From 1423d2a24385b3147b2fddb96329855742d72b61 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Wed, 18 Sep 2024 18:20:12 +0200 Subject: [PATCH] feat(restic): add support for additional env vars, optional init and checking and pre-backup hooks --- roles/restic/defaults/main.yml | 31 +++++++++++++++--- roles/restic/templates/restic.service.j2 | 41 +++++++++++++++++------- 2 files changed, 56 insertions(+), 16 deletions(-) diff --git a/roles/restic/defaults/main.yml b/roles/restic/defaults/main.yml index 0989414..c36c501 100644 --- a/roles/restic/defaults/main.yml +++ b/roles/restic/defaults/main.yml @@ -10,18 +10,41 @@ restic_backup_stdin_command: ~ restic_backup_stdin_command_filename: ~ restic_policy_keep_all_within: 1d -restic_policy_keep_hourly: 6 -restic_policy_keep_daily: 2 -restic_policy_keep_weekly: 7 -restic_policy_keep_monthly: 4 +restic_policy_keep_hourly: 12 +restic_policy_keep_daily: 7 +restic_policy_keep_weekly: 6 +restic_policy_keep_monthly: 6 +restic_policy_keep_yearly: 5 restic_policy_backup_frequency: hourly +restic_base_environment: + RESTIC_JOBNAME: "{{ restic_job_name | default('unknown') }}" + RESTIC_FORGET_KEEP_WITHIN: "{{ restic_policy_keep_all_within }}" + RESTIC_FORGET_KEEP_HOURLY: "{{ restic_policy_keep_hourly }}" + RESTIC_FORGET_KEEP_DAILY: "{{ restic_policy_keep_daily }}" + RESTIC_FORGET_KEEP_WEEKLY: "{{ restic_policy_keep_weekly }}" + RESTIC_FORGET_KEEP_MONTHLY: "{{ restic_policy_keep_monthly }}" + RESTIC_FORGET_KEEP_YEARLY: "{{ restic_policy_keep_yearly }}" + +restic_s3_environment: + AWS_ACCESS_KEY_ID: "{{ restic_s3_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ restic_s3_access_key }}" + +restic_complete_environment: >- + {{ + restic_base_environment + | combine((restic_s3_environment + if (restic_s3_key_id and restic_s3_access_key) else {}) | default({})) + | combine(restic_environment | default({})) + }} + restic_policy: keep_within: "{{ restic_policy_keep_all_within }}" hourly: "{{ restic_policy_keep_hourly }}" daily: "{{ restic_policy_keep_daily }}" weekly: "{{ restic_policy_keep_weekly }}" monthly: "{{ restic_policy_keep_monthly }}" + yearly: "{{ restic_policy_keep_yearly }}" frequency: "{{ restic_policy_backup_frequency }}" restic_user: root diff --git a/roles/restic/templates/restic.service.j2 b/roles/restic/templates/restic.service.j2 index b11ba13..7169689 100644 --- a/roles/restic/templates/restic.service.j2 +++ b/roles/restic/templates/restic.service.j2 @@ -9,26 +9,43 @@ SyslogIdentifier={{ restic_systemd_syslog_identifier }} Environment=RESTIC_REPOSITORY={{ restic_repo_url }} Environment=RESTIC_PASSWORD={{ restic_repo_password }} -{% if restic_s3_key_id and restic_s3_access_key %} -Environment=AWS_ACCESS_KEY_ID={{ restic_s3_key_id }} -Environment=AWS_SECRET_ACCESS_KEY={{ restic_s3_access_key }} +{% for kv in restic_complete_environment | dict2items %} +Environment={{ kv.key }}={{ kv.value }} +{% endfor %} + +{% if restic_init | default(true) %} +ExecStartPre=-/bin/sh -c '/usr/bin/restic snapshots || /usr/bin/restic init' {% endif %} {% if restic_unlock_before_backup | default(false) %} -ExecStartPre=-/bin/sh -c '/usr/bin/restic unlock' +ExecStartPre=-/bin/sh -c 'sleep 3 && /usr/bin/restic unlock' {% endif %} - -ExecStartPre=-/bin/sh -c '/usr/bin/restic snapshots || /usr/bin/restic init' {% if restic_backup_pre_hook | default(false) %} -ExecStart=-{{ restic_backup_pre_hook }} +ExecStartPre=-{{ restic_backup_pre_hook }} {% endif %} {% if restic_backup_stdin_command %} -ExecStart=/bin/sh -c '{{ restic_backup_stdin_command }} | /usr/bin/restic backup --verbose --stdin --stdin-filename {{ restic_backup_stdin_command_filename }}' +ExecStart=/bin/sh -c '{{ restic_backup_stdin_command }} | /usr/bin/restic backup \ + --retry-lock {{ restic_retry_lock | default('5m') }} \ + --verbose --stdin \ + --stdin-filename {{ restic_backup_stdin_command_filename }}' {% else %} -ExecStart=/usr/bin/restic --verbose backup {{ restic_backup_paths | join(' ') }} +ExecStart=/opt/restic-backup-directories.sh {{ restic_backup_paths | join(' ') }} +{% endif %} +{% if restic_forget_prune | default(true) %} +ExecStartPost=/usr/bin/restic forget --prune \ + --retry-lock {{ restic_retry_lock | default('5m') }} \ + --keep-within={{ restic_policy.keep_within }} \ + --keep-hourly={{ restic_policy.hourly }} \ + --keep-daily={{ restic_policy.daily }} \ + --keep-weekly={{ restic_policy.weekly }} \ + --keep-monthly={{ restic_policy.monthly }} \ + --keep-yearly={{ restic_policy.yearly }} +{% endif %} +{% if restic_list_snapshots | default(true) %} +ExecStartPost=-/usr/bin/restic snapshots --retry-lock {{ restic_retry_lock | default('5m') }} {% endif %} -ExecStartPost=/usr/bin/restic forget --prune --keep-within={{ restic_policy.keep_within }} --keep-hourly={{ restic_policy.hourly }} --keep-daily={{ restic_policy.daily }} --keep-weekly={{ restic_policy.weekly }} --keep-monthly={{ restic_policy.monthly }} -ExecStartPost=-/usr/bin/restic snapshots {% if restic_backup_post_hook | default(false) %} ExecStartPost=-{{ restic_backup_post_hook }} {% endif %} -ExecStartPost=/usr/bin/restic check +{% if restic_check | default(true) %} +ExecStartPost=/usr/bin/restic check --retry-lock {{ restic_retry_lock | default('5m') }} +{% endif %}