ryan/Terraform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

re add setup restic.

Browse Source
This commit is contained in:
tolerryan
2025-10-06 02:37:11 -05:00
parent 4591105b27
commit 7e7248bb4f
2 changed files with 231 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/ind/downloader/downloader-install.yml
View File

@@ -19,6 +19,9 @@
- name: Setup-netbird.yml - setting up netbird mesh vpn - name: Setup-netbird.yml - setting up netbird mesh vpn
import_tasks: ../../lib/setup-netbird.yml import_tasks: ../../lib/setup-netbird.yml
- name: setup-restic.yml - setup restic
import_tasks: ../../lib/setup-restic.yml
- name: Create grail user - name: Create grail user
user: user:
name: grail name: grail

228
roles/lib/setup-restic.yml Normal file
View File

@@ -0,0 +1,228 @@
# Do not need as a playbook if included inside another playbook
---
- name: Setup restic user and scripts.
hosts: all
vars_files:
- 'vault'
become: yes
remote_user: ansible
gather_facts: true
tasks:
- name: Create Restic user
user:
name: restic
uid: 2001
group: users
state: present
create_home: yes
home: /home/restic
shell: /bin/bash
- name: Add Authorized key for Restic user
ansible.posix.authorized_key:
user: restic
state: present
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsDIrV6QIMtpJFNpZEgHnkYgFC6OXMJQFc1JqrnpCzY fake@gmail.com"
- name: Install Restic Private key
copy:
dest: /home/restic/.ssh/resticuser.ed25519
content: "{{ restic_private }}"
owner: restic
group: users
mode: '0600'
- name: Copy Restic Repo Pass
copy:
dest: /home/restic/.resticpassword
content: "{{ restic_repopass }}"
owner: restic
group: users
mode: '0600'
- name: Copy restic.sh
copy:
dest: /home/restic/restic.sh
content: |
#!/bin/bash
cd /home/restic/
# Check if a flag was passed
if [[ "$#" -lt 2 ]]; then
echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup"
exit 1
fi
# Initialize variables
backup=false
forget=false
check=false
init=false
password=($cat ./.resticpassword)
last_arg=""
# Parse arguments
case $1 in
--backup)
backup=true
shift
;;
--forget)
forget=true
shift
;;
--check)
check=true
shift
;;
--init)
init=true
shift
;;
*)
echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup"
;;
esac
# Check if last argument is valid
last_arg=$1
if [ -n "$last_arg" ]; then
if [ -d "$last_arg" ]; then
#Last argument is a directory: $last_arg
backupdir=$last_arg
elif [ -f "$last_arg" ]; then
#Last argument is a file: $last_arg
backupdir=$last_arg
else
echo "Last argument is neither a directory nor a file: $last_arg"
fi
else
echo "No valid argument provided after options"
fi
# Execute Restic commands based on flags
if $backup; then
echo "Backing up... to misamisa"
echo "Date: $(date '+%Y-%m-%d_%H-%M-%S')" # Add your Restic backup command here
restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) backup --exclude="*lost+found*" $backupdir \
| tee backup.out
status=$?
if [ $status -eq 0 ]; then
# If the exit status is 0 (success), send a success message
./discord.sh "$(hostname) backup complete"
elif [ $status -eq 3 ]; then
./discord.sh "$(hostname) backup complete"
else
# If the exit status is not 0 (failure), send a failure message
./discord.sh "$(hostname) Backup has failed"
fi
echo "Backup completed $(date '+%Y-%m-%d_%H-%M-%S')"
fi
if $forget; then
echo "Removing old backups..."
# Add your Restic forget command here
restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) forget --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 1y
if [ $? -eq 0 ]; then
# If the exit status is 0 (success), send a success message
./discord.sh "$(hostname) forget command completed successfully"
else
# If the exit status is not 0 (failure), send a failure message
./discord.sh "$(hostname) forget command has failed"
fi
fi
if $check; then
echo "Checking backups..."
# Add your Restic check command here
restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) check --read-data
if [ $? -eq 0 ]; then
# If the exit status is 0 (success), send a success message
./discord.sh "$(hostname) Restic Verification complete"
else
# If the exit status is not 0 (failure), send a failure message
./discord.sh "$(hostname) Restic Verification failed!! there is an issue"
fi
restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) unlock
fi
if $init; then
echo "Init backup..."
# Generate password
if [[ -z $(grep '[^[:space:]]' ./.resticpassword) ]] ; then
echo "Password file empty. generating passwordwq"
tr -dc A-Za-z0-9 </dev/urandom | head -c 25 > ./.resticpassword
fi
restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) init
if [ $? -eq 0 ]; then
# If the exit status is 0 (success), send a success message
./discord.sh "$(hostname) Restic Init complete for $(hostname)"
else
# If the exit status is not 0 (failure), send a failure message
./discord.sh "$(hostname) Restic init failed!! there is an issue on $(hostname)"
fi
fi
owner: restic
group: users
mode: '0755'
- name: Copy discord.sh
copy:
dest: /home/restic/discord.sh
content: "{{ discord_webhook }}"
owner: restic
group: users
mode: '0755'
- name: Create SSH config file
copy:
dest: /root/.ssh/config
content: |
Hostname misamisa.netbird.cloud
Port 25456
User restic
IdentityFile /home/restic/.ssh/resticuser.ed25519
owner: root
group: root
mode: '0644'
- name: Add known host entry for misamisa
become: yes
shell: "ssh-keyscan -p 25456 -H misamisa.netbird.cloud >> ~/.ssh/known_hosts"
- name: Download restic bz2 file
get_url:
url: "https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2"
dest: "/tmp/restic.bz2"
mode: '0755'
force: yes
register: restic_download
- name: Extract restic bz2 file
ansible.builtin.command:
cmd: bunzip2 /tmp/restic.bz2
creates: /tmp/restic
when: restic_download.changed
- name: Move restic to /usr/bin/
copy:
src: "/tmp/restic"
dest: "/usr/bin/restic"
mode: "0755"
owner: root
group: root
remote_src: yes
when: restic_download.changed
# This can be removed later if needed. used to cleanup existing crontab entries. Leaving incase any older
# configured hosts are brought online.
- name: Remove crontab entries containing restic.sh for root
become: yes
shell: crontab -l -u root | grep -v restic.sh | crontab -u root -
register: cron_output
changed_when: false
failed_when: false