sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c8f05025d25cd9da19e5d22cfa5cb69dd9e7382
semaphore/backup.yml
staffadmin 9c8f05025d add backp
2025-05-06 21:42:51 +02:00

289 lines
10 KiB
YAML
Raw Blame History

- hosts: tower
# vars:
# become: true
gather_facts: false
vars:
user: staffadmin
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
vault_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
31393635346263633965326334656663323439643166313736343337343032303234653264653065
3933333731343231643033373436653764326131616635640a356566616337373031333065303166
36363839323432353936336438636130373134353364326264393563663561346438356533656262
3630386265633339630a306334363336396539353133383236316138333538623064333036316233
6464
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
36663034636138333863626233623737363834333134333235656132333933356237396132383266
3266326438656130623337653464633062343433623333620a386561353637613263323837313230
66666633373066363862343766646431396632653332333830323136343230336464333635343136
3732643432306338640a666334373636653164646135633966333339323935363433663130313235
36613831356265373964623464356263333666366539663131396535613633346138613665383864
6331393663346638663832313035653765303938376230363936
tasks:
# ! alertmanager + ntfy
# route:
# receiver: 'ntfy'
# repeat_interval: 4h
# group_by: [ alertname ]
# receivers:
# - name: "ntfy"
# webhook_configs:
# - url: "http://ntfy-alertmanager:8080"
# - command:
# cmd: "echo 'mescouilles'"
# - debug:
# msg: "test ok"
# delegate_to: localhost
# - name: Return all secrets from a path
# delegate_to: localhost
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
dest: "{{ playbook_dir }}/backup"
single_branch: yes
force: true
delegate_to: localhost
- ansible.builtin.fetch:
src: "{{ item }}"
dest: "{{ playbook_dir }}/backup/"
register: fetch_files_backup
loop:
#! Docker-compose
- /opt/dockerapps/docker-compose.yml
# #! Dex & traefik-forward
# - /opt/dockerapps/appdata/dex/config.yml
# - /opt/dockerapps/appdata/dex/traefik-auth-conf.env
#! Gitea & Runner
- /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
- /opt/dockerapps/appdata/gitea/runner/config.yaml
- /opt/dockerapps/appdata/gitea/runner/act_runner/.runner
#! Notification
- /opt/dockerapps/appdata/alert/config/alertmanager.yml
#! Homepage
- /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
- /opt/dockerapps/appdata/homepage/homepage/services.yaml
- /opt/dockerapps/appdata/homepage/homepage/settings.yaml
#! Semaphore
- /opt/dockerapps/appdata/semaphore/config/config.json
#! Alertmanager
- /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
#! ALertmanager 2 ntfy
- /opt/dockerapps/appdata/ntfy_alertmanager/etc/config
#! Grafana
- /opt/dockerapps/appdata/grafana/etc/grafana.ini
#! prometheus
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_internal.yml
- /opt/dockerapps/appdata/prometheus/prometheus/promtool_test.yml
# #! bind
# - /opt/dockerapps/appdata/bind/config/named.conf
# - /opt/dockerapps/appdata/bind/records/example.com.zone
# - /opt/dockerapps/appdata/bind/records/jingoh.private.zone
# #! crowdsec
# - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
# - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
# - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile
#! filebeat (kafka)
- /opt/dockerapps/appdata/kafka/filebeat.yml
#! ldap
- /opt/dockerapps/appdata/lldap/lldap_config.toml
#! sftp
- /opt/dockerapps/appdata/sftp/sftpgo.json
#! vault_sync_ldap
- /opt/dockerapps/appdata/vault_sync_ldap/jingoh.config.toml
#! vault
- /opt/dockerapps/appdata/vaultwarden/config.json
#! wg portal
- /opt/dockerapps/appdata/wg-portal/config/config.yml
# - name: Get a cert from an https port
# community.crypto.get_certificate:
# host: "gitea.jingoh.fr"
# port: 443
# delegate_to: localhost
# run_once: true
# register: cert
# tags: test3
# - ansible.builtin.command:
# cmd: "echo 'mescouilles'"
# register: toto
# tags: test3
# - debug:
# msg: "{{ toto }}"
# tags: test3
- name: Push backup to git
ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin"
git add .
git commit -m "Push Backup with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
args:
chdir: "{{ playbook_dir }}/backup/"
run_once: true
delegate_to: localhost
# - name: Get a cert from an https port
# community.crypto.get_certificate:
# host: "gitea.jingoh.fr"
# port: 443
# delegate_to: localhost
# run_once: true
# register: cert
# tags: test
# - name: set
# ansible.builtin.set_fact:
# cert_date: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ') }}"
# tags: test
# - debug:
# msg: "{{ cert.not_after | to_datetime('%Y%m%d%H%M%SZ')}}"
# tags: test
# - debug:
# msg: "{{ cert.not_after | to_datetime }} - {{ ansible_date_time.iso8601_basic }}"
# # loop:
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# - debug:
# msg: "{{ item }}"
# loop:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days }}"
# # - "{{ ansible_date_time.date.total_seconds() }}"
# tags: test
# when:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 30 }}"
# curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key" -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/scaleway
# # when: cert.not_after - ansible_date_time.iso8601_basic >
- name: NTFY when docker compose changed
uri:
url: "https://alert.jingoh.fr/scaleway"
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers:
Title: "docker-compose changed"
ta: "file_folder"
body: "Docker compose backup in gitea"
status_code: 200
tags: test1
delegate_to: localhost
when: fetch_files_backup.changed is true
# when:
# - "{{ ((cert.not_after | to_datetime('%Y%m%d%H%M%SZ') ) - (ansible_date_time.date | to_datetime('%Y-%m-%d') )).days < 10 }}"
# - name: Exécuter le conteneur Docker
# community.docker.docker_container:
# name: vaultwarden-backup
# image: bruceforce/vaultwarden-backup
# state: started
# auto_remove: true
# command: manual
# volumes_from:
# - vault
# env:
# UID: "0"
# BACKUP_DIR: "/data/backup"
# TIMESTAMP: "true"
# ENCRYPTION_PASSWORD: "{{ vault_pass }}"
# # tags: dock
# when: inventory_hostname in groups['controller']
# - name: Supprimer les fichiers de sauvegarde de Vaultwarden plus anciens que 7 jours
# find:
# paths: /opt/dockerapps/appdata/vaultwarden/backup/
# age: 7d
# register: files_to_remove
# become: true
# when: inventory_hostname in groups['controller']
# tags: dock
# - name: Supprimer les fichiers plus anciens que 7 jours
# file:
# path: "{{ item.path }}"
# state: absent
# loop: "{{ files_to_remove.files }}"
# tags: dock
# become: true
# - name: Backup vault
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "Backup Vault"
# ta: "inbox_tray"
# body: "Local Backup vault done !"
# status_code: 200
# tags: dock
# delegate_to: localhost
# - name: Exécuter la commande dans le conteneur Docker
# community.docker.docker_container:
# name: gitea
# command: "gitea dump -c /data/gitea/conf/app.ini"
# user: git
# working_dir: /data/
# state: present
# interactive: no
# image: gitea/gitea:latest
# tty: no
# tags: git
# docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini
# mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/
# docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql
# mv ./gitea-db-pg.sql /opt/dockerapps/backup/
# find /opt/dockerapps/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray" -d "Local Backup gitea done !" https://alert.jingoh.fr/scaleway
# docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual
# chown -R stephane:stephane /opt/dockerapps/appdata/vaultwarden/backup
# find /opt/dockerapps/appdata/vaultwarden/backup/ -mtime +7 -exec rm {} \;
# curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray" -d "Local Backup vault done !" https://alert.jingoh.fr/scaleway
Reference in New Issue View Git Blame Copy Permalink