This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/esh_borgmatic/recipes/setup.rb

123 lines
3.2 KiB
Ruby
Raw Normal View History

2025-02-15 00:56:26 +09:00
#
# Cookbook:: esh_borgmatic
# Recipe:: setup
#
# Copyright:: 2023, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
repo_passphrase = node['esh']['borgmatic']['config']['repo_passphrase']
repo = node['esh']['borgmatic']['config']['repo']
location_src = node['esh']['borgmatic']['config']['location_src']
before_backup = node['esh']['borgmatic']['config']['before_backup']
healthchecks = node['esh']['borgmatic']['config']['healthchecks']
file '/root/.ssh/borgmatic' do
content node['esh']['borgmatic']['ssh_priv']
owner 'root'
group 'root'
mode '0400'
action :create
end
file '/root/.ssh/borgmatic.pub' do
content node['esh']['borgmatic']['ssh_pub']
owner 'root'
group 'root'
mode '0400'
action :create
end
apt_package 'borgmatic'
execute 'trust the borg repo' do
command <<~EOT
ssh-keyscan #{repo.split('@')[1].split(':')[0]} >> /root/.ssh/known_hosts
EOT
not_if <<~EOT
grep -q #{repo.split('@')[1].split(':')[0]} /root/.ssh/known_hosts
EOT
action :run
end
directory '/etc/borgmatic' do
owner 'root'
group 'root'
mode '0700'
action :create
end
template '/etc/borgmatic/config.yaml' do
owner 'root'
group 'root'
mode '0400'
variables location_src: location_src,
repo: repo,
repo_passphrase: repo_passphrase,
before_backup: before_backup,
healthchecks: healthchecks
action :create
end
systemd_unit 'borgmatic.service' do
content <<~EOU
[Unit]
Description=borgmatic backup
Wants=network-online.target
After=network-online.target
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
# want to allow borgmatic to run anytime.
ConditionACPower=true
ConditionFileNotEmpty=/etc/borgmatic/config.yaml
Documentation=https://torsion.org/borgmatic/
[Service]
Type=oneshot
# Lower CPU and I/O priority.
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100
Restart=no
# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
# doesn't support this (pre-240 or so), you may have to remove this option.
LogRateLimitIntervalSec=0
# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
# dbus-user-session to be installed.
ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1
EOU
action [:create, :enable]
end
systemd_unit 'borgmatic.timer' do
content <<~EOU
[Unit]
Description=Run borgmatic backup
[Timer]
OnCalendar=#{node['esh']['borgmatic']['timer']}
Persistent=true
[Install]
WantedBy=timers.target
EOU
verify false
action [:create, :enable]
end