Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/blackieops/ansible-role-backup

⤴️ Ansible role for automating Restic backups.
https://github.com/blackieops/ansible-role-backup

ansible ansible-role backup restic

Last synced: about 1 month ago
JSON representation

⤴️ Ansible role for automating Restic backups.

Host: GitHub
URL: https://github.com/blackieops/ansible-role-backup
Owner: blackieops
License: mit
Created: 2022-12-28T03:17:39.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-01-19T18:51:56.000Z (about 1 year ago)
Last Synced: 2024-01-19T19:53:37.579Z (about 1 year ago)
Topics: ansible, ansible-role, backup, restic
Language: Shell
Homepage:
Size: 14.6 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Automated backups with `restic`

[![Molecule Tests](https://github.com/blackieops/ansible-role-backup/actions/workflows/test.yml/badge.svg)](https://github.com/blackieops/ansible-role-backup/actions/workflows/test.yml)

This is an [Ansible][ansible] role for deploying and configuring `restic` as a
backup solution.

[ansible]: https://ansible.com

## Required variables

| **Name** | **Type** | **Description**
| -------- | -------- | ---------------
| `backup_restic_password` | string | The encryption passphrase Restic will use to secure the backup keys. |
| `backup_env` | array | list of dicts with `key` and `value`: environment variables to set to configure Restic, generally to set config and credentials for your backup target (cloud endpoints, tokens, etc.). Refer to [the Restic documentation][resticenv] for details on what you need to set. |
| `backup_restic_repository` | string | The Restic repository identifier/path. |

### Example

```yaml
backup_restic_password: "swordfish123"
backup_env:
- key: AZURE_ACCOUNT_KEY
value: "asdfasdfasdf"
- key: AZURE_ACCOUNT_NAME
value: "mybackupstorageaccount"
backup_restic_repository: "azure:mycontainer:/"
```

[resticenv]: https://restic.readthedocs.io/en/stable/040_backup.html#environment-variables

## Initialisation

Restic needs to "initialise" a backup repository before you can use it as a
backup target. This role supports this through the usage of a
`backup_initialize=true` variable.

Set this temporarily (with all other vars set) to have Ansible initialise your
backup target for you.

For example:

```
$ ansible-playbook -e backup_initialize=true myplaybook.yml
```

## Usage

Install the role by adding either the Ansible Galaxy package or Git remote to
your `requirements.yml`:

```yaml
# via Galaxy
- role: blackieops.backup

# or via Git
- src: https://github.com/blackieops/ansible-role-backup.git
```

Then install it with `ansible-galaxy`:

```
$ ansible-galaxy install -r requirements.yml
```

Finally, you can reference the role in your playbooks:

```yaml
- hosts: all
roles:
- { role: blackieops.backup }
```

## Optional Configuration

### File inclusion and exclusion

Two variables control which folders and files get backed up:

* `backup_include` (Default: `["/srv", "/home", "/root"]`) List of paths to be backed up.
* `backup_exclude` (Default: `[]`) List of paths/patterns to exclude from the backup.

### Scheduling

This role will configure a cron job to regularly run the backup script. By
default, it runs every day at 02:15.

* `backup_schedule_day` (Default: `*`) What days to run the backup.
* `backup_schedule_hour` (Default: `2`) What hours to run the backup.
* `backup_schedule_minute` (Default: `15`) What minutes to run the backup.

* `backup_user` (Default: `root`) Sets the user whose crontab we will configure
to run the backup.

### Preparation Commands

If you want to do something before the backup starts, such as flush some caches
to disk or export something, you can do so by providing a list of commands to
run.

* `backup_prepare_commands` (Default: `[]`)

### Alternative Architectures / Supply Chains

Restic is downloaded from the official GitHub releases on each machine. If you
need a system architecture other than `amd64`, or need to provide a custom
download URL, you can override a couple variables to do so.

* `backup_restic_arch` (Default: `amd64`) The architecture to support.
* `backup_restic_release_checksum` (Default: `sha25:...`) The checksum to verify the downloaded file is legitimate and intact. (You will need to update this if you change any other variable in this section.)
* `backup_restic_release_url` (Default: `"https://github.com/restic/restic/releases/download/v{{ backup_restic_version }}/{{ backup_restic_artifact }}.bz2"`) The URL from which Restic will be downloaded.
* `backup_restic_version` (Default: `"0.14.0"`) The version of Restic to download.