kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-17 14:04:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Renamed backup roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-14 19:04:30 +02:00
parent 4acf2137e8
commit f02ca50f88
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
42 changed files with 66 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/analysis/Features.md
View File

@ -15,7 +15,7 @@ Every business is unique, and so is CyMaIS! With a modular architecture, it adap
With automated updates, system health checks, and security audits, CyMaIS ensures your infrastructure is always up-to-date and running smoothly. Roles such as `sys-hlth-docker-container`, `sys-hlth-btrfs`, and `sys-hlth-webserver` help monitor system integrity.
## Uncompromised Security 🔒
Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-db-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-bkp-2-usb`).
Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-db-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-bkp-loc-2-usb`).
## User-Friendly with Expert Support 👩‍💻
No need to be a Linux or Docker expert! CyMaIS simplifies deployment with intuitive role-based automation. Documentation and community support make IT administration accessible to all experience levels.

2
docs/guides/administrator/Readme.md
View File

@ -10,7 +10,7 @@ Follow these guides to install and configure CyMaIS:
## Key Responsibilities 🔧
- **User Management** - Configure LDAP, Keycloak, and user permissions.
- **Security & Backups** - Set up `sys-bkp-remote-to-local`, `svc-bkp-2-usb`, and `core-security` roles.
- **Security & Backups** - Set up `sys-bkp-remote-to-local`, `svc-bkp-loc-2-usb`, and `core-security` roles.
- **Application Hosting** - Deploy services like `Nextcloud`, `Matrix`, `Gitea`, and more.
- **Networking & VPN** - Configure `WireGuard`, `OpenVPN`, and `Nginx Reverse Proxy`.

8
group_vars/all/05_maintenace.yml
View File

@ -13,10 +13,10 @@ system_maintenance_lock_timeout_restart_docker: "{{system_maintenance_lock_ti
### Defined Services for Backup Tasks
system_maintenance_backup_services:
- "sys-bkp-docker-to-local"
- "svc-sys-bkp-rmt-2-loc"
- "svc-bkp-2-usb"
- "sys-bkp-docker-to-local-everything"
- "sys-bkp-docker-2-loc"
- "svc-bkp-rmt-2-loc"
- "svc-bkp-loc-2-usb"
- "sys-bkp-docker-2-loc-everything"
### Defined Services for System Cleanup
system_maintenance_cleanup_services:

2
roles/cmp-rdbms/tasks/main.yml
View File

@ -15,4 +15,4 @@
when: applications | get_app_conf(application_id, 'features.central_database', False)
- name: "For '{{ application_id }}': Add Entry for Backup Procedure"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/seed-database-to-backup.yml"

2
roles/docker-core/meta/main.yml
View File

@ -27,7 +27,7 @@ galaxy_info:
documentation: "https://s.veen.world/cymais/docker"
dependencies:
- sys-bkp-docker-to-local
- sys-bkp-docker-2-loc
- user-administrator
- sys-hlth-docker-container
- sys-hlth-docker-volumes

5
roles/svc-bkp-2-usb/handlers/main.yml
View File

@ -1,5 +0,0 @@
- name: "reload svc-bkp-2-usb.cymais.service"
systemd:
name: svc-bkp-2-usb.cymais.service
state: reloaded
daemon_reload: yes

0
roles/svc-bkp-2-usb/README.md → roles/svc-bkp-loc-2-usb/README.md
View File

2
roles/svc-bkp-2-usb/files/svc-sys-bkp-data-to-usb.python → roles/svc-bkp-loc-2-usb/files/svc-sys-bkp-data-to-usb.python
View File

@ -21,7 +21,7 @@ def main():
machine_id = subprocess.run(["sha256sum", "/etc/machine-id"], capture_output=True, text=True).stdout.strip()[:64]
print(f"machine id: {machine_id}")
versions_path = os.path.join(backup_to_usb_destination_path, f"{machine_id}/svc-bkp-2-usb/")
versions_path = os.path.join(backup_to_usb_destination_path, f"{machine_id}/svc-bkp-loc-2-usb/")
print(f"versions path: {versions_path}")
if not os.path.isdir(versions_path):

5
roles/svc-bkp-loc-2-usb/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
- name: "reload svc-bkp-loc-2-usb.cymais.service"
systemd:
name: svc-bkp-loc-2-usb.cymais.service
state: reloaded
daemon_reload: yes

0
roles/svc-bkp-2-usb/meta/main.yml → roles/svc-bkp-loc-2-usb/meta/main.yml
View File

8
roles/svc-bkp-2-usb/tasks/main.yml → roles/svc-bkp-loc-2-usb/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: Copy backup script to the scripts directory
copy:
src: svc-bkp-2-usb.python
src: svc-bkp-loc-2-usb.python
dest: "{{ backup_to_usb_script_path }}"
owner: root
group: root
@ -8,9 +8,9 @@
- name: Copy systemd service to systemd directory
template:
src: svc-bkp-2-usb.service.j2
dest: /etc/systemd/system/svc-bkp-2-usb.cymais.service
src: svc-bkp-loc-2-usb.service.j2
dest: /etc/systemd/system/svc-bkp-loc-2-usb.cymais.service
owner: root
group: root
mode: '0644'
notify: reload svc-bkp-2-usb.cymais.service
notify: reload svc-bkp-loc-2-usb.cymais.service

0
roles/svc-bkp-2-usb/templates/svc-sys-bkp-data-to-usb.service.j2 → roles/svc-bkp-loc-2-usb/templates/svc-sys-bkp-data-to-usb.service.j2
View File

4
roles/svc-bkp-2-usb/vars/main.yml → roles/svc-bkp-loc-2-usb/vars/main.yml
View File

@ -1,6 +1,6 @@
backup_to_usb_script_path: /usr/local/sbin/svc-bkp-2-usb.python
backup_to_usb_script_path: /usr/local/sbin/svc-bkp-loc-2-usb.python
backup_to_usb_destination: '{{backup_to_usb_mount}}{{backup_to_usb_destination_subdirectory}}'
backups_folder_path: '{{backup_to_usb_destination}}'
systemctl_mount_service_name: '{{ backup_to_usb_mount | trim(''/'') | replace(''/'',
''-'') }}.mount'
application_id: svc-bkp-2-usb
application_id: svc-bkp-loc-2-usb

0
roles/svc-sys-bkp-rmt-2-loc/Administration.md → roles/svc-bkp-rmt-2-loc/Administration.md
View File

0
roles/svc-sys-bkp-rmt-2-loc/README.md → roles/svc-bkp-rmt-2-loc/README.md
View File

0
roles/svc-sys-bkp-rmt-2-loc/files/sys-bkp-remote-to-local.sh → roles/svc-bkp-rmt-2-loc/files/sys-bkp-remote-to-local.sh
View File

4
roles/svc-bkp-rmt-2-loc/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: "reload svc-bkp-rmt-2-loc service"
systemd:
name: svc-bkp-rmt-2-loc.cymais.service
daemon_reload: yes

0
roles/svc-sys-bkp-rmt-2-loc/meta/main.yml → roles/svc-bkp-rmt-2-loc/meta/main.yml
View File

14
roles/svc-sys-bkp-rmt-2-loc/tasks/main.yml → roles/svc-bkp-rmt-2-loc/tasks/main.yml
View File

@ -4,17 +4,17 @@
state: directory
mode: 0755
- name: create svc-sys-bkp-rmt-2-loc.sh
- name: create svc-bkp-rmt-2-loc.sh
copy:
src: svc-sys-bkp-rmt-2-loc.sh
dest: "{{docker_backup_remote_to_local_folder}}svc-sys-bkp-rmt-2-loc.sh"
src: svc-bkp-rmt-2-loc.sh
dest: "{{docker_backup_remote_to_local_folder}}svc-bkp-rmt-2-loc.sh"
mode: 0755
- name: create svc-sys-bkp-rmt-2-loc.cymais.service
- name: create svc-bkp-rmt-2-loc.cymais.service
template:
src: svc-sys-bkp-rmt-2-loc.service.j2
dest: /etc/systemd/system/svc-sys-bkp-rmt-2-loc.cymais.service
notify: reload svc-sys-bkp-rmt-2-loc service
src: svc-bkp-rmt-2-loc.service.j2
dest: /etc/systemd/system/svc-bkp-rmt-2-loc.cymais.service
notify: reload svc-bkp-rmt-2-loc service
- name: create backups-remote-to-local.sh
template:

2
roles/svc-sys-bkp-rmt-2-loc/templates/backups-remote-to-local.sh.j2 → roles/svc-bkp-rmt-2-loc/templates/backups-remote-to-local.sh.j2
View File

@ -3,6 +3,6 @@
hosts="{{ pull_remote_backups | join(' ') }}";
errors=0
for host in $hosts; do
bash {{ docker_backup_remote_to_local_folder }}svc-sys-bkp-rmt-2-loc.sh $host || ((errors+=1));
bash {{ docker_backup_remote_to_local_folder }}svc-bkp-rmt-2-loc.sh $host || ((errors+=1));
done;
exit $errors;

0
roles/svc-sys-bkp-rmt-2-loc/templates/sys-bkp-remote-to-local.service.j2 → roles/svc-bkp-rmt-2-loc/templates/sys-bkp-remote-to-local.service.j2
View File

2
roles/svc-bkp-rmt-2-loc/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
docker_backup_remote_to_local_folder: '{{path_administrator_scripts}}svc-bkp-rmt-2-loc/'
application_id: svc-bkp-rmt-2-loc

2
roles/svc-opt-ssd-hdd/templates/svc-opt-ssd-hdd.service.j2
View File

@ -4,5 +4,5 @@ OnFailure=sys-alm-compose.cymais@%n.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore svc-opt-ssd-hdd svc-sys-bkp-rmt-2-loc --timeout "{{system_maintenance_lock_timeout_storage_optimizer}}"'
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore svc-opt-ssd-hdd svc-bkp-rmt-2-loc --timeout "{{system_maintenance_lock_timeout_storage_optimizer}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{storage_optimizer_script}} --rapid-storage-path {{path_rapid_storage}} --mass-storage-path {{path_mass_storage}}'

4
roles/svc-sys-bkp-rmt-2-loc/handlers/main.yml
View File

@ -1,4 +0,0 @@
- name: "reload svc-sys-bkp-rmt-2-loc service"
systemd:
name: svc-sys-bkp-rmt-2-loc.cymais.service
daemon_reload: yes

2
roles/svc-sys-bkp-rmt-2-loc/vars/main.yml
View File

@ -1,2 +0,0 @@
docker_backup_remote_to_local_folder: '{{path_administrator_scripts}}svc-sys-bkp-rmt-2-loc/'
application_id: svc-sys-bkp-rmt-2-loc

2
roles/sys-bkp-directory-validator/README.md
View File

@ -2,7 +2,7 @@
## Description
This Ansible role installs the [directory-validator](https://github.com/kevinveenbirkenbach/directory-validator.git). It is used by the sys-bkp-docker-to-local and sys-cln-faild-bkps roles to verify whether backups have been successfully created.
This Ansible role installs the [directory-validator](https://github.com/kevinveenbirkenbach/directory-validator.git). It is used by the sys-bkp-docker-2-loc and sys-cln-faild-bkps roles to verify whether backups have been successfully created.
## Overview

4
roles/sys-bkp-docker-to-local/README.md → roles/sys-bkp-docker-2-loc/README.md
View File

@ -2,7 +2,7 @@
## Description
This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [sys-bkp-docker-to-local repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-to-local.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
## Overview
@ -20,7 +20,7 @@ Backup Docker Volumes to Local is a comprehensive solution that leverages rsync
## Features
- **Required Software Installation:** Installs necessary packages (e.g., lsof, python-pandas) via pacman.
- **Git Repository Pull:** Automatically pulls the latest version of the [sys-bkp-docker-to-local repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-to-local.git).
- **Git Repository Pull:** Automatically pulls the latest version of the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git).
- **Systemd Service Configuration:** Deploys and reloads two systemd service templates to manage backup tasks.
- **Database Seeding:** Includes tasks to seed and manage a backup database (`databases.csv`) for tracking backup details.
- **Dependency Integration:** Works in conjunction with the dependent roles listed above to verify and manage backups.

9
roles/sys-bkp-docker-2-loc/handlers/main.yml Normal file
View File

@ -0,0 +1,9 @@
- name: "reload sys-bkp-docker-2-loc-everything.cymais.service"
systemd:
name: sys-bkp-docker-2-loc-everything.cymais.service
daemon_reload: yes
- name: "reload sys-bkp-docker-2-loc.cymais.service"
systemd:
name: sys-bkp-docker-2-loc.cymais.service
daemon_reload: yes

0
roles/sys-bkp-docker-to-local/meta/main.yml → roles/sys-bkp-docker-2-loc/meta/main.yml
View File

16
roles/sys-bkp-docker-to-local/tasks/main.yml → roles/sys-bkp-docker-2-loc/tasks/main.yml
View File

@ -21,18 +21,18 @@
include_tasks: reset.yml
when: mode_reset | bool and run_once_bkp_docker_to_local is not defined
- name: configure sys-bkp-docker-to-local-everything.cymais.service
- name: configure sys-bkp-docker-2-loc-everything.cymais.service
template:
src: sys-bkp-docker-to-local-everything.service.j2
dest: /etc/systemd/system/sys-bkp-docker-to-local-everything.cymais.service
notify: reload sys-bkp-docker-to-local-everything.cymais.service
src: sys-bkp-docker-2-loc-everything.service.j2
dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.cymais.service
notify: reload sys-bkp-docker-2-loc-everything.cymais.service
when: run_once_bkp_docker_to_local is not defined
- name: configure sys-bkp-docker-to-local.cymais.service
- name: configure sys-bkp-docker-2-loc.cymais.service
template:
src: sys-bkp-docker-to-local.service.j2
dest: /etc/systemd/system/sys-bkp-docker-to-local.cymais.service
notify: reload sys-bkp-docker-to-local.cymais.service
src: sys-bkp-docker-2-loc.service.j2
dest: /etc/systemd/system/sys-bkp-docker-2-loc.cymais.service
notify: reload sys-bkp-docker-2-loc.cymais.service
when: run_once_bkp_docker_to_local is not defined
- name: "set 'service_name' to '{{ role_name }}'"

0
roles/sys-bkp-docker-to-local/tasks/reset.yml → roles/sys-bkp-docker-2-loc/tasks/reset.yml
View File

0
roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml → roles/sys-bkp-docker-2-loc/tasks/seed-database-to-backup.yml
View File

2
roles/sys-bkp-docker-to-local/templates/sys-bkp-docker-to-local-everything.service.j2 → roles/sys-bkp-docker-2-loc/templates/sys-bkp-docker-2-loc-everything.service.j2
View File

@ -4,6 +4,6 @@ OnFailure=sys-alm-compose.cymais@%n.service sys-cln-faild-bkps.cymais.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'sys-bkp-docker-to-local') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'sys-bkp-docker-2-loc') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}} --everything'
ExecStartPost=/bin/sh -c '/bin/systemctl start sys-rpr-docker-soft.cymais.service &'

2
roles/sys-bkp-docker-to-local/templates/sys-bkp-docker-to-local.service.j2 → roles/sys-bkp-docker-2-loc/templates/sys-bkp-docker-2-loc.service.j2
View File

@ -4,6 +4,6 @@ OnFailure=sys-alm-compose.cymais@%n.service sys-cln-faild-bkps.cymais.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'sys-bkp-docker-to-local-everything') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'sys-bkp-docker-2-loc-everything') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}}'
ExecStartPost=/bin/sh -c '/bin/systemctl start sys-rpr-docker-soft.cymais.service &'

0
roles/sys-bkp-docker-to-local/vars/main.yml → roles/sys-bkp-docker-2-loc/vars/main.yml
View File

9
roles/sys-bkp-docker-to-local/handlers/main.yml
View File

@ -1,9 +0,0 @@
- name: "reload sys-bkp-docker-to-local-everything.cymais.service"
systemd:
name: sys-bkp-docker-to-local-everything.cymais.service
daemon_reload: yes
- name: "reload sys-bkp-docker-to-local.cymais.service"
systemd:
name: sys-bkp-docker-to-local.cymais.service
daemon_reload: yes

4
roles/sys-bkp-provider-user/files/ssh-wrapper.sh
View File

@ -12,8 +12,8 @@ hashed_machine_id="$($get_hashed_machine_id | head -c 64)"
get_backup_types="find /Backups/$hashed_machine_id/ -maxdepth 1 -type d -execdir basename {} ;";
# @todo This configuration is not scalable yet. If other backup services then sys-bkp-docker-to-local are integrated, this logic needs to be optimized
get_version_directories="ls -d /Backups/$hashed_machine_id/sys-bkp-docker-to-local/*"
# @todo This configuration is not scalable yet. If other backup services then sys-bkp-docker-2-loc are integrated, this logic needs to be optimized
get_version_directories="ls -d /Backups/$hashed_machine_id/sys-bkp-docker-2-loc/*"
last_version_directory="$($get_version_directories | tail -1)"
rsync_command="sudo rsync --server --sender -blogDtpre.iLsfxCIvu . $last_version_directory/"

2
roles/sys-rpr-docker-soft/files/sys-rpr-docker-soft.py
View File

@ -40,7 +40,7 @@ def main(base_directory):
while blocker_running:
try:
bash("systemctl is-active --quiet sys-bkp-docker-to-local.cymais.service")
bash("systemctl is-active --quiet sys-bkp-docker-2-loc.cymais.service")
bash("systemctl is-active --quiet update-docker.cymais.service")
print("Backup is running.")
print(f"Trying again in {waiting_time} seconds.")

4
roles/update-docker/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: "start sys-bkp-docker-to-local-everything.cymais.service"
- name: "start sys-bkp-docker-2-loc-everything.cymais.service"
systemd:
name: sys-bkp-docker-to-local-everything.cymais.service
name: sys-bkp-docker-2-loc-everything.cymais.service
state: started
when: mode_backup | bool

2
roles/web-app-bigbluebutton/tasks/main.yml
View File

@ -10,7 +10,7 @@
database_name: "" # Multiple databases
- name: "Seed BigBlueButton Database for Backup"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/seed-database-to-backup.yml"
vars:
database_instance: "{{ application_id }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret', True) }}"

2
roles/web-app-matrix/tasks/create-and-seed-database.yml
View File

@ -10,4 +10,4 @@
when: applications | get_app_conf(application_id, 'features.central_database', False)
- name: "include seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/seed-database-to-backup.yml"

4
roles/web-app-nextcloud/docs/Update.md
View File

@ -43,8 +43,8 @@ and disable any non-functioning apps.
```bash
cd {{path_docker_compose_instances}}nextcloud &&
docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/sys-bkp-docker-to-local/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}sys-bkp-docker-to-local &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/sys-bkp-docker-2-loc/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}sys-bkp-docker-2-loc &&
bash ./recover-web-app-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
```