feedback

docs/configuring-playbook-backup-borg.md

@@ -5,10 +5,10 @@ The backup will run based on `matrix_backup_borg_schedule` var (systemd timer ca
 
 ## Prerequisites
 
-1. Create ssh key:
+1. Create ssh key on any machine:
 
 ```bash
-ssh-keygen -t ed25519 -N '' -C matrix
+ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix
 ```
 
 2. Add public part of that ssh key to your borg provider / server:
@@ -27,9 +27,10 @@ Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to
 
 ```yaml
 matrix_backup_borg_enabled: true
-matrix_backup_borg_repository: "USER@HOST:REPO"
-matrix_backup_borg_passphrase: "PASSPHRASE"
-matrix_backup_borg_ssh_key: |
+matrix_backup_borg_repositories:
+	- USER@HOST:REPO
+matrix_backup_borg_encryption_passphrase: "PASSPHRASE"
+matrix_backup_borg_ssh_key_private: |
 	PRIVATE KEY
 ```
 

roles/matrix-backup-borg/defaults/main.yml

@@ -25,11 +25,12 @@ matrix_backup_borg_systemd_wanted_services_list: []
 # systemd calendar configuration for backup job
 matrix_backup_borg_schedule: "*-*-* 04:00:00"
 
-# what directory should be added to backup
-matrix_backup_borg_source: "{{ matrix_base_data_path }}"
+# what directories should be added to backup
+matrix_backup_borg_source_directories:
+  - "{{ matrix_base_data_path }}"
 
 # exclude following paths:
-matrix_backup_borg_exclude:
+matrix_backup_borg_exclude_patterns:
   - "{{ matrix_synapse_media_store_path }}/local_thumbnails"
   - "{{ matrix_synapse_media_store_path }}/remote_thumbnail"
   - "{{ matrix_synapse_media_store_path }}/url_cache"
@@ -39,29 +40,29 @@ matrix_backup_borg_exclude:
 matrix_backup_borg_encryption: repokey-blake2
 
 # private ssh key used to connect to the borg repo
-matrix_backup_borg_ssh_key: ""
+matrix_backup_borg_ssh_key_private: ""
 
 # borg ssh command with ssh key
 matrix_backup_borg_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
 
-# target repository
-matrix_backup_borg_repository: ""
+# target repositories
+matrix_backup_borg_repositories: []
 
 # compression algorithm
 matrix_backup_borg_compression: lz4
 
 # archive name format
-matrix_backup_borg_name: "matrix-{now:%Y-%m-%d-%H%M%S}"
-
-# retention prefix
-matrix_backup_borg_prefix: "matrix-"
+matrix_backup_borg_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}"
 
 # repository passphrase
-matrix_backup_borg_passphrase: ""
+matrix_backup_borg_encryption_passphrase: ""
 
 # retention configuration
-matrix_backup_borg_hourly: 0
-matrix_backup_borg_daily: 7
-matrix_backup_borg_weekly: 4
-matrix_backup_borg_monthly: 12
-matrix_backup_borg_yearly: 2
+matrix_backup_borg_retention_keep_hourly: 0
+matrix_backup_borg_retention_keep_daily: 7
+matrix_backup_borg_retention_keep_weekly: 4
+matrix_backup_borg_retention_keep_monthly: 12
+matrix_backup_borg_retention_keep_yearly: 2
+
+# retention prefix
+matrix_backup_borg_retention_prefix: "matrix-"

roles/matrix-backup-borg/tasks/validate_config.yml

@@ -5,6 +5,6 @@
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
-    - "matrix_backup_borg_ssh_key"
-    - "matrix_backup_borg_repository"
-    - "matrix_backup_borg_passphrase"
+    - "matrix_backup_borg_ssh_key_private"
+    - "matrix_backup_borg_repositories"
+    - "matrix_backup_borg_encryption_passphrase"

roles/matrix-backup-borg/templates/config.yaml.j2

@@ -1,29 +1,24 @@
 #jinja2: lstrip_blocks: "True", trim_blocks: "True"
 
 location:
-  source_directories:
-  - {{ matrix_backup_borg_source }}
-  repositories:
-  - {{ matrix_backup_borg_repository }}
+  source_directories: {{ matrix_backup_borg_source_directories|to_json }}
+  repositories: {{ matrix_backup_borg_repositories|to_json }}
   one_file_system: true
-  exclude_patterns:
-  {% for pattern in matrix_backup_borg_exclude %}
-  - {{ pattern }}
-  {% endfor %}
+  exclude_patterns: {{ matrix_backup_borg_exclude_patterns|to_json }}
 
 storage:
   compression: {{ matrix_backup_borg_compression }}
   ssh_command: {{ matrix_backup_borg_ssh_command }}
-  archive_name_format: '{{ matrix_backup_borg_name }}'
-  encryption_passphrase: {{ matrix_backup_borg_passphrase }}
+  archive_name_format: '{{ matrix_backup_borg_archive_name_format }}'
+  encryption_passphrase: {{ matrix_backup_borg_encryption_passphrase }}
 
 retention:
-  keep_hourly: {{ matrix_backup_borg_hourly }}
-  keep_daily: {{ matrix_backup_borg_daily }}
-  keep_weekly: {{ matrix_backup_borg_weekly }}
-  keep_monthly: {{ matrix_backup_borg_monthly }}
-  keep_yearly: {{ matrix_backup_borg_yearly }}
-  prefix: '{{ matrix_backup_borg_prefix }}'
+  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}
+  keep_daily: {{ matrix_backup_borg_retention_keep_daily }}
+  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }}
+  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }}
+  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }}
+  prefix: '{{ matrix_backup_borg_retention_prefix }}'
 
 consistency:
   checks:

roles/matrix-backup-borg/templates/sshkey.j2

@@ -1 +1 @@
-{{ matrix_backup_borg_ssh_key }}
+{{ matrix_backup_borg_ssh_key_private }}

roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2

@@ -23,8 +23,10 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor
 			--network={{ matrix_docker_network }} \
 			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
-			--mount type=bind,src={{ matrix_backup_borg_source }},dst={{ matrix_backup_borg_source }},ro \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
+			{% for source in matrix_backup_borg_source_directories %}
+			--mount type=bind,src={{ source }},dst={{ source }},ro \
+			{% endfor %}
 			{% for arg in matrix_backup_borg_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
@@ -39,8 +41,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
 			--network={{ matrix_docker_network }} \
 			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
-			--mount type=bind,src={{ matrix_backup_borg_source }},dst=/matrix,ro \
 			--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
+			{% for source in matrix_backup_borg_source_directories %}
+			--mount type=bind,src={{ source }},dst={{ source }},ro \
+			{% endfor %}
 			{% for arg in matrix_backup_borg_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}