Jake Howard
e421657619
Yes it's weird to modify the system package like this, but it's very handy. See also https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root
76 lines
1.5 KiB
YAML
76 lines
1.5 KiB
YAML
- name: Install restic
|
|
package:
|
|
name: restic
|
|
become: true
|
|
|
|
- name: Make user
|
|
user:
|
|
name: restic
|
|
shell: /bin/nologin
|
|
system: false
|
|
become: true
|
|
|
|
- name: backrest
|
|
template:
|
|
src: files/backrest.sh
|
|
dest: /home/restic/backrest.sh
|
|
mode: "0700"
|
|
owner: restic
|
|
become: true
|
|
|
|
- name: Set restic binary permissions
|
|
file:
|
|
path: /usr/bin/restic
|
|
mode: "0750"
|
|
owner: root
|
|
group: restic
|
|
become: true
|
|
|
|
- name: Set cap_sys_chroot=+ep on restic
|
|
community.general.capabilities:
|
|
path: /usr/bin/restic
|
|
capability: cap_dac_read_search=+ep
|
|
become: true
|
|
|
|
- name: Schedule backup
|
|
cron:
|
|
name: restic backup
|
|
hour: 2
|
|
minute: 0
|
|
job: /home/restic/backrest.sh cron_backup
|
|
user: restic
|
|
become: true
|
|
|
|
- name: Schedule forget
|
|
cron:
|
|
name: restic forget
|
|
hour: 5
|
|
minute: 0
|
|
weekday: 0
|
|
job: /home/restic/backrest.sh cron_forget
|
|
user: restic
|
|
become: true
|
|
when: restic_forget
|
|
|
|
- name: backrest fail2ban config
|
|
template:
|
|
src: files/backrest-logrotate
|
|
dest: /etc/logrotate.d/backrest
|
|
mode: "0600"
|
|
become: true
|
|
|
|
- name: Install pacman post script
|
|
template:
|
|
src: files/restic-post.sh
|
|
dest: /usr/share/libalpm/scripts/restic-post.sh
|
|
mode: "0700"
|
|
become: true
|
|
when: ansible_os_family == 'Archlinux'
|
|
|
|
- name: Install pacman post hook
|
|
template:
|
|
src: files/restic-post.hook
|
|
dest: /usr/share/libalpm/hooks/restic-post.hook
|
|
mode: "0600"
|
|
become: true
|
|
when: ansible_os_family == 'Archlinux'
|