From 7dd899df04488461afa9c068fc9da0456afe7686 Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Tue, 22 Nov 2022 16:28:24 +0100
Subject: [PATCH] tasks for backup server

---
 roles/backup/tasks/main.yml                   | 20 +++++++++++
 .../tasks/software/packages_utilities.yml     | 23 +++++++++++++
 .../tasks/system_setup/copy_backup_config.yml | 16 +++++++++
 roles/backup/tasks/system_setup/cron.yml      | 16 +++++++++
 roles/backup/templates/ssh_config.j2          |  7 ++++
 roles/base/files/private_keys/backup_ed25519  | 33 +++++++++++++++----
 .../base/files/public_keys/backup_ed25519.pub | 11 +------
 7 files changed, 109 insertions(+), 17 deletions(-)
 create mode 100644 roles/backup/tasks/main.yml
 create mode 100644 roles/backup/tasks/software/packages_utilities.yml
 create mode 100644 roles/backup/tasks/system_setup/copy_backup_config.yml
 create mode 100644 roles/backup/tasks/system_setup/cron.yml
 create mode 100644 roles/backup/templates/ssh_config.j2

diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
new file mode 100644
index 0000000..32df21c
--- /dev/null
+++ b/roles/backup/tasks/main.yml
@@ -0,0 +1,20 @@
+# Load distro-specific variables
+- include_vars: "{{ ansible_distribution }}.yml"
+  tags: always
+  ignore_errors: True
+
+- block:
+  - debug:
+      msg: Debug
+  # basics
+  - import_tasks: software/packages_utilities.yml
+
+  # Perform remaining tasks:
+  - import_tasks: system_setup/cron.yml
+  - import_tasks: system_setup/copy_backup_config.yml
+
+  - debug:
+      msg: hostvars.hosts_to_backup
+
+  rescue:
+    - set_fact: task_failed=true
\ No newline at end of file
diff --git a/roles/backup/tasks/software/packages_utilities.yml b/roles/backup/tasks/software/packages_utilities.yml
new file mode 100644
index 0000000..da8b978
--- /dev/null
+++ b/roles/backup/tasks/software/packages_utilities.yml
@@ -0,0 +1,23 @@
+- name: backup | utilities | install utility packages
+  tags: packages,system,system setup
+  package:
+    state: latest
+    name:
+      - sudo
+      - rsync
+
+- name: backup | utilities | install utilities (arch)
+  tags: packages,system,system setup
+  package:
+    state: latest
+    name:
+      - mariadb-clients
+  when: ansible_distribution == "Archlinux"
+
+- name: backup | utilities | install utilities (debian)
+  tags: packages,system,system setup
+  package:
+    state: latest
+    name:
+      - mariadb-client
+  when: ansible_distribution == "Debian"
\ No newline at end of file
diff --git a/roles/backup/tasks/system_setup/copy_backup_config.yml b/roles/backup/tasks/system_setup/copy_backup_config.yml
new file mode 100644
index 0000000..4243a88
--- /dev/null
+++ b/roles/backup/tasks/system_setup/copy_backup_config.yml
@@ -0,0 +1,16 @@
+- name: backup | system setup | create backup config directory
+  file:
+    path: "/opt/backup/"
+    state: directory
+
+- name: backup | system setup | copy backup config files
+  copy:
+    dest: "/opt/backup/config"
+    src: "config"
+
+- name: backup | system setup | add entries to ssh_config
+  template:
+    src: "ssh_config.j2"
+    dest: "{{ ansible_user }}/.ssh/config"
+    backup: true
+    mode: "0644"
\ No newline at end of file
diff --git a/roles/backup/tasks/system_setup/cron.yml b/roles/backup/tasks/system_setup/cron.yml
new file mode 100644
index 0000000..72e6534
--- /dev/null
+++ b/roles/backup/tasks/system_setup/cron.yml
@@ -0,0 +1,16 @@
+- name: backup | system setup | cron
+  become: true
+  become_user: root
+  cron:
+    name: "backup {{ item.sequence }}"
+    job: "/root/bin/backup.new {{ item.switch }}"
+    state: present
+    minute: "{{ item.minute }}"
+    hour: "{{ item.hour }}"
+    day: "{{ item.day }}"
+    month: "{{ item.month }}"
+  loop:
+    - { sequence: "daily", switch: "-d", minute: "0", hour: "3", day: "*", month: "*"}
+    - { sequence: "weekly", switch: "-w", minute: "0", hour: "4", day: "*", month: "*"}
+    - { sequence: "monthly", switch: "-m", minute: "30", hour: "6", day: "1", month: "*"}
+    - { sequence: "yearly", switch: "-y", minute: "59", hour: "23", day: "31", month: "12"}
\ No newline at end of file
diff --git a/roles/backup/templates/ssh_config.j2 b/roles/backup/templates/ssh_config.j2
new file mode 100644
index 0000000..ee4baf7
--- /dev/null
+++ b/roles/backup/templates/ssh_config.j2
@@ -0,0 +1,7 @@
+{% for host in hostvars[inventory_name]['hosts_to_backup'] %}
+Host {{ host.hostname }}_backup
+    Hostname {{ host.fqdn }}
+    User root
+    IdentityFile ~/.ssh/backup_ed25519
+    IdentitiesOnly yes
+{% endfor %}
\ No newline at end of file
diff --git a/roles/base/files/private_keys/backup_ed25519 b/roles/base/files/private_keys/backup_ed25519
index f04053f..b3846d6 100644
--- a/roles/base/files/private_keys/backup_ed25519
+++ b/roles/base/files/private_keys/backup_ed25519
@@ -1,7 +1,26 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACC11KG9c+/tJQLzFpNKaYg5wO69qGnLma+b+Xr+zHgLGQAAAKBVvgLPVb4C
-zwAAAAtzc2gtZWQyNTUxOQAAACC11KG9c+/tJQLzFpNKaYg5wO69qGnLma+b+Xr+zHgLGQ
-AAAEDXqxgmtwQkJQM18+vIoUlDdzKdTlavht+6lQtvG9/ap7XUob1z7+0lAvMWk0ppiDnA
-7r2oacuZr5v5ev7MeAsZAAAAHXJvb3RAY29ydXNjYW50LnVuaXZlcnNlLmxvY2Fs
------END OPENSSH PRIVATE KEY-----
\ No newline at end of file
+$ANSIBLE_VAULT;1.1;AES256
+36653336626566306131626130666530343166336163333139396363373231653432653364616630
+6437373439386236393930313436323932666533373336370a323838366565383464643532666138
+32376266353066323433323266356665633934633166373439666132643333313661363362313464
+3533623931323430650a356134333434313234613662303366323062303932653439376364623531
+30353266373163633134646431666235313930303339393933383335626163663863626535333435
+37346430373361366533393663616233666362653464313331373265383564633230343232616462
+38346463343536366264643437646662353237363864346634363031633966303261373061613433
+61373733623034303832333233316566643464303465613866376239336265383264393136343961
+35633462373661633263336534643066376233323931656538393463303833666164393039326432
+30396230633261323532343561636565366139333537326135313361313335393237336637623063
+33663761383433356438626533323563653835343435383735393839626636353233653634376233
+35653666363331616539616364346636313966636335663966336463386662643864633731623439
+65663033366235613935633866373531363038346432333364636637633633313161363362353836
+64333339623431633863653439346662636538663037656435616562633136623062396536323530
+63316635356363626137383132656130333037323463383839323334663033303538666533333462
+35353839366462396538336237623562666636633364383630306233393039346638376362326236
+35656131396234306238613363343733613239363264363239613930396535333739333638396232
+66396561303163313965313635663561666666376431633361353064353963626534363361653933
+30396166623930363735373161653964303066333937386536623238343764313862366366653132
+30653466373933626337663063303537383162643737346131653231613033623761353131336161
+35623366346564376439653666333030353632356664396432336439613838616130363461626132
+66653363323765656238366534626362313235666166373533353239316439613365643638353863
+33346534363037663331346463636230313436336230303336303562623466646638623437383937
+30616663666163313735363662353865646339303864623530663034313263653061613533633438
+36336566373535643337363965303530626333376234646665383837343566633261
diff --git a/roles/base/files/public_keys/backup_ed25519.pub b/roles/base/files/public_keys/backup_ed25519.pub
index 565bbc3..bab4c91 100644
--- a/roles/base/files/public_keys/backup_ed25519.pub
+++ b/roles/base/files/public_keys/backup_ed25519.pub
@@ -1,10 +1 @@
-$ANSIBLE_VAULT;1.1;AES256
-39376634373232333037646564313065326466623661356638343239333039663836363231316162
-3166333131373636666166623863323162643732303931620a643130383065633662343461366437
-32616232356536613435336363356435373437363935333637643764396630656561373235303065
-3732396536616537660a656138666562643739653263316431656533656461653438376262353565
-37656262383766656665383730626532626331316435383131653939373537326236353538376665
-38323765383039343537653236626631616265623332373133333232386338643832303664653730
-62666165383037636264646532386438646538313436333137383833333530373461316664613737
-37333530356139386131393339643838633834636462323364646533636165616433393932383533
-65666439656561646334646633326538363332626233663034636632646531663366
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILXUob1z7+0lAvMWk0ppiDnA7r2oacuZr5v5ev7MeAsZ root@coruscant.universe.local