lvm_self_backup: Add backup retention

This implements backup retention. Inspired by 6d238ab04308125a411c630f39319e86a23d3dce of https://git.shivering-isles.com/shivering-isles/infrastructure
2021-01-02 05:40:24 +01:00 · 2021-01-02 05:40:24 +01:00 · 9b389ae587
commit 9b389ae587
parent 9824d3940b
2 changed files with 46 additions and 0 deletions
--- a/roles/lvm_self_backup/defaults/main.yml
+++ b/roles/lvm_self_backup/defaults/main.yml
@ -3,6 +3,7 @@

 # Infrastructure
 # Ansible instructions to deploy the infrastructure
+# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
@ -45,3 +46,18 @@ backup_gpg:
 # Should the systemd timer be enabled to automatically backup every day?
 backup_timer_enabled: true
 backup_timer_state: 'started'
+
+# Management for backup retention if enabled, backups will be dropped.
+backup_retention:
+  # Number of incremental backups to keep.
+  # Incremental backups require a full backup as base.
+  # Therefore the incremental count must be lower
+  # then under full backup if both are enabled.
+  incremental:
+    enabled: true
+    count: 3
+  # Number of full backups to keep. All additional will be deleted.
+  # Starting from the oldest.
+  full:
+    enabled: true
+    count: 6
--- a/roles/lvm_self_backup/templates/backup-lvm.sh
+++ b/roles/lvm_self_backup/templates/backup-lvm.sh
@ -49,6 +49,36 @@ docker run --name="duplicity-backup-lvm" \
           /backup/ \
           "{{ backup_target }}"

+{% if backup_retention.incremental.enabled %}
+echo "Remove old incremental backups"
+docker run --name="duplicity-backup-lvm" \
+           --security-opt "label=disable" \
+           --security-opt "no-new-privileges" \
+           --cap-drop=ALL \
+           --cap-add=DAC_OVERRIDE \
+           --rm \
+           -v "$HOME/.cache/duplicity/:/archive" \
+           --hostname {{ ansible_fqdn }} \
+           {{ backup_duplicity_image }}:{{ backup_duplicity_image_version }} \
+           remove-all-inc-of-but-n-full {{ backup_retention.incremental.count }} --force \
+           "{{ backup_target }}"
+{% endif %}
+
+{% if backup_retention.full.enabled %}
+echo "Remove old full backups"
+docker run --name="duplicity-backup-lvm" \
+           --security-opt "label=disable" \
+           --security-opt "no-new-privileges" \
+           --cap-drop=ALL \
+           --cap-add=DAC_OVERRIDE \
+           --rm \
+           -v "$HOME/.cache/duplicity/:/archive" \
+           --hostname {{ ansible_fqdn }} \
+           {{ backup_duplicity_image }}:{{ backup_duplicity_image_version }} \
+           remove-all-but-n-full {{ backup_retention.full.count }} --force \
+           "{{ backup_target }}"
+{% endif %}
+
 echo "Unmount snapshots:"
 {% for item in backup_vols %}
 umount /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap