restic: fix backups dirs, secrets and mails
All checks were successful
ci/woodpecker/push/gitleaks Pipeline was successful
ci/woodpecker/push/ansible-lint Pipeline was successful

v

ff

dd

dd

f

ff

ff

ff

ff

d

ff

f

f
This commit is contained in:
Michael Grote 2024-05-25 20:58:07 +02:00
parent 4c36b9964d
commit caad4aeb0f
8 changed files with 30 additions and 1 deletions

View file

@ -19,6 +19,7 @@ services:
/nobody@lldap/ lldap@mgrote.net
/mg@pbs.localdomain/ pbs@mgrote.net
/root@pbs.localdomain/ pbs@mgrote.net
/root@pve5.localdomain/ pve5@mgrote.net
# rewrite FROM "nobody@lldap" to "lldap@mgrote.net"
# /.*/ würde alle absender adressen ersetzen
networks:

View file

@ -83,6 +83,21 @@ ufw_rules:
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### mgrote_restic
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_repository: "//fileserver3.mgrote.net/restic"
restic_fail_mail: michael.grote@posteo.de
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_user: restic
### mgrote_apt_manage_packages
apt_packages_common:
- locales

View file

@ -32,6 +32,9 @@ dotfiles:
home: /root
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
### mgrote_restic
restic_repository: "//192.168.2.54/restic"
### mgrote_blocky
blocky_version: v0.24
blocky_block_type: zeroIp

View file

@ -78,6 +78,9 @@ repos_override: # mit docker-repos
### mgrote_systemd_resolved
systemd_resolved_nameserver: 192.168.2.37
### mgrote_restic
restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/docker"
### mgrote_munin_node
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_plugins:

View file

@ -19,6 +19,10 @@ pvresize_to_max: true
apt_packages_extra:
- fail2ban
### mgrote_restic
restic_folders_to_backup: "/usr/local /etc /root /home {{ gitea_home }}"
### geerlingguy_postgres
postgresql_databases:
- name: "{{ gitea_db_name }}"

View file

@ -5,6 +5,9 @@ netplan_configure: false
### mgrote_postfix
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24"
### mgrote_restic
restic_repository: "//192.168.2.54/restic"
### mgrote_user
users:
- username: root

Binary file not shown.

View file

@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in restic.service.
[Service]
Type=oneshot
ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -s "[ERROR] restic - %H" {{ my_mail }}'
ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -aFROM:restic@mgrote.net -s "[ERROR] restic - %H" {{ my_mail }}'