- hosts: controller # vars: # become: true gather_facts: true vars: user: staffadmin username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 66346630333538386564396632636161316239326530653037666465616165393135666532643264 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 vault_pass: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 31393635346263633965326334656663323439643166313736343337343032303234653264653065 3933333731343231643033373436653764326131616635640a356566616337373031333065303166 36363839323432353936336438636130373134353364326264393563663561346438356533656262 3630386265633339630a306334363336396539353133383236316138333538623064333036316233 6464 token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 35343365393734313034383961616333633265623037303436653739613935366666373237366562 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 30313631343534643866383336623837363433303032376264373139306464313866313034663636 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 37653135666331633532653436656461396131623736353962643632316135633562346631313036 6137356332636431643830666461333862613835336631333037 tasks: - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git dest: "{{ playbook_dir }}/backup" single_branch: yes # version: masterls delegate_to: localhost - ansible.builtin.fetch: src: "{{ item }}" dest: "{{ playbook_dir }}/backup/" loop: #! Docker-compose - /opt/dockerapps/docker-compose.yml #! Dex & traefik-forward - /opt/dockerapps/appdata/dex/config.yml - /opt/dockerapps/appdata/dex/traefik-auth-conf.env #! Gitea & Runner - /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini - /opt/dockerapps/appdata/gitea/runner/config.yaml #! Notification - /opt/dockerapps/appdata/alert/config/alertmanager.yml #! Homepage - /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml - /opt/dockerapps/appdata/homepage/homepage/services.yaml - /opt/dockerapps/appdata/homepage/homepage/settings.yaml #! Semaphore - /opt/dockerapps/appdata/semaphore/config/config.json #! Alertmanager - /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml #! ALertmanager 2 ntfy - /opt/dockerapps/appdata/ntfy_alertmanager/etc/config #! prometheus - /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml - /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml - name: Push backup to git ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . git commit -m "Push Backup with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git args: chdir: "{{ playbook_dir }}/backup/" run_once: true delegate_to: localhost - name: Get a cert from an https port community.crypto.get_certificate: host: "gitea.jingoh.fr" port: 443 delegate_to: localhost run_once: true register: cert tags: test # - name: set # ansible.builtin.set_fact: # cert_date: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ') }}" # tags: test # - debug: # msg: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ')}}" # tags: test # - debug: # msg: "{{ cert.not_after | to_datetime }} - {{ ansible_date_time.iso8601_basic }}" # # loop: # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # - debug: # msg: "{{ item }}" # loop: # - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days }}" # # - "{{ ansible_date_time.date.total_seconds() }}" # tags: test # when: # - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 30 }}" # curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key" -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/scaleway # # when: cert.not_after - ansible_date_time.iso8601_basic > - name: Need to renew HTTPS uri: url: "https://alert.jingoh.fr/scaleway" method: POST user: "{{ username }}" password: "{{ password }}" headers: Title: "HTTPS Certificats" ta: "closed_lock_with_key" body: "*.jingoh.fr Less than 10 days" status_code: 200 tags: test delegate_to: localhost when: - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 10 }}" # - name: Exécuter le conteneur Docker # community.docker.docker_container: # name: vaultwarden-backup # image: bruceforce/vaultwarden-backup # state: started # auto_remove: true # command: manual # volumes_from: # - vault # env: # UID: "0" # BACKUP_DIR: "/data/backup" # TIMESTAMP: "true" # ENCRYPTION_PASSWORD: "{{ vault_pass }}" # # tags: dock # when: inventory_hostname in groups['controller'] # - name: Supprimer les fichiers de sauvegarde de Vaultwarden plus anciens que 7 jours # find: # paths: /opt/dockerapps/appdata/vaultwarden/backup/ # age: 7d # register: files_to_remove # become: true # when: inventory_hostname in groups['controller'] # tags: dock # - name: Supprimer les fichiers plus anciens que 7 jours # file: # path: "{{ item.path }}" # state: absent # loop: "{{ files_to_remove.files }}" # tags: dock # become: true # - name: Backup vault # uri: # url: "https://alert.jingoh.fr/scaleway" # method: POST # user: "{{ username }}" # password: "{{ password }}" # headers: # Title: "Backup Vault" # ta: "inbox_tray" # body: "Local Backup vault done !" # status_code: 200 # tags: dock # delegate_to: localhost # - name: Exécuter la commande dans le conteneur Docker # community.docker.docker_container: # name: gitea # command: "gitea dump -c /data/gitea/conf/app.ini" # user: git # working_dir: /data/ # state: present # interactive: no # image: gitea/gitea:latest # tty: no # tags: git # docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini # mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/ # docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql # mv ./gitea-db-pg.sql /opt/dockerapps/backup/ # find /opt/dockerapps/backup/ -mtime +7 -exec rm {} \; # curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray" -d "Local Backup gitea done !" https://alert.jingoh.fr/scaleway # docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual # chown -R stephane:stephane /opt/dockerapps/appdata/vaultwarden/backup # find /opt/dockerapps/appdata/vaultwarden/backup/ -mtime +7 -exec rm {} \; # curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray" -d "Local Backup vault done !" https://alert.jingoh.fr/scaleway