# # Cookbook:: esh_borgmatic # Recipe:: setup # # Copyright:: 2023, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. repo_passphrase = node['esh']['borgmatic']['config']['repo_passphrase'] repo = node['esh']['borgmatic']['config']['repo'] location_src = node['esh']['borgmatic']['config']['location_src'] before_backup = node['esh']['borgmatic']['config']['before_backup'] healthchecks = node['esh']['borgmatic']['config']['healthchecks'] file '/root/.ssh/borgmatic' do content node['esh']['borgmatic']['ssh_priv'] owner 'root' group 'root' mode '0400' action :create end file '/root/.ssh/borgmatic.pub' do content node['esh']['borgmatic']['ssh_pub'] owner 'root' group 'root' mode '0400' action :create end apt_package 'borgmatic' execute 'trust the borg repo' do command <<~EOT ssh-keyscan #{repo.split('@')[1].split(':')[0]} >> /root/.ssh/known_hosts EOT not_if <<~EOT grep -q #{repo.split('@')[1].split(':')[0]} /root/.ssh/known_hosts EOT action :run end directory '/etc/borgmatic' do owner 'root' group 'root' mode '0700' action :create end template '/etc/borgmatic/config.yaml' do owner 'root' group 'root' mode '0400' variables location_src: location_src, repo: repo, repo_passphrase: repo_passphrase, before_backup: before_backup, healthchecks: healthchecks action :create end systemd_unit 'borgmatic.service' do content <<~EOU [Unit] Description=borgmatic backup Wants=network-online.target After=network-online.target # Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you # want to allow borgmatic to run anytime. ConditionACPower=true ConditionFileNotEmpty=/etc/borgmatic/config.yaml Documentation=https://torsion.org/borgmatic/ [Service] Type=oneshot # Lower CPU and I/O priority. Nice=19 CPUSchedulingPolicy=batch IOSchedulingClass=best-effort IOSchedulingPriority=7 IOWeight=100 Restart=no # Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that # doesn't support this (pre-240 or so), you may have to remove this option. LogRateLimitIntervalSec=0 # Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and # dbus-user-session to be installed. ExecStartPre=sleep 1m ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 EOU action [:create, :enable] end systemd_unit 'borgmatic.timer' do content <<~EOU [Unit] Description=Run borgmatic backup [Timer] OnCalendar=#{node['esh']['borgmatic']['timer']} Persistent=true [Install] WantedBy=timers.target EOU verify false action [:create, :enable] end