From d995cfc671bb71ec83a9befc22401234af6be397 Mon Sep 17 00:00:00 2001
From: Benoit S <git@benpro.fr>
Date: Sun, 31 Jan 2021 20:04:51 +0900
Subject: [PATCH] Init backup

---
 group_data/all.py           | 10 +++++++++
 setup-backup.py             | 20 ++++++++++++++++++
 templates/borgmatic.yaml.j2 | 42 +++++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+)
 create mode 100644 setup-backup.py
 create mode 100644 templates/borgmatic.yaml.j2

diff --git a/group_data/all.py b/group_data/all.py
index e69de29..57c4aac 100644
--- a/group_data/all.py
+++ b/group_data/all.py
@@ -0,0 +1,10 @@
+from getpass import getpass
+
+import privy
+
+def get_secret(borg_passphrase):
+    password = getpass('Please provide the secret password: ')
+    return privy.peek(borg_passphrase, password)
+
+b_borg_passphrase = get_secret(b'1$2$o9juQh0wvpWhOsXHhh-xyimKIpWAUOk9MgLeSHiM_NA=$Z0FBQUFBQmdGb3U0RmNfaDdYYkVfU1pvdW9SbXFJMC1GN2FsSXJoTVpkVENaRlN1V2ZiOVNpalk2Z28zS3R5bFRWMkh3VnQ4cFhIZVhtWVphWDhwQi00ejJsWS1pMkZMSGhvTnlVTi15aTBLejdTTHVjdGZLYUtqRUY0Wm9Lc19ISTZ3Wkc1SHJFLWNIMUNtekFXMzFBV1BMN1hNZlludG5xMU9WdkNPM3lwaDZfWFpESExaVHdFPQ==')
+borg_passphrase = b_borg_passphrase.decode('utf-8')
diff --git a/setup-backup.py b/setup-backup.py
new file mode 100644
index 0000000..80235d3
--- /dev/null
+++ b/setup-backup.py
@@ -0,0 +1,20 @@
+from pyinfra import host
+from pyinfra.operations import server, files, systemd, apt
+
+SUDO = True
+
+apt.packages(
+    name='Install packages',
+    packages=['borgbackup', 'borgmatic'],
+    update=True,
+)
+
+files.template(
+    name='Push borgmatic config',
+    src='templates/borgmatic.yaml.j2',
+    dest='/etc/borgmatic/config.yaml',
+    mode='600',
+    user='root',
+    group='root',
+)
+
diff --git a/templates/borgmatic.yaml.j2 b/templates/borgmatic.yaml.j2
new file mode 100644
index 0000000..f1ae7ee
--- /dev/null
+++ b/templates/borgmatic.yaml.j2
@@ -0,0 +1,42 @@
+location:
+    source_directories:
+        - /var/backups
+
+    one_file_system: true
+    repositories:
+        - r0t85632@r0t85632.repo.borgbase.com:repo
+
+    exclude_patterns:
+        - ~/*/.cache
+
+    exclude_caches: true
+    exclude_if_present: .nobackup
+
+storage:
+    compression: auto,zstd
+    encryption_passphrase: '{{ host.data.borg_passphrase }}'
+    archive_name_format: '{hostname}-{now}'
+
+retention:
+    keep_daily: 3
+    keep_weekly: 4
+    keep_monthly: 12
+    keep_yearly: 2
+    prefix: '{hostname}-'
+
+consistency:
+    checks:
+        # uncomment to always do integrity checks. (takes long time for large repos)
+        #- repository
+        - disabled
+
+    check_last: 3
+    prefix: '{hostname}-'
+
+hooks:
+    # List of one or more shell commands or scripts to execute before creating a backup.
+    before_backup:
+        - echo "`date` - Starting backup"
+
+    after_backup:
+        - echo "`date` - Finished backup"