This commit is contained in:
Elizabeth Hunt 2024-05-04 13:19:48 -07:00
parent bbad09e2b1
commit 904657c27c
Signed by: simponic
GPG Key ID: 2909B9A7FF6213EE
9 changed files with 72 additions and 3 deletions

View File

@ -23,3 +23,6 @@
- name: Website for mmt
ansible.builtin.import_playbook: playbooks/deploy-mmt.yml
- name: Borg
ansible.builtin.import_playbook: playbooks/deploy-borg.yml

15
group_vars/borg.yml Normal file
View File

@ -0,0 +1,15 @@
borg_my_user: "root"
borg_my_group: "root"
borg_ssh_key: "/root/borg_ssh_key"
backup_topic: "{{ borg_backup_topic }}"
base_files:
- /home
- /root
- /var
- /etc
- /boot
- /opt
extra_files:

View File

@ -27,5 +27,9 @@ mail.int.mistymountainstherapy.com ansible_user=root ansible_connection=ssh
[wireguard-endpoint]
www.int.mistymountainstherapy.com ansible_user=root ansible_connection=ssh
[borg]
www.int.mistymountainstherapy.com ansible_user=root ansible_connection=ssh
mail.int.mistymountainstherapy.com ansible_user=root ansible_connection=ssh
[mmt]
www.int.mistymountainstherapy.com ansible_user=root ansible_connection=ssh

View File

@ -0,0 +1,6 @@
---
- name: Borg setup
hosts: borg
roles:
- borg

View File

@ -0,0 +1,28 @@
- name: copy key
template:
src: ../templates/borg_ssh_key.j2
dest: /root/borg_ssh_key
owner: root
group: root
mode: 0600
- name: push borg
import_role:
name: borgbase.ansible_role_borgbackup
vars:
borg_encryption_passphrase: "{{ borg_password }}"
borg_repository: "{{ borg_repo }}"
borg_user: "{{ borg_my_user }}"
borg_group: "{{ borg_my_group }}"
borgmatic_timer: cron
borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}"
borg_source_directories:
"{{ base_files + (extra_files[inventory_hostname] | default([])) }}"
borg_retention_policy:
keep_hourly: 3
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
borgmatic_hooks:
after_backup:
- "curl -d '{{ inventory_hostname }}' {{ backup_topic }}"

View File

@ -0,0 +1 @@
{{ borg_secret_key | b64decode }}

View File

@ -8,8 +8,9 @@
state: present
- name: Get node ips from dns records
ansible.builtin.shell: "dig +short {{ item }} | tail -n1"
command: "dig +short {{ item }}"
register: wireguard_node_ip
delegate_to: localhost
with_items: "{{ groups['wireguard-mesh'] }}"
- name: Massage node ips

View File

@ -1,8 +1,11 @@
[Interface]
Address={{ wireguard_node_ips[inventory_hostname] }}/32
SaveConfig=true
ListenPort={{ wireguard_listen_port }}
PrivateKey={{ wireguard_private_key.stdout }}
SaveConfig=true
{% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %}
PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh
{% endif %}
{% for peer in groups['wireguard-mesh'] %}
{% if peer != inventory_hostname %}
@ -10,8 +13,12 @@ PrivateKey={{ wireguard_private_key.stdout }}
[Peer]
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}
{% if wireguard_node_ips[peer] == '10.212.0.1' %}
AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16
{% else %}
AllowedIPs={{ wireguard_node_ips[peer] }}/32
Endpoint={{ peer | replace('.int.', '.pub.') }}:{{ wireguard_listen_port }}
{% endif %}
Endpoint={{ peer | replace('.int.', '.') }}:{{ wireguard_listen_port }}
{% endif %}
{% endfor %}

View File

@ -10,3 +10,7 @@ mmt_smtp_server
mmt_smtp_password
mmt_smtp_username
mmt_form_to_email
borg_secret_key
borg_password
borg_repo
borg_backup_topic