Added back-up.yml
This commit is contained in:
parent
a21f4a6020
commit
216d2cfc11
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,4 +2,5 @@ vars/secrets.yml
|
||||
templates/conf/users_database.yml.j2
|
||||
templates/conf/configuration.yml.j2
|
||||
files/firefox
|
||||
production
|
||||
.hidden
|
12
README.md
12
README.md
@ -1,9 +1,11 @@
|
||||
# Ansible playbook to deploy Docker services to Opnxng
|
||||
# Ansible playbook for Opnxng deployment
|
||||
|
||||
An Ansible playbook to deploy Docker services to our servers.
|
||||
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
|
||||
|
||||
`ansible-playbook -i "production" "deploy.yml"`
|
||||
|
||||
`ansible-playbook -i "production" "back-up.yml"`
|
||||
|
||||
## Services
|
||||
|
||||
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yml) defines the services to be deployed or already deployed.
|
||||
@ -12,9 +14,11 @@ They are deployed with [Compose files](templates/compose) and load balanced acco
|
||||
|
||||
## Configurations
|
||||
|
||||
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG).
|
||||
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
|
||||
|
||||
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](/opnxng/ansible-opnxng-deploy). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
|
||||
Data of our Privatebin, Etherpad, and Gitea instance are backed up periodically.
|
||||
|
||||
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
|
||||
|
||||
## Contact
|
||||
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
|
211
back-up.yml
Executable file
211
back-up.yml
Executable file
@ -0,0 +1,211 @@
|
||||
---
|
||||
- name: Back up
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/secrets.yml
|
||||
tasks:
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Get current date
|
||||
shell: date +%Y-%m-%d
|
||||
run_once: true
|
||||
register: current_date
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Stop Privatebin
|
||||
command: docker stop privatebin
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Set permissions of privatebin directory
|
||||
file:
|
||||
path: "{{ docker_dir }}/privatebin/data"
|
||||
state: directory
|
||||
owner: 1000
|
||||
group: 1000
|
||||
mode: 0755
|
||||
recurse: yes
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Compress privatebin directory
|
||||
shell: "zip -r --password {{ backup_zip_password }} privatebin_{{ current_date.stdout }}.zip data"
|
||||
args:
|
||||
chdir: "{{ docker_dir }}/privatebin/"
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Set permissions of privatebin directory
|
||||
file:
|
||||
path: "{{ docker_dir }}/privatebin/data"
|
||||
state: directory
|
||||
owner: 65534
|
||||
group: 82
|
||||
mode: 0700
|
||||
recurse: yes
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Start Privatebin
|
||||
command: docker start privatebin
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Copy privatebin.zip
|
||||
copy:
|
||||
src: "{{ oracle1_nfs_docker_dir_on_control_host }}/privatebin/privatebin_{{ current_date.stdout }}.zip"
|
||||
dest: "{{ backup_path_on_control_host }}/"
|
||||
owner: 0
|
||||
group: 0
|
||||
mode: 0644
|
||||
when: inventory_hostname == 'oracle1'
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
- name: Remove privatebin.zip on remote server
|
||||
file:
|
||||
path: "{{ docker_dir }}/privatebin/privatebin_{{ current_date.stdout }}.zip"
|
||||
state: absent
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
# To Restore:
|
||||
# cd ./Docker/privatebin
|
||||
# sudo unzip privatebin_2023-11-11.zip
|
||||
# sudo chown -R 65534:82 {{ docker_dir }}/privatebin/data
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Backup Etherpaddb
|
||||
command: "docker exec -e PGPASSWORD={{ etherpad_db_pass }} etherpaddb sh -c 'PGPASSWORD={{ etherpad_db_pass }} pg_dump -Ft -U etherpad etherpad > /backups/etherpaddb_{{ current_date.stdout }}.tar'"
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Prune Etherpaddb on remote server
|
||||
command: find {{ docker_dir }}/etherpad/backups -type f -mtime +2 -delete
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Copy Etherpaddb backups
|
||||
copy:
|
||||
src: "{{ oracle3_nfs_docker_dir_on_control_host }}/etherpad/backups/"
|
||||
dest: "{{ backup_path_on_control_host }}/"
|
||||
owner: 0
|
||||
group: 0
|
||||
mode: 0644
|
||||
when: inventory_hostname == 'oracle3'
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Stop gitea
|
||||
command: docker stop gitea
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Stop gitea-db
|
||||
command: docker stop gitea-db
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Compress gitea directory
|
||||
archive:
|
||||
path: "{{ docker_dir }}/gitea/data/"
|
||||
dest: "{{ docker_dir }}/gitea/gitea_{{ current_date.stdout }}.tar"
|
||||
format: tar
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Copy gitea.tar
|
||||
copy:
|
||||
src: "{{ oracle3_nfs_docker_dir_on_control_host }}/gitea/gitea_{{ current_date.stdout }}.tar"
|
||||
dest: "{{ backup_path_on_control_host }}/gitea_{{ current_date.stdout }}.tar"
|
||||
owner: 0
|
||||
group: 0
|
||||
mode: 0644
|
||||
when: inventory_hostname == 'oracle3'
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
- name: Remove gitea.tar on remote server
|
||||
file:
|
||||
path: "{{ docker_dir }}/gitea/gitea_{{ current_date.stdout }}.tar"
|
||||
state: absent
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Start gitea
|
||||
command: docker start gitea
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
- name: Start gitea-db
|
||||
command: docker start gitea-db
|
||||
when: inventory_hostname == 'oracle3'
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
# - name: Stop ntfy
|
||||
# command: docker stop ntfy
|
||||
# when: inventory_hostname == 'oracle3'
|
||||
|
||||
# - name: Compress ntfy directory
|
||||
# archive:
|
||||
# path: "{{ docker_dir }}/ntfy/"
|
||||
# dest: "{{ docker_dir }}/ntfy.tar"
|
||||
# format: tar
|
||||
# become: true
|
||||
# when: inventory_hostname == 'oracle3'
|
||||
|
||||
# - name: Copy ntfy.tar
|
||||
# copy:
|
||||
# src: "{{ oracle3_nfs_docker_dir_on_control_host }}/ntfy.tar"
|
||||
# dest: "{{ backup_path_on_control_host }}/ntfy.tar"
|
||||
# owner: 1000
|
||||
# group: 1000
|
||||
# mode: 0755
|
||||
# when: inventory_hostname == 'oracle3'
|
||||
# delegate_to: "{{ control_host }}"
|
||||
|
||||
# - name: Remove ntfy.tar
|
||||
# file:
|
||||
# path: "{{ docker_dir }}/ntfy.tar"
|
||||
# state: absent
|
||||
# when: inventory_hostname == 'oracle3'
|
||||
|
||||
# - name: Start ntfy
|
||||
# command: docker start ntfy
|
||||
# when: inventory_hostname == 'oracle3'
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Remove old weekly files from send
|
||||
command: find {{ docker_dir }}/send/uploads/ -name 7-\* -mmin +10130 -exec rm {} \;
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
- name: Remove old daily files from send
|
||||
command: find {{ docker_dir }}/send/uploads/ -name 1-\* -mmin +1500 -exec rm {} \;
|
||||
when: inventory_hostname == 'oracle1'
|
||||
|
||||
# - name: Compress send directory
|
||||
# archive:
|
||||
# path: "{{ docker_dir }}/send"
|
||||
# dest: "{{ docker_dir }}/send.tar"
|
||||
# format: tar
|
||||
# delegate_to: oracle1
|
||||
# tags: never
|
||||
# when: inventory_hostname == 'oracle1'
|
||||
|
||||
# - name: Copy send.tar
|
||||
# copy:
|
||||
# src: "{{ oracle1_nfs_docker_dir_on_control_host }}/send.tar"
|
||||
# dest: "{{ backup_path_on_control_host }}/send.tar"
|
||||
# owner: 1000
|
||||
# group: 1000
|
||||
# mode: 0755
|
||||
# tags: never
|
||||
# when: inventory_hostname == 'oracle1'
|
||||
# delegate_to: "{{ control_host }}"
|
||||
|
||||
# - name: Remove send.tar
|
||||
# file:
|
||||
# path: "{{ docker_dir }}/send.tar"
|
||||
# state: absent
|
||||
# tags: never
|
||||
# when: inventory_hostname == 'oracle1'
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Prune outdated backups
|
||||
command: find "{{ backup_path_on_control_host }}/" -type f -mtime +90 -delete
|
||||
run_once: true
|
||||
delegate_to: "{{ control_host }}"
|
30
production
30
production
@ -1,30 +0,0 @@
|
||||
oracle:
|
||||
hosts:
|
||||
oracle1:
|
||||
ansible_host: [REDACTED]
|
||||
oracle2:
|
||||
ansible_host: [REDACTED]
|
||||
oracle3:
|
||||
ansible_host: [REDACTED]
|
||||
oracle4:
|
||||
ansible_host: [REDACTED]
|
||||
vars:
|
||||
ansible_ssh_private_key_file: [REDACTED]
|
||||
ansible_user: [REDACTED]
|
||||
ansible_ssh_port: [REDACTED]
|
||||
pipelining: true
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
cloudcompute:
|
||||
hosts:
|
||||
vultr:
|
||||
ansible_host: [REDACTED]
|
||||
ansible_ssh_private_key_file: [REDACTED]
|
||||
ansible_user: [REDACTED]
|
||||
ansible_ssh_port: [REDACTED]
|
||||
pipelining: true
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
ansible_python_interpreter: /usr/bin/python3
|
Loading…
Reference in New Issue
Block a user