-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.yaml
120 lines (116 loc) · 4.96 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
- name: Deploy all services
hosts: localhost
connection: local
become_user: root
become_method: ansible.builtin.sudo
become: true
tasks:
- name: Set full service list
ansible.builtin.set_fact:
service_names:
- bookstack
- caddy
- clicketing
- crabfit
- directus
- icelan
- gamestar-website
- keycloak
- mattermost
- nextcloud
- onlyoffice
- roboclic
- s4s
- synapse
- vaultwarden
- website
- webhook
- name: Compute list of services to deploy
ansible.builtin.set_fact:
to_deploy: "{{ ((SERVICE | default('')) == '') | ternary(service_names, SERVICE | default('') | split(',')) }}"
- name: Deploy
ansible.builtin.include_role:
name: "{{ item }}"
vars:
service: "{{ services[item] }}"
loop: "{{ to_deploy }}"
- name: Setup automatic backups with Borg
hosts: localhost
connection: local
become_user: root
become_method: ansible.builtin.sudo
become: true
tasks:
- name: Install required packages
ansible.builtin.apt:
update_cache: true
package:
- borgbackup
- postgresql-client
- mariadb-client
- cron
- name: Launch borgmatic
ansible.builtin.include_role:
name: borgbase.ansible_role_borgbackup
vars:
borg_repository:
- "{{ services.backup.repository }}"
borg_encryption_passphrase: "{{ services.backup.encryption_passphrase }}"
borgmatic_timer: systemd
borgmatic_timer_hour: 0
borgmatic_timer_minute: 0
borg_source_directories:
- /var/lib/docker/volumes/roboclic
- /var/lib/docker/volumes/mattermost_data
- /var/lib/docker/volumes/nextcloud_nextcloud-app
- /var/lib/docker/volumes/vaultwarden_vaultwarden
- /var/lib/docker/volumes/bookstack_app
- /var/lib/docker/volumes/mattermost_config
- /var/lib/docker/volumes/mattermost_data
- /var/lib/docker/volumes/mattermost_logs
- /var/lib/docker/volumes/mattermost_plugins
- /var/lib/docker/volumes/mattermost_client-plugins
- /var/lib/docker/volumes/mattermost_bleve-indexes
- /var/lib/docker/volumes/onlyoffice_config
- /var/lib/docker/volumes/onlyoffice_data
- /var/lib/docker/volumes/onlyoffice_fonts
- /var/lib/docker/volumes/onlyoffice_lib
- /var/lib/docker/volumes/onlyoffice_log
- /var/lib/docker/volumes/onlyoffice_psql
- /var/lib/docker/volumes/onlyoffice_rabbit
- /var/lib/docker/volumes/onlyoffice_redis
- /var/db-dumps
- /var/secrets.yaml
- /etc/webhook
borgmatic_hooks:
before_backup:
- echo "`date` - Starting backup."
- mkdir -p /var/db-dumps
- >-
MYSQL_PWD={{ services.nextcloud.database.password }} mariadb-dump --add-drop-database --host 127.0.0.1 --port 5000
--protocol tcp --user nextcloud --databases nextcloud --result-file /var/db-dumps/nextcloud.sql
- >-
MYSQL_PWD={{ services.bookstack.database.password }} mariadb-dump --add-drop-database --host 127.0.0.1 --port 5004
--protocol tcp --user bookstack --databases bookstackapp --result-file /var/db-dumps/bookstack.sql
- >-
PGPASSWORD={{ services.mattermost.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5001
--username mattermost --format plain mattermost -f /var/db-dumps/mattermost.sql
- >-
PGPASSWORD={{ services.clicketing.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5003
--username clicketing --format plain clicketing -f /var/db-dumps/clicketing.sql
- >-
PGPASSWORD={{ services.directus.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5005
--username directus_user --format plain directus_data -f /var/db-dumps/directus.sql
- >-
PGPASSWORD={{ services.keycloak.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5006
--username keycloak --format plain keycloak -f /var/db-dumps/keycloak.sql
- >-
PGPASSWORD={{ services.synapse.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5007
--username synapse --format plain synapse -f /var/db-dumps/synapse.sql
- >-
PGPASSWORD={{ services.crabfit.database.password }} pg_dump --no-password --clean --if-exists --host 127.0.0.1 --port 5008
--username crabfit --format plain crabfit -f /var/db-dumps/crabfit.sql
borg_retention_policy:
keep_daily: 3
keep_weekly: 4
keep_monthly: 6