From 621f82c88d68f5d743fb911784a7cbbf8319a893 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 7 Sep 2024 20:42:17 -0500
Subject: [PATCH] hosts: Migrate remaining hosts to Restic

Gitea and Vaultwarden both have SQLite databases.  We'll need to add
some logic to ensure these are in a consistent state before beginning
the backup.  Fortunately, neither of them are very busy databases, so
the likelihood of an issue is pretty low.  It's definitely more
important to get backups going again sooner, and we can deal with that
later.
---
 group_vars/bitwarden_rs.yml              | 3 +++
 group_vars/file-servers.yml              | 5 +++++
 group_vars/gitea.yml                     | 3 +++
 group_vars/nextcloud.yml                 | 1 +
 group_vars/public-web/main.yml           | 4 ++++
 group_vars/pxe/restic.yml                | 2 ++
 host_vars/gw1.pyrocufflink.blue/main.yml | 6 ++++++
 hosts                                    | 5 +++++
 hosts.gw                                 | 3 +++
 9 files changed, 32 insertions(+)
 create mode 100644 group_vars/pxe/restic.yml

diff --git a/group_vars/bitwarden_rs.yml b/group_vars/bitwarden_rs.yml
index ee1d3fb..b797b3e 100644
--- a/group_vars/bitwarden_rs.yml
+++ b/group_vars/bitwarden_rs.yml
@@ -5,3 +5,6 @@ burp_backup:
 
 collectd_processes:
 - name: vaultwarden
+
+restic_include:
+- /var/lib/vaultwarden/data
diff --git a/group_vars/file-servers.yml b/group_vars/file-servers.yml
index effad18..efd85c2 100644
--- a/group_vars/file-servers.yml
+++ b/group_vars/file-servers.yml
@@ -1,2 +1,7 @@
 apache_userdir: public_html
 apache_server_name: files.pyrocufflink.blue
+
+restic_include:
+- /home
+- /srv/cifs/Downloads
+- /srv/www
diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml
index e0fc8ae..a61d10f 100644
--- a/group_vars/gitea.yml
+++ b/group_vars/gitea.yml
@@ -15,3 +15,6 @@ gitea_smtp:
   from: gitea@pyrocufflink.net
   addr: mail.pyrocufflink.blue
   port: 25
+
+restic_include:
+- /var/lib/gitea
diff --git a/group_vars/nextcloud.yml b/group_vars/nextcloud.yml
index 7994a6f..a6ea6fc 100644
--- a/group_vars/nextcloud.yml
+++ b/group_vars/nextcloud.yml
@@ -20,3 +20,4 @@ restic_include:
 - /var/lib/nextcloud
 restic_exclude:
 - /var/lib/nextcloud/data/*/files_trashbin
+- /var/lib/nextcloud/.snapshots
diff --git a/group_vars/public-web/main.yml b/group_vars/public-web/main.yml
index 3fa2329..8a58a20 100644
--- a/group_vars/public-web/main.yml
+++ b/group_vars/public-web/main.yml
@@ -1,3 +1,7 @@
+restic_include:
+- /home
+- /srv/www
+
 dchwww_publisher_keys:
 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina
 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOv2c1gyRKb8u7ImcfE/dBCwYw7Sf848TveGU4ekTllUkqXq/vXDmXh9WA8robhmmeaBsIsYogD6f7fVNbyEvVUINM8RBrCaBjANdKwNp/zc2xQB8xqs2aLhxQ5QkV6xIVjT4I7BkhsBYO/oCzHWlD7XjRqbSsIeOTIas99Kb2tZZGuRdjWG2XO18yUr9LVubkblhuSeHL9oKus4Jxk9XuDV93Mn1Vnx3OWplIxAXqh2p6K0mmcux3pSevb7/ehwUNaJbiHGWMDB3Jx72/H/xG5E4zGVznfOTpqPxDZQDeZB/owDJuCA8wJDTXlLjSvHTo5Cuy3dumQo9F1hSfX9NNQo38550fz6ToC0PtxNk4wt3r9O+IMLr7c8YAAngtM+WI1PE/+vd2gRHCZ2mE0qD0tIG1qoZXhDNmAA+OzvI8QOfHxXjz8rcWfhmvyWsiJVDSMExHzV+fDHjD1JLcQYqY9lFTt/AbICzcgc3lFRBl/Qq7v68mHlGuaxWJ+k8bX5KHtCks8jOTnG0qXQR2MVGQ4Dz3CBOt30/5yJTSKz5CLxi/DkYsNEnZJQoyx0h7Wi//J8DiEbYup5VwiLNkevxzrbLClTKilkKTLg1XTYHkVFcT3WEYNaA4ySZsE+S7F4zL3Re+8DNtED0bFq8gMeRm5n2jhup0vPV9mws+prtUrw== jenkins-web
diff --git a/group_vars/pxe/restic.yml b/group_vars/pxe/restic.yml
new file mode 100644
index 0000000..748220a
--- /dev/null
+++ b/group_vars/pxe/restic.yml
@@ -0,0 +1,2 @@
+restic_include:
+- /var/lib/tftpboot
diff --git a/host_vars/gw1.pyrocufflink.blue/main.yml b/host_vars/gw1.pyrocufflink.blue/main.yml
index 6452398..7da82d3 100644
--- a/host_vars/gw1.pyrocufflink.blue/main.yml
+++ b/host_vars/gw1.pyrocufflink.blue/main.yml
@@ -5,6 +5,12 @@ burp_backup:
 - exclude: /etc/selinux
 - exclude: /etc/udev/hwdb.bin
 
+restic_include:
+- /etc
+restic_exclude:
+- /etc/selinux
+- /etc/udev/hwdb.bin
+
 nut_monitor_password: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   30313966316233643038626638343734356135393436333666353539666633373764343237363764
diff --git a/hosts b/hosts
index c2f6317..dc9acb7 100644
--- a/hosts
+++ b/hosts
@@ -164,7 +164,12 @@ samba-dc
 file0.pyrocufflink.blue
 
 [restic]
+bw0.pyrocufflink.blue
 cloud0.pyrocufflink.blue
+file0.pyrocufflink.blue
+git0.pyrocufflink.blue
+pxe0.pyrocufflink.blue
+web0.pyrocufflink.blue
 
 [rw-root]
 
diff --git a/hosts.gw b/hosts.gw
index d4c657c..4160610 100644
--- a/hosts.gw
+++ b/hosts.gw
@@ -10,5 +10,8 @@ gw1.pyrocufflink.blue
 [nut-monitor]
 gw1.pyrocufflink.blue
 
+[restic]
+gw1.pyrocufflink.blue
+
 [squid]
 gw1.pyrocufflink.blue