diff --git a/docker-compose/mail-relay/docker-compose.yml.j2 b/docker-compose/mail-relay/docker-compose.yml.j2 index 6e9b07ec..73f26cce 100644 --- a/docker-compose/mail-relay/docker-compose.yml.j2 +++ b/docker-compose/mail-relay/docker-compose.yml.j2 @@ -19,6 +19,7 @@ services: /nobody@lldap/ lldap@mgrote.net /mg@pbs.localdomain/ pbs@mgrote.net /root@pbs.localdomain/ pbs@mgrote.net + /root@pve5.localdomain/ pve5@mgrote.net # rewrite FROM "nobody@lldap" to "lldap@mgrote.net" # /.*/ würde alle absender adressen ersetzen networks: diff --git a/group_vars/all.yml b/group_vars/all.yml index 97a7020d..0ea81665 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -83,6 +83,21 @@ ufw_rules: ufw_default_incoming_policy: deny ufw_default_outgoing_policy: allow +### mgrote_restic +restic_exclude: | + ._* + desktop.ini + .Trash-* + **/**cache***/** + **/**Cache***/** + **/**AppData***/** +restic_folders_to_backup: "/usr/local /etc /root /home" +restic_repository: "//fileserver3.mgrote.net/restic" +restic_fail_mail: michael.grote@posteo.de +restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}" +restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow +restic_mount_user: restic + ### mgrote_apt_manage_packages apt_packages_common: - locales diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml index acfb27c5..5cce7dbb 100644 --- a/group_vars/blocky.yml +++ b/group_vars/blocky.yml @@ -32,6 +32,9 @@ dotfiles: home: /root dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles +### mgrote_restic +restic_repository: "//192.168.2.54/restic" + ### mgrote_blocky blocky_version: v0.24 blocky_block_type: zeroIp diff --git a/group_vars/docker.yml b/group_vars/docker.yml index ac2e7287..74dc1004 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -78,6 +78,9 @@ repos_override: # mit docker-repos ### mgrote_systemd_resolved systemd_resolved_nameserver: 192.168.2.37 +### mgrote_restic +restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/docker" + ### mgrote_munin_node munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_plugins: diff --git a/group_vars/git.yml b/group_vars/git.yml index 932e7a64..3355d199 100644 --- a/group_vars/git.yml +++ b/group_vars/git.yml @@ -19,6 +19,10 @@ pvresize_to_max: true apt_packages_extra: - fail2ban +### mgrote_restic +restic_folders_to_backup: "/usr/local /etc /root /home {{ gitea_home }}" + + ### geerlingguy_postgres postgresql_databases: - name: "{{ gitea_db_name }}" diff --git a/group_vars/pbs.yml b/group_vars/pbs.yml index c2b18237..fa1e4e18 100644 --- a/group_vars/pbs.yml +++ b/group_vars/pbs.yml @@ -5,6 +5,9 @@ netplan_configure: false ### mgrote_postfix postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24" +### mgrote_restic +restic_repository: "//192.168.2.54/restic" + ### mgrote_user users: - username: root diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 5de9b2ec..7ee31d06 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/roles/mgrote_restic/templates/restic_mail.service.j2 b/roles/mgrote_restic/templates/restic_mail.service.j2 index 4f965e5b..7f680d23 100644 --- a/roles/mgrote_restic/templates/restic_mail.service.j2 +++ b/roles/mgrote_restic/templates/restic_mail.service.j2 @@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in restic.service. [Service] Type=oneshot -ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -s "[ERROR] restic - %H" {{ my_mail }}' +ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -aFROM:restic@mgrote.net -s "[ERROR] restic - %H" {{ my_mail }}'