restic: fix backups dirs, secrets and mails

v ff dd dd f ff ff ff ff d ff f f
2024-05-25 20:58:07 +02:00 · 2024-05-25 20:58:07 +02:00 · caad4aeb0f
commit caad4aeb0f
parent 4c36b9964d
8 changed files with 30 additions and 1 deletions
--- a/docker-compose/mail-relay/docker-compose.yml.j2
+++ b/docker-compose/mail-relay/docker-compose.yml.j2
@ -19,6 +19,7 @@ services:
        /nobody@lldap/ lldap@mgrote.net
        /mg@pbs.localdomain/ pbs@mgrote.net
        /root@pbs.localdomain/ pbs@mgrote.net
+        /root@pve5.localdomain/ pve5@mgrote.net
      # rewrite FROM "nobody@lldap" to "lldap@mgrote.net"
      # /.*/ würde alle absender adressen ersetzen
    networks:
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -83,6 +83,21 @@ ufw_rules:
 ufw_default_incoming_policy: deny
 ufw_default_outgoing_policy: allow

+### mgrote_restic
+restic_exclude: |
+      ._*
+      desktop.ini
+      .Trash-*
+      **/**cache***/**
+      **/**Cache***/**
+      **/**AppData***/**
+restic_folders_to_backup: "/usr/local /etc /root /home"
+restic_repository: "//fileserver3.mgrote.net/restic"
+restic_fail_mail: michael.grote@posteo.de
+restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
+restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
+restic_mount_user: restic
+
 ### mgrote_apt_manage_packages
 apt_packages_common:
  - locales
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@ -32,6 +32,9 @@ dotfiles:
    home: /root
 dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles

+### mgrote_restic
+restic_repository: "//192.168.2.54/restic"
+
 ### mgrote_blocky
 blocky_version: v0.24
 blocky_block_type: zeroIp
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -78,6 +78,9 @@ repos_override: # mit docker-repos
 ### mgrote_systemd_resolved
 systemd_resolved_nameserver: 192.168.2.37

+### mgrote_restic
+restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/docker"
+
 ### mgrote_munin_node
 munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
 munin_node_plugins:
--- a/group_vars/git.yml
+++ b/group_vars/git.yml
@ -19,6 +19,10 @@ pvresize_to_max: true
 apt_packages_extra:
  - fail2ban

+### mgrote_restic
+restic_folders_to_backup: "/usr/local /etc /root /home {{ gitea_home }}"
+
+
 ### geerlingguy_postgres
 postgresql_databases:
  - name: "{{ gitea_db_name }}"
--- a/group_vars/pbs.yml
+++ b/group_vars/pbs.yml
@ -5,6 +5,9 @@ netplan_configure: false
 ### mgrote_postfix
 postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24"

+### mgrote_restic
+restic_repository: "//192.168.2.54/restic"
+
 ### mgrote_user
 users:
  - username: root
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/roles/mgrote_restic/templates/restic_mail.service.j2
+++ b/roles/mgrote_restic/templates/restic_mail.service.j2
@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in restic.service.

 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -s "[ERROR] restic - %H" {{ my_mail }}'
+ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -aFROM:restic@mgrote.net -s "[ERROR] restic - %H" {{ my_mail }}'