storage

Ansible role that provisions my storage server.

2.1 KB•YML

restic-server.yml

2.1 KB • 69 lines • yaml

1---
2
3- name: Create Restic backup server directory structure
4  file:
5    path: "{{ item }}"
6    state: directory
7    owner: "{{ storage_user }}"
8    group: "{{ storage_group }}"
9    mode: '0775'
10  loop:
11    - "{{ restic_backup_config_dir }}"
12    - "{{ restic_backup_data_dir }}"
13
14- name: Set group sticky bit on Restic directories for permission inheritance
15  file:
16    path: "{{ item }}"
17    state: directory
18    mode: "g+s"
19  loop:
20    - "{{ restic_backup_config_dir }}"
21    - "{{ restic_backup_data_dir }}"
22
23
24
25- name: Deploy Restic server Docker Compose file
26  template:
27    src: restic-server-compose.yml.j2
28    dest: "{{ restic_backup_config_dir }}/docker-compose.yml"
29    owner: "{{ storage_user }}"
30    group: "{{ storage_group }}"
31    mode: '0664'
32  notify: restart restic-server
33
34- name: Check if Restic directory exists
35  stat:
36    path: "{{ restic_backup_config_dir }}"
37  register: restic_dir_stat
38  changed_when: false
39
40- name: Start Restic backup server
41  community.docker.docker_compose_v2:
42    project_src: "{{ restic_backup_config_dir }}"
43    state: present
44  register: restic_start_result
45  check_mode: no
46  when: restic_dir_stat.stat.exists
47
48
49- name: Display Restic backup server deployment summary
50  debug:
51    msg: |
52      Restic Backup Server Deployment:
53      - Status: {{ 'Started' if restic_start_result is changed else 'Already running' }}
54      - Server URL: http://{{ ansible_default_ipv4.address }}:{{ restic_backup_host_port }}/
55      - Data Directory: {{ restic_backup_data_dir }}
56      - Configuration: {{ restic_backup_config_dir }}
57      - Authentication: {{ 'Configured' if restic_backup_username != '' else 'Not configured (Configure vault variables)' }}
58      
59      Client Setup:
60      1. Install restic on client machines
61      2. Use the example script: {{ restic_backup_config_dir }}/client-setup-example.sh
62      3. Initialize repository: restic init
63      4. Create backup: restic backup /path/to/backup
64      
65      Security Notes:
66      - Access is restricted to authenticated users only
67      - Consider setting up TLS/SSL for production use
68      - Ensure proper firewall rules for backup server access
69

1--- 2 3- name: Create Restic backup server directory structure 4 file: 5 path: "{{ item }}" 6 state: directory 7 owner: "{{ storage_user }}" 8 group: "{{ storage_group }}" 9 mode: '0775' 10 loop: 11 - "{{ restic_backup_config_dir }}" 12 - "{{ restic_backup_data_dir }}" 13 14- name: Set group sticky bit on Restic directories for permission inheritance 15 file: 16 path: "{{ item }}" 17 state: directory 18 mode: "g+s" 19 loop: 20 - "{{ restic_backup_config_dir }}" 21 - "{{ restic_backup_data_dir }}" 22 23 24 25- name: Deploy Restic server Docker Compose file 26 template: 27 src: restic-server-compose.yml.j2 28 dest: "{{ restic_backup_config_dir }}/docker-compose.yml" 29 owner: "{{ storage_user }}" 30 group: "{{ storage_group }}" 31 mode: '0664' 32 notify: restart restic-server 33 34- name: Check if Restic directory exists 35 stat: 36 path: "{{ restic_backup_config_dir }}" 37 register: restic_dir_stat 38 changed_when: false 39 40- name: Start Restic backup server 41 community.docker.docker_compose_v2: 42 project_src: "{{ restic_backup_config_dir }}" 43 state: present 44 register: restic_start_result 45 check_mode: no 46 when: restic_dir_stat.stat.exists 47 48 49- name: Display Restic backup server deployment summary 50 debug: 51 msg: | 52 Restic Backup Server Deployment: 53 - Status: {{ 'Started' if restic_start_result is changed else 'Already running' }} 54 - Server URL: http://{{ ansible_default_ipv4.address }}:{{ restic_backup_host_port }}/ 55 - Data Directory: {{ restic_backup_data_dir }} 56 - Configuration: {{ restic_backup_config_dir }} 57 - Authentication: {{ 'Configured' if restic_backup_username != '' else 'Not configured (Configure vault variables)' }} 58 59 Client Setup: 60 1. Install restic on client machines 61 2. Use the example script: {{ restic_backup_config_dir }}/client-setup-example.sh 62 3. Initialize repository: restic init 63 4. Create backup: restic backup /path/to/backup 64 65 Security Notes: 66 - Access is restricted to authenticated users only 67 - Consider setting up TLS/SSL for production use 68 - Ensure proper firewall rules for backup server access 69