[borg] lets filter-out shit and backup cameron

group_vars/crans_server/borg.yml

+---
+glob_borg:
+  to_backup:
+    - /etc
+    - /var
+  path: /backup/borg
+  remote:
+    - borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  retention:
+    - ["daily", 4]
+    - ["monthly", 6]
+  consistency_check:
+    - disabled
+  extra_init:
+    - make-parent-dirs
+  encryption_passphrase: "{{ vault.borgbackup_passwd }}"
+  ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}"

group_vars/crans_server/vars.yml

@@ -9,18 +9,3 @@ debian_mirror: http://mirror.adm.crans.org/debian
 ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
 debian_components: main contrib non-free
 ubuntu_components: main restricted universe multiverse
-
-glob_borg:
-  to_backup:
-    - /etc
-    - /var
-  path: /backup/borg
-  remote:
-    - borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  retention:
-    - ["daily", 4]
-    - ["monthly", 6]
-  consistency_check:
-    - disabled
-  extra_init:
-    - make-parent-dirs

host_vars/cameron.adm.crans.org

+---
+loc_borg:
+  to_exclude:
+    - /var/mail
+
+loc_borg_data:
+  path_suffix: ".data"
+  to_backup:
+    - /var/mail
+    - /pool/home
+  remote:
+    - borg@omnomnom.adm.crans.org:/backup/borg/{{ ansible_hostname }}

host_vars/owl.adm.crans.org.yml

@@ -5,3 +5,7 @@ interfaces:
 
 loc_dovecot:
   cert_path: /etc/letsencrypt/live/crans.org
+
+loc_borg:
+  to_exclude:
+    - /var/mail

host_vars/tealc.adm.crans.org.yml

@@ -4,3 +4,9 @@ loc_postgresql:
 loc_slapd:
   ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
   replica: false
+
+loc_borg:
+  to_backup:
+    - /etc
+    - /var
+    - /pool/home

host_vars/zamok.adm.crans.org.yml

@@ -2,6 +2,7 @@
 loc_borg:
   to_exclude:
     - /var/mail
+    - /var/lib/podman
   hooks:
     - type: mysql_databases
       params:

hosts

@@ -3,8 +3,12 @@
 [adh_server]
 zamok.adm.crans.org
 
+[backup_data]
+cameron.adm.crans.org
+
 [backups]
 zephir.adm.crans.org
+omnomnom.adm.crans.org
 
 [baie]
 cameron.adm.crans.org

plays/backup.yml

 #!/usr/bin/env ansible-playbook
 ---
-
-- import_playbook: borgbackups_client.yml
-- import_playbook: borgbackups_server.yml
+- hosts: backups
+  vars:
+    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+  roles:
+    - borgbackup-server

plays/borgbackups_client.yml → plays/borgbackup_client.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - hosts: server,!stretch
   vars:
     borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
@@ -8,8 +7,9 @@
   roles:
     - borgbackup-client
 
-- hosts: backups
+- hosts: backup_data
   vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
+    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
   roles:
-    - borgbackup-server
+    - borgbackup-client

plays/borgbackups_server.yml

-#!/usr/bin/env ansible-playbook
----
-
-- hosts: server
-  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-  roles:
-    - borgbackup-client
-
-- hosts: backups
-  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
-  roles:
-    - borgbackup-server

plays/root.yml

@@ -75,6 +75,6 @@
       retries: 3
       until: apt_result is succeeded
 
-- import_playbook: borgbackups_client.yml
+- import_playbook: borgbackup_client.yml
 - import_playbook: monitoring.yml
 - import_playbook: network_interfaces.yml

roles/borgbackup-client/tasks/main.yml

@@ -39,21 +39,21 @@
 - name: Deploy borgmatic config
   template:
     src: "borgmatic/config.yaml.j2"
-    dest: "/etc/borgmatic/config.yaml"
+    dest: "/etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml"
     mode: 0600
     owner: root
     group: root
 
 - name: Init borg repository
   command:
-    cmd: /usr/bin/borgmatic init -e repokey
+    cmd: "/usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey"
   register: borg_init
   changed_when: '"does not exist" in borg_init.stderr'
 
 - name: Deploy borg cron
   template:
     src: "cron.d/borg.j2"
-    dest: "/etc/cron.d/borg"
+    dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
   notify: restart cron
 
 - name: Indicate role in motd

roles/borgbackup-client/templates/borgmatic/config.yaml.j2

@@ -27,7 +27,7 @@ location:
     borgmatic_source_directory: /tmp/borgmatic
 
 storage:
-    encryption_passphrase: {{ vault.borgbackup_passwd }}
+    encryption_passphrase: {{ borg.encryption_passphrase }}
     ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg
     borg_base_directory: /etc/borgmatic
     borg_config_directory: /etc/borgmatic/config/

roles/borgbackup-client/templates/borgmatic/id_ed25519_borg.j2

-{{ vault.borgbackup_ssh_privkey }}
+{{ borg.ssh_privkey }}

roles/borgbackup-client/templates/cron.d/borg.j2

@@ -2,4 +2,8 @@
 
 PATH=$PATH:/usr/sbin:/usr/bin:/usr/local/bin:/sbin:/bin
 
+{% if borg.path_suffix is defined %}
+{{ 60 | random(seed=inventory_hostname) }} {{ 24 | random(seed=inventory_hostname) }} * * * root borgmatic -c /etc/borgmatic/config{{ borg.path_suffix }}.yaml --syslog-verbosity 1
+{% else %}
 {{ 60 | random(seed=inventory_hostname) }} {{ 24 | random(seed=inventory_hostname) }} * * * root borgmatic --syslog-verbosity 1
+{% endif %}