Add Synapse backup tasks.

This commit is contained in:
Viyurz 2024-02-23 12:17:32 +01:00
parent 1408698d53
commit 0460ac0840
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
7 changed files with 96 additions and 55 deletions

View file

@ -50,6 +50,7 @@ projects:
projects_to_backup: projects_to_backup:
- synapse
- vaultwarden - vaultwarden

View file

@ -0,0 +1,32 @@
- name: Backup PostgreSQL database
community.docker.docker_container_exec:
container: synapse-postgres
docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"
command: |
pg_dump -c
-d synapse
-U synapse
-f /var/lib/postgresql/data/synapse-dump.sql
- name: Create borg backup
command:
cmd: |
borg create
--compression=lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
{{ volumes['synapse_datadir'] }}/media_store
{{ volumes['synapse_postgres_datadir'] }}/synapse-dump.sql
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository
command:
cmd: |
borg prune
--glob-archives='{{ role_name }}-*'
{{ borg_prune_options }}
{{ borg_repodir }}
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

View file

@ -1,53 +1,9 @@
- name: "Create {{ synapse_project_dir }} project directory" - name: Include backup tasks
file: include_tasks:
path: "{{ synapse_project_dir }}" file: backup.yml
state: directory when: run_backup | default(false) | bool
- name: Template docker-compose.yaml to project directory - name: Include update tasks
template: include_tasks:
src: docker-compose.yaml file: update.yml
dest: "{{ synapse_project_dir }}/docker-compose.yaml" when: run_update | default(false) | bool
owner: "{{ ansible_env['USER'] }}"
group: "{{ ansible_env['USER'] }}"
mode: '640'
- name: Template homeserver.yaml to project directory
template:
src: homeserver.yaml
dest: "{{ synapse_project_dir }}/homeserver.yaml"
owner: "{{ ansible_env['USER'] }}"
mode: '640'
# Store result to restart services if the file changed
register: synapse_template_homeserver_result
# Separate task because template module cannot chown/chgrp to a non-existing user/group
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
file:
path: "{{ synapse_project_dir }}/homeserver.yaml"
group: "{{ users['synapse'] + uid_shift }}"
become: true
- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_datadir'] }}"
state: directory
owner: "{{ users['synapse'] + uid_shift }}"
group: "{{ users['synapse'] + uid_shift }}"
mode: '770'
become: true
- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_postgres_datadir'] }}"
state: directory
owner: "{{ users['synapse_postgres'] + uid_shift }}"
group: "{{ users['synapse_postgres'] + uid_shift }}"
mode: '770'
become: true
- name: Pull/Create/Restart project services
community.docker.docker_compose:
project_src: "{{ synapse_project_dir }}"
pull: "{{ docker_pull_images | bool }}"
# Restart if config file(s) changed
restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}"

View file

@ -0,0 +1,53 @@
- name: "Create {{ synapse_project_dir }} project directory"
file:
path: "{{ synapse_project_dir }}"
state: directory
- name: Template docker-compose.yaml to project directory
template:
src: docker-compose.yaml
dest: "{{ synapse_project_dir }}/docker-compose.yaml"
owner: "{{ ansible_env['USER'] }}"
group: "{{ ansible_env['USER'] }}"
mode: '640'
- name: Template homeserver.yaml to project directory
template:
src: homeserver.yaml
dest: "{{ synapse_project_dir }}/homeserver.yaml"
owner: "{{ ansible_env['USER'] }}"
mode: '640'
# Store result to restart services if the file changed
register: synapse_template_homeserver_result
# Separate task because template module cannot chown/chgrp to a non-existing user/group
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
file:
path: "{{ synapse_project_dir }}/homeserver.yaml"
group: "{{ users['synapse'] + uid_shift }}"
become: true
- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_datadir'] }}"
state: directory
owner: "{{ users['synapse'] + uid_shift }}"
group: "{{ users['synapse'] + uid_shift }}"
mode: '770'
become: true
- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_postgres_datadir'] }}"
state: directory
owner: "{{ users['synapse_postgres'] + uid_shift }}"
group: "{{ users['synapse_postgres'] + uid_shift }}"
mode: '770'
become: true
- name: Pull/Create/Restart project services
community.docker.docker_compose:
project_src: "{{ synapse_project_dir }}"
pull: "{{ docker_pull_images | bool }}"
# Restart if config file(s) changed
restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}"

View file

@ -7,7 +7,7 @@ services:
environment: environment:
LANG: C LANG: C
POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8" POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8"
POSTGRES_USER: {{ synapse_secrets['postgres_user'] }} POSTGRES_USER: synapse
POSTGRES_PASSWORD: {{ synapse_secrets['postgres_password'] }} POSTGRES_PASSWORD: {{ synapse_secrets['postgres_password'] }}
volumes: volumes:
- {{ volumes['synapse_postgres_datadir'] }}:/var/lib/postgresql/data - {{ volumes['synapse_postgres_datadir'] }}:/var/lib/postgresql/data

View file

@ -24,7 +24,7 @@ max_avatar_size: 2M
database: database:
name: psycopg2 name: psycopg2
args: args:
user: {{ synapse_secrets['postgres_user'] }} user: synapse
password: {{ synapse_secrets['postgres_password'] }} password: {{ synapse_secrets['postgres_password'] }}
dbname: synapse dbname: synapse
host: synapse-postgres host: synapse-postgres

View file

@ -17,7 +17,6 @@ searxng_secrets:
searxng_secret: searxng_secret:
synapse_secrets: synapse_secrets:
postgres_user:
postgres_password: postgres_password:
turn_shared_secret: "{{ coturn_secrets['static_auth_secret'] }}" turn_shared_secret: "{{ coturn_secrets['static_auth_secret'] }}"
macaroon_secret_key: macaroon_secret_key: