Add Hedgedoc backup tasks.

2024-03-05 11:15:10 +01:00 · 2024-03-05 11:15:10 +01:00 · 21936246b0
commit 21936246b0
parent 8d197c8e55
5 changed files with 54 additions and 0 deletions
--- a/env.yml
+++ b/env.yml
@ -51,12 +51,14 @@ projects:

 projects_to_backup:
  - etebase
+  - hedgedoc
  - synapse
  - vaultwarden


 borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
 borg_passphrase_file: /etc/borg-passphrase.txt
+hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
 borg_prune_options: |
  --keep-within=1d
  --keep-daily=7
--- a/roles/borg-init/tasks/main.yml
+++ b/roles/borg-init/tasks/main.yml
@ -22,6 +22,20 @@
        mode: '600'
      when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
 
+    - name: Get Hedgedoc MySQL root password file stat
+      stat:
+        path: "{{ hedgedoc_mysql_root_password_file }}"
+      register: hedgedoc_mysql_root_password_file_result
+
+    - name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
+      template:
+        src: hedgedoc-mysql-root-password.txt
+        dest: "{{ hedgedoc_mysql_root_password_file }}"
+        owner: root
+        group: root
+        mode: '600'
+      when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
+
    - name: Get borg repository stat
      stat:
        path: "{{ borg_repodir }}"
--- a/roles/borg-init/templates/hedgedoc-mysql-root-password.txt
+++ b/roles/borg-init/templates/hedgedoc-mysql-root-password.txt
@ -0,0 +1 @@
+{{ hedgedoc_secrets['mysql_root_password'] }}
--- a/roles/hedgedoc/tasks/backup.yml
+++ b/roles/hedgedoc/tasks/backup.yml
@ -0,0 +1,32 @@
+- name: Backup MySQL database
+  community.docker.docker_container_exec:
+    container: hedgedoc-mysql
+    docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"
+    argv:
+      - /bin/bash
+      - "-c"
+      - "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
+    env:
+      MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
+
+- name: Create borg backup
+  command:
+    cmd: |
+      borg create
+      --compression=lzma
+      "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+      {{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
+
+- name: Prune borg repository
+  command:
+    cmd: |
+      borg prune
+      --glob-archives='{{ role_name }}-*'
+      {{ borg_prune_options }}
+      {{ borg_repodir }}
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
--- a/roles/hedgedoc/tasks/main.yml
+++ b/roles/hedgedoc/tasks/main.yml
@ -1,3 +1,8 @@
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  when: run_backup | default(false) | bool
+
 - name: Include update tasks
  include_tasks:
    file: update.yml
				`@ -0,0 +1 @@`
				`{{ hedgedoc_secrets['mysql_root_password'] }}`