initial import from social-coop

2020-11-29 12:39:02 +00:00
commit 56fa50ec69
7 changed files with 169 additions and 0 deletions
--- a/server.playbook.yml
+++ b/server.playbook.yml
@@ -0,0 +1,30 @@
+---
+- name: social.coop | server
+  hosts: all
+  become: yes
+  vars_files:
+    - secrets.vars.yml
+  vars:
+    s3_access_key_id: "{{lookup('passwordstore', 'deployment/backupninja/s3access')}}"
+    s3_secret_access_key: "{{lookup('passwordstore', 'deployment/backupninja/s3sec')}}"
+  roles:
+    - role: server
+    - role: social-coop
+
+    - role: logcheck-custom
+      tags: logcheck-custom
+
+    # Installs a script to dump the mastodon-live PgSQL database, and
+    # copy the GPG encrypted archive to our S3 space with rclone. This
+    # is invoked daily using a systemd timer. Encryption is done with
+    # the public key in the password store
+    # deployment/backupninja/pub. To decrypt, you need to use the
+    # associated private key
+    - role: pg-dump-to-s3
+      tags: pg-dump-to-s3
+      pg_dump_to_s3_systemd_timer_section: OnCalendar=00:40:00
+      pg_dump_to_s3_desturl: "spaces:social-coop-media/backups/{{inventory_hostname_short}}/"
+      pg_dump_to_s3_pgdump_opts: -h localhost -U root -d mastodon-live -Fc 
+      pg_dump_to_s3_pubkey: "{{lookup('passwordstore', 'deployment/backupninja/pub returnall=true')}}"
+      pg_dump_to_s3_rclone_config: "{{lookup('template', 'templates/rclone-conf.j2')}}"
+