sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
146d4fbd777dd83bc5e338bc9dbd55e62df7de7a
semaphore/backup.yml
staffadmin 146d4fbd77 [Add vacku + vault]
2025-06-03 23:09:19 +02:00

204 lines
7.8 KiB
YAML
Raw Blame History

- hosts: tower
# vars:
# become: true
gather_facts: false
vars:
user: sgratias
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
30383538646164373137616166636632353964373362323735626239656337306139616265323138
3834383331316466653565323632616163353964643637660a363262383461363234363738613034
64383132373061653337313365333734646635396635313133613861303730303163383764653664
6537633761353939330a356236623265383931643530316430303938303735306536343163323163
62636236346362663036343765363830383738623563613161373637383239623134376163653662
3565333032326133326232326633386332633639373862313463
tasks:
# - debug:
# msg: "test ok"
# delegate_to: localhost
# - name: Return all secrets from a path
# delegate_to: localhost
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/sgratias/backup.git
dest: "{{ playbook_dir }}/backup"
single_branch: yes
force: true
delegate_to: localhost
- ansible.builtin.fetch:
src: "{{ item }}"
dest: "{{ playbook_dir }}/backup/"
register: fetch_files_backup
loop:
#! Docker-compose
- /opt/dockerapps/docker-compose.yml
# #! Dex & traefik-forward
# - /opt/dockerapps/appdata/dex/config.yml
# - /opt/dockerapps/appdata/dex/traefik-auth-conf.env
#! Gitea & Runner
- /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
- /opt/dockerapps/appdata/gitea/runner/config.yaml
- /opt/dockerapps/appdata/gitea/runner/act_runner/.runner
#! Notification
- /opt/dockerapps/appdata/alert/config/alertmanager.yml
#! Homepage
- /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
- /opt/dockerapps/appdata/homepage/homepage/services.yaml
- /opt/dockerapps/appdata/homepage/homepage/settings.yaml
#! Semaphore
- /opt/dockerapps/appdata/semaphore/config/config.json
#! Alertmanager
- /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
#! ALertmanager 2 ntfy
- /opt/dockerapps/appdata/ntfy_alertmanager/etc/config
#! Grafana
- /opt/dockerapps/appdata/grafana/grafana.ini
- /opt/dockerapps/appdata/grafana/ldap.toml
#! prometheus
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
# - /opt/dockerapps/appdata/prometheus/prometheus/alerts_internal.yml
- /opt/dockerapps/appdata/prometheus/prometheus/promtool_test.yml
# #! bind
# - /opt/dockerapps/appdata/bind/config/named.conf
# - /opt/dockerapps/appdata/bind/records/example.com.zone
# - /opt/dockerapps/appdata/bind/records/jingoh.private.zone
# #! crowdsec
# - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
# - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
# - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile
#! filebeat (kafka)
- /opt/dockerapps/appdata/kafka/filebeat.yml
#! ldap
- /opt/dockerapps/appdata/ldap/data/lldap_config.toml
#! sftp
- /opt/dockerapps/appdata/sftp/sftpgo.json
#! vault_sync_ldap
- /opt/dockerapps/appdata/vault_sync_ldap/jingoh.config.toml
#! vault
- /opt/dockerapps/appdata/vaultwarden/config.json
#! wg portal
- /opt/dockerapps/appdata/wg-portal/config/config.yml
#! wg portal
- /opt/dockerapps/appdata/mailserver/etc/config.toml
- name: Push backup to git
ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "sgratias"
git add .
git commit -m "Push Backup with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/sgratias/backup.git
args:
chdir: "{{ playbook_dir }}/backup/"
run_once: true
delegate_to: localhost
# curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key" -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/scaleway
# when: cert.not_after - ansible_date_time.iso8601_basic >
# - name: NTFY when docker compose changed
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# headers:
# user: "{{ username }}"
# password: "{{ password }}"
# Title: "docker-compose changed"
# ta: "file_folder"
# body: "Docker compose backup in gitea"
# status_code: 200
# tags: test1
# delegate_to: localhost
# when: fetch_files_backup.changed is true
# when:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 10 }}"
# - name: Exécuter le conteneur Docker
# community.docker.docker_container:
# name: vaultwarden-backup
# image: bruceforce/vaultwarden-backup
# state: started
# auto_remove: true
# command: manual
# volumes_from:
# - vault
# env:
# UID: "0"
# BACKUP_DIR: "/data/backup"
# TIMESTAMP: "true"
# ENCRYPTION_PASSWORD: "{{ vault_pass }}"
# # tags: dock
# when: inventory_hostname in groups['controller']
# - name: Supprimer les fichiers de sauvegarde de Vaultwarden plus anciens que 7 jours
# find:
# paths: /opt/dockerapps/appdata/vaultwarden/backup/
# age: 7d
# register: files_to_remove
# become: true
# when: inventory_hostname in groups['controller']
# tags: dock
# - name: Supprimer les fichiers plus anciens que 7 jours
# file:
# path: "{{ item.path }}"
# state: absent
# loop: "{{ files_to_remove.files }}"
# tags: dock
# become: true
# - name: Backup vault
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "Backup Vault"
# ta: "inbox_tray"
# body: "Local Backup vault done !"
# status_code: 200
# tags: dock
# delegate_to: localhost
# - name: Exécuter la commande dans le conteneur Docker
# community.docker.docker_container:
# name: gitea
# command: "gitea dump -c /data/gitea/conf/app.ini"
# user: git
# working_dir: /data/
# state: present
# interactive: no
# image: gitea/gitea:latest
# tty: no
# tags: git
# docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini
# mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/
# docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql
# mv ./gitea-db-pg.sql /opt/dockerapps/backup/
# find /opt/dockerapps/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray" -d "Local Backup gitea done !" https://alert.jingoh.fr/scaleway
# docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual
# chown -R stephane:stephane /opt/dockerapps/appdata/vaultwarden/backup
# find /opt/dockerapps/appdata/vaultwarden/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray" -d "Local Backup vault done !" https://alert.jingoh.fr/scaleway
Reference in New Issue View Git Blame Copy Permalink