ansible role to cleanup restic backup at the writeonly restic rest-server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
L3D 7776f1f586
Merge pull request #4 from roles-ansible/dependabot/github_actions/actions/checkout-2.3.4
1 month ago
.github Bump actions/checkout from 2 to 2.3.4 1 month ago
defaults Try to improve Mail Reporting 2 months ago
files implement logrotate 6 months ago
meta update to new ansible version 2 months ago
tasks update to new ansible version 2 months ago
templates Try to improve Mail Reporting 2 months ago
vars update to new ansible version 2 months ago
.gitignore adds Gitignore 2 years ago
.yamllint improve linting 4 months ago
LICENSE start preparing role for archiv cleanup functions 7 months ago
README.md Try to improve Mail Reporting 2 months ago

README.md

ansible_role_restic_archiver

ansible role to "archive" restic backups.

The scenario for this role is:

  • You have the restic rest server running in write-only mode
  • you send backups from other servers to your restic backup server

Now you don't want to store all backups indefinitely, but only for the last days a daily backup and otherwise weekly, monthly, yearly a few... just like you do it.

Of course you don't want to give access to others, so you solve the whole thing with a local cronjob. And this cronjob is built with this Ansible role.

As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view.

this role does not install restic. For that, we recommend this ansible role. We have had good experience with this role for the restic rest server.

Variables:

---
# which repos should we cleanup by default
restic_archiver__repos: {}
#  - name: example_server:
#    location: /srv/restic/example_server_repo
#    password: securepassword4eXaMpleSserver
#  - name: other_server
#    location: /srv/restic/other_server_repo
#    password: xtrasecuredifferentpassword4other
#    archive: true
#    archive_location: /mnt/archive/other_server_repo
#    archive_password: archive4other_server_password
#    archive_cleanup: true
#    keep_last: 5
#    keep_hourly: 4
#    keep_daily: 1
#    keep_weekly: 1
#    keep_monthly: 1
#    keep_yearly: 1
#    keep_within: 1

# how long should we store all backups by default
restic_archiver__keep: 5
restic_archiver__keep_hourly: 16
restic_archiver__keep_daily: 14
restic_archiver__keep_weekly: 8
restic_archiver__keep_monthly: 16
restic_archiver__keep_yearly: 12

# owner and user of all restic stuff
restic_archiver__owner: 'root'
restic_archiver__group: 'root'

# shedule restic cronjob
restic_archiver__hour: '3'
restic_archiver__minute: '32'

# validate if disk is mounted
restic_archiver__mount_required: false
# which disk have to be mounted
restic_archiver__mount_disk: '/mnt/'
# umount after use?
restic_archiver__umount_after_usage: false

# required packages
restic_archiver__package:
  - cron

  restic_archiver__log_output: true
  restic_archiver__logrotate: true

  restic_archiver__mailsummary: false
  restic_archiver__mail_on_error: false
  restic_archiver__mailaddress: 'root@localhost'

# restic default options
restic_archiver__default_opt: ''

# additional msgs
restic_archiver__additional_mail_msg: ''
# version check for this playbook (true is recomended)
submodules_versioncheck: false

restic_archiver__cache_config: false
restic_archiver__cache_dir: '~/.cache/restic'