1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
class partofme::backups {
syncthing::user { $::default_user:
}
$encrypt_passphrase = secret::value('duplicati')
duplicati::backup { "partofme":
content => template('partofme/duplicati-partofme.json');
}
$cloud_encrypt_passphrase = secret::value('duplicati-cloud')
$cloud_url = secret::value('duplicati-cloud-url')
duplicati::backup { "partofme-cloud":
content => template('partofme/duplicati-partofme-cloud.json');
}
file { '/usr/local/bin/sftp-only':
content => 'exec false',
mode => '0755';
}
user { 'duplicati':
home => '/media/persistent/duplicati',
password => secret::value('passwd/duplicati'),
shell => '/usr/local/bin/sftp-only',
require => [
Package::Makepkg['duplicati-latest'],
File['/usr/local/bin/sftp-only'],
];
}
sshd::configsection { 'duplicati':
source => 'puppet:///modules/partofme/sshd_config.duplicati';
}
exec { 'allow sftp logins for duplicati':
provider => 'shell',
command => 'echo /usr/local/bin/sftp-only >> /etc/shells',
unless => 'grep -qF /usr/local/bin/sftp-only /etc/shells',
require => File['/usr/local/bin/sftp-only'];
}
#############################
package { 'borg':
ensure => installed;
}
group { 'borg':
ensure => present;
}
user { 'borg':
ensure => present,
gid => 'borg',
home => '/media/persistent/borg';
}
file {
"/media/persistent/borg/":
ensure => directory,
owner => 'borg',
group => 'borg',
require => User['borg'];
"/media/persistent/borg/.ssh":
ensure => directory,
owner => 'borg',
group => 'borg',
require => User['borg'];
"/media/persistent/borg/.ssh/authorized_keys":
source => 'puppet:///modules/partofme/borg_authorized_keys',
owner => 'borg',
group => 'borg',
mode => '0600',
require => File["/media/persistent/borg/.ssh"];
}
sshd::configsection { 'borg':
source => 'puppet:///modules/partofme/sshd_config.borg';
}
package { 'borgmatic':
ensure => installed;
}
$borgmatic_passphrase = secret::value('borgmatic_passphrase')
file {
"/etc/borgmatic":
ensure => directory;
"/etc/borgmatic/config.yaml":
content => template('partofme/borgmatic_config.yaml'),
require => File["/etc/borgmatic"];
}
secret { "/media/persistent/borg/.ssh/borg_ssh_key":
source => 'borg_ssh_key',
require => File["/media/persistent/borg/.ssh"];
}
exec { '/usr/bin/borgmatic init':
environment => [
"BORG_PASSPHRASE=${borgmatic_passphrase}",
],
unless => '/usr/bin/borgmatic info > /dev/null',
require => [
Package['borgmatic'],
File['/etc/borgmatic/config.yaml'],
]
}
}
|