31 lines
1.2 KiB
YAML
31 lines
1.2 KiB
YAML
---
|
|
- name: social.coop | server
|
|
hosts: all
|
|
become: yes
|
|
vars_files:
|
|
- secrets.vars.yml
|
|
vars:
|
|
s3_access_key_id: "{{lookup('passwordstore', 'deployment/backupninja/s3access')}}"
|
|
s3_secret_access_key: "{{lookup('passwordstore', 'deployment/backupninja/s3sec')}}"
|
|
roles:
|
|
- role: server
|
|
- role: social-coop
|
|
|
|
- role: logcheck-custom
|
|
tags: logcheck-custom
|
|
|
|
# Installs a script to dump the mastodon-live PgSQL database, and
|
|
# copy the GPG encrypted archive to our S3 space with rclone. This
|
|
# is invoked daily using a systemd timer. Encryption is done with
|
|
# the public key in the password store
|
|
# deployment/backupninja/pub. To decrypt, you need to use the
|
|
# associated private key
|
|
- role: pg-dump-to-s3
|
|
tags: pg-dump-to-s3
|
|
pg_dump_to_s3_systemd_timer_section: OnCalendar=00:40:00
|
|
pg_dump_to_s3_desturl: "spaces:social-coop-media/backups/{{inventory_hostname_short}}/"
|
|
pg_dump_to_s3_pgdump_opts: -h localhost -U root -d mastodon-live -Fc
|
|
pg_dump_to_s3_pubkey: "{{lookup('passwordstore', 'deployment/backupninja/pub returnall=true')}}"
|
|
pg_dump_to_s3_rclone_config: "{{lookup('template', 'templates/rclone-conf.j2')}}"
|
|
|