borg
Ansible role "papanito.borg"
Ansible role do install and setup regular backups with borg. The role does the following
[Optional] Delete existing repository
Initialize a repository at
protocol://backup_server:target_dirortarget_dirNotes
In case the repo
target_diralready exists, the initalization will be skipped Ifbackup_serveris not specified role assumes a local backup i.e. to a local directoryCreate a
systemdservice which regularly (accoring tobackup_schedule) runs scriptborg.shfrom borgbackup.orgThere will be an individual borg-script named
automatic-backup-{{service_name}}.shin/opt/borg_backupwhich is customized withbackup_source_dirbackup_exclude_fileorbackup_exclude_listbackup_schedule
Requirements
None
Role Variables
These are all variables
| Parameter | Description | Default Value |
|---|---|---|
backup_server |
Name of the backup server - if not defined, it assumes a local backup | - |
backup_user |
Name of the user to connect to the server | - |
backup_port |
Port to connect to backup_server |
- |
protocol |
Protocol used to connect to backup_server |
ssh |
backup_name |
[mandatory] Name of backup | |
backup_encryption_key |
[mandatory] Passphrase for the encryption key using repokey |
- |
backup_encryption_method |
Borg encryption method, currently only repokey implemented |
repokey |
target_dir |
Target directory of the backups on the backup_server |
"./backups/{{ backup_name }}" |
backup_delete |
WARNING If set to true then existing backup repository will be deleted |
false |
backup_create |
Creation of repository. You can use the role to explicitly delete an existing repository by running the role with -e backup_delete=true -e backup_create=false |
true |
backup_schedule |
Systemd schedule notation for the daily backup to run | *-*-* 03:00:00 |
backup_include_list |
List of source directories to backup | - |
backup_exclude_file |
EXCLUDEFILE which contains exclude patternsTakes precedence over backup_exclude_list |
- |
backup_exclude_list |
List of patterns which will be added as --exclude 'PATTERN' |
- |
The following parameters are related to the systemd service file:
| Parameter | Description | Default Value |
|---|---|---|
systemd_target_dir |
Location where to copy .service-files |
/etc/systemd/system/ |
borg_systemd_user |
User for systemd service | backup |
borg_systemd_group |
Group for systemd service | backup |
borg_systemd_on_failure |
If set it will make an OnFailure entry in the service file | - |
systemd_script_mode |
Mode of the script file | 0774 |
systemd_service_mode |
Mode of the service file | 0644 |
The script which is deployed also defines the options for prune as described at [borg prune](https://borgbackup.readthedocs.io/en/stable/usage/prune.x
html). Values which expect a number but variable is not defined, then the option is not provided.
| Parameter | Description | Default Value |
|---|---|---|
backup_prune_dryrun |
-n, --dry-run do not change repository |
false |
backup_prune_force |
--force force pruning of corrupted archives |
false |
backup_prune_stats |
-s, --stats print statistics for the deleted archive |
true |
backup_prune_list |
--list output verbose list of archives it keeps/prunes |
true |
backup_prune_keep_within |
--keep-within INTERVAL keep all archives within this time interval |
- |
backup_prune_keep_last |
--keep-last, --keep-secondly number of secondly archives to keep |
- |
backup_prune_keep_minutely |
--keep-minutely number of minutely archives to keep |
- |
backup_prune_keep_hourly |
-H, --keep-hourly number of hourly archives to keep |
- |
backup_prune_keep_daily |
-d, --keep-daily number of daily archives to keep |
- |
backup_prune_keep_weekly |
-w, --keep-weekly number of weekly archives to keep |
- |
backup_prune_keep_monthly |
-m, --keep-monthly number of monthly archives to keep |
- |
backup_prune_keep_yearly |
-y, --keep-yearly number of yearly archives to keep |
- |
backup_prune_save_space |
--save-space work slower, but using less space |
false |
To keep sensitive information hidden I recommend to use ansible-vault
You can define the passowrd file in ansible.cfg so none vault parameter has to be specified. Thus, the encrypted variable backup_encryption_key can be created as follows:
ansible-vault encrypt_string 'SupersecretPa$$phrase' --name 'backup_encryption_key'
Dependencies
None
Examples
Example Playbook remote backup
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: localhost
vars:
- backup_server: borg.intra
- backup_user: borguser
- backup_name: mybackupname
- backup_encryption_key: test
- backup_port: 23
- target_dir: "/var/backups/"
- backup_schedule: "*-*-* 03:00:00"
- backup_exclude_list:
- "*/Downloads"
- "*/google-chrome*"
- backup_include_list:
- /home/papanito
- backup_prune_keep_daily: 7
- backup_prune_keep_weekly: 5
- backup_prune_keep_monthly: 6
- backup_prune_keep_yearly: 1
roles:
- role: papanito.borg
This will create a backup at ssh://[email protected]:/var/backup/mybackupname and the following systemd files
/opt/borg_backup/automatic-backup-mybackupname-borg.intra.sh(backup script)/etc/systemd/system/automatic-backup-mybackupname-borg.intra.service(systemd service file)/etc/systemd/system/automatic-backup-mybackupname-borg.intra.timer(systemd timers file)
Example Playbook local backup
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: localhost
vars:
- backup_name: mybackupname
- backup_encryption_key: test
- target_dir: "/var/backup/"
- backup_schedule: "*-*-* 03:00:00"
- backup_exclude_list:
- "*/Downloads"
- "*/google-chrome*"
- backup_include_list:
- /home/papanito
- backup_prune_keep_daily: 7
- backup_prune_keep_weekly: 5
- backup_prune_keep_monthly: 6
- backup_prune_keep_yearly: 1
This will create a backup at /var/backup/mybackupname and the following systemd files
/opt/borg_backups/automatic-backup-mybackupname-local.sh(backup script)/etc/systemd/system/automatic-backup-mybackupname-local.service(systemd service file)/etc/systemd/system/automatic-backup-mybackupname-local.timer(systemd timers file)
License
This is Free Software, released under the terms of the Apache v2 license.
Author Information
ansible-galaxy install papanito/ansible-role-borg