
|
||||||
#
|
|
||||||
# If you need something more special, you can take full control by
|
|
||||||
# completely redefining `matrix_backup_borg_configuration_yaml`.
|
|
||||||
|
|
||||||
matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml | from_yaml if matrix_backup_borg_configuration_extension_yaml | from_yaml is mapping else {} }}"
|
|
||||||
|
|
||||||
# Holds the final borgmatic configuration (a combination of the default and its extension).
|
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`.
|
|
||||||
matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml | combine(matrix_backup_borg_configuration_extension, recursive=True) }}"
|
|
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
|
||||||
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
|
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
|
||||||
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
|
|
||||||
tags:
|
|
||||||
- setup-all
|
|
||||||
- setup-backup-borg
|
|
||||||
- install-all
|
|
||||||
- install-backup-borg
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
|
||||||
when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
|
|
||||||
tags:
|
|
||||||
- setup-all
|
|
||||||
- setup-backup-borg
|
|
@ -1,107 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
|
|
||||||
block:
|
|
||||||
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-
|
|
||||||
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
|
|
||||||
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
|
|
||||||
when: not devture_postgres_enabled
|
|
||||||
|
|
||||||
- ansible.builtin.include_role:
|
|
||||||
name: galaxy/com.devture.ansible.role.postgres
|
|
||||||
tasks_from: detect_existing_postgres_version
|
|
||||||
|
|
||||||
- name: Fail if detected Postgres version is unsupported
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
|
|
||||||
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
|
|
||||||
|
|
||||||
- name: Set the correct borg backup version to use
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}-{{ matrix_backup_borg_borg_version }}-{{ matrix_backup_borg_borgmatic_version }}"
|
|
||||||
|
|
||||||
- name: Ensure borg paths exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0750
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
with_items:
|
|
||||||
- {path: "{{ matrix_backup_borg_config_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
|
|
||||||
when: "item.when | bool"
|
|
||||||
|
|
||||||
- name: Ensure borgmatic config is created
|
|
||||||
ansible.builtin.copy:
|
|
||||||
content: "{{ matrix_backup_borg_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
|
||||||
dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Ensure borg passwd is created
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/passwd.j2"
|
|
||||||
dest: "{{ matrix_backup_borg_config_path }}/passwd"
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Ensure borg ssh key is created
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/sshkey.j2"
|
|
||||||
dest: "{{ matrix_backup_borg_config_path }}/sshkey"
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
mode: 0600
|
|
||||||
|
|
||||||
- name: Ensure borg image is pulled
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_backup_borg_docker_image }}"
|
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
||||||
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
|
|
||||||
when: "not matrix_backup_borg_container_image_self_build | bool"
|
|
||||||
register: result
|
|
||||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
|
||||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
|
||||||
until: result is not failed
|
|
||||||
|
|
||||||
- name: Ensure borg repository is present on self-build
|
|
||||||
ansible.builtin.git:
|
|
||||||
repo: "{{ matrix_backup_borg_docker_repo }}"
|
|
||||||
version: "{{ matrix_backup_borg_docker_repo_version }}"
|
|
||||||
dest: "{{ matrix_backup_borg_docker_src_files_path }}"
|
|
||||||
force: "yes"
|
|
||||||
become: true
|
|
||||||
become_user: "{{ matrix_user_username }}"
|
|
||||||
register: matrix_backup_borg_git_pull_results
|
|
||||||
when: "matrix_backup_borg_container_image_self_build | bool"
|
|
||||||
|
|
||||||
- name: Ensure borg image is built
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_backup_borg_docker_image }}"
|
|
||||||
source: build
|
|
||||||
force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
|
||||||
build:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
path: "{{ matrix_backup_borg_docker_src_files_path }}"
|
|
||||||
pull: true
|
|
||||||
when: "matrix_backup_borg_container_image_self_build | bool"
|
|
||||||
|
|
||||||
- name: Ensure matrix-backup-borg.service installed
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
|
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
|
||||||
mode: 0644
|
|
||||||
register: matrix_backup_borg_systemd_service_result
|
|
||||||
|
|
||||||
- name: Ensure matrix-backup-borg.timer installed
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
|
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
|
|
||||||
mode: 0644
|
|
@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Check existence of matrix-backup-borg service
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
|
||||||
register: matrix_backup_borg_service_stat
|
|
||||||
|
|
||||||
- when: matrix_backup_borg_service_stat.stat.exists | bool
|
|
||||||
block:
|
|
||||||
- name: Ensure matrix-backup-borg is stopped
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: matrix-backup-borg
|
|
||||||
state: stopped
|
|
||||||
enabled: false
|
|
||||||
daemon_reload: true
|
|
||||||
|
|
||||||
- name: Ensure matrix-backup-borg.service doesn't exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Ensure matrix-backup-borg.timer doesn't exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
|
|
||||||
state: absent
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Fail if required backup-borg settings not defined
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-
|
|
||||||
You need to define a required configuration setting (`{{ item.name }}`).
|
|
||||||
when: "item.when | bool and vars[item.name] == ''"
|
|
||||||
with_items:
|
|
||||||
- {'name': 'matrix_backup_borg_ssh_key_private', when: true}
|
|
||||||
- {'name': 'matrix_backup_borg_location_repositories', when: true}
|
|
||||||
- {'name': 'matrix_backup_borg_postgresql_databases_hostname', when: "{{ matrix_backup_borg_postgresql_enabled }}"}
|
|
||||||
|
|
||||||
- name: Fail if encryption passphrase is undefined unless repository is unencrypted
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-
|
|
||||||
You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
|
|
||||||
when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"
|
|
@ -1,43 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
|
|
||||||
|
|
||||||
location:
|
|
||||||
source_directories: {{ matrix_backup_borg_location_source_directories|to_json }}
|
|
||||||
repositories: {{ matrix_backup_borg_location_repositories|to_json }}
|
|
||||||
one_file_system: true
|
|
||||||
exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
|
|
||||||
|
|
||||||
storage:
|
|
||||||
compression: {{ matrix_backup_borg_storage_compression|to_json }}
|
|
||||||
ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
|
|
||||||
archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
|
|
||||||
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
|
|
||||||
unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
|
|
||||||
|
|
||||||
retention:
|
|
||||||
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
|
|
||||||
keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }}
|
|
||||||
keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }}
|
|
||||||
keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }}
|
|
||||||
keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }}
|
|
||||||
prefix: {{ matrix_backup_borg_retention_prefix|to_json }}
|
|
||||||
|
|
||||||
consistency:
|
|
||||||
checks:
|
|
||||||
- repository
|
|
||||||
- archives
|
|
||||||
|
|
||||||
hooks:
|
|
||||||
{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %}
|
|
||||||
postgresql_databases:
|
|
||||||
{% for database in matrix_backup_borg_postgresql_databases %}
|
|
||||||
- name: {{ database|to_json }}
|
|
||||||
hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
|
|
||||||
username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
|
|
||||||
password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
|
|
||||||
port: {{ matrix_backup_borg_postgresql_databases_port | int | to_json }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
after_backup:
|
|
||||||
- echo "Backup created."
|
|
||||||
on_error:
|
|
||||||
- echo "Error while creating a backup."
|
|
@ -1,29 +0,0 @@
|
|||||||
{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #}
|
|
||||||
root:x:0:0:root:/root:/bin/ash
|
|
||||||
bin:x:1:1:bin:/bin:/sbin/nologin
|
|
||||||
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
|
||||||
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
|
||||||
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
|
||||||
sync:x:5:0:sync:/sbin:/bin/sync
|
|
||||||
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
|
||||||
halt:x:7:0:halt:/sbin:/sbin/halt
|
|
||||||
mail:x:8:12:mail:/var/mail:/sbin/nologin
|
|
||||||
news:x:9:13:news:/usr/lib/news:/sbin/nologin
|
|
||||||
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
|
|
||||||
operator:x:11:0:operator:/root:/sbin/nologin
|
|
||||||
man:x:13:15:man:/usr/man:/sbin/nologin
|
|
||||||
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
|
|
||||||
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
|
|
||||||
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
|
|
||||||
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
|
|
||||||
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
|
|
||||||
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
|
|
||||||
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
|
|
||||||
games:x:35:35:games:/usr/games:/sbin/nologin
|
|
||||||
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
|
|
||||||
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
|
|
||||||
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
|
|
||||||
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
|
|
||||||
guest:x:405:100:guest:/dev/null:/sbin/nologin
|
|
||||||
{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash
|
|
||||||
nobody:x:65534:65534:nobody:/:/sbin/nologin
|
|
@ -1 +0,0 @@
|
|||||||
{{ matrix_backup_borg_ssh_key_private }}
|
|
@ -1,65 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
[Unit]
|
|
||||||
Description=Matrix Borg Backup
|
|
||||||
{% for service in matrix_backup_borg_systemd_required_services_list %}
|
|
||||||
Requires={{ service }}
|
|
||||||
After={{ service }}
|
|
||||||
{% endfor %}
|
|
||||||
{% for service in matrix_backup_borg_systemd_wanted_services_list %}
|
|
||||||
Wants={{ service }}
|
|
||||||
{% endfor %}
|
|
||||||
DefaultDependencies=no
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
|
||||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
|
|
||||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
|
|
||||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
|
|
||||||
--log-driver=none \
|
|
||||||
--cap-drop=ALL \
|
|
||||||
--read-only \
|
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
||||||
--network={{ matrix_docker_network }} \
|
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
|
||||||
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
|
||||||
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
|
||||||
{% for source in matrix_backup_borg_location_source_directories %}
|
|
||||||
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
|
||||||
{% endfor %}
|
|
||||||
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
|
||||||
{{ arg }} \
|
|
||||||
{% endfor %}
|
|
||||||
{{ matrix_backup_borg_docker_image }} \
|
|
||||||
sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}"
|
|
||||||
|
|
||||||
# The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container
|
|
||||||
# can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file,
|
|
||||||
# owned by `matrix:matrix` on the filesystem.
|
|
||||||
#
|
|
||||||
# `/root` is mountes as temporary filesystem, because we're using `--read-only` and because
|
|
||||||
# Borgmatic tries to write to at least a few paths under `/root` (`.config`, `.ssh`, `.borgmatic`).
|
|
||||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
|
|
||||||
--log-driver=none \
|
|
||||||
--cap-drop=ALL \
|
|
||||||
--cap-add=CAP_DAC_OVERRIDE \
|
|
||||||
--read-only \
|
|
||||||
--network={{ matrix_docker_network }} \
|
|
||||||
--tmpfs=/root:rw,noexec,nosuid,size=100m \
|
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
|
||||||
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
|
||||||
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
|
||||||
{% for source in matrix_backup_borg_location_source_directories %}
|
|
||||||
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
|
||||||
{% endfor %}
|
|
||||||
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
|
||||||
{{ arg }} \
|
|
||||||
{% endfor %}
|
|
||||||
{{ matrix_backup_borg_docker_image }}
|
|
||||||
|
|
||||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
|
|
||||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
|
|
||||||
SyslogIdentifier=matrix-backup-borg
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,10 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Matrix Borg Backup timer
|
|
||||||
|
|
||||||
[Timer]
|
|
||||||
Unit=matrix-backup-borg.service
|
|
||||||
OnCalendar={{ matrix_backup_borg_schedule }}
|
|
||||||
RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }}
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=timers.target
|
|
Loading…
Reference in new issue