40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
# 1. Backup incrémental tous les jours vers la storage box:
|
|
# 1. Dans /mnt/backups, accessible en ro pour l'user system "backup"
|
|
# -> un seul backup host = celui de la storage box en sftp (pourrait être autre chose à terme)
|
|
# -> via autofs + sshfs (permet de libérer la connexion en dehors de la phase de backups)
|
|
# 2. Chiffrement avec clé symétrique. La clé n'est connue que par l'host.
|
|
# 2. D'autres machines se connectent pour récupérer les backups (rsync):
|
|
# 1. En sftp chrooté via l'user system "backup"
|
|
# 2. Donner accès SSH pour ces machines à l'user system "backup"
|
|
|
|
- name: Create SSH directory
|
|
file:
|
|
path: "{{ ssh_config_dir }}"
|
|
state: directory
|
|
mode: "700"
|
|
|
|
- name: Create SSH config file
|
|
file:
|
|
path: "{{ ssh_config_dir }}/config"
|
|
state: touch
|
|
access_time: preserve
|
|
modification_time: preserve
|
|
mode: "600"
|
|
|
|
- name: Create backup user
|
|
user:
|
|
name: "{{ backup_owner }}"
|
|
shell: /bin/bash
|
|
# See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut/193131#193131
|
|
password: '*'
|
|
state: present
|
|
update_password: always
|
|
|
|
- name: Include Storage Box backup tasks
|
|
import_tasks: backup_storage_box.yml
|
|
when: storage_box_enabled
|
|
tags: backup_storage_box
|
|
|
|
- name: Include Borg backup tasks
|
|
import_tasks: backup_borg.yml
|
|
tags: backup_borg |