add borg backup automation

2025-01-23 15:59:33 +01:00 · 2025-01-23 15:59:33 +01:00 · c3a9327ecf
commit c3a9327ecf
parent ff53f82608
4 changed files with 126 additions and 1 deletions
--- a/ansible/automate_backup.yml
+++ b/ansible/automate_backup.yml
@ -0,0 +1,52 @@
+---
+- name: Automate borg backup
+  hosts: all
+  become: yes
+  tasks:
+    - name: Check if Borg backup script exist
+      stat:
+        path: /usr/local/sbin/backup.bash
+      register: backup_status
+    - name: Check if Borg check script exists
+      stat:
+        path: /usr/local/sbin/check_backup.bash
+      register: check_status
+    - name: Synchronize Borg scripts
+      when: backup_status.stat.exists == False or check_status.stat.exists == False
+      synchronize:
+        src: ./borg_scripts/
+        dest: /usr/local/sbin/
+        rsync_opts:
+          - "--chown=root:root"
+          - "--chmod=0700"
+    - name: Create borg backup systemd service
+      copy:
+        content: |
+          [Unit]
+          Description=Borg backup
+          After=network.target
+
+          [Service]
+          Type=oneshot
+          ExecStart=/usr/local/sbin/borg_backup.sh
+          User=root
+          Group=root
+        dest: /etc/systemd/system/borg_backup.service
+    - name: Create borg backup systemd timer
+      copy:
+        content: |
+          [Unit]
+          Description=Borg backup timer
+
+          [Timer]
+          OnCalendar=*-*-* 05:00:00
+          Persistent=true
+
+          [Install]
+          WantedBy=timers.target
+        dest: /etc/systemd/system/borg_backup.timer
+    - name: Start and enable borg backup timer
+      systemd:
+        name: borg_backup.timer
+        enabled: yes
+        state: started
--- a/ansible/borg_scripts/backup.bash
+++ b/ansible/borg_scripts/backup.bash
@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Configuration
+BACKUP_USER="your_remote_user"                # Remote SSH username
+BACKUP_HOST="your_remote_host"                # Remote SSH server
+BACKUP_PATH="/path/to/remote/backup/folder"   # Remote backup folder
+BORG_PASSPHRASE="your_encryption_password"    # Encryption password (in plain text)
+BACKUP_NAME="backup-$(date +'%Y-%m-%d')"      # Name of the backup archive
+BACKUP_REPO="ssh://$BACKUP_USER@$BACKUP_HOST/$BACKUP_PATH" # Borg repository location
+
+# Environment variable for Borg encryption
+export BORG_PASSPHRASE
+
+# Run Borg backup
+echo "Starting Borg backup..."
+borg create --verbose --filter AME --list --stats --compression lz4 \
+    $BACKUP_REPO::$BACKUP_NAME \
+    /etc \
+    /var/vol
+
+# Capture Borg exit status
+BORG_EXIT=$?
+
+# Check if the backup succeeded or was partially successful (exit code 0 or 1)
+if [ $BORG_EXIT -eq 0 ] || [ $BORG_EXIT -eq 1 ]; then
+    echo "Backup succeeded (with return code $BORG_EXIT)!"
+else
+    echo "Backup failed (with return code $BORG_EXIT)!"
+    exit 1
+fi
+
+# Prune old backups (keep last 7 daily, 4 weekly, and 6 monthly backups)
+borg prune --list $BACKUP_REPO --keep-daily=7 --keep-weekly=4 --keep-monthly=6
+
+# Unset the encryption password for security
+unset BORG_PASSPHRASE
--- a/ansible/borg_scripts/check_backup.bash
+++ b/ansible/borg_scripts/check_backup.bash
@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Configuration
+BACKUP_USER="your_remote_user"                # Remote SSH username
+BACKUP_HOST="your_remote_host"                # Remote SSH server
+BACKUP_PATH="/path/ro/remote/backup/folder"   # Remote backup folder
+BORG_PASSPHRASE="your_encryption_password"    # Encryption password (in plain text)
+BACKUP_NAME="backup-$(date +'%Y-%m-%d')"      # Name of the backup archive
+BACKUP_REPO="ssh://$BACKUP_USER@$BACKUP_HOST/$BACKUP_PATH" # Borg repository location
+
+# Environment variable for Borg encryption
+export BORG_PASSPHRASE
+
+# Run Borg check
+if [ "$1" == "--verify-data" ]; then
+    echo "Starting Borg check with data verification..."
+    borg check --verify-data $BACKUP_REPO
+else
+    echo "Starting Borg check..."
+    borg check $BACKUP_REPO
+fi
+
+# Capture Borg exit status
+BORG_EXIT=$?
+
+# Check if the backup succeeded or was partially successful (exit code 0 or 1)
+if [ $BORG_EXIT -eq 0 ] || [ $BORG_EXIT -eq 1 ]; then
+    echo "Check succeeded (with return code $BORG_EXIT)!"
+else
+    echo "Check failed (with return code $BORG_EXIT)!"
+    exit 1
+fi
+
+# Unset the encryption password for security
+unset BORG_PASSPHRASE
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -8,4 +8,6 @@
 - name: deploy services
  import_playbook: deploy_services.yml
 - name: deploy traefik configuration
-  import_playbook: deploy_traefik_config.yml
+  import_playbook: deploy_traefik_config.yml
+- name: automate backup
+  import_playbook: automate_backup.yml