diff options
| author | Jesse Luehrs <doy@tozt.net> | 2021-03-25 10:20:01 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2021-03-25 10:20:01 -0400 |
| commit | 456ea9802467ec28f8b21c26897855eb76fae9ae (patch) | |
| tree | 1e9ffd314b13d84cc7a948df2784602acd85ae49 /modules/partofme | |
| parent | b164f70b2747aa69edca82482d05c8bc3b31802a (diff) | |
| download | puppet-tozt-456ea9802467ec28f8b21c26897855eb76fae9ae.tar.gz puppet-tozt-456ea9802467ec28f8b21c26897855eb76fae9ae.zip | |
configure partofme backups with borg
Diffstat (limited to 'modules/partofme')
| -rw-r--r-- | modules/partofme/files/borg_authorized_keys | 3 | ||||
| -rw-r--r-- | modules/partofme/manifests/backups.pp | 29 | ||||
| -rw-r--r-- | modules/partofme/templates/borgmatic_config.yaml | 25 |
3 files changed, 56 insertions, 1 deletions
diff --git a/modules/partofme/files/borg_authorized_keys b/modules/partofme/files/borg_authorized_keys index c6518b6..0d82adf 100644 --- a/modules/partofme/files/borg_authorized_keys +++ b/modules/partofme/files/borg_authorized_keys @@ -1 +1,2 @@ -command="borg serve --restrict-to-path /media/persistent/borg",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaOF5uKItI01/5lIs7hhgio/faOa/G+pOegky+LpyC863R8CVXY6TboLK6MRCqpwT11lTHiP4AIFpDC7DUprVk6QNjAdg58EyrnENZsFhS1UZv3sNvinIXSG20MffYEYqbctdGJasl91MLANCi5HEJCtzZKpB/wfkCL2lpFjwC+DZ1hwWQwUTLycwMK5+XA057lkpggX5gDfWJhqV9zN7CAnLAdopMwOVUcvsHY4ALRF0K3FWGls4E1dC4XvXbtEE28sHl6SVawLdrWXLKkG0PbvyS9VJwX6jNAXJGUEpXm4E1Ait+zQJHSbLU4Kscce+bklQDoZ/4FJPCrNwalyMcUv2KfYmyDofm68u4u+A5qYMXaTWmhRDz0n9r0IXtxffYU2V3xcCDwIvovx5YzQjDvKoOVFvWHUCue1PT960nQwknApAi3/jno/7hUXVfr1YYg6y/hpOuq3B/5vRRP6CmaqvnqALxj6RA0G7tXJpspcaI65inWKVA3+G5Ybt1iRk= doy@hornet +command="borg serve --restrict-to-path /media/persistent/borg",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaOF5uKItI01/5lIs7hhgio/faOa/G+pOegky+LpyC863R8CVXY6TboLK6MRCqpwT11lTHiP4AIFpDC7DUprVk6QNjAdg58EyrnENZsFhS1UZv3sNvinIXSG20MffYEYqbctdGJasl91MLANCi5HEJCtzZKpB/wfkCL2lpFjwC+DZ1hwWQwUTLycwMK5+XA057lkpggX5gDfWJhqV9zN7CAnLAdopMwOVUcvsHY4ALRF0K3FWGls4E1dC4XvXbtEE28sHl6SVawLdrWXLKkG0PbvyS9VJwX6jNAXJGUEpXm4E1Ait+zQJHSbLU4Kscce+bklQDoZ/4FJPCrNwalyMcUv2KfYmyDofm68u4u+A5qYMXaTWmhRDz0n9r0IXtxffYU2V3xcCDwIvovx5YzQjDvKoOVFvWHUCue1PT960nQwknApAi3/jno/7hUXVfr1YYg6y/hpOuq3B/5vRRP6CmaqvnqALxj6RA0G7tXJpspcaI65inWKVA3+G5Ybt1iRk= root@hornet +command="borg serve --restrict-to-repository /media/persistent/borg/partofme",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFdFY+FnS5VNVkFISytoVpEuN89AM626cyu68fYlbqpLuCy0TGxb4aSR0F5YfJXw0yHid/kDhyTsgJoiDvnJybteWAQHM1Rg2bfVI8juKzyRUin3j4NDRrQSPLAK0QM7zPNSg3bymW53Pk0EpmOyCA/aGIWJVSqUkeKDPSa8V/WaRQRywGn+ImwsoWrFiOTgc+kUBixOXkZ2xGxXro+U/KSE2TicB+d66R33AIkTO15snOzTnPsvmDxp3u4vmsmeSotDLxmMs0OCwhAOb7i+aSPpJbFD5LpccJd1jRuW/riqadoZdhShnjA8Ieky7eANB+S6bJniKDUmFRfQSvhdHdIJTsoeVdKXXRTq7PQbVNGXNlayzVE+ro4Ckc5GKLEab2QSvRzYxevw3ZGTjUd616qDuMDO6qYyRHZEXcA6ar1n1BrreKqjRan+V5w0fW0RrUq3JVoombyrf6VZRYhjpQ8qnXtek6frFTTxmeE0tbQwcGo9a4objtHUO76LwvgBM= root@partofme diff --git a/modules/partofme/manifests/backups.pp b/modules/partofme/manifests/backups.pp index 913912e..d1bd062 100644 --- a/modules/partofme/manifests/backups.pp +++ b/modules/partofme/manifests/backups.pp @@ -77,4 +77,33 @@ class partofme::backups { sshd::configsection { 'borg': source => 'puppet:///modules/partofme/sshd_config.borg'; } + + package { 'borgmatic': + ensure => installed; + } + + $borgmatic_passphrase = secret::value('borgmatic_passphrase') + file { + "/etc/borgmatic": + ensure => directory; + "/etc/borgmatic/config.yaml": + content => template('partofme/borgmatic_config.yaml'), + require => File["/etc/borgmatic"]; + } + + secret { "/media/persistent/borg/.ssh/borg_ssh_key": + source => 'borg_ssh_key', + require => File["/media/persistent/borg/.ssh"]; + } + + exec { '/usr/bin/borgmatic init': + environment => [ + "BORG_PASSPHRASE=${borgmatic_passphrase}", + ], + unless => '/usr/bin/borgmatic info > /dev/null', + require => [ + Package['borgmatic'], + File['/etc/borgmatic/config.yaml'], + ] + } } diff --git a/modules/partofme/templates/borgmatic_config.yaml b/modules/partofme/templates/borgmatic_config.yaml new file mode 100644 index 0000000..5c69be0 --- /dev/null +++ b/modules/partofme/templates/borgmatic_config.yaml @@ -0,0 +1,25 @@ +location: + source_directories: + - /home + - /etc + - /usr/local/bin + repositories: + - borg@localhost:partofme + atime: false + exclude_patterns: + - /home/*/.cache + - /home/*/.cargo + - /home/*/.rustup + - /home/doy/coding/*/target + - /home/doy/mnt + - /home/doy/tmp + +storage: + encryption_passphrase: "<%= @borgmatic_passphrase %>" + ssh_command: /usr/bin/ssh -i /media/persistent/borg/.ssh/borg_ssh_key + +retention: + keep_daily: 7 + keep_weekly: 4 + keep_monthly: 12 + keep_yearly: 1000 |