diff --git a/deploy/ansible/roles/postgresql/vars/main.yml b/deploy/ansible/group_vars/all similarity index 60% rename from deploy/ansible/roles/postgresql/vars/main.yml rename to deploy/ansible/group_vars/all index 19705a92..9f3a92cf 100644 --- a/deploy/ansible/roles/postgresql/vars/main.yml +++ b/deploy/ansible/group_vars/all @@ -1,3 +1,5 @@ nyaapantsu_dbname: nyaapantsu nyaapantsu_user: nyaapantsu nyaapantsu_password: nyaapantsu +nyaapantsu_gpg_passphrase_file: ~/passphrase +# vim: ft=yaml diff --git a/deploy/ansible/roles/backup/files/backup.sh b/deploy/ansible/roles/backup/files/backup.sh new file mode 100644 index 00000000..7a32a32b --- /dev/null +++ b/deploy/ansible/roles/backup/files/backup.sh @@ -0,0 +1,21 @@ +# Create a backup from the database +#!/bin/bash + +set -eu + +NYAAPANTSU_USERNAME="$1" +NYAAPANTSU_PASSWORD="$2" +NYAAPANTSU_DB="$3" +NYAAPANTSU_PASSPHRASE_FILE="$4" + +dump_file="${NYAAPANTSU_DB}_$(date +'%Y_%m_%d_%H_%M').backup" + +pg_dump -U "${NYAAPANTSU_USERNAME}" -f "${dump_file}" + +xz -z "${dump_file}" + +compressed_dump_file="${dump_file}.xz" + +gpg2 --batch --yes --passphrase-fd 0 \ + --output "${compressed_dump_file}.sig" \ + --detach-sig "${compressed_dump_file}" < "${NYAAPANTSU_PASSPHRASE_FILE}" diff --git a/deploy/ansible/roles/backup/tasks/main.yml b/deploy/ansible/roles/backup/tasks/main.yml new file mode 100644 index 00000000..50247641 --- /dev/null +++ b/deploy/ansible/roles/backup/tasks/main.yml @@ -0,0 +1,27 @@ +# TODO Allow autogenerating of GPG keys +- name: Make sure there is a passphrase file + stat: + path: "{{ nyaapantsu_gpg_passphrase_file }}" + register: pass_file + +- name: Copy backup script + copy: + src: backup.sh + dest: "{{ backup_script }}" + mode: 0755 + become: true + when: pass_file.stat.exists == true + +- name: Create (if not exists) cronjob + file: + path: "{{ backup_cron_job }}" + state: touch + become: true + when: pass_file.stat.exists == true + +- name: Setup backup cron + template: + src: backup_cron.j2 + dest: "{{ backup_cron_job }}" + become: true + when: pass_file.stat.exists == true diff --git a/deploy/ansible/roles/backup/templates/backup_cron.j2 b/deploy/ansible/roles/backup/templates/backup_cron.j2 new file mode 100644 index 00000000..1d47f4dc --- /dev/null +++ b/deploy/ansible/roles/backup/templates/backup_cron.j2 @@ -0,0 +1 @@ +0 {{ backup_cron_hours }} * * * {{ backup_script }} {{ nyaapantsu_user }} {{ nyaapantsu_password }} {{ nyaapantsu_dbname }} {{ nyaapantsu_gpg_passphrase_file }} diff --git a/deploy/ansible/roles/backup/vars/main.yml b/deploy/ansible/roles/backup/vars/main.yml new file mode 100644 index 00000000..9d02f9e8 --- /dev/null +++ b/deploy/ansible/roles/backup/vars/main.yml @@ -0,0 +1,3 @@ +backup_script: /usr/bin/nyaapantsu_backup.sh +backup_cron_hours: 0 +backup_cron_job: /etc/cron.d/nyaapantsu_backup diff --git a/deploy/ansible/setup_server.yml b/deploy/ansible/setup_server.yml index 8900af61..64aa8428 100644 --- a/deploy/ansible/setup_server.yml +++ b/deploy/ansible/setup_server.yml @@ -6,4 +6,5 @@ - name: Set up databases hosts: dbs roles: + - backup - postgresql