|
Christian Boltz |
9ccde7 |
include:
|
|
Christian Boltz |
9ccde7 |
- profile.borgbackup.packages
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# client-side user (non-privileged or root)
|
|
Christian Boltz |
9ccde7 |
{% set client_user = 'cboltz' %} # TODO (use pillar - from pillar/id or pillar/role?)
|
|
Christian Boltz |
9ccde7 |
{% set client_home = salt['user.info'](client_user).home %}
|
|
Christian Boltz |
9ccde7 |
{% set backup_pass = 'topsecret' %} # TODO: create encrypted pillar borgbackup/{{ server_user }}.sls with backup_pass and ssh private key
|
|
Christian Boltz |
9ccde7 |
{% set backup_server = pillar.get('profile:borgbackup:backupserver') %}
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# server-side
|
|
Christian Boltz |
9ccde7 |
{% set server_user = 'cboltz' %} # TODO (use pillar)
|
|
Christian Boltz |
9ccde7 |
{% set backupdir = '/backup/' + server_user + '/borgbackup' %}
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# setup user and ssh stuff
|
|
Christian Boltz |
9ccde7 |
borgbackup_user:
|
|
Christian Boltz |
9ccde7 |
user.present:
|
|
Christian Boltz |
9ccde7 |
- name: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
{{ salt['user.info'](client_user).home }}/.ssh:
|
|
Christian Boltz |
9ccde7 |
file.directory:
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- mode: 700
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
{{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key:
|
|
Christian Boltz |
9ccde7 |
file.managed:
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- mode: 600
|
|
Christian Boltz |
9ccde7 |
- contents_pillar: profile.borgbackup.{{ server_user }}.privatekey
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
{{ salt['user.info'](client_user).home }}/.ssh/known_hosts:
|
|
Christian Boltz |
9ccde7 |
file.append:
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- mode: 600
|
|
Christian Boltz |
9ccde7 |
- contents_pillar: profile.borgbackup.ssh_known_hosts
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# backup config file
|
|
Christian Boltz |
9ccde7 |
{{ salt['user.info'](client_user).home }}/borg-env:
|
|
Christian Boltz |
9ccde7 |
file.managed:
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- mode: 600
|
|
Christian Boltz |
9ccde7 |
- contents:
|
|
Christian Boltz |
9ccde7 |
- export BORG_RSH="ssh -i {{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key"
|
|
Christian Boltz |
9ccde7 |
- export BORG_PASSPHRASE='{{ backup_pass }}'
|
|
Christian Boltz |
9ccde7 |
- "export BORG_REPO='ssh://{{ client_user }}@{{ backup_server }}{{ backupdir }}'"
|
|
Christian Boltz |
9ccde7 |
- export LOG='/var/log/borg/backup.log'
|
|
Christian Boltz |
9ccde7 |
# TODO: make the directory to backup configurable
|
|
Christian Boltz |
9ccde7 |
# TODO: make excludes configurable
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# initialize the backup
|
|
Christian Boltz |
9ccde7 |
borgbackup_init:
|
|
Christian Boltz |
9ccde7 |
cmd.run:
|
|
Christian Boltz |
9ccde7 |
- env: {{ backup_pass }}
|
|
Christian Boltz |
9ccde7 |
- name: borg init --encryption=repokey 'ssh://{{ client_user }}@{{backup_server}}{{ backupdir }}'
|
|
Christian Boltz |
9ccde7 |
- runas: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- creates: {{ salt['user.info'](client_user).home }}/.cache/borg/CACHEDIR.TAG
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
{{ salt['user.info'](client_user).home }}/borg-backup-script:
|
|
Christian Boltz |
9ccde7 |
file.managed:
|
|
Christian Boltz |
9ccde7 |
- source: salt://profile/borgbackup/files/borg-backup-script
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
- mode: 600
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
/var/log/borg:
|
|
Christian Boltz |
9ccde7 |
file.directory
|
|
Christian Boltz |
9ccde7 |
- user: {{ client_user }}
|
|
Christian Boltz |
9ccde7 |
|
|
Christian Boltz |
9ccde7 |
# create cronjob
|
|
Christian Boltz |
9ccde7 |
# TODO
|