commit b866bc0dd0d6464f2e1077bbfed5d7698188121a Author: Frank Villaro-Dixon Date: Thu May 2 17:15:34 2024 +0200 init repo Signed-off-by: Frank Villaro-Dixon diff --git a/ansible/configure-server.yml b/ansible/configure-server.yml new file mode 100644 index 0000000..19647e2 --- /dev/null +++ b/ansible/configure-server.yml @@ -0,0 +1,69 @@ +--- +- hosts: backup_server + tasks: +# - name: install necessary packages +# ansible.builtin.apt: +# name: +# - rsnapshot +# - nfs-common +# state: present +# update_cache: yes + + - name: Copy systemd mount file + ansible.builtin.copy: + src: files/systemd-mount.conf + dest: /etc/systemd/system/mnt-syno-InfraBackups.mount + owner: root + group: root + mode: 0644 + register: systemd_mount + + - name: Reload systemd + ansible.builtin.systemd: + daemon_reload: yes + when: systemd_mount.changed + + - name: Start & Enable systemd mount + ansible.builtin.systemd: + name: mnt-syno-InfraBackups.mount + state: started + enabled: yes + when: systemd_mount.changed + + - name: Generate ssh key + ansible.builtin.openssh_keypair: + path: /root/.ssh/id_rsa_rsnapshot + type: rsa + size: 4096 + state: present + + - name: Register ssh public key in variable + slurp: + src: /root/.ssh/id_rsa_rsnapshot.pub + register: rsnapshot_ssh_key_slurp + - name: Set ssh public key in variable + set_fact: + rsnapshot_ssh_key: "{{ rsnapshot_ssh_key_slurp['content'] | b64decode }}" + + + - name: Copy rsnapshot template file + ansible.builtin.template: + src: files/rsnapshot.conf.j2 + dest: /etc/rsnapshot.conf + owner: root + group: root + mode: 0644 + register: rsnapshot_conf + tags: rsnapshot + + +- hosts: backup_clients + gather_facts: no + vars: + backup_server: backup.lan.k3s.fr + tasks: + - name: Allow ssh from rsnapshot server + authorized_key: + user: root + state: present + key: "{{ hostvars[backup_server]['rsnapshot_ssh_key'] | trim }} root@{{ hostvars[backup_server]['ansible_default_ipv4']['address'] }}" \ No newline at end of file diff --git a/ansible/files/rsnapshot.conf.j2 b/ansible/files/rsnapshot.conf.j2 new file mode 100644 index 0000000..086f840 --- /dev/null +++ b/ansible/files/rsnapshot.conf.j2 @@ -0,0 +1,260 @@ +################################################# +# rsnapshot.conf - rsnapshot configuration file # +################################################# +# # +# PLEASE BE AWARE OF THE FOLLOWING RULE: # +# # +# This file requires tabs between elements # +# # +################################################# + +####################### +# CONFIG FILE VERSION # +####################### + +config_version 1.2 + +########################### +# SNAPSHOT ROOT DIRECTORY # +########################### + +# All snapshots will be stored under this root directory. +# +snapshot_root /mnt/syno/InfraBackups/ + +# If no_create_root is enabled, rsnapshot will not automatically create the +# snapshot_root directory. This is particularly useful if you are backing +# up to removable media, such as a FireWire or USB drive. +# +no_create_root 1 + +################################# +# EXTERNAL PROGRAM DEPENDENCIES # +################################# + +# LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra features. +# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility. +# +# See the README file or the man page for more details. +# +cmd_cp /bin/cp + +# uncomment this to use the rm program instead of the built-in perl routine. +# +cmd_rm /bin/rm + +# rsync must be enabled for anything to work. This is the only command that +# must be enabled. +# +cmd_rsync /usr/bin/rsync + +# Uncomment this to enable remote ssh backups over rsync. +# +cmd_ssh /usr/bin/ssh + +# Comment this out to disable syslog support. +# +cmd_logger /usr/bin/logger + +# Uncomment this to specify the path to "du" for disk usage checks. +# If you have an older version of "du", you may also want to check the +# "du_args" parameter below. +# +#cmd_du /usr/bin/du + +# Uncomment this to specify the path to rsnapshot-diff. +# +#cmd_rsnapshot_diff /usr/bin/rsnapshot-diff + +# Specify the path to a script (and any optional arguments) to run right +# before rsnapshot syncs files +# +#cmd_preexec /path/to/preexec/script + +# Specify the path to a script (and any optional arguments) to run right +# after rsnapshot syncs files +# +#cmd_postexec /path/to/postexec/script + +# Paths to lvcreate, lvremove, mount and umount commands, for use with +# Linux LVMs. +# +#linux_lvm_cmd_lvcreate /sbin/lvcreate +#linux_lvm_cmd_lvremove /sbin/lvremove +#linux_lvm_cmd_mount /bin/mount +#linux_lvm_cmd_umount /bin/umount + +######################################### +# BACKUP LEVELS / INTERVALS # +# Must be unique and in ascending order # +# e.g. alpha, beta, gamma, etc. # +######################################### + +retain daily 7 +retain weekly 4 +retain monthly 12 + +############################################ +# GLOBAL OPTIONS # +# All are optional, with sensible defaults # +############################################ + +# Verbose level, 1 through 5. +# 1 Quiet Print fatal errors only +# 2 Default Print errors and warnings only +# 3 Verbose Show equivalent shell commands being executed +# 4 Extra Verbose Show extra verbose information +# 5 Debug mode Everything +# +verbose 2 + +# Same as "verbose" above, but controls the amount of data sent to the +# logfile, if one is being used. The default is 3. +# If you want the rsync output, you have to set it to 4 +# +loglevel 3 + +# If you enable this, data will be written to the file you specify. The +# amount of data written is controlled by the "loglevel" parameter. +# +#logfile /var/log/rsnapshot.log + +# If enabled, rsnapshot will write a lockfile to prevent two instances +# from running simultaneously (and messing up the snapshot_root). +# If you enable this, make sure the lockfile directory is not world +# writable. Otherwise anyone can prevent the program from running. +# +lockfile /var/run/rsnapshot.pid + +# By default, rsnapshot check lockfile, check if PID is running +# and if not, consider lockfile as stale, then start +# Enabling this stop rsnapshot if PID in lockfile is not running +# +#stop_on_stale_lockfile 0 + +# Default rsync args. All rsync commands have at least these options set. +# +#rsync_short_args -a +#rsync_long_args --delete --numeric-ids --relative --delete-excluded + +# ssh has no args passed by default, but you can specify some here. +# +ssh_args -i /root/.ssh/id_rsa_rsnapshot -o StrictHostKeyChecking=accept-new + +# Default arguments for the "du" program (for disk space reporting). +# The GNU version of "du" is preferred. See the man page for more details. +# If your version of "du" doesn't support the -h flag, try -k flag instead. +# +#du_args -csh + +# If this is enabled, rsync won't span filesystem partitions within a +# backup point. This essentially passes the -x option to rsync. +# The default is 0 (off). +# +#one_fs 0 + +# The include and exclude parameters, if enabled, simply get passed directly +# to rsync. If you have multiple include/exclude patterns, put each one on a +# separate line. Please look up the --include and --exclude options in the +# rsync man page for more details on how to specify file name patterns. +# +#include ??? +#include ??? +#exclude ??? +#exclude ??? + +# The include_file and exclude_file parameters, if enabled, simply get +# passed directly to rsync. Please look up the --include-from and +# --exclude-from options in the rsync man page for more details. +# +#include_file /path/to/include/file +#exclude_file /path/to/exclude/file + +# If your version of rsync supports --link-dest, consider enabling this. +# This is the best way to support special files (FIFOs, etc) cross-platform. +# The default is 0 (off). +# +#link_dest 0 + +# When sync_first is enabled, it changes the default behaviour of rsnapshot. +# Normally, when rsnapshot is called with its lowest interval +# (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest +# intervals. With sync_first enabled, "rsnapshot sync" handles the file sync, +# and all interval calls simply rotate files. See the man page for more +# details. The default is 0 (off). +# +#sync_first 0 + +# If enabled, rsnapshot will move the oldest directory for each interval +# to [interval_name].delete, then it will remove the lockfile and delete +# that directory just before it exits. The default is 0 (off). +# +#use_lazy_deletes 0 + +# Number of rsync re-tries. If you experience any network problems or +# network card issues that tend to cause ssh to fail with errors like +# "Corrupted MAC on input", for example, set this to a non-zero value +# to have the rsync operation re-tried. +# +#rsync_numtries 0 + +# LVM parameters. Used to backup with creating lvm snapshot before backup +# and removing it after. This should ensure consistency of data in some special +# cases +# +# LVM snapshot(s) size (lvcreate --size option). +# +#linux_lvm_snapshotsize 100M + +# Name to be used when creating the LVM logical volume snapshot(s). +# +#linux_lvm_snapshotname rsnapshot + +# Path to the LVM Volume Groups. +# +#linux_lvm_vgpath /dev + +# Mount point to use to temporarily mount the snapshot(s). +# +#linux_lvm_mountpath /path/to/mount/lvm/snapshot/during/backup + +############################### +### BACKUP POINTS / SCRIPTS ### +############################### + +{% for host in groups['backup_clients'] %} +# {{ host }} +{% for backup_dir in hostvars[host]['dirs'] %} +backup root@{{host}}:{{ backup_dir }} {{host}} +{% endfor %} +{% endfor %} + +# LOCALHOST +#backup /home/ localhost/ +#backup /etc/ localhost/ +#backup /usr/local/ localhost/ +##backup /var/log/rsnapshot localhost/ +#backup /etc/passwd localhost/ +#backup /home/foo/My Documents/ localhost/ +#backup /foo/bar/ localhost/ one_fs=1, rsync_short_args=-urltvpog +#backup_script /usr/local/bin/backup_pgsql.sh localhost/postgres/ +# You must set linux_lvm_* parameters below before using lvm snapshots +#backup lvm://vg0/xen-home/ lvm-vg0/xen-home/ + +# EXAMPLE.COM +#backup_exec /bin/date "+ backup of example.com started at %c" +#backup root@example.com:/home/ example.com/ +rsync_long_args=--bwlimit=16,exclude=core +#backup root@example.com:/etc/ example.com/ exclude=mtab,exclude=core +#backup_exec ssh root@example.com "mysqldump -A > /var/db/dump/mysql.sql" +#backup root@example.com:/var/db/dump/ example.com/ +#backup_exec /bin/date "+ backup of example.com ended at %c" + +# CVS.SOURCEFORGE.NET +#backup_script /usr/local/bin/backup_rsnapshot_cvsroot.sh rsnapshot.cvs.sourceforge.net/ + +# RSYNC.SAMBA.ORG +#backup rsync://rsync.samba.org/rsyncftp/ rsync.samba.org/rsyncftp/ + + + + diff --git a/ansible/files/systemd-mount.conf b/ansible/files/systemd-mount.conf new file mode 100644 index 0000000..2371433 --- /dev/null +++ b/ansible/files/systemd-mount.conf @@ -0,0 +1,13 @@ +[Unit] +Description=Mounts InfraBackup from syno +After=network.target +Wants=network.target + +[Mount] +What=192.168.10.200:/volume1/InfraBackups +Where=/mnt/syno/InfraBackups +Type=nfs +Options=defaults + +[Install] +WantedBy=multi-user.target diff --git a/ansible/inventory.yml b/ansible/inventory.yml new file mode 100644 index 0000000..1a02b60 --- /dev/null +++ b/ansible/inventory.yml @@ -0,0 +1,19 @@ +backup_server: + hosts: + backup.lan.k3s.fr: +backup_clients: + hosts: + forge.lan.k3s.fr: + dirs: + - /etc/ + - /var/lib/forgejo/ + - /usr/local/bin/ + forge-runner1.lan.k3s.fr: + dirs: + - /usr/local/bin/ + - /etc/ + k8home-virt-cra-cp.lan.k3s.fr: + dirs: + - /var/lib/rancher/k3s/ + - /etc/rancher/ + diff --git a/tf/.terraform.lock.hcl b/tf/.terraform.lock.hcl new file mode 100644 index 0000000..fe9a77f --- /dev/null +++ b/tf/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/bpg/proxmox" { + version = "0.5.3" + constraints = "0.5.3" + hashes = [ + "h1:Eq+gLGvrPCaURl+xzzXW/MpMdDcc/qbSO1mum4JjwJE=", + "zh:011cac8c7241eb0a304f0648a3874c7389d4401cb96feed2cfef2aeb09e63f1e", + "zh:3a08833b0b10882ac3f130793b752852405ffc02b85415cd4759b971508a1d79", + "zh:4935c6527969b8bee1dc7ad65dac11330323c001735460a81a562d01bdd7f639", + "zh:52276f5361ccd5be9adda83fc1720d4de8925d5c42a045ea582d5fc978db5ca0", + "zh:6ca3b2e0ad52346be56017d16e9fec851fc1b7e4281e7537e615deaf629f03b9", + "zh:8754a22069faa920b82a00b94e3f64f4fe4a5ae03e11478445e5a63e90aba262", + "zh:9e89fb4f2e3180ffc67b10eadfec17d7517f09bb0c01319d96ae7861121dfaf3", + "zh:c6accb9caa3624d23b469c8ff9133b6fb5b1cb31bba074e9fa7a22b14f559060", + "zh:ccb0882d00dc7bbb681441445fe2c6094cafe9ddc1e79cfa4d569e72f7a50df6", + "zh:d0a9476873445e69696296cc2d896fa852cbb6e481a6de7afd1b74ef555d80b7", + "zh:d4ff5eaa8ad78488d82588fdaa79e31c1a4b4f39b10ca43d2b13cd8b06356e05", + "zh:f28fa7949f6266aeede8d8b54c29251851ca7dfbaa160177dc9203cbc7a1054b", + "zh:f2f04c36734efeb767bfd66f69d5b19f66cc428c74d87818ff99339b195e860f", + ] +} diff --git a/tf/backup.tf b/tf/backup.tf new file mode 100644 index 0000000..01ed7e6 --- /dev/null +++ b/tf/backup.tf @@ -0,0 +1,59 @@ +resource "proxmox_virtual_environment_file" "this" { + content_type = "snippets" + datastore_id = "local" + node_name = var.proxmox_node_name + + source_raw { + data = templatefile("${path.module}/cloud-init.cfg", { }) + file_name = "backup.cloud-config.yaml" + } +} + +#resource "proxmox_virtual_environment_file" "ubuntu_cloud_image" { +# content_type = "iso" +# datastore_id = "local" +# node_name = var.proxmox_node_name +# +# source_file { +# path = "http://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +# } +#} + +resource "proxmox_virtual_environment_vm" "this" { + name = "backup" + description = "Managed by Terraform" + started = true + + node_name = var.proxmox_node_name + vm_id = var.proxmox_vmid + + cpu { + cores = 2 + } + memory { + dedicated = 1024 + } + + agent { + enabled = true + } + + disk { + datastore_id = "local-lvm" + file_format = "qcow2" + interface = "scsi0" + file_id = "local:iso/jammy-server-cloudimg-amd64.img" +# file_id = proxmox_virtual_environment_file.ubuntu_cloud_image.id + size = "20" + } + + + initialization { + user_data_file_id = proxmox_virtual_environment_file.this.id + datastore_id = "local-lvm" + } + + network_device { + bridge = "vmbr0" # XXX VAR + } +} diff --git a/tf/cloud-init.cfg b/tf/cloud-init.cfg new file mode 100644 index 0000000..f862287 --- /dev/null +++ b/tf/cloud-init.cfg @@ -0,0 +1,28 @@ +#cloud-config +hostname: backup +disable_root: false +ssh_pwauth: false +ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:000606708696 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== frank-key-rsa + +network: + {config: disabled} +write_files: +- path: /etc/netplan/config.yaml + permissions: '0644' + content: | + network: + version: 2 + ethernets: + ens18: + addresses: [ 192.168.20.9/24 ] + gateway4: 192.168.20.254 + nameservers: + addresses: [ 192.168.20.254 ] + dhcp4: false +runcmd: +# cradofix pour l'interface qui ne monte pas + - netplan apply + - apt update + - apt install -y qemu-guest-agent diff --git a/tf/providers.tf b/tf/providers.tf new file mode 100644 index 0000000..36fa541 --- /dev/null +++ b/tf/providers.tf @@ -0,0 +1,22 @@ + +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.5.3" + } + } +} + +provider "proxmox" { + virtual_environment { + insecure = true + } +} + +provider "proxmox" { + alias="cessy" + virtual_environment { + insecure = true + } +} diff --git a/tf/vars.tf b/tf/vars.tf new file mode 100644 index 0000000..e11a567 --- /dev/null +++ b/tf/vars.tf @@ -0,0 +1,10 @@ + +variable "proxmox_node_name" { + type = string + default = "hyper00" +} + +variable "proxmox_vmid" { + type = number + default = 109 +}