71 lines
2.2 KiB
YAML
71 lines
2.2 KiB
YAML
- name: Copy pgpass file
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: pgpass.j2
|
|
dest: /root/.pgpass
|
|
mode: "0600"
|
|
owner: root
|
|
- name: Create restic cache volume
|
|
become: true
|
|
community.docker.docker_volume:
|
|
name: restic-cache
|
|
- name: Run backup container
|
|
become: true
|
|
community.docker.docker_container:
|
|
name: restic-1
|
|
image: git.comfycamp.space/lumin/restic:0.17.3
|
|
hostname: restic-1
|
|
env:
|
|
AWS_ACCESS_KEY_ID: "{{ s3_access_key_id }}"
|
|
AWS_SECRET_ACCESS_KEY: "{{ s3_secret_access_key }}"
|
|
AWS_DEFAULT_REGION: "{{ s3_region }}"
|
|
RESTIC_REPOSITORY: s3:https://{{ s3_host }}/{{ s3_bucket }}
|
|
RESTIC_PASSWORD: "{{ restic_password }}"
|
|
networks:
|
|
- name: postgresql
|
|
entrypoint: ["sleep"]
|
|
command: ["infinity"]
|
|
volumes:
|
|
- restic-cache:/root/.cache/restic
|
|
- /root/.pgpass:/root/.pgpass:ro
|
|
- /mnt/hdd/archivebox-data:/data/archivebox:ro
|
|
- archivebox:/data/docker/archivebox:ro
|
|
- authentik-media:/data/docker/authentik-media:ro
|
|
- authentik-certs:/data/docker/authentik-certs:ro
|
|
- comfycamp:/data/docker/comfycamp:ro
|
|
- forgejo:/data/docker/forgejo:ro
|
|
- freshrss:/data/docker/freshrss:ro
|
|
- /mnt/hdd/immich:/data/immich:ro
|
|
- jellyfin-config:/data/docker/jellyfin-config:ro
|
|
- maddy:/data/docker/maddy:ro
|
|
- /mnt/hdd/mastodon:/data/mastodon:ro
|
|
- minecraft:/data/docker/minecraft:ro
|
|
- grafana:/data/docker/grafana:ro
|
|
- prometheus:/data/docker/prometheus:ro
|
|
- uptime-kuma:/data/docker/uptime-kuma:ro
|
|
- nextcloud:/data/docker/nextcloud:ro
|
|
- /mnt/hdd/nextcloud:/data/nextcloud:ro
|
|
- /mnt/hdd/peertube:/data/peertube:ro
|
|
- phoenix:/data/docker/phoenix:ro
|
|
- prosody:/data/docker/prosody:ro
|
|
- synapse:/data/docker/synapse:ro
|
|
- vaultwarden:/data/docker/vaultwarden:ro
|
|
- name: Install shellcheck
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: shellcheck
|
|
- name: Copy backup script
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: backup.sh.j2
|
|
dest: /root/backup.sh
|
|
mode: "0700"
|
|
owner: root
|
|
validate: shellcheck %s
|
|
- name: Configure backup job
|
|
become: true
|
|
ansible.builtin.cron:
|
|
name: backups
|
|
minute: "35"
|
|
hour: "0"
|
|
job: /root/backup.sh
|