init repo

Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>
This commit is contained in:
Frank Villaro-Dixon 2024-05-02 17:15:34 +02:00
commit b866bc0dd0
9 changed files with 503 additions and 0 deletions

View file

@ -0,0 +1,69 @@
---
- hosts: backup_server
tasks:
# - name: install necessary packages
# ansible.builtin.apt:
# name:
# - rsnapshot
# - nfs-common
# state: present
# update_cache: yes
- name: Copy systemd mount file
ansible.builtin.copy:
src: files/systemd-mount.conf
dest: /etc/systemd/system/mnt-syno-InfraBackups.mount
owner: root
group: root
mode: 0644
register: systemd_mount
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: yes
when: systemd_mount.changed
- name: Start & Enable systemd mount
ansible.builtin.systemd:
name: mnt-syno-InfraBackups.mount
state: started
enabled: yes
when: systemd_mount.changed
- name: Generate ssh key
ansible.builtin.openssh_keypair:
path: /root/.ssh/id_rsa_rsnapshot
type: rsa
size: 4096
state: present
- name: Register ssh public key in variable
slurp:
src: /root/.ssh/id_rsa_rsnapshot.pub
register: rsnapshot_ssh_key_slurp
- name: Set ssh public key in variable
set_fact:
rsnapshot_ssh_key: "{{ rsnapshot_ssh_key_slurp['content'] | b64decode }}"
- name: Copy rsnapshot template file
ansible.builtin.template:
src: files/rsnapshot.conf.j2
dest: /etc/rsnapshot.conf
owner: root
group: root
mode: 0644
register: rsnapshot_conf
tags: rsnapshot
- hosts: backup_clients
gather_facts: no
vars:
backup_server: backup.lan.k3s.fr
tasks:
- name: Allow ssh from rsnapshot server
authorized_key:
user: root
state: present
key: "{{ hostvars[backup_server]['rsnapshot_ssh_key'] | trim }} root@{{ hostvars[backup_server]['ansible_default_ipv4']['address'] }}"

View file

@ -0,0 +1,260 @@
#################################################
# rsnapshot.conf - rsnapshot configuration file #
#################################################
# #
# PLEASE BE AWARE OF THE FOLLOWING RULE: #
# #
# This file requires tabs between elements #
# #
#################################################
#######################
# CONFIG FILE VERSION #
#######################
config_version 1.2
###########################
# SNAPSHOT ROOT DIRECTORY #
###########################
# All snapshots will be stored under this root directory.
#
snapshot_root /mnt/syno/InfraBackups/
# If no_create_root is enabled, rsnapshot will not automatically create the
# snapshot_root directory. This is particularly useful if you are backing
# up to removable media, such as a FireWire or USB drive.
#
no_create_root 1
#################################
# EXTERNAL PROGRAM DEPENDENCIES #
#################################
# LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra features.
# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
#
# See the README file or the man page for more details.
#
cmd_cp /bin/cp
# uncomment this to use the rm program instead of the built-in perl routine.
#
cmd_rm /bin/rm
# rsync must be enabled for anything to work. This is the only command that
# must be enabled.
#
cmd_rsync /usr/bin/rsync
# Uncomment this to enable remote ssh backups over rsync.
#
cmd_ssh /usr/bin/ssh
# Comment this out to disable syslog support.
#
cmd_logger /usr/bin/logger
# Uncomment this to specify the path to "du" for disk usage checks.
# If you have an older version of "du", you may also want to check the
# "du_args" parameter below.
#
#cmd_du /usr/bin/du
# Uncomment this to specify the path to rsnapshot-diff.
#
#cmd_rsnapshot_diff /usr/bin/rsnapshot-diff
# Specify the path to a script (and any optional arguments) to run right
# before rsnapshot syncs files
#
#cmd_preexec /path/to/preexec/script
# Specify the path to a script (and any optional arguments) to run right
# after rsnapshot syncs files
#
#cmd_postexec /path/to/postexec/script
# Paths to lvcreate, lvremove, mount and umount commands, for use with
# Linux LVMs.
#
#linux_lvm_cmd_lvcreate /sbin/lvcreate
#linux_lvm_cmd_lvremove /sbin/lvremove
#linux_lvm_cmd_mount /bin/mount
#linux_lvm_cmd_umount /bin/umount
#########################################
# BACKUP LEVELS / INTERVALS #
# Must be unique and in ascending order #
# e.g. alpha, beta, gamma, etc. #
#########################################
retain daily 7
retain weekly 4
retain monthly 12
############################################
# GLOBAL OPTIONS #
# All are optional, with sensible defaults #
############################################
# Verbose level, 1 through 5.
# 1 Quiet Print fatal errors only
# 2 Default Print errors and warnings only
# 3 Verbose Show equivalent shell commands being executed
# 4 Extra Verbose Show extra verbose information
# 5 Debug mode Everything
#
verbose 2
# Same as "verbose" above, but controls the amount of data sent to the
# logfile, if one is being used. The default is 3.
# If you want the rsync output, you have to set it to 4
#
loglevel 3
# If you enable this, data will be written to the file you specify. The
# amount of data written is controlled by the "loglevel" parameter.
#
#logfile /var/log/rsnapshot.log
# If enabled, rsnapshot will write a lockfile to prevent two instances
# from running simultaneously (and messing up the snapshot_root).
# If you enable this, make sure the lockfile directory is not world
# writable. Otherwise anyone can prevent the program from running.
#
lockfile /var/run/rsnapshot.pid
# By default, rsnapshot check lockfile, check if PID is running
# and if not, consider lockfile as stale, then start
# Enabling this stop rsnapshot if PID in lockfile is not running
#
#stop_on_stale_lockfile 0
# Default rsync args. All rsync commands have at least these options set.
#
#rsync_short_args -a
#rsync_long_args --delete --numeric-ids --relative --delete-excluded
# ssh has no args passed by default, but you can specify some here.
#
ssh_args -i /root/.ssh/id_rsa_rsnapshot -o StrictHostKeyChecking=accept-new
# Default arguments for the "du" program (for disk space reporting).
# The GNU version of "du" is preferred. See the man page for more details.
# If your version of "du" doesn't support the -h flag, try -k flag instead.
#
#du_args -csh
# If this is enabled, rsync won't span filesystem partitions within a
# backup point. This essentially passes the -x option to rsync.
# The default is 0 (off).
#
#one_fs 0
# The include and exclude parameters, if enabled, simply get passed directly
# to rsync. If you have multiple include/exclude patterns, put each one on a
# separate line. Please look up the --include and --exclude options in the
# rsync man page for more details on how to specify file name patterns.
#
#include ???
#include ???
#exclude ???
#exclude ???
# The include_file and exclude_file parameters, if enabled, simply get
# passed directly to rsync. Please look up the --include-from and
# --exclude-from options in the rsync man page for more details.
#
#include_file /path/to/include/file
#exclude_file /path/to/exclude/file
# If your version of rsync supports --link-dest, consider enabling this.
# This is the best way to support special files (FIFOs, etc) cross-platform.
# The default is 0 (off).
#
#link_dest 0
# When sync_first is enabled, it changes the default behaviour of rsnapshot.
# Normally, when rsnapshot is called with its lowest interval
# (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest
# intervals. With sync_first enabled, "rsnapshot sync" handles the file sync,
# and all interval calls simply rotate files. See the man page for more
# details. The default is 0 (off).
#
#sync_first 0
# If enabled, rsnapshot will move the oldest directory for each interval
# to [interval_name].delete, then it will remove the lockfile and delete
# that directory just before it exits. The default is 0 (off).
#
#use_lazy_deletes 0
# Number of rsync re-tries. If you experience any network problems or
# network card issues that tend to cause ssh to fail with errors like
# "Corrupted MAC on input", for example, set this to a non-zero value
# to have the rsync operation re-tried.
#
#rsync_numtries 0
# LVM parameters. Used to backup with creating lvm snapshot before backup
# and removing it after. This should ensure consistency of data in some special
# cases
#
# LVM snapshot(s) size (lvcreate --size option).
#
#linux_lvm_snapshotsize 100M
# Name to be used when creating the LVM logical volume snapshot(s).
#
#linux_lvm_snapshotname rsnapshot
# Path to the LVM Volume Groups.
#
#linux_lvm_vgpath /dev
# Mount point to use to temporarily mount the snapshot(s).
#
#linux_lvm_mountpath /path/to/mount/lvm/snapshot/during/backup
###############################
### BACKUP POINTS / SCRIPTS ###
###############################
{% for host in groups['backup_clients'] %}
# {{ host }}
{% for backup_dir in hostvars[host]['dirs'] %}
backup root@{{host}}:{{ backup_dir }} {{host}}
{% endfor %}
{% endfor %}
# LOCALHOST
#backup /home/ localhost/
#backup /etc/ localhost/
#backup /usr/local/ localhost/
##backup /var/log/rsnapshot localhost/
#backup /etc/passwd localhost/
#backup /home/foo/My Documents/ localhost/
#backup /foo/bar/ localhost/ one_fs=1, rsync_short_args=-urltvpog
#backup_script /usr/local/bin/backup_pgsql.sh localhost/postgres/
# You must set linux_lvm_* parameters below before using lvm snapshots
#backup lvm://vg0/xen-home/ lvm-vg0/xen-home/
# EXAMPLE.COM
#backup_exec /bin/date "+ backup of example.com started at %c"
#backup root@example.com:/home/ example.com/ +rsync_long_args=--bwlimit=16,exclude=core
#backup root@example.com:/etc/ example.com/ exclude=mtab,exclude=core
#backup_exec ssh root@example.com "mysqldump -A > /var/db/dump/mysql.sql"
#backup root@example.com:/var/db/dump/ example.com/
#backup_exec /bin/date "+ backup of example.com ended at %c"
# CVS.SOURCEFORGE.NET
#backup_script /usr/local/bin/backup_rsnapshot_cvsroot.sh rsnapshot.cvs.sourceforge.net/
# RSYNC.SAMBA.ORG
#backup rsync://rsync.samba.org/rsyncftp/ rsync.samba.org/rsyncftp/

View file

@ -0,0 +1,13 @@
[Unit]
Description=Mounts InfraBackup from syno
After=network.target
Wants=network.target
[Mount]
What=192.168.10.200:/volume1/InfraBackups
Where=/mnt/syno/InfraBackups
Type=nfs
Options=defaults
[Install]
WantedBy=multi-user.target

19
ansible/inventory.yml Normal file
View file

@ -0,0 +1,19 @@
backup_server:
hosts:
backup.lan.k3s.fr:
backup_clients:
hosts:
forge.lan.k3s.fr:
dirs:
- /etc/
- /var/lib/forgejo/
- /usr/local/bin/
forge-runner1.lan.k3s.fr:
dirs:
- /usr/local/bin/
- /etc/
k8home-virt-cra-cp.lan.k3s.fr:
dirs:
- /var/lib/rancher/k3s/
- /etc/rancher/

23
tf/.terraform.lock.hcl Normal file
View file

@ -0,0 +1,23 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/bpg/proxmox" {
version = "0.5.3"
constraints = "0.5.3"
hashes = [
"h1:Eq+gLGvrPCaURl+xzzXW/MpMdDcc/qbSO1mum4JjwJE=",
"zh:011cac8c7241eb0a304f0648a3874c7389d4401cb96feed2cfef2aeb09e63f1e",
"zh:3a08833b0b10882ac3f130793b752852405ffc02b85415cd4759b971508a1d79",
"zh:4935c6527969b8bee1dc7ad65dac11330323c001735460a81a562d01bdd7f639",
"zh:52276f5361ccd5be9adda83fc1720d4de8925d5c42a045ea582d5fc978db5ca0",
"zh:6ca3b2e0ad52346be56017d16e9fec851fc1b7e4281e7537e615deaf629f03b9",
"zh:8754a22069faa920b82a00b94e3f64f4fe4a5ae03e11478445e5a63e90aba262",
"zh:9e89fb4f2e3180ffc67b10eadfec17d7517f09bb0c01319d96ae7861121dfaf3",
"zh:c6accb9caa3624d23b469c8ff9133b6fb5b1cb31bba074e9fa7a22b14f559060",
"zh:ccb0882d00dc7bbb681441445fe2c6094cafe9ddc1e79cfa4d569e72f7a50df6",
"zh:d0a9476873445e69696296cc2d896fa852cbb6e481a6de7afd1b74ef555d80b7",
"zh:d4ff5eaa8ad78488d82588fdaa79e31c1a4b4f39b10ca43d2b13cd8b06356e05",
"zh:f28fa7949f6266aeede8d8b54c29251851ca7dfbaa160177dc9203cbc7a1054b",
"zh:f2f04c36734efeb767bfd66f69d5b19f66cc428c74d87818ff99339b195e860f",
]
}

59
tf/backup.tf Normal file
View file

@ -0,0 +1,59 @@
resource "proxmox_virtual_environment_file" "this" {
content_type = "snippets"
datastore_id = "local"
node_name = var.proxmox_node_name
source_raw {
data = templatefile("${path.module}/cloud-init.cfg", { })
file_name = "backup.cloud-config.yaml"
}
}
#resource "proxmox_virtual_environment_file" "ubuntu_cloud_image" {
# content_type = "iso"
# datastore_id = "local"
# node_name = var.proxmox_node_name
#
# source_file {
# path = "http://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
# }
#}
resource "proxmox_virtual_environment_vm" "this" {
name = "backup"
description = "Managed by Terraform"
started = true
node_name = var.proxmox_node_name
vm_id = var.proxmox_vmid
cpu {
cores = 2
}
memory {
dedicated = 1024
}
agent {
enabled = true
}
disk {
datastore_id = "local-lvm"
file_format = "qcow2"
interface = "scsi0"
file_id = "local:iso/jammy-server-cloudimg-amd64.img"
# file_id = proxmox_virtual_environment_file.ubuntu_cloud_image.id
size = "20"
}
initialization {
user_data_file_id = proxmox_virtual_environment_file.this.id
datastore_id = "local-lvm"
}
network_device {
bridge = "vmbr0" # XXX VAR
}
}

28
tf/cloud-init.cfg Normal file
View file

@ -0,0 +1,28 @@
#cloud-config
hostname: backup
disable_root: false
ssh_pwauth: false
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:000606708696
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== frank-key-rsa
network:
{config: disabled}
write_files:
- path: /etc/netplan/config.yaml
permissions: '0644'
content: |
network:
version: 2
ethernets:
ens18:
addresses: [ 192.168.20.9/24 ]
gateway4: 192.168.20.254
nameservers:
addresses: [ 192.168.20.254 ]
dhcp4: false
runcmd:
# cradofix pour l'interface qui ne monte pas
- netplan apply
- apt update
- apt install -y qemu-guest-agent

22
tf/providers.tf Normal file
View file

@ -0,0 +1,22 @@
terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.5.3"
}
}
}
provider "proxmox" {
virtual_environment {
insecure = true
}
}
provider "proxmox" {
alias="cessy"
virtual_environment {
insecure = true
}
}

10
tf/vars.tf Normal file
View file

@ -0,0 +1,10 @@
variable "proxmox_node_name" {
type = string
default = "hyper00"
}
variable "proxmox_vmid" {
type = number
default = 109
}