init repo

Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>

ansible/configure-server.yml

@@ -0,0 +1,69 @@
+---
+- hosts: backup_server
+  tasks:
+# - name: install necessary packages
+#   ansible.builtin.apt:
+#     name:
+#     - rsnapshot
+#     - nfs-common
+#     state: present
+#     update_cache: yes
+
+  - name: Copy systemd mount file
+    ansible.builtin.copy:
+      src: files/systemd-mount.conf
+      dest: /etc/systemd/system/mnt-syno-InfraBackups.mount
+      owner: root
+      group: root
+      mode: 0644
+    register: systemd_mount
+
+  - name: Reload systemd
+    ansible.builtin.systemd:
+      daemon_reload: yes
+    when: systemd_mount.changed
+
+  - name: Start & Enable systemd mount
+    ansible.builtin.systemd:
+      name: mnt-syno-InfraBackups.mount
+      state: started
+      enabled: yes
+    when: systemd_mount.changed
+
+  - name: Generate ssh key
+    ansible.builtin.openssh_keypair:
+      path: /root/.ssh/id_rsa_rsnapshot
+      type: rsa
+      size: 4096
+      state: present
+
+  - name: Register ssh public key in variable
+    slurp:
+      src: /root/.ssh/id_rsa_rsnapshot.pub
+    register: rsnapshot_ssh_key_slurp
+  - name: Set ssh public key in variable
+    set_fact:
+      rsnapshot_ssh_key: "{{ rsnapshot_ssh_key_slurp['content'] | b64decode }}"
+
+
+  - name: Copy rsnapshot template file
+    ansible.builtin.template:
+      src: files/rsnapshot.conf.j2
+      dest: /etc/rsnapshot.conf
+      owner: root
+      group: root
+      mode: 0644
+    register: rsnapshot_conf
+    tags: rsnapshot
+
+
+- hosts: backup_clients
+  gather_facts: no
+  vars:
+    backup_server: backup.lan.k3s.fr
+  tasks:
+  - name: Allow ssh from rsnapshot server
+    authorized_key:
+      user: root
+      state: present
+      key: "{{ hostvars[backup_server]['rsnapshot_ssh_key'] | trim }} root@{{ hostvars[backup_server]['ansible_default_ipv4']['address'] }}"

ansible/files/rsnapshot.conf.j2

@@ -0,0 +1,260 @@
+#################################################
+# rsnapshot.conf - rsnapshot configuration file #
+#################################################
+#                                               #
+# PLEASE BE AWARE OF THE FOLLOWING RULE:        #
+#                                               #
+# This file requires tabs between elements      #
+#                                               #
+#################################################
+
+#######################
+# CONFIG FILE VERSION #
+#######################
+
+config_version	1.2
+
+###########################
+# SNAPSHOT ROOT DIRECTORY #
+###########################
+
+# All snapshots will be stored under this root directory.
+#
+snapshot_root	/mnt/syno/InfraBackups/
+
+# If no_create_root is enabled, rsnapshot will not automatically create the
+# snapshot_root directory. This is particularly useful if you are backing
+# up to removable media, such as a FireWire or USB drive.
+#
+no_create_root	1
+
+#################################
+# EXTERNAL PROGRAM DEPENDENCIES #
+#################################
+
+# LINUX USERS:   Be sure to uncomment "cmd_cp". This gives you extra features.
+# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
+#
+# See the README file or the man page for more details.
+#
+cmd_cp		/bin/cp
+
+# uncomment this to use the rm program instead of the built-in perl routine.
+#
+cmd_rm		/bin/rm
+
+# rsync must be enabled for anything to work. This is the only command that
+# must be enabled.
+#
+cmd_rsync	/usr/bin/rsync
+
+# Uncomment this to enable remote ssh backups over rsync.
+#
+cmd_ssh	/usr/bin/ssh
+
+# Comment this out to disable syslog support.
+#
+cmd_logger	/usr/bin/logger
+
+# Uncomment this to specify the path to "du" for disk usage checks.
+# If you have an older version of "du", you may also want to check the
+# "du_args" parameter below.
+#
+#cmd_du		/usr/bin/du
+
+# Uncomment this to specify the path to rsnapshot-diff.
+#
+#cmd_rsnapshot_diff	/usr/bin/rsnapshot-diff
+
+# Specify the path to a script (and any optional arguments) to run right
+# before rsnapshot syncs files
+#
+#cmd_preexec	/path/to/preexec/script
+
+# Specify the path to a script (and any optional arguments) to run right
+# after rsnapshot syncs files
+#
+#cmd_postexec	/path/to/postexec/script
+
+# Paths to lvcreate, lvremove, mount and umount commands, for use with
+# Linux LVMs.
+#
+#linux_lvm_cmd_lvcreate	/sbin/lvcreate
+#linux_lvm_cmd_lvremove	/sbin/lvremove
+#linux_lvm_cmd_mount	/bin/mount
+#linux_lvm_cmd_umount	/bin/umount
+
+#########################################
+#     BACKUP LEVELS / INTERVALS         #
+# Must be unique and in ascending order #
+# e.g. alpha, beta, gamma, etc.         #
+#########################################
+
+retain	daily	7
+retain	weekly	4
+retain	monthly	12
+
+############################################
+#              GLOBAL OPTIONS              #
+# All are optional, with sensible defaults #
+############################################
+
+# Verbose level, 1 through 5.
+# 1     Quiet           Print fatal errors only
+# 2     Default         Print errors and warnings only
+# 3     Verbose         Show equivalent shell commands being executed
+# 4     Extra Verbose   Show extra verbose information
+# 5     Debug mode      Everything
+#
+verbose		2
+
+# Same as "verbose" above, but controls the amount of data sent to the
+# logfile, if one is being used. The default is 3.
+# If you want the rsync output, you have to set it to 4
+#
+loglevel	3
+
+# If you enable this, data will be written to the file you specify. The
+# amount of data written is controlled by the "loglevel" parameter.
+#
+#logfile	/var/log/rsnapshot.log
+
+# If enabled, rsnapshot will write a lockfile to prevent two instances
+# from running simultaneously (and messing up the snapshot_root).
+# If you enable this, make sure the lockfile directory is not world
+# writable. Otherwise anyone can prevent the program from running.
+#
+lockfile	/var/run/rsnapshot.pid
+
+# By default, rsnapshot check lockfile, check if PID is running
+# and if not, consider lockfile as stale, then start
+# Enabling this stop rsnapshot if PID in lockfile is not running
+#
+#stop_on_stale_lockfile		0
+
+# Default rsync args. All rsync commands have at least these options set.
+#
+#rsync_short_args	-a
+#rsync_long_args	--delete --numeric-ids --relative --delete-excluded
+
+# ssh has no args passed by default, but you can specify some here.
+#
+ssh_args	-i /root/.ssh/id_rsa_rsnapshot -o StrictHostKeyChecking=accept-new
+
+# Default arguments for the "du" program (for disk space reporting).
+# The GNU version of "du" is preferred. See the man page for more details.
+# If your version of "du" doesn't support the -h flag, try -k flag instead.
+#
+#du_args	-csh
+
+# If this is enabled, rsync won't span filesystem partitions within a
+# backup point. This essentially passes the -x option to rsync.
+# The default is 0 (off).
+#
+#one_fs		0
+
+# The include and exclude parameters, if enabled, simply get passed directly
+# to rsync. If you have multiple include/exclude patterns, put each one on a
+# separate line. Please look up the --include and --exclude options in the
+# rsync man page for more details on how to specify file name patterns. 
+# 
+#include	???
+#include	???
+#exclude	???
+#exclude	???
+
+# The include_file and exclude_file parameters, if enabled, simply get
+# passed directly to rsync. Please look up the --include-from and
+# --exclude-from options in the rsync man page for more details.
+#
+#include_file	/path/to/include/file
+#exclude_file	/path/to/exclude/file
+
+# If your version of rsync supports --link-dest, consider enabling this.
+# This is the best way to support special files (FIFOs, etc) cross-platform.
+# The default is 0 (off).
+#
+#link_dest	0
+
+# When sync_first is enabled, it changes the default behaviour of rsnapshot.
+# Normally, when rsnapshot is called with its lowest interval
+# (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest
+# intervals. With sync_first enabled, "rsnapshot sync" handles the file sync,
+# and all interval calls simply rotate files. See the man page for more
+# details. The default is 0 (off).
+#
+#sync_first	0
+
+# If enabled, rsnapshot will move the oldest directory for each interval
+# to [interval_name].delete, then it will remove the lockfile and delete
+# that directory just before it exits. The default is 0 (off).
+#
+#use_lazy_deletes	0
+
+# Number of rsync re-tries. If you experience any network problems or
+# network card issues that tend to cause ssh to fail with errors like
+# "Corrupted MAC on input", for example, set this to a non-zero value
+# to have the rsync operation re-tried.
+#
+#rsync_numtries 0
+
+# LVM parameters. Used to backup with creating lvm snapshot before backup
+# and removing it after. This should ensure consistency of data in some special
+# cases
+#
+# LVM snapshot(s) size (lvcreate --size option).
+#
+#linux_lvm_snapshotsize	100M
+
+# Name to be used when creating the LVM logical volume snapshot(s).
+#
+#linux_lvm_snapshotname	rsnapshot
+
+# Path to the LVM Volume Groups.
+#
+#linux_lvm_vgpath	/dev
+
+# Mount point to use to temporarily mount the snapshot(s).
+#
+#linux_lvm_mountpath	/path/to/mount/lvm/snapshot/during/backup
+
+###############################
+### BACKUP POINTS / SCRIPTS ###
+###############################
+
+{% for host in groups['backup_clients'] %}
+# {{ host }}
+{% for backup_dir in hostvars[host]['dirs'] %}
+backup	root@{{host}}:{{ backup_dir }}			{{host}}
+{% endfor %}
+{% endfor %}
+
+# LOCALHOST
+#backup	/home/		localhost/
+#backup	/etc/		localhost/
+#backup	/usr/local/	localhost/
+##backup	/var/log/rsnapshot		localhost/
+#backup	/etc/passwd	localhost/
+#backup	/home/foo/My Documents/		localhost/
+#backup	/foo/bar/	localhost/	one_fs=1, rsync_short_args=-urltvpog
+#backup_script	/usr/local/bin/backup_pgsql.sh	localhost/postgres/
+# You must set linux_lvm_* parameters below before using lvm snapshots
+#backup	lvm://vg0/xen-home/	lvm-vg0/xen-home/
+
+# EXAMPLE.COM
+#backup_exec	/bin/date "+ backup of example.com started at %c"
+#backup	root@example.com:/home/	example.com/	+rsync_long_args=--bwlimit=16,exclude=core
+#backup	root@example.com:/etc/	example.com/	exclude=mtab,exclude=core
+#backup_exec	ssh root@example.com "mysqldump -A > /var/db/dump/mysql.sql"
+#backup	root@example.com:/var/db/dump/	example.com/
+#backup_exec	/bin/date "+ backup of example.com ended at %c"
+
+# CVS.SOURCEFORGE.NET
+#backup_script	/usr/local/bin/backup_rsnapshot_cvsroot.sh	rsnapshot.cvs.sourceforge.net/
+
+# RSYNC.SAMBA.ORG
+#backup	rsync://rsync.samba.org/rsyncftp/	rsync.samba.org/rsyncftp/
+
+
+
+

ansible/files/systemd-mount.conf

@@ -0,0 +1,13 @@
+[Unit]
+Description=Mounts InfraBackup from syno
+After=network.target
+Wants=network.target
+
+[Mount]
+What=192.168.10.200:/volume1/InfraBackups
+Where=/mnt/syno/InfraBackups
+Type=nfs
+Options=defaults
+
+[Install]
+WantedBy=multi-user.target

ansible/inventory.yml

@@ -0,0 +1,19 @@
+backup_server:
+  hosts:
+    backup.lan.k3s.fr:
+backup_clients:
+  hosts:
+    forge.lan.k3s.fr:
+      dirs:
+      - /etc/
+      - /var/lib/forgejo/
+      - /usr/local/bin/
+    forge-runner1.lan.k3s.fr:
+      dirs:
+      - /usr/local/bin/
+      - /etc/
+    k8home-virt-cra-cp.lan.k3s.fr:
+      dirs:
+      - /var/lib/rancher/k3s/
+      - /etc/rancher/
+

tf/.terraform.lock.hcl

@@ -0,0 +1,23 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/bpg/proxmox" {
+  version     = "0.5.3"
+  constraints = "0.5.3"
+  hashes = [
+    "h1:Eq+gLGvrPCaURl+xzzXW/MpMdDcc/qbSO1mum4JjwJE=",
+    "zh:011cac8c7241eb0a304f0648a3874c7389d4401cb96feed2cfef2aeb09e63f1e",
+    "zh:3a08833b0b10882ac3f130793b752852405ffc02b85415cd4759b971508a1d79",
+    "zh:4935c6527969b8bee1dc7ad65dac11330323c001735460a81a562d01bdd7f639",
+    "zh:52276f5361ccd5be9adda83fc1720d4de8925d5c42a045ea582d5fc978db5ca0",
+    "zh:6ca3b2e0ad52346be56017d16e9fec851fc1b7e4281e7537e615deaf629f03b9",
+    "zh:8754a22069faa920b82a00b94e3f64f4fe4a5ae03e11478445e5a63e90aba262",
+    "zh:9e89fb4f2e3180ffc67b10eadfec17d7517f09bb0c01319d96ae7861121dfaf3",
+    "zh:c6accb9caa3624d23b469c8ff9133b6fb5b1cb31bba074e9fa7a22b14f559060",
+    "zh:ccb0882d00dc7bbb681441445fe2c6094cafe9ddc1e79cfa4d569e72f7a50df6",
+    "zh:d0a9476873445e69696296cc2d896fa852cbb6e481a6de7afd1b74ef555d80b7",
+    "zh:d4ff5eaa8ad78488d82588fdaa79e31c1a4b4f39b10ca43d2b13cd8b06356e05",
+    "zh:f28fa7949f6266aeede8d8b54c29251851ca7dfbaa160177dc9203cbc7a1054b",
+    "zh:f2f04c36734efeb767bfd66f69d5b19f66cc428c74d87818ff99339b195e860f",
+  ]
+}

tf/backup.tf

@@ -0,0 +1,59 @@
+resource "proxmox_virtual_environment_file" "this" {
+  content_type = "snippets"
+  datastore_id = "local"
+  node_name    = var.proxmox_node_name
+
+  source_raw {
+    data      = templatefile("${path.module}/cloud-init.cfg", { })
+    file_name = "backup.cloud-config.yaml"
+  }
+}
+
+#resource "proxmox_virtual_environment_file" "ubuntu_cloud_image" {
+#  content_type = "iso"
+#  datastore_id = "local"
+#  node_name    = var.proxmox_node_name
+#
+#  source_file {
+#    path = "http://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
+#  }
+#}
+
+resource "proxmox_virtual_environment_vm" "this" {
+  name        = "backup"
+  description = "Managed by Terraform"
+  started     = true
+
+  node_name = var.proxmox_node_name
+  vm_id     = var.proxmox_vmid
+
+  cpu {
+    cores = 2
+  }
+  memory {
+    dedicated = 1024
+  }
+
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "local-lvm"
+    file_format  = "qcow2"
+    interface    = "scsi0"
+    file_id      = "local:iso/jammy-server-cloudimg-amd64.img"
+#   file_id = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+    size         = "20"
+  }
+
+
+  initialization {
+    user_data_file_id = proxmox_virtual_environment_file.this.id
+    datastore_id      = "local-lvm"
+  }
+
+  network_device {
+    bridge = "vmbr0" # XXX VAR
+  }
+}

tf/cloud-init.cfg

@@ -0,0 +1,28 @@
+#cloud-config
+hostname: backup
+disable_root: false
+ssh_pwauth:   false
+ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:000606708696
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== frank-key-rsa
+
+network:
+    {config: disabled}
+write_files:
+- path: /etc/netplan/config.yaml
+  permissions: '0644'
+  content: |
+    network:
+        version: 2
+        ethernets:
+            ens18:
+                addresses: [ 192.168.20.9/24 ]
+                gateway4: 192.168.20.254
+                nameservers:
+                    addresses: [ 192.168.20.254 ]
+                dhcp4: false
+runcmd:
+# cradofix pour l'interface qui ne monte pas
+  - netplan apply
+  - apt update
+  - apt install -y qemu-guest-agent

tf/providers.tf

@@ -0,0 +1,22 @@
+
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.5.3"
+    }
+  }
+}
+
+provider "proxmox" {
+  virtual_environment {
+    insecure = true
+  }
+}
+
+provider "proxmox" {
+  alias="cessy"
+  virtual_environment {
+    insecure = true
+  }
+}

tf/vars.tf

@@ -0,0 +1,10 @@
+
+variable "proxmox_node_name" {
+  type    = string
+  default = "hyper00"
+}
+
+variable "proxmox_vmid" {
+  type    = number
+  default = 109
+}