C1: borgmatic shower SQLite dump via ssh to ringtail

The shower dump hook referenced kubectl --context=k3s-ringtail, but indri's kubeconfig deliberately doesn't carry the ringtail credentials. Since PR #349 (2026-05-11), nightly borgmatic runs have failed at the before_backup hook, aborting both sifaka-borg-backups and borgbase-offsite. Rewrite the dump to ssh into ringtail and run k3s kubectl there. /etc/rancher/k3s/k3s.yaml on ringtail is mode 644, so no sudo is needed; the ssh user (eblume) reads it directly. Dump file is created in the pod via sqlite3.backup, copied to ringtail's host filesystem via k3s kubectl cp, then scp'd back to indri. Template gains a `ssh_host` field on dump entries — when set, uses the ssh path; when absent (as for mealie), uses local kubectl with the existing `context` field. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 17:17:45 -07:00 · 2026-05-13 17:17:45 -07:00 · e43e6defa5
commit e43e6defa5
parent 947e4310c3
5 changed files with 110 additions and 5 deletions
--- a/ansible/roles/borgmatic/tasks/main.yml
+++ b/ansible/roles/borgmatic/tasks/main.yml
@ -49,6 +49,20 @@
    mode: '0700'
  when: borgmatic_k8s_sqlite_dumps | length > 0

+- name: Ensure ~/bin exists
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/bin"
+    state: directory
+    mode: '0755'
+  when: borgmatic_k8s_sqlite_dumps | length > 0
+
+- name: Deploy k8s SQLite dump helper script
+  ansible.builtin.template:
+    src: k8s-sqlite-dump.sh.j2
+    dest: "{{ ansible_env.HOME }}/bin/borgmatic-k8s-sqlite-dump"
+    mode: '0755'
+  when: borgmatic_k8s_sqlite_dumps | length > 0
+
 - name: Deploy borgmatic configuration
  ansible.builtin.template:
    src: config.yaml.j2