From 7e7248bb4fcbfd1c02b8c3ec8a015b586d577591 Mon Sep 17 00:00:00 2001 From: tolerryan <105945216+tolerryan@users.noreply.github.com> Date: Mon, 6 Oct 2025 02:37:11 -0500 Subject: [PATCH] re add setup restic. --- roles/ind/downloader/downloader-install.yml | 3 + roles/lib/setup-restic.yml | 228 ++++++++++++++++++++ 2 files changed, 231 insertions(+) create mode 100644 roles/lib/setup-restic.yml diff --git a/roles/ind/downloader/downloader-install.yml b/roles/ind/downloader/downloader-install.yml index 1f4acc8..470f536 100644 --- a/roles/ind/downloader/downloader-install.yml +++ b/roles/ind/downloader/downloader-install.yml @@ -19,6 +19,9 @@ - name: Setup-netbird.yml - setting up netbird mesh vpn import_tasks: ../../lib/setup-netbird.yml + - name: setup-restic.yml - setup restic + import_tasks: ../../lib/setup-restic.yml + - name: Create grail user user: name: grail diff --git a/roles/lib/setup-restic.yml b/roles/lib/setup-restic.yml new file mode 100644 index 0000000..0cb83ce --- /dev/null +++ b/roles/lib/setup-restic.yml @@ -0,0 +1,228 @@ +# Do not need as a playbook if included inside another playbook +--- +- name: Setup restic user and scripts. + hosts: all + vars_files: + - 'vault' + become: yes + remote_user: ansible + gather_facts: true + + + tasks: + - name: Create Restic user + user: + name: restic + uid: 2001 + group: users + state: present + create_home: yes + home: /home/restic + shell: /bin/bash + + - name: Add Authorized key for Restic user + ansible.posix.authorized_key: + user: restic + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsDIrV6QIMtpJFNpZEgHnkYgFC6OXMJQFc1JqrnpCzY fake@gmail.com" + + - name: Install Restic Private key + copy: + dest: /home/restic/.ssh/resticuser.ed25519 + content: "{{ restic_private }}" + owner: restic + group: users + mode: '0600' + + - name: Copy Restic Repo Pass + copy: + dest: /home/restic/.resticpassword + content: "{{ restic_repopass }}" + owner: restic + group: users + mode: '0600' + + - name: Copy restic.sh + copy: + dest: /home/restic/restic.sh + content: | + #!/bin/bash + cd /home/restic/ + # Check if a flag was passed + if [[ "$#" -lt 2 ]]; then + echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" + exit 1 + fi + + # Initialize variables + backup=false + forget=false + check=false + init=false + password=($cat ./.resticpassword) + + last_arg="" + + # Parse arguments + case $1 in + --backup) + backup=true + shift + ;; + --forget) + forget=true + shift + ;; + --check) + check=true + shift + ;; + --init) + init=true + shift + ;; + *) + echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" + ;; + esac + + # Check if last argument is valid + last_arg=$1 + if [ -n "$last_arg" ]; then + if [ -d "$last_arg" ]; then + #Last argument is a directory: $last_arg + backupdir=$last_arg + elif [ -f "$last_arg" ]; then + #Last argument is a file: $last_arg + backupdir=$last_arg + else + echo "Last argument is neither a directory nor a file: $last_arg" + fi + else + echo "No valid argument provided after options" + fi + + + # Execute Restic commands based on flags + if $backup; then + echo "Backing up... to misamisa" + echo "Date: $(date '+%Y-%m-%d_%H-%M-%S')" # Add your Restic backup command here + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) backup --exclude="*lost+found*" $backupdir \ + | tee backup.out + status=$? + if [ $status -eq 0 ]; then + # If the exit status is 0 (success), send a success message + ./discord.sh "$(hostname) backup complete" + elif [ $status -eq 3 ]; then + ./discord.sh "$(hostname) backup complete" + else + # If the exit status is not 0 (failure), send a failure message + ./discord.sh "$(hostname) Backup has failed" + fi + echo "Backup completed $(date '+%Y-%m-%d_%H-%M-%S')" + fi + + if $forget; then + echo "Removing old backups..." + # Add your Restic forget command here + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) forget --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 1y + if [ $? -eq 0 ]; then + # If the exit status is 0 (success), send a success message + ./discord.sh "$(hostname) forget command completed successfully" + else + # If the exit status is not 0 (failure), send a failure message + ./discord.sh "$(hostname) forget command has failed" + fi + fi + + if $check; then + echo "Checking backups..." + # Add your Restic check command here + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) check --read-data + if [ $? -eq 0 ]; then + # If the exit status is 0 (success), send a success message + ./discord.sh "$(hostname) Restic Verification complete" + else + # If the exit status is not 0 (failure), send a failure message + ./discord.sh "$(hostname) Restic Verification failed!! there is an issue" + fi + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) unlock + + fi + + if $init; then + echo "Init backup..." + # Generate password + if [[ -z $(grep '[^[:space:]]' ./.resticpassword) ]] ; then + echo "Password file empty. generating passwordwq" + tr -dc A-Za-z0-9 ./.resticpassword + fi + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) init + if [ $? -eq 0 ]; then + # If the exit status is 0 (success), send a success message + ./discord.sh "$(hostname) Restic Init complete for $(hostname)" + else + # If the exit status is not 0 (failure), send a failure message + ./discord.sh "$(hostname) Restic init failed!! there is an issue on $(hostname)" + fi + fi + owner: restic + group: users + mode: '0755' + + - name: Copy discord.sh + copy: + dest: /home/restic/discord.sh + content: "{{ discord_webhook }}" + owner: restic + group: users + mode: '0755' + + - name: Create SSH config file + copy: + dest: /root/.ssh/config + content: | + Hostname misamisa.netbird.cloud + Port 25456 + User restic + IdentityFile /home/restic/.ssh/resticuser.ed25519 + owner: root + group: root + mode: '0644' + + - name: Add known host entry for misamisa + become: yes + shell: "ssh-keyscan -p 25456 -H misamisa.netbird.cloud >> ~/.ssh/known_hosts" + + - name: Download restic bz2 file + get_url: + url: "https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2" + dest: "/tmp/restic.bz2" + mode: '0755' + force: yes + register: restic_download + + - name: Extract restic bz2 file + ansible.builtin.command: + cmd: bunzip2 /tmp/restic.bz2 + creates: /tmp/restic + when: restic_download.changed + + - name: Move restic to /usr/bin/ + copy: + src: "/tmp/restic" + dest: "/usr/bin/restic" + mode: "0755" + owner: root + group: root + remote_src: yes + when: restic_download.changed + + # This can be removed later if needed. used to cleanup existing crontab entries. Leaving incase any older + # configured hosts are brought online. + - name: Remove crontab entries containing restic.sh for root + become: yes + shell: crontab -l -u root | grep -v restic.sh | crontab -u root - + register: cron_output + changed_when: false + failed_when: false \ No newline at end of file