SipsOfCode/infrastructure
2
2
Fork 0
Code Issues 8 Pull requests 6 Releases Activity

feat(restic): add restic backup role #133

Merged
saibotk merged 1 commit from restic into main 2025-05-12 00:44:34 +02:00
Conversation 2 Commits 1 Files changed 11 +416
saibotk commented 2025-03-31 01:45:23 +02:00
Owner
Copy link

Adds an opinionated backup solution for BTRFS volumes using
restic with the resticprofile tool.

By default, this will create a daily backup of the configured target directories.
It ensures that they are consistent by using the native BTRFS snapshot functionality.

Every week, on sunday night, it will check the integrity and prune old
snapshots.

Metrics are also exposed through resticprofile in prom format and
written to the /backup/status/status.prom file.

This role also allows to configure ntfy notifications for errors.

To query the repository and run various commands manually, we also
install the resticprofile helper script, that can be run as root.
Note: Backups cannot be done using the helper as the required mounts
are not included in the script.

We keep backups using the following retention strategy:

  • last 4 hourly
  • last 7 daily
  • last 4 weekly
  • last 3 monthly
  • backups done in the last 3 hours
  • tag "forever" -> forever
Adds an opinionated backup solution for BTRFS volumes using `restic` with the `resticprofile` tool. By default, this will create a daily backup of the configured target directories. It ensures that they are consistent by using the native BTRFS snapshot functionality. Every week, on sunday night, it will check the integrity and prune old snapshots. Metrics are also exposed through `resticprofile` in prom format and written to the `/backup/status/status.prom` file. This role also allows to configure ntfy notifications for errors. To query the repository and run various commands manually, we also install the `resticprofile` helper script, that can be run as root. Note: Backups cannot be done using the helper as the required mounts are not included in the script. We keep backups using the following retention strategy: - last 4 hourly - last 7 daily - last 4 weekly - last 3 monthly - backups done in the last 3 hours - tag "forever" -> forever
🚀 1
saibotk self-assigned this 2025-03-31 01:45:23 +02:00
wip: resticprofile refactor
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
f872d3a8bc
 
TODO! NEEDS MORE TESTING & POLISHING
saibotk force-pushed restic from f872d3a8bc
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to 7df22837dc
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-03-31 20:45:02 +02:00 Compare
saibotk force-pushed restic from 7df22837dc
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to f40c171319
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-04-27 20:48:43 +02:00 Compare
saibotk force-pushed restic from f40c171319
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to 02961dfed0
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-04-27 22:05:20 +02:00 Compare
saibotk force-pushed restic from 02961dfed0
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to 6047aa6161
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-04-27 22:18:22 +02:00 Compare
saibotk changed title from WIP: restic to feat(restic): add restic backup role 2025-04-27 22:19:55 +02:00
saibotk force-pushed restic from 6047aa6161
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to 2734f78c28
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-04-27 22:20:21 +02:00 Compare
saibotk force-pushed restic from 2734f78c28
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to 9f75a6d931
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
2025-04-27 22:55:56 +02:00 Compare
histalek reviewed 2025-04-28 19:15:39 +02:00
histalek left a comment
Owner
Copy link

two suggestions, otherwise LGTM :)

two suggestions, otherwise LGTM :)
roles/restic/defaults/main.yml Outdated
@ -0,0 +1,33 @@
# restic_repository: "s3:s3.us-east-1.amazonaws.com/bucket_name"
# restic_repository_password:
restic_environment_vars:
histalek commented 2025-04-28 19:15:17 +02:00
Owner
Copy link

Could we link to the relevant restic docs here?

https://restic.readthedocs.io/en/stable/040_backup.html#environment-variables

Could we link to the relevant restic docs here? https://restic.readthedocs.io/en/stable/040_backup.html#environment-variables
👍 1
saibotk marked this conversation as resolved
roles/restic/tasks/main.yml Outdated
@ -0,0 +66,4 @@
- name: Reload systemd.
ansible.builtin.systemd:
daemon_reload: true
histalek commented 2025-04-28 19:10:08 +02:00
Owner
Copy link

why not add this to the two tasks below?

why not add this to the two tasks below?
saibotk commented 2025-04-28 19:43:42 +02:00
Author
Owner
Copy link

Oh a bit micro optimization, didn't want to reload the daemon twice.
If you prefer, i can also put it back to both tasks

Oh a bit micro optimization, didn't want to reload the daemon twice. If you prefer, i can also put it back to both tasks
histalek commented 2025-04-28 20:38:33 +02:00
Owner
Copy link

ah no that's fine, i was just wondering if there was a reason for it

ah no that's fine, i was just wondering if there was a reason for it
histalek marked this conversation as resolved
histalek approved these changes 2025-04-28 20:38:53 +02:00
saibotk force-pushed restic from 9f75a6d931
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
to c9733621ea
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
ci/woodpecker/push/ansible-lint Pipeline was successful
Details
2025-05-12 00:43:42 +02:00 Compare
saibotk deleted branch restic 2025-05-12 00:44:34 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
histalek
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
saibotk
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
SipsOfCode/infrastructure!133
No description provided.