Adds borg action and misc changes

diff --git a/manifests/borg.pp b/manifests/borg.pp
new file mode 100644 (file)
index 0000000..4d08908
--- /dev/null
+++ b/manifests/borg.pp
@@ -0,0 +1,31 @@
+define backup::borg(
+    $port           = '22',
+    $ensure         = present,
+    $keepdaily      = '7',
+    $keepweekly     = '4',
+    $keepmonthly    = '3',
+    $user           = $::hostname,
+    $host           = "${title}.${::domain}",
+    $encryption     = 'repokey',
+    $order          = 95,
+    $periodic_check = absent,
+    $password,
+) {
+  file { "${backupninja::configdir}/${order}_borg-${host}.sh":
+    ensure  => $ensure,
+    content => template('backup/borg.sh.erb'),
+    owner   => root,
+    group   => root,
+    mode    => '0600',
+    require => File["${backupninja::configdir}"],
+  }
+
+  cron { "borg_check-$title.$domain":
+    command  => "/bin/bash ${backupninja::configdir}/${order}_borg-${host}.sh --check",
+    user     => root,
+    hour     => "0",
+    minute   => "0",
+    weekday  => "0",
+    ensure   => $periodic_check,
+  }
+}

diff --git a/manifests/duplicity.pp b/manifests/duplicity.pp
index e84e05051df677fa44eaca3882233c1c5c43d3c3..c7801a36dea288fcc455978444fba21aec635412 100644 (file)
--- a/manifests/duplicity.pp
+++ b/manifests/duplicity.pp
@@ -32,7 +32,7 @@ define backup::duplicity(
   # the backupninja rule for this duplicity backup
   file { "${backupninja::configdir}/${order}_duplicity-${title}.sh":
     ensure  => $ensure,
-    content => template('backup/duplicity.conf.erb'),
+    content => template('backup/duplicity.sh.erb'),
     owner   => root,
     group   => root,
     mode    => '0600',

diff --git a/manifests/init.pp b/manifests/init.pp
index 421800f3f238e4f539f746248361f3006d714494..a4492cad1344de1d45325c13da8ec75c486d2be4 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -46,6 +46,7 @@ class backup(
   }
 
   package { "duplicity":     ensure => installed, }
+  package { "borgbackup":    ensure => installed, }
   package { "debconf-utils": ensure => installed, }
 
   # See http://www.rfc3092.net/2013/09/missing-modules-for-paramiko-and-gio-in-duplicity-foo/

diff --git a/manifests/params.pp b/manifests/params.pp
index caeff04c533b81f3acde1921742273959875ba50..4efed5b8632ad636fedf91877bb50c8e9cc63d5d 100644 (file)
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,7 +6,7 @@ class backup::params {
 
   # for data that's going to be encrypted and signed
   $include_unencrypted = [ "/etc", "/var", "/home", ]
-  $exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ]
+  $exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/borg", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/var/data/backups", "/var/data/cache" ]
 
   # for data that were previously encrypted and signed
   $include_encrypted = [ "$backupdir/duplicity", ]

diff --git a/manifests/utils.pp b/manifests/utils.pp
index b13c8780b44caeceffaf1257bbba7809eda75920..7cc358f51eed22c4080b4cf90abfa6b343ab2c39 100644 (file)
--- a/manifests/utils.pp
+++ b/manifests/utils.pp
@@ -1,5 +1,6 @@
 class backup::utils {
-  package { [ 'bup', 'attic', 'obnam' ]:
-    ensure  => present,
+  # Not in use
+  package { [ 'bup', 'attic', 'obnam', 'restic' ]:
+    ensure  => absent,
   }
 }

diff --git a/templates/borg.sh.erb b/templates/borg.sh.erb
new file mode 100644 (file)
index 0000000..3eddd87
--- /dev/null
+++ b/templates/borg.sh.erb
@@ -0,0 +1,115 @@
+#!/bin/sh
+# Adapted from https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
+
+export SSH_SERVER="<%= @user %>@<%= @host %>"
+export SSH_PORT="<%= @port %>"
+
+export HOSTNAME=`cat /etc/hostname`
+
+# Setting this, so the repo does not need to be given on the commandline:
+export BORG_REPO=ssh://$SSH_SERVER:$SSH_PORT//var/backups/remote/$HOSTNAME/borg
+
+# Setting this, so you won't be asked for your repository passphrase:
+export BORG_PASSPHRASE='<%= @password %>'
+# or this to ask an external program to supply the passphrase:
+#export BORG_PASSCOMMAND='pass show backup'
+
+# some helpers and error handling:
+#info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
+trap 'info $( date ) Backup interrupted >&2; exit 2' INT TERM
+
+# Check
+if [ "$1" == "--check" ]; then
+  borg list
+  exit $?
+fi
+
+# Initialize
+if ! ssh $SSH_SERVER -p $SSH_PORT test -f /var/backups/remote/$HOSTNAME/borg/config; then
+       info "Initializing borg repository at ssh://$SSH_SERVER:$SSH_PORT//var/backups/remote/$HOSTNAME/borg..."
+  borg init --encryption=<%= @encryption %> ssh://$SSH_SERVER:$SSH_PORT//var/backups/remote/$HOSTNAME/borg
+
+       init_exit=$?
+
+       if [ "$init_exit" != "0" ]; then
+               fatal "Error initializing repository"
+       fi
+fi
+
+# Backup the most important directories into an archive named after
+# the machine this script is currently running on:
+
+info "Starting backup..."
+
+borg create                                \
+       --verbose                          \
+       --filter AME                       \
+       --list                             \
+       --stats                            \
+       --show-rc                          \
+       --compression lz4                  \
+       --exclude-caches                   \
+       --exclude '/home/*/.cache/*'       \
+       --exclude '/var/cache/*'           \
+       --exclude '/var/tmp/*'             \
+  --exclude '/var/backups/remote'    \
+  --exclude '/var/backups/duplicity' \
+  --exclude '/var/backups/restore'   \
+  --exclude '/var/cache'             \
+  --exclude '/var/vservers'          \
+  --exclude '/var/chroot'            \
+  --exclude '/root/.cache'           \
+  --exclude '/var/lib/dpkg'          \
+  --exclude '/var/lib/apt'           \
+  --exclude '/var/lib/aptitude'      \
+  --exclude '/var/sites/backups'     \
+  --exclude '/var/data/crypt'        \
+  --exclude '/var/data/backups'      \
+  --exclude '/var/data/cache'        \
+       ::'{hostname}-{now}'               \
+       /etc                               \
+       /home                              \
+       /root                              \
+       /var                               \
+
+       backup_exit=$?
+
+if [ "$backup_exit" != "0" ]; then
+       fatal "Error creating snapshot"
+fi
+
+info "Pruning repository..."
+
+# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly
+# archives of THIS machine. The '{hostname}-' prefix is very important to
+# limit prune's operation to this machine's archives and not apply to
+# other machines' archives also:
+
+borg prune                           \
+       --list                             \
+       --prefix '{hostname}-'             \
+       --show-rc                          \
+  --keep-daily    <%= @keepdaily %>   \
+  --keep-weekly   <%= @keepweekly %>  \
+  --keep-monthly  <%= @keepmonthly %> \
+
+       prune_exit=$?
+
+if [ "$prune_exit" != "0" ]; then
+       fatal "Error pruning repository"
+fi
+
+# use highest exit code as global exit code
+#global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
+#
+#if [ ${global_exit} -eq 1 ];
+#then
+#      info "Backup and/or Prune finished with a warning"
+#fi
+#
+#if [ ${global_exit} -gt 1 ];
+#then
+#      info "Backup and/or Prune finished with an error"
+#fi
+#
+#exit ${global_exit}

diff --git a/templates/duplicity.conf.erb b/templates/duplicity.sh.erb
similarity index 100%
rename from templates/duplicity.conf.erb
rename to templates/duplicity.sh.erb