diff --git a/common/borgbackup/tasks/main.yml b/common/borgbackup/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ff7735c2bd9eb31b23037aa1565d7477a83be043
--- /dev/null
+++ b/common/borgbackup/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+# Pakete installieren
+- name: pakete installieren
+ apt:
+ pkg: "{{ item }}"
+ update_cache: yes
+ state: installed
+ with_items:
+ - borgbackup
+ - logrotate
+ - moreutils
+
+- name: get secrets from server 1
+ slurp: src={{ item }}
+ with_items:
+ - /srv/borgbackup/repo_passphrase
+ - /srv/borgbackup/repo_url
+ register: borgbackup_secrets
+
+- name: get secrets from server 2
+ set_fact:
+ repo_passphrase: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_passphrase') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ repo_url: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_url') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+
+# BorgBackup Scripte erstellen
+
+- name: BorgBackup Script erstellen
+ template: src={{ item }} dest=/opt/{{ item }} mode=o+x
+ with_items:
+ - "borgbackup-check.sh"
+ - "borgbackup-create.sh"
+ - "borgbackup-delete.sh"
+ - "borgbackup-info.sh"
+ - "borgbackup-init.sh"
+ - "borgbackup-list.sh"
+ - "borgbackup-mount.sh"
+
+- name: BorgBackup log folder erstellen
+ file:
+ path: "/var/log/borgbackup"
+ state: "directory"
+
+- name: BorgBackup LogRotate config erstellen
+ template: src=logrotate dest=/etc/logrotate.d/borgbackup
+
+- name: Cronjob für BorgBackup
+ cron: name="borgbackup" weekday="{{borgbackup_weekday}}" hour="{{borgbackup_hour}}" minute="{{borgbackup_minute}}" job="/opt/borgbackup-create.sh 2>&1 | ts '[%Y-%m-%d %H:%M:%S]' >> /var/log/borgbackup/borgbackup.log"
\ No newline at end of file
diff --git a/common/borgbackup/templates/borgbackup-check.sh b/common/borgbackup/templates/borgbackup-check.sh
new file mode 100644
index 0000000000000000000000000000000000000000..dbdfd2f0f1837bbb3f98e79838d5d6f928ec810f
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-check.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Überprüfung des Archives
+borg check $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-create.sh b/common/borgbackup/templates/borgbackup-create.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9185d6decb0e5688139511393ec972a8da3385bd
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-create.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Ausführung des Backups
+# anschließend Bereinigung
+# abschließend Integritätscheck
+
+borg create $1 $2 $3 --info --show-rc --stats --compression lzma,2 {{repo_url}}::`date +%Y-%m-%d_%H_%M` \
+{% for directory in borgbackup_directories %}
+{{ directory }} \
+{% endfor %}
+&& \
+borg prune $1 $2 $3 --info --show-rc --list {{repo_url}} \
+{% for prune in borgbackup_prune %}
+{{ prune }} \
+{% endfor %}
+&& \
+borg check $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-delete.sh b/common/borgbackup/templates/borgbackup-delete.sh
new file mode 100644
index 0000000000000000000000000000000000000000..12d0e11f87abd265ead9e048b0305a83ad01fcdd
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-delete.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Löschen eines Backups
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg delete $1 $2 $3 --info --show-rc {{repo_url}}::$target
diff --git a/common/borgbackup/templates/borgbackup-info.sh b/common/borgbackup/templates/borgbackup-info.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a311726275efcc8edca20e0d32da11057c0f3447
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-info.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg info $1 $2 $3 --info --show-rc {{repo_url}}::$target
diff --git a/common/borgbackup/templates/borgbackup-init.sh b/common/borgbackup/templates/borgbackup-init.sh
new file mode 100644
index 0000000000000000000000000000000000000000..8e97c70ce30ff94f43354423c50c5d3a31ce4e24
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-init.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Initialisierung des Borg Backup Archives
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+borg init $1 $2 $3 --info --show-rc --encryption=repokey {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-list.sh b/common/borgbackup/templates/borgbackup-list.sh
new file mode 100644
index 0000000000000000000000000000000000000000..07bd9086ce2f8169532fd9c2d59c3ec68524544f
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-list.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-mount.sh b/common/borgbackup/templates/borgbackup-mount.sh
new file mode 100644
index 0000000000000000000000000000000000000000..7b79b686c1594d9c1013c599a797bce7c3f62a38
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-mount.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Einhängen eines Backups nach /mnt/
+
+echo -n 'Mounting to: /mnt/borbbackupmount'
+borg mount $1 $2 $3 --info --show-rc {{repo_url}} /mnt/borbbackupmount
diff --git a/common/borgbackup/templates/logrotate b/common/borgbackup/templates/logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..b17a8fe9713f6db8be1fc310a76ead124887ce27
--- /dev/null
+++ b/common/borgbackup/templates/logrotate
@@ -0,0 +1,7 @@
+/var/log/borgbackup/borgbackup.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
diff --git a/host_vars/webserver b/host_vars/webserver
index 972483407f015544dfb8181580e45635571accc9..efba09cd7354902495a2b4e1a2c7c2fb0736ba55 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -12,6 +12,20 @@ debian_sources:
- "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie-updates main contrib non-free"
- "deb http://apt.dockerproject.org/repo debian-jessie main"
+borgbackup_weekday: "*"
+borgbackup_hour: "4"
+borgbackup_minute: "0"
+
+borgbackup_directories:
+ - "/etc/"
+ - "/srv/"
+
+borgbackup_prune:
+ - "--keep-within=2d"
+ - "--keep-daily=7"
+ - "--keep-weekly=4"
+ - "--keep-monthly=6"
+
letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
letsencrypt_mail: verwaltung@warpzone.ms
diff --git a/webserver/main.yml b/webserver/main.yml
index 67fccb04bab6ec3425e1291bea68e4d281b3d00a..7514f84e96c9975578bc3ccf93d52e2f964a0d26 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -3,6 +3,7 @@
- hosts: webserver
remote_user: root
roles:
+ - { role: ../common/borgbackup, tags: borgbackup }
- { role: nginx, tags: nginx }
- { role: openvpn, tags: openvpn }
- { role: docker, tags: docker }