- hosts: tower # vars: # become: true gather_facts: true vars: user: staffadmin username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 66346630333538386564396632636161316239326530653037666465616165393135666532643264 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 vault_pass: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 31393635346263633965326334656663323439643166313736343337343032303234653264653065 3933333731343231643033373436653764326131616635640a356566616337373031333065303166 36363839323432353936336438636130373134353364326264393563663561346438356533656262 3630386265633339630a306334363336396539353133383236316138333538623064333036316233 6464 token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 36663034636138333863626233623737363834333134333235656132333933356237396132383266 3266326438656130623337653464633062343433623333620a386561353637613263323837313230 66666633373066363862343766646431396632653332333830323136343230336464333635343136 3732643432306338640a666334373636653164646135633966333339323935363433663130313235 36613831356265373964623464356263333666366539663131396535613633346138613665383864 6331393663346638663832313035653765303938376230363936 tasks: # - name: Return all secrets from a path # delegate_to: localhost # ansible.builtin.debug: # msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}" - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git dest: "{{ playbook_dir }}/backup" single_branch: yes force: true delegate_to: localhost - ansible.builtin.fetch: src: "{{ item }}" dest: "{{ playbook_dir }}/backup/" register: fetch_files_backup loop: #! Docker-compose - /opt/dockerapps/docker-compose.yml #! Dex & traefik-forward - /opt/dockerapps/appdata/dex/config.yml - /opt/dockerapps/appdata/dex/traefik-auth-conf.env #! Gitea & Runner - /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini - /opt/dockerapps/appdata/gitea/runner/config.yaml #! Notification - /opt/dockerapps/appdata/alert/config/alertmanager.yml #! Homepage - /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml - /opt/dockerapps/appdata/homepage/homepage/services.yaml - /opt/dockerapps/appdata/homepage/homepage/settings.yaml #! Semaphore - /opt/dockerapps/appdata/semaphore/config/config.json #! Alertmanager - /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml #! ALertmanager 2 ntfy - /opt/dockerapps/appdata/ntfy_alertmanager/etc/config #! Grafana - /opt/dockerapps/appdata/grafana/etc/grafana.ini #! prometheus - /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_internal.yml #! bind - /opt/dockerapps/appdata/bind/config/named.conf - /opt/dockerapps/appdata/bind/records/example.com.zone - /opt/dockerapps/appdata/bind/records/jingoh.private.zone #! crowdsec - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile # - name: Get a cert from an https port # community.crypto.get_certificate: # host: "gitea.jingoh.fr" # port: 443 # delegate_to: localhost # run_once: true # register: cert # tags: test3 # - ansible.builtin.command: # cmd: "echo 'mescouilles'" # register: toto # tags: test3 # - debug: # msg: "{{ toto }}" # tags: test3 - name: Push backup to git ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . git commit -m "Push Backup with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git args: chdir: "{{ playbook_dir }}/backup/" run_once: true delegate_to: localhost # - name: Get a cert from an https port # community.crypto.get_certificate: # host: "gitea.jingoh.fr" # port: 443 # delegate_to: localhost # run_once: true # register: cert # tags: test # - name: set # ansible.builtin.set_fact: # cert_date: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ') }}" # tags: test # - debug: # msg: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ')}}" # tags: test # - debug: # msg: "{{ cert.not_after | to_datetime }} - {{ ansible_date_time.iso8601_basic }}" # # loop: # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # - debug: # msg: "{{ item }}" # loop: # - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days }}" # # - "{{ ansible_date_time.date.total_seconds() }}" # tags: test # when: # - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 30 }}" # curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key" -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/scaleway # # when: cert.not_after - ansible_date_time.iso8601_basic > - name: NTFY when docker compose changed uri: url: "https://alert.jingoh.fr/scaleway" method: POST user: "{{ username }}" password: "{{ password }}" headers: Title: "docker-compose changed" ta: "file_folder" body: "Docker compose backup in gitea" status_code: 200 tags: test1 delegate_to: localhost when: fetch_files_backup.changed is true # when: # - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 10 }}" # - name: Exécuter le conteneur Docker # community.docker.docker_container: # name: vaultwarden-backup # image: bruceforce/vaultwarden-backup # state: started # auto_remove: true # command: manual # volumes_from: # - vault # env: # UID: "0" # BACKUP_DIR: "/data/backup" # TIMESTAMP: "true" # ENCRYPTION_PASSWORD: "{{ vault_pass }}" # # tags: dock # when: inventory_hostname in groups['controller'] # - name: Supprimer les fichiers de sauvegarde de Vaultwarden plus anciens que 7 jours # find: # paths: /opt/dockerapps/appdata/vaultwarden/backup/ # age: 7d # register: files_to_remove # become: true # when: inventory_hostname in groups['controller'] # tags: dock # - name: Supprimer les fichiers plus anciens que 7 jours # file: # path: "{{ item.path }}" # state: absent # loop: "{{ files_to_remove.files }}" # tags: dock # become: true # - name: Backup vault # uri: # url: "https://alert.jingoh.fr/scaleway" # method: POST # user: "{{ username }}" # password: "{{ password }}" # headers: # Title: "Backup Vault" # ta: "inbox_tray" # body: "Local Backup vault done !" # status_code: 200 # tags: dock # delegate_to: localhost # - name: Exécuter la commande dans le conteneur Docker # community.docker.docker_container: # name: gitea # command: "gitea dump -c /data/gitea/conf/app.ini" # user: git # working_dir: /data/ # state: present # interactive: no # image: gitea/gitea:latest # tty: no # tags: git # docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini # mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/ # docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql # mv ./gitea-db-pg.sql /opt/dockerapps/backup/ # find /opt/dockerapps/backup/ -mtime +7 -exec rm {} \; # curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray" -d "Local Backup gitea done !" https://alert.jingoh.fr/scaleway # docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual # chown -R stephane:stephane /opt/dockerapps/appdata/vaultwarden/backup # find /opt/dockerapps/appdata/vaultwarden/backup/ -mtime +7 -exec rm {} \; # curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray" -d "Local Backup vault done !" https://alert.jingoh.fr/scaleway