wyoming, borg, grayjay, oh my

active/systemd_borg/backup.sh.j2

@@ -1,10 +1,18 @@
 #!/bin/sh
 
-export BACKUP_HOST=driveripper.reeselink.com
-sshfs ${BACKUP_HOST}:backup /backup
+{% for service in stop_services %}
+systemctl stop {{ service }}
+{% endfor %}
+
+{% for service in stop_user_services %}
+systemctl --user --machine={{ systemd_user }}@.host stop {{ service }}
+{% endfor %}
 
 # Setting this, so the repo does not need to be given on the commandline:
-export BORG_REPO='/backup'
+export BORG_REPO={{ borg_user }}@{{ borg_host }}:{{ repo_name }}
+
+# See the section "Passphrase notes" for more infos.
+export BORG_PASSPHRASE={{ borg_passphrase }}
 
 # some helpers and error handling:
 info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
@@ -21,19 +29,29 @@ borg create                         \
     --list                          \
     --stats                         \
     --show-rc                       \
-    --compression none              \
+    --compression lz4               \
     --exclude-caches                \
     --exclude 'home/*/.cache/*'     \
     --exclude 'var/tmp/*'           \
+{% for dir in exclude_dirs %}
+    --exclude '{{ dir }}' \
+{% endfor %}
                                     \
     ::'{hostname}-{now}'            \
-    /etc                            \
-    /home                           \
-    /root                           \
-    /var
+{% for dir in backup_dirs %}
+    {{ dir }}                       \
+{% endfor %}
 
 backup_exit=$?
 
+{% for service in stop_services %}
+systemctl start {{ service }}
+{% endfor %}
+
+{% for service in stop_user_services %}
+systemctl --user --machine={{ systemd_user }}@.host start {{ service }}
+{% endfor %}
+
 info "Pruning repository"
 
 # Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly
@@ -41,13 +59,13 @@ info "Pruning repository"
 # limit prune's operation to this machine's archives and not apply to
 # other machines' archives also:
 
-borg prune                          \
-    --list                          \
-    --glob-archives '{hostname}-*'  \
-    --show-rc                       \
-    --keep-daily    7               \
-    --keep-weekly   2               \
-    --keep-monthly  1
+borg prune                           \
+    --list                           \
+    --glob-archives '{hostname}-*'   \
+    --show-rc                        \
+    --keep-daily    {{ keep_daily }} \
+    --keep-weekly   {{ keep_weekly }} \
+    --keep-monthly  {{ keep_monthly }} \
 
 prune_exit=$?
 
@@ -71,5 +89,4 @@ else
     info "Backup, Prune, and/or Compact finished with errors"
 fi
 
-fusermount -u /backup
-exit ${global_exit}
+exit ${global_exit}

active/systemd_borg/backup.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Run Backup backup_{{ repo_name }}.service every hour
+
+[Timer]
+OnCalendar=hourly
+AccuracySec=10min
+Persistent=true
+Unit=ddns.{{ item.record }}.service
+
+[Install]
+WantedBy=timers.target

active/systemd_borg/borg.md

@@ -1,5 +1,11 @@
 # Borg Backup
 
+- [Borg Backup](#borg-backup)
+  - [Server Setup](#server-setup)
+    - [Adding a Client](#adding-a-client)
+    - [Installing the Backup Service](#installing-the-backup-service)
+      - [Adding Nextcloud](#adding-nextcloud)
+
 ## Server Setup
 
 <https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html#user-and-group>
@@ -28,7 +34,7 @@ Note: See [adding nextcloud](#adding-nextcloud) for nextcloud instructions here.
 ```bash
 export BACKUP_HOST=""
 
-ssh-keygen -C backup@${BACKUP_HOST} -f ~/.ssh/id_${BACKUP_HOST}
+ssh-keygen -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${BACKUP_HOST}
 
 cat <<EOF >> ~/.ssh/config
 Host ${BACKUP_HOST}
@@ -58,7 +64,43 @@ Then back on the client:
 ```bash
 ssh borg.reeselink.com
 
+# root
 borg init --encryption none backup@${BACKUP_HOST}:root
+# home
+borg init --encryption none backup@${BACKUP_HOST}:home
+# app
+borg init --encryption none backup@${BACKUP_HOST}:gitea
+# another app
+borg init --encryption none backup@${BACKUP_HOST}:nextcloud
+```
+
+### Installing the Backup Service
+
+Create your vars file in `secrets/host_vars.yaml`
+
+```yaml
+repo_name: my_repo
+borg_user: backup
+borg_host: borg.reeselink.com
+borg_passphrase: ""
+backup_dirs:
+  - /home
+exclude_dirs: []
+keep_daily: 7
+keep_weekly: 4
+keep_monthly: 1
+stop_services: []
+stop_user_services:
+  - gitea
+  - postgres
+```
+
+```bash
+ansible-playbook \
+-i active/ansible/inventory.yaml \
+-l podman \
+active/systemd_borg/install_backup.yaml \
+-e "@active/systemd_borg/secrets/gitea_vars.yaml"
 ```
 
 #### Adding Nextcloud

active/systemd_borg/install_backup.yaml

@@ -0,0 +1,43 @@
+- name: Create Backup Service
+  hosts: all
+  vars_files:
+    - secrets/vars.yaml
+  tasks:
+  - name: Create /usr/local/script dir
+    ansible.builtin.file:
+      path: /usr/local/script
+      state: directory
+      mode: '0755'
+  - name: Copy backup.service
+    template:
+      src: backup.service
+      dest: /etc/systemd/system/backup-{{ repo_name }}.service
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Copy backup.timer
+    template:
+      src: backup.timer
+      dest: /etc/systemd/system/backup-{{ repo_name }}.timer
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Template backup.sh
+    template:
+      src: backup.sh.j2
+      dest: /usr/local/script/backup-{{ repo_name }}.sh
+      owner: root
+      group: root
+      mode: '0744'
+  # - name: Reload ddns timer
+  #   ansible.builtin.systemd_service:
+  #     state: restarted
+  #     name: ddns.{{ item.record }}.timer
+  #     enabled: true
+  #     daemon_reload: true
+  #   loop: "{{ records }}"
+  # - name: Run ddns service
+  #   ansible.builtin.systemd_service:
+  #     state: restarted
+  #     name: ddns.{{ item.record }}.service
+  #   loop: "{{ records }}"