sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04b41d5d9a95184b43877f1ef1a19c7a17023fce
semaphore/backup.yml
staffadmin 04b41d5d9a update backup
2024-08-29 12:45:58 +02:00

252 lines
9.5 KiB
YAML
Raw Blame History

- hosts: tower
# vars:
# become: true
gather_facts: true
vars:
user: staffadmin
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
vault_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
31393635346263633965326334656663323439643166313736343337343032303234653264653065
3933333731343231643033373436653764326131616635640a356566616337373031333065303166
36363839323432353936336438636130373134353364326264393563663561346438356533656262
3630386265633339630a306334363336396539353133383236316138333538623064333036316233
6464
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
63386534653335616161343063363965636232616365323838316236313536623562303636646665
6335613338626363353139313435343162363239333164340a306537616564333364653563633266
64373463316334343535666439646235346436613637323166343134623261356566656532646362
3361323863663663630a613464646332316564343134306263306238613636633533646262623838
63613264336635393231366461633532393261353931383135616330616164376138353830663630
6263383234363732366533363433376531666137343137633030
tasks:
# - name: Return all secrets from a path
# delegate_to: localhost
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
dest: "{{ playbook_dir }}/backup"
single_branch: yes
force: true
delegate_to: localhost
- ansible.builtin.fetch:
src: "{{ item }}"
dest: "{{ playbook_dir }}/backup/"
register: fetch_files_backup
loop:
#! Docker-compose
- /opt/dockerapps/docker-compose.yml
#! Dex & traefik-forward
- /opt/dockerapps/appdata/dex/config.yml
- /opt/dockerapps/appdata/dex/traefik-auth-conf.env
#! Gitea & Runner
- /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
- /opt/dockerapps/appdata/gitea/runner/config.yaml
#! Notification
- /opt/dockerapps/appdata/alert/config/alertmanager.yml
#! Homepage
- /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
- /opt/dockerapps/appdata/homepage/homepage/services.yaml
- /opt/dockerapps/appdata/homepage/homepage/settings.yaml
#! Semaphore
- /opt/dockerapps/appdata/semaphore/config/config.json
#! Alertmanager
- /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
#! ALertmanager 2 ntfy
- /opt/dockerapps/appdata/ntfy_alertmanager/etc/config
#! Grafana
- /opt/dockerapps/appdata/grafana/etc/grafana.ini
#! prometheus
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_internal.yml
#! bind
- /opt/dockerapps/appdata/bind/config/named.conf
- /opt/dockerapps/appdata/bind/records/example.com.zone
- /opt/dockerapps/appdata/bind/records/jingoh.private.zone
#! crowdsec
- /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
- /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
- /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile
# - name: Get a cert from an https port
# community.crypto.get_certificate:
# host: "gitea.jingoh.fr"
# port: 443
# delegate_to: localhost
# run_once: true
# register: cert
# tags: test3
# - ansible.builtin.command:
# cmd: "echo 'mescouilles'"
# register: toto
# tags: test3
# - debug:
# msg: "{{ toto }}"
# tags: test3
- name: Push backup to git
ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin"
git add .
git commit -m "Push Backup with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
args:
chdir: "{{ playbook_dir }}/backup/"
run_once: true
delegate_to: localhost
# - name: Get a cert from an https port
# community.crypto.get_certificate:
# host: "gitea.jingoh.fr"
# port: 443
# delegate_to: localhost
# run_once: true
# register: cert
# tags: test
# - name: set
# ansible.builtin.set_fact:
# cert_date: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ') }}"
# tags: test
# - debug:
# msg: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ')}}"
# tags: test
# - debug:
# msg: "{{ cert.not_after | to_datetime }} - {{ ansible_date_time.iso8601_basic }}"
# # loop:
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# - debug:
# msg: "{{ item }}"
# loop:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days }}"
# # - "{{ ansible_date_time.date.total_seconds() }}"
# tags: test
# when:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 30 }}"
# curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key" -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/scaleway
# # when: cert.not_after - ansible_date_time.iso8601_basic >
- name: NTFY when docker compose changed
uri:
url: "https://alert.jingoh.fr/scaleway"
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers:
Title: "docker-compose changed"
ta: "file_folder"
body: "Docker compose backup in gitea"
status_code: 200
tags: test1
delegate_to: localhost
when: fetch_files_backup.changed is true
# when:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 10 }}"
# - name: Exécuter le conteneur Docker
# community.docker.docker_container:
# name: vaultwarden-backup
# image: bruceforce/vaultwarden-backup
# state: started
# auto_remove: true
# command: manual
# volumes_from:
# - vault
# env:
# UID: "0"
# BACKUP_DIR: "/data/backup"
# TIMESTAMP: "true"
# ENCRYPTION_PASSWORD: "{{ vault_pass }}"
# # tags: dock
# when: inventory_hostname in groups['controller']
# - name: Supprimer les fichiers de sauvegarde de Vaultwarden plus anciens que 7 jours
# find:
# paths: /opt/dockerapps/appdata/vaultwarden/backup/
# age: 7d
# register: files_to_remove
# become: true
# when: inventory_hostname in groups['controller']
# tags: dock
# - name: Supprimer les fichiers plus anciens que 7 jours
# file:
# path: "{{ item.path }}"
# state: absent
# loop: "{{ files_to_remove.files }}"
# tags: dock
# become: true
# - name: Backup vault
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "Backup Vault"
# ta: "inbox_tray"
# body: "Local Backup vault done !"
# status_code: 200
# tags: dock
# delegate_to: localhost
# - name: Exécuter la commande dans le conteneur Docker
# community.docker.docker_container:
# name: gitea
# command: "gitea dump -c /data/gitea/conf/app.ini"
# user: git
# working_dir: /data/
# state: present
# interactive: no
# image: gitea/gitea:latest
# tty: no
# tags: git
# docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini
# mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/
# docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql
# mv ./gitea-db-pg.sql /opt/dockerapps/backup/
# find /opt/dockerapps/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray" -d "Local Backup gitea done !" https://alert.jingoh.fr/scaleway
# docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual
# chown -R stephane:stephane /opt/dockerapps/appdata/vaultwarden/backup
# find /opt/dockerapps/appdata/vaultwarden/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray" -d "Local Backup vault done !" https://alert.jingoh.fr/scaleway
Reference in New Issue View Git Blame Copy Permalink