eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible/roles/borgmatic/templates/config.yaml.j2
Erich Blume f26105dea9 C1: borgmatic shower SQLite dump via ssh to ringtail 
The shower dump hook referenced kubectl --context=k3s-ringtail, but
indri's kubeconfig deliberately doesn't carry the ringtail
credentials. Since PR #349 (2026-05-11), nightly borgmatic runs have
failed at the before_backup hook, aborting both sifaka-borg-backups
and borgbase-offsite.

Rewrite the dump to ssh into ringtail and run k3s kubectl there.
/etc/rancher/k3s/k3s.yaml on ringtail is mode 644, so no sudo is
needed; the ssh user (eblume) reads it directly. Dump file is
created in the pod via sqlite3.backup, copied to ringtail's host
filesystem via k3s kubectl cp, then scp'd back to indri.

Template gains a `ssh_host` field on dump entries — when set, uses
the ssh path; when absent (as for mealie), uses local kubectl with
the existing `context` field.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 17:38:26 -07:00

71 lines
2.3 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
# Path to borg binary (LaunchAgent doesn't have homebrew in PATH)
local_path: {{ borgmatic_local_path }}
source_directories:
{% for dir in borgmatic_source_directories %}
- {{ dir }}
{% endfor %}
source_directories_must_exist: true
repositories:
{% for repo in borgmatic_repositories %}
- path: {{ repo.path }}
label: {{ repo.label }}
{% if repo.encryption is defined %}
encryption: {{ repo.encryption }}
{% endif %}
{% if repo.append_only is defined %}
append_only: {{ repo.append_only | lower }}
{% endif %}
{% endfor %}
{% if borgmatic_exclude_patterns %}
exclude_patterns:
{% for pattern in borgmatic_exclude_patterns %}
- {{ pattern }}
{% endfor %}
{% endif %}
encryption_passcommand: {{ borgmatic_encryption_passcommand }}
{% if borgmatic_k8s_sqlite_dumps %}
# Pre-backup: dump SQLite databases from k8s pods.
# Uses sqlite3.backup() for a safe, consistent copy.
#
# Quoting/escaping is delegated to ~/bin/borgmatic-k8s-sqlite-dump
# (deployed by the borgmatic ansible role). Each entry's `target`
# is either:
# - local:<context> -> local kubectl with --context (mealie etc.)
# - ssh:<user@host> -> ssh + k3s kubectl on the cluster host,
# used for ringtail since indri's kubeconfig
# deliberately doesn't carry that context.
before_backup:
- mkdir -p {{ borgmatic_k8s_dump_dir }}
{% for db in borgmatic_k8s_sqlite_dumps %}
- {{ ansible_env.HOME }}/bin/borgmatic-k8s-sqlite-dump {{ db.target }} {{ db.namespace }} {{ db.label_selector }} {{ db.db_path }} {{ db.name }} {{ borgmatic_k8s_dump_dir }}/{{ db.name }}.db
{% endfor %}
{% endif %}
ssh_command: ssh -o IdentitiesOnly=yes -i {{ borgmatic_borgbase_ssh_key_path }}
# Retention policy
keep_daily: {{ borgmatic_keep_daily }}
keep_monthly: {{ borgmatic_keep_monthly }}
keep_yearly: {{ borgmatic_keep_yearly }}
{% if borgmatic_postgresql_databases %}
# PostgreSQL database backups (streamed via pg_dump)
postgresql_databases:
{% for db in borgmatic_postgresql_databases %}
- name: {{ db.name }}
hostname: {{ db.hostname | default('localhost') }}
port: {{ db.port | default(5432) }}
username: {{ db.username }}
{% if borgmatic_pg_dump_command is defined %}
pg_dump_command: {{ borgmatic_pg_dump_command }}
{% endif %}
{% endfor %}
{% endif %}
Reference in a new issue View git blame Copy permalink