Compare commits
7 Commits
8f14ec2e69
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
 jakub
|
40d7560e44 | ||
|
jakub
|
b84afb3abf
|
||
|
jakub
|
65a02177fa
|
||
|
jakub
|
9eb3e446af
|
||
|
jakub
|
52bb82f900
|
||
|
jakub
|
f657767632
|
||
|
jakub
|
5bcdf66bb5 |
@@ -16,3 +16,10 @@ backup_hosts:
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 6
|
||||
portainer1-jim.im.lab:
|
||||
storage_size_gb: 5
|
||||
source_directories:
|
||||
- /data/compose
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 6
|
||||
|
||||
@@ -34,6 +34,16 @@
|
||||
no_log: false
|
||||
when: not ipa_client_conf.stat.exists
|
||||
|
||||
- name: Prioritize SSS over local accounts in NSS
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/nsswitch.conf
|
||||
regexp: '^{{ item }}:'
|
||||
line: '{{ item }}: sss files systemd'
|
||||
loop:
|
||||
- passwd
|
||||
- group
|
||||
notify: Restart SSSD
|
||||
|
||||
- name: Enable mkhomedir
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
|
||||
+1
-1
@@ -5,7 +5,7 @@ galera3 ansible_host=192.168.19.92
|
||||
galera2 ansible_host=192.168.19.91
|
||||
testipaclient ansible_host=192.168.19.98
|
||||
testclient ansible_host=192.168.19.115
|
||||
portainer1_jim.im.lab ansible_host=192.168.19.7
|
||||
portainer1-jim.im.lab ansible_host=192.168.19.7
|
||||
|
||||
[linux_servers_hellsos]
|
||||
portainer2_hellsos ansible_host=192.168.52.9
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
---
|
||||
# Schedule for our own borgmatic.timer (overrides the package-shipped unit).
|
||||
# OnCalendar uses systemd.time(7) syntax. RandomizedDelaySec spreads load so
|
||||
# every host doesn't hit the borg server at the same instant.
|
||||
borgmatic_oncalendar: "*-*-* 03:00:00"
|
||||
borgmatic_randomized_delay_sec: 3h
|
||||
borgmatic_persistent: true
|
||||
|
||||
# Extra flags passed to the borgmatic invocation in our borgmatic.service.
|
||||
borgmatic_verbosity_args: "--verbosity -1 --syslog-verbosity 1"
|
||||
@@ -75,6 +75,29 @@
|
||||
group: root
|
||||
mode: '0640'
|
||||
|
||||
- name: Deploy borgmatic systemd service (overrides package unit)
|
||||
ansible.builtin.template:
|
||||
src: borgmatic.service.j2
|
||||
dest: /etc/systemd/system/borgmatic.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: _borgmatic_service_unit
|
||||
|
||||
- name: Deploy borgmatic systemd timer (overrides package unit)
|
||||
ansible.builtin.template:
|
||||
src: borgmatic.timer.j2
|
||||
dest: /etc/systemd/system/borgmatic.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: _borgmatic_timer_unit
|
||||
|
||||
- name: Reload systemd if units changed
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when: _borgmatic_service_unit is changed or _borgmatic_timer_unit is changed
|
||||
|
||||
- name: Enable and start borgmatic timer
|
||||
ansible.builtin.systemd:
|
||||
name: borgmatic.timer
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
# Managed by Ansible — do not edit by hand.
|
||||
[Unit]
|
||||
Description=borgmatic backup
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
# Don't run on battery power.
|
||||
ConditionACPower=true
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
# Lower priority so backups don't starve foreground work.
|
||||
Nice=19
|
||||
CPUSchedulingPolicy=batch
|
||||
IOSchedulingClass=best-effort
|
||||
IOSchedulingPriority=7
|
||||
IOWeight=100
|
||||
Restart=no
|
||||
# Prevent rate limiting of borgmatic log events.
|
||||
LogRateLimitIntervalSec=0
|
||||
# Delay start by a random amount handled in the timer; keep the service simple.
|
||||
ExecStart=systemd-inhibit --who="borgmatic" --what="sleep:shutdown" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic {{ borgmatic_verbosity_args }}
|
||||
@@ -0,0 +1,11 @@
|
||||
# Managed by Ansible — do not edit by hand.
|
||||
[Unit]
|
||||
Description=Run borgmatic backup
|
||||
|
||||
[Timer]
|
||||
OnCalendar={{ borgmatic_oncalendar }}
|
||||
RandomizedDelaySec={{ borgmatic_randomized_delay_sec }}
|
||||
Persistent={{ borgmatic_persistent | bool | lower }}
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
+20
-1
@@ -2,6 +2,7 @@
|
||||
- name: Baseline user setup
|
||||
hosts: all
|
||||
become: true
|
||||
tags: users
|
||||
|
||||
tasks:
|
||||
|
||||
@@ -100,4 +101,22 @@
|
||||
|
||||
- name: Set system hostname to inventory_hostname
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
name: "{{ inventory_hostname }}"
|
||||
|
||||
# ==============================
|
||||
# FOURTH PLAY: FREEIPA / SSSD
|
||||
# ==============================
|
||||
|
||||
- name: FreeIPA client setup
|
||||
hosts: all
|
||||
become: true
|
||||
tags: never,sssd
|
||||
|
||||
roles:
|
||||
- role: initial_install/roles/freeipa_client
|
||||
|
||||
# ==============================
|
||||
# FIFTH PLAY: BACKUP
|
||||
# ==============================
|
||||
|
||||
- import_playbook: backup.yml
|
||||
Reference in New Issue
Block a user