Add Hedgedoc backup tasks.

This commit is contained in:
Viyurz 2024-03-05 11:15:10 +01:00
parent 8d197c8e55
commit 21936246b0
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
5 changed files with 54 additions and 0 deletions

View file

@ -51,12 +51,14 @@ projects:
projects_to_backup:
- etebase
- hedgedoc
- synapse
- vaultwarden
borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
borg_passphrase_file: /etc/borg-passphrase.txt
hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
borg_prune_options: |
--keep-within=1d
--keep-daily=7

View file

@ -22,6 +22,20 @@
mode: '600'
when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
- name: Get Hedgedoc MySQL root password file stat
stat:
path: "{{ hedgedoc_mysql_root_password_file }}"
register: hedgedoc_mysql_root_password_file_result
- name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
template:
src: hedgedoc-mysql-root-password.txt
dest: "{{ hedgedoc_mysql_root_password_file }}"
owner: root
group: root
mode: '600'
when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
- name: Get borg repository stat
stat:
path: "{{ borg_repodir }}"

View file

@ -0,0 +1 @@
{{ hedgedoc_secrets['mysql_root_password'] }}

View file

@ -0,0 +1,32 @@
- name: Backup MySQL database
community.docker.docker_container_exec:
container: hedgedoc-mysql
docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"
argv:
- /bin/bash
- "-c"
- "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
env:
MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
- name: Create borg backup
command:
cmd: |
borg create
--compression=lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
{{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository
command:
cmd: |
borg prune
--glob-archives='{{ role_name }}-*'
{{ borg_prune_options }}
{{ borg_repodir }}
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

View file

@ -1,3 +1,8 @@
- name: Include backup tasks
include_tasks:
file: backup.yml
when: run_backup | default(false) | bool
- name: Include update tasks
include_tasks:
file: update.yml