finallycoffee/services
finallycoffee/services
3
1
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

refactor(restic): make role backend-agnostic, document backends

Browse Source
This commit is contained in:
transcaffeine 2022-03-12 11:42:29 +01:00
parent a83a1f8d20
commit bece0ede75
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
7 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -8,8 +8,8 @@ concise area of concern.
## Roles
- [`roles/restic-s3`](roles/restic-s3/README.md): Manage backups using restic
and persist them to an s3-compatible backend.
- [`roles/restic`](roles/restic/README.md): Manage backups using restic
and persist them to a configurable backend.
- [`roles/minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an
s3-compatible object storage server, using docker containers.

28
roles/restic-s3/README.md → roles/restic/README.md
View File

@ -1,14 +1,28 @@
# `finallycoffee.services.restic-s3`
# `finallycoffee.services.restic`
Ansible role for backup up data using `restic` to an `s3`-compatible backend,
utilizing `systemd` timers for scheduling
Ansible role for backup up data using `restic`, utilizing `systemd` timers for scheduling.
## Overview
The s3 repository and the credentials for it are specified in `restic_repo_url`,
`restic_s3_key_id` and `restic_s3_access_key`. As restic encrypts the data before
storing it, the `restic_repo_password` needs to be populated with a strong key,
and saved accordingly as only this key can be used to decrypt the data for a restore!
As restic encrypts the data before storing it, the `restic_repo_password` needs
to be populated with a strong key, and saved accordingly as only this key can
be used to decrypt the data for a restore!
### Backends
#### S3 Backend
To use a `s3`-compatible backend like AWS buckets or minio, both `restic_s3_key_id`
and `restic_s3_access_key` need to be populated, and the `restic_repo_url` has the
format `s3:https://my.s3.endpoint:port/bucket-name`.
#### SFTP Backend
Using the `sftp` backend requires the configured `restic_user` to be able to
authenticate to the configured SFTP-Server using password-less methods like
publickey-authentication. The `restic_repo_url` then follows the format
`sftp:{user}@{server}:/my-restic-repository` (or without leading `/` for relative
paths to the `{user}`s home directory.
### Backing up data

0
roles/restic-s3/defaults/main.yml → roles/restic/defaults/main.yml
View File

0
roles/restic-s3/handlers/main.yml → roles/restic/handlers/main.yml
View File

0
roles/restic-s3/tasks/main.yml → roles/restic/tasks/main.yml
View File

2
roles/restic-s3/templates/restic.service.j2 → roles/restic/templates/restic.service.j2
View File

@ -9,8 +9,10 @@ SyslogIdentifier={{ restic_systemd_syslog_identifier }}
Environment=RESTIC_REPOSITORY={{ restic_repo_url }}
Environment=RESTIC_PASSWORD={{ restic_repo_password }}
{% if restic_s3_key_id and restic_s3_access_key %}
Environment=AWS_ACCESS_KEY_ID={{ restic_s3_key_id }}
Environment=AWS_SECRET_ACCESS_KEY={{ restic_s3_access_key }}
{% endif %}
ExecStartPre=-/bin/sh -c '/usr/bin/restic snapshots || /usr/bin/restic init'
{% if restic_backup_stdin_command %}

0
roles/restic-s3/templates/restic.timer.j2 → roles/restic/templates/restic.timer.j2
View File