Erich Blume
ac83bd14e3
- Add before_backup hook to borgmatic: kubectl exec + python3 sqlite3 .backup to safely dump the database, then kubectl cp to host - Include k8s-dumps directory in borgmatic source_directories - Generic pattern: borgmatic_k8s_sqlite_dumps list in defaults - Fix PVC storageClassName: standard (not local-path) on minikube - Set container image tag to v3.12.0-5c5fd18 from CI build Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
66 lines
2.1 KiB
YAML
66 lines
2.1 KiB
YAML
---
|
|
# Note: borgmatic is installed via mise (pipx), not managed here.
|
|
# This role manages the config file and scheduled LaunchAgent.
|
|
|
|
- name: Ensure borgmatic config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ borgmatic_config_dir }}"
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
# .pgpass is used by pg_dump for database backups
|
|
# Password is fetched in playbook pre_tasks as borgmatic_db_password
|
|
- name: Write .pgpass file for borgmatic PostgreSQL backups
|
|
ansible.builtin.copy:
|
|
content: |
|
|
# Managed by ansible (borgmatic role) - k8s PostgreSQL backup credentials
|
|
pg.ops.eblu.me:5432:*:borgmatic:{{ borgmatic_db_password }}
|
|
dest: ~/.pgpass
|
|
mode: '0600'
|
|
no_log: true
|
|
|
|
# BorgBase offsite backup - SSH key and host verification
|
|
- name: Deploy BorgBase SSH private key
|
|
ansible.builtin.copy:
|
|
content: "{{ borgbase_ssh_private_key }}\n"
|
|
dest: "{{ borgmatic_borgbase_ssh_key_path }}"
|
|
mode: '0600'
|
|
no_log: true
|
|
|
|
- name: Add BorgBase host key to known_hosts
|
|
ansible.builtin.known_hosts:
|
|
name: u3ugi1x1.repo.borgbase.com
|
|
key: "u3ugi1x1.repo.borgbase.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU0mISTyHBw9tBs6SuhSq8tvNM8m9eifQxM+88TowPO"
|
|
state: present
|
|
|
|
- name: Ensure k8s dump directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ borgmatic_k8s_dump_dir }}"
|
|
state: directory
|
|
mode: '0700'
|
|
when: borgmatic_k8s_sqlite_dumps | length > 0
|
|
|
|
- name: Deploy borgmatic configuration
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: "{{ borgmatic_config }}"
|
|
mode: '0600'
|
|
|
|
- name: Deploy borgmatic LaunchAgent plist
|
|
ansible.builtin.template:
|
|
src: borgmatic.plist.j2
|
|
dest: ~/Library/LaunchAgents/mcquack.eblume.borgmatic.plist
|
|
mode: '0644'
|
|
notify: Reload borgmatic
|
|
|
|
- name: Check if borgmatic LaunchAgent is loaded
|
|
ansible.builtin.command: launchctl list mcquack.eblume.borgmatic
|
|
register: borgmatic_launchctl_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Load borgmatic LaunchAgent if not loaded
|
|
ansible.builtin.command: launchctl load ~/Library/LaunchAgents/mcquack.eblume.borgmatic.plist
|
|
when: borgmatic_launchctl_check.rc != 0
|
|
changed_when: true
|
|
failed_when: false
|