diff --git a/roles/ind/bookstack/cron.vars b/roles/ind/bookstack/cron.vars index efe33c1..689e14d 100644 --- a/roles/ind/bookstack/cron.vars +++ b/roles/ind/bookstack/cron.vars @@ -2,7 +2,7 @@ job_name: "Daily /home/docker/ Backup" job_minute: "0" job_hour: "2" -job_command: "/home/restic/restic.sh /home/docker/ backup" +job_command: "/home/restic/restic.sh --backup /home/docker/" #job_name: "Daily /data/app Backup" #job_minute: "0" diff --git a/roles/lib/setup-restic.yml b/roles/lib/setup-restic.yml index eda2dd6..b0463ff 100644 --- a/roles/lib/setup-restic.yml +++ b/roles/lib/setup-restic.yml @@ -17,12 +17,20 @@ home: /home/restic shell: /bin/bash - - name: Add key for Restic user + - name: Add Authorized key for Restic user ansible.posix.authorized_key: user: restic state: present key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsDIrV6QIMtpJFNpZEgHnkYgFC6OXMJQFc1JqrnpCzY fake@gmail.com" + - name: Install Restic Private key + copy: + dest: /home/restic/.ssh/resticuser.ed25519 + content: "{{ restic_private }}" + owner: restic + group: users + mode: '0600' + - name: Copy restic.sh copy: dest: /home/restic/restic.sh @@ -30,8 +38,8 @@ #!/bin/bash # Check if a flag was passed - if [[ "$#" -lt 1 ]]; then - echo "Usage: $0 [--backup] [--forget] [--check]" + if [[ "$#" -lt 2 ]]; then + echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" exit 1 fi @@ -39,32 +47,56 @@ backup=false forget=false check=false + init=false password=($cat ./.resticpassword) + + last_arg="" + # Parse arguments - for arg in "$@" - do - case $arg in + case $1 in --backup) backup=true + shift ;; --forget) forget=true + shift ;; --check) check=true + shift + ;; + --init) + init=true + shift ;; *) - echo "Unknown argument: $arg" - exit 1 + echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" ;; esac - done + + # Check if last argument is valid + last_arg=$1 + if [ -n "$last_arg" ]; then + if [ -d "$last_arg" ]; then + #Last argument is a directory: $last_arg + backupdir=$last_arg + elif [ -f "$last_arg" ]; then + #Last argument is a file: $last_arg + backupdir=$last_arg + else + echo "Last argument is neither a directory nor a file: $last_arg" + fi + else + echo "No valid argument provided after options" + fi + # Execute Restic commands based on flags if $backup; then echo "Backing up... to misamisa" echo "Date: $(date '+%Y-%m-%d_%H-%M-%S')" # Add your Restic backup command here - restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) backup ./ + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname)/$backup backup $backupdir if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) backup complete" @@ -78,7 +110,7 @@ if $forget; then echo "Removing old backups..." # Add your Restic forget command here - restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) forget --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 1y + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname)/$backupdir forget --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 1y if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) forget command completed successfully" @@ -91,7 +123,7 @@ if $check; then echo "Checking backups..." # Add your Restic check command here - restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) check --read-data + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname)/$backupdir check --read-data if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) Restic Verification complete" @@ -99,9 +131,26 @@ # If the exit status is not 0 (failure), send a failure message ./discord.sh "$(hostname) Restic Verification failed!! there is an issue" fi - restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) unlock + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname)/$backupdir unlock fi + + if $init; then + echo "Init backup..." + # Generate password + if [[ -z $(grep '[^[:space:]]' ./.resticpassword) ]] ; then + echo "Password file empty. generating passwordwq" + tr -dc A-Za-z0-9 ./.resticpassword + fi + restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname)/$backupdir init + if [ $? -eq 0 ]; then + # If the exit status is 0 (success), send a success message + ./discord.sh "$(hostname) Restic Init complete for $(hostname)" + else + # If the exit status is not 0 (failure), send a failure message + ./discord.sh "$(hostname) Restic init failed!! there is an issue on $(hostname)" + fi + fi owner: restic group: users mode: '0755' @@ -112,7 +161,7 @@ content: "{{ discord_webhook }}" owner: restic group: users - mode: '0644' + mode: '0755' - name: Create SSH config file copy: @@ -121,11 +170,19 @@ Hostname misamisa.duckdns.org Port 25456 User restic - IdentityFile vm + IdentityFile /home/restic/.ssh/resticuser.ed25519 owner: restic group: users mode: '0644' + + - name: Add known host entry for misamisa + ansible.builtin.known_hosts: + path: /etc/ssh/ssh_known_hosts + key: "{{ lookup('pipe', 'ssh-keyscan misamisa.duckdns.org') }}" + name: misamisa.duckdns.org + state: present + - name: Download restic bz2 file get_url: url: "https://github.com/restic/restic/releases/download/v0.17.1/restic_0.17.1_linux_amd64.bz2"