include:
- profile.borgbackup.packages
# client-side user (non-privileged or root)
{% set client_user = 'cboltz' %} # TODO (use pillar - from pillar/id or pillar/role?)
{% set client_home = salt['user.info'](client_user).home %}
{% set backup_pass = 'topsecret' %} # TODO: create encrypted pillar borgbackup/{{ server_user }}.sls with backup_pass and ssh private key
{% set backup_server = pillar.get('profile:borgbackup:backupserver') %}
# server-side
{% set server_user = 'cboltz' %} # TODO (use pillar)
{% set backupdir = '/backup/' + server_user + '/borgbackup' %}
# setup user and ssh stuff
borgbackup_user:
user.present:
- name: {{ client_user }}
{{ salt['user.info'](client_user).home }}/.ssh:
file.directory:
- user: {{ client_user }}
- mode: 700
{{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key:
file.managed:
- user: {{ client_user }}
- mode: 600
- contents_pillar: profile.borgbackup.{{ server_user }}.privatekey
{{ salt['user.info'](client_user).home }}/.ssh/known_hosts:
file.append:
- user: {{ client_user }}
- mode: 600
- contents_pillar: profile.borgbackup.ssh_known_hosts
# backup config file
{{ salt['user.info'](client_user).home }}/borg-env:
file.managed:
- user: {{ client_user }}
- mode: 600
- contents:
- export BORG_RSH="ssh -i {{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key"
- export BORG_PASSPHRASE='{{ backup_pass }}'
- "export BORG_REPO='ssh://{{ client_user }}@{{ backup_server }}{{ backupdir }}'"
- export LOG='/var/log/borg/backup.log'
# TODO: make the directory to backup configurable
# TODO: make excludes configurable
# initialize the backup
borgbackup_init:
cmd.run:
- env: {{ backup_pass }}
- name: borg init --encryption=repokey 'ssh://{{ client_user }}@{{backup_server}}{{ backupdir }}'
- runas: {{ client_user }}
- creates: {{ salt['user.info'](client_user).home }}/.cache/borg/CACHEDIR.TAG
{{ salt['user.info'](client_user).home }}/borg-backup-script:
file.managed:
- source: salt://profile/borgbackup/files/borg-backup-script
- user: {{ client_user }}
- mode: 600
/var/log/borg:
file.directory
- user: {{ client_user }}
# create cronjob
# TODO