Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add Synapse backup tasks.

Browse source
This commit is contained in:
Viyurz 2024-02-23 12:17:32 +01:00
parent 1408698d53
commit 0460ac0840
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
7 changed files with 96 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
env.yml
View file

@ -50,6 +50,7 @@ projects:
projects_to_backup:
- synapse
- vaultwarden

32
roles/synapse/tasks/backup.yml Normal file
View file

@ -0,0 +1,32 @@
- name: Backup PostgreSQL database
community.docker.docker_container_exec:
container: synapse-postgres
docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"
command: |
pg_dump -c
-d synapse
-U synapse
-f /var/lib/postgresql/data/synapse-dump.sql
- name: Create borg backup
command:
cmd: |
borg create
--compression=lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
{{ volumes['synapse_datadir'] }}/media_store
{{ volumes['synapse_postgres_datadir'] }}/synapse-dump.sql
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository
command:
cmd: |
borg prune
--glob-archives='{{ role_name }}-*'
{{ borg_prune_options }}
{{ borg_repodir }}
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

60
roles/synapse/tasks/main.yml
View file

@ -1,53 +1,9 @@
- name: "Create {{ synapse_project_dir }} project directory"
file:
path: "{{ synapse_project_dir }}"
state: directory
- name: Include backup tasks
include_tasks:
file: backup.yml
when: run_backup | default(false) | bool
- name: Template docker-compose.yaml to project directory
template:
src: docker-compose.yaml
dest: "{{ synapse_project_dir }}/docker-compose.yaml"
owner: "{{ ansible_env['USER'] }}"
group: "{{ ansible_env['USER'] }}"
mode: '640'
- name: Template homeserver.yaml to project directory
template:
src: homeserver.yaml
dest: "{{ synapse_project_dir }}/homeserver.yaml"
owner: "{{ ansible_env['USER'] }}"
mode: '640'
# Store result to restart services if the file changed
register: synapse_template_homeserver_result
# Separate task because template module cannot chown/chgrp to a non-existing user/group
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
file:
path: "{{ synapse_project_dir }}/homeserver.yaml"
group: "{{ users['synapse'] + uid_shift }}"
become: true
- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_datadir'] }}"
state: directory
owner: "{{ users['synapse'] + uid_shift }}"
group: "{{ users['synapse'] + uid_shift }}"
mode: '770'
become: true
- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_postgres_datadir'] }}"
state: directory
owner: "{{ users['synapse_postgres'] + uid_shift }}"
group: "{{ users['synapse_postgres'] + uid_shift }}"
mode: '770'
become: true
- name: Pull/Create/Restart project services
community.docker.docker_compose:
project_src: "{{ synapse_project_dir }}"
pull: "{{ docker_pull_images | bool }}"
# Restart if config file(s) changed
restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}"
- name: Include update tasks
include_tasks:
file: update.yml
when: run_update | default(false) | bool

53
roles/synapse/tasks/update.yml Normal file
View file

@ -0,0 +1,53 @@
- name: "Create {{ synapse_project_dir }} project directory"
file:
path: "{{ synapse_project_dir }}"
state: directory
- name: Template docker-compose.yaml to project directory
template:
src: docker-compose.yaml
dest: "{{ synapse_project_dir }}/docker-compose.yaml"
owner: "{{ ansible_env['USER'] }}"
group: "{{ ansible_env['USER'] }}"
mode: '640'
- name: Template homeserver.yaml to project directory
template:
src: homeserver.yaml
dest: "{{ synapse_project_dir }}/homeserver.yaml"
owner: "{{ ansible_env['USER'] }}"
mode: '640'
# Store result to restart services if the file changed
register: synapse_template_homeserver_result
# Separate task because template module cannot chown/chgrp to a non-existing user/group
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
file:
path: "{{ synapse_project_dir }}/homeserver.yaml"
group: "{{ users['synapse'] + uid_shift }}"
become: true
- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_datadir'] }}"
state: directory
owner: "{{ users['synapse'] + uid_shift }}"
group: "{{ users['synapse'] + uid_shift }}"
mode: '770'
become: true
- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions"
file:
path: "{{ volumes['synapse_postgres_datadir'] }}"
state: directory
owner: "{{ users['synapse_postgres'] + uid_shift }}"
group: "{{ users['synapse_postgres'] + uid_shift }}"
mode: '770'
become: true
- name: Pull/Create/Restart project services
community.docker.docker_compose:
project_src: "{{ synapse_project_dir }}"
pull: "{{ docker_pull_images | bool }}"
# Restart if config file(s) changed
restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}"

2
roles/synapse/templates/docker-compose.yaml
View file

@ -7,7 +7,7 @@ services:
environment:
LANG: C
POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8"
POSTGRES_USER: {{ synapse_secrets['postgres_user'] }}
POSTGRES_USER: synapse
POSTGRES_PASSWORD: {{ synapse_secrets['postgres_password'] }}
volumes:
- {{ volumes['synapse_postgres_datadir'] }}:/var/lib/postgresql/data

2
roles/synapse/templates/homeserver.yaml
View file

@ -24,7 +24,7 @@ max_avatar_size: 2M
database:
name: psycopg2
args:
user: {{ synapse_secrets['postgres_user'] }}
user: synapse
password: {{ synapse_secrets['postgres_password'] }}
dbname: synapse
host: synapse-postgres

1
secrets.yml.example
View file

@ -17,7 +17,6 @@ searxng_secrets:
searxng_secret:
synapse_secrets:
postgres_user:
postgres_password:
turn_shared_secret: "{{ coturn_secrets['static_auth_secret'] }}"
macaroon_secret_key: