Dustin C. Hatch
0f4dea9007
The `restic.yml` playbook applies the _restic_ role to hosts in the _restic_ group. The _restic_ role installs `restic` and creates a systemd timer and service unit to run `restic backup` every day. Restic doesn't really have a configuration file; all its settings are controlled either by environment variables or command-line options. Some options, such as the list of files to include in or exclude from backups, take paths to files containing the values. We can make use of these to provide some configurability via Ansible variables. The `restic_env` variable is a map of environment variables and values to set for `restic`. The `restic_include` and `restic_exclude` variables are lists of paths/patterns to include and exclude, respectively. Finally, the `restic_password` variable contains the password to decrypt the repository contents. The password is written to a file and exposed to the _restic-backup.service_ unit using [systemd credentials][0]. When using S3 or a compatible service for respository storage, Restic of course needs authentication credentials. These can be set using the `restic_aws_credentials` variable. If this variable is defined, it should be a map containing the`aws_access_key_id` and `aws_secret_access_key` keys, which will be written to an AWS shared credentials file. This file is then exposed to the _restic-backup.service_ unit using [systemd credentials][0]. [0]: https://systemd.io/CREDENTIALS/
13 lines
458 B
Desktop File
13 lines
458 B
Desktop File
[Unit]
|
|
Description=Back up filesystem with restic
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
LoadCredential=restic.aws.credentials
|
|
LoadCredential=restic.password
|
|
Environment=AWS_SHARED_CREDENTIALS_FILE=%d/restic.aws.credentials
|
|
Environment=RESTIC_PASSWORD_FILE=%d/restic.password
|
|
Environment=XDG_CACHE_HOME=%C
|
|
EnvironmentFile=-%E/restic/environment
|
|
ExecStart=/usr/bin/restic backup --files-from %E/restic/include --exclude-file %E/restic/exclude --exclude-if-present .nobackup
|