diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index b588cc159..a76447162 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -5,10 +5,10 @@ The backup will run based on `matrix_backup_borg_schedule` var (systemd timer ca ## Prerequisites -1. Create ssh key: +1. Create ssh key on any machine: ```bash -ssh-keygen -t ed25519 -N '' -C matrix +ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix ``` 2. Add public part of that ssh key to your borg provider / server: @@ -27,9 +27,10 @@ Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to ```yaml matrix_backup_borg_enabled: true -matrix_backup_borg_repository: "USER@HOST:REPO" -matrix_backup_borg_passphrase: "PASSPHRASE" -matrix_backup_borg_ssh_key: | +matrix_backup_borg_repositories: + - USER@HOST:REPO +matrix_backup_borg_encryption_passphrase: "PASSPHRASE" +matrix_backup_borg_ssh_key_private: | PRIVATE KEY ``` diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index dea29d785..fb29b70e2 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -25,11 +25,12 @@ matrix_backup_borg_systemd_wanted_services_list: [] # systemd calendar configuration for backup job matrix_backup_borg_schedule: "*-*-* 04:00:00" -# what directory should be added to backup -matrix_backup_borg_source: "{{ matrix_base_data_path }}" +# what directories should be added to backup +matrix_backup_borg_source_directories: + - "{{ matrix_base_data_path }}" # exclude following paths: -matrix_backup_borg_exclude: +matrix_backup_borg_exclude_patterns: - "{{ matrix_synapse_media_store_path }}/local_thumbnails" - "{{ matrix_synapse_media_store_path }}/remote_thumbnail" - "{{ matrix_synapse_media_store_path }}/url_cache" @@ -39,29 +40,29 @@ matrix_backup_borg_exclude: matrix_backup_borg_encryption: repokey-blake2 # private ssh key used to connect to the borg repo -matrix_backup_borg_ssh_key: "" +matrix_backup_borg_ssh_key_private: "" # borg ssh command with ssh key matrix_backup_borg_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey -# target repository -matrix_backup_borg_repository: "" +# target repositories +matrix_backup_borg_repositories: [] # compression algorithm matrix_backup_borg_compression: lz4 # archive name format -matrix_backup_borg_name: "matrix-{now:%Y-%m-%d-%H%M%S}" - -# retention prefix -matrix_backup_borg_prefix: "matrix-" +matrix_backup_borg_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" # repository passphrase -matrix_backup_borg_passphrase: "" +matrix_backup_borg_encryption_passphrase: "" # retention configuration -matrix_backup_borg_hourly: 0 -matrix_backup_borg_daily: 7 -matrix_backup_borg_weekly: 4 -matrix_backup_borg_monthly: 12 -matrix_backup_borg_yearly: 2 +matrix_backup_borg_retention_keep_hourly: 0 +matrix_backup_borg_retention_keep_daily: 7 +matrix_backup_borg_retention_keep_weekly: 4 +matrix_backup_borg_retention_keep_monthly: 12 +matrix_backup_borg_retention_keep_yearly: 2 + +# retention prefix +matrix_backup_borg_retention_prefix: "matrix-" diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml index 4ac566f49..1f3e39239 100644 --- a/roles/matrix-backup-borg/tasks/validate_config.yml +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -5,6 +5,6 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - "matrix_backup_borg_ssh_key" - - "matrix_backup_borg_repository" - - "matrix_backup_borg_passphrase" + - "matrix_backup_borg_ssh_key_private" + - "matrix_backup_borg_repositories" + - "matrix_backup_borg_encryption_passphrase" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 0756cad2c..d96a8a48c 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -1,29 +1,24 @@ #jinja2: lstrip_blocks: "True", trim_blocks: "True" location: - source_directories: - - {{ matrix_backup_borg_source }} - repositories: - - {{ matrix_backup_borg_repository }} + source_directories: {{ matrix_backup_borg_source_directories|to_json }} + repositories: {{ matrix_backup_borg_repositories|to_json }} one_file_system: true - exclude_patterns: - {% for pattern in matrix_backup_borg_exclude %} - - {{ pattern }} - {% endfor %} + exclude_patterns: {{ matrix_backup_borg_exclude_patterns|to_json }} storage: compression: {{ matrix_backup_borg_compression }} ssh_command: {{ matrix_backup_borg_ssh_command }} - archive_name_format: '{{ matrix_backup_borg_name }}' - encryption_passphrase: {{ matrix_backup_borg_passphrase }} + archive_name_format: '{{ matrix_backup_borg_archive_name_format }}' + encryption_passphrase: {{ matrix_backup_borg_encryption_passphrase }} retention: - keep_hourly: {{ matrix_backup_borg_hourly }} - keep_daily: {{ matrix_backup_borg_daily }} - keep_weekly: {{ matrix_backup_borg_weekly }} - keep_monthly: {{ matrix_backup_borg_monthly }} - keep_yearly: {{ matrix_backup_borg_yearly }} - prefix: '{{ matrix_backup_borg_prefix }}' + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} + prefix: '{{ matrix_backup_borg_retention_prefix }}' consistency: checks: diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/matrix-backup-borg/templates/sshkey.j2 index fe750e8e8..999cf38d1 100644 --- a/roles/matrix-backup-borg/templates/sshkey.j2 +++ b/roles/matrix-backup-borg/templates/sshkey.j2 @@ -1 +1 @@ -{{ matrix_backup_borg_ssh_key }} +{{ matrix_backup_borg_ssh_key_private }} diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 351e8f1e5..3325ad1b2 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -23,8 +23,10 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor --network={{ matrix_docker_network }} \ --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ - --mount type=bind,src={{ matrix_backup_borg_source }},dst={{ matrix_backup_borg_source }},ro \ --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} {% for arg in matrix_backup_borg_container_extra_arguments %} {{ arg }} \ {% endfor %} @@ -39,8 +41,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ --network={{ matrix_docker_network }} \ --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ - --mount type=bind,src={{ matrix_backup_borg_source }},dst=/matrix,ro \ --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} {% for arg in matrix_backup_borg_container_extra_arguments %} {{ arg }} \ {% endfor %}