matrix-backup-borg: add ability to backup to unencrypted repositories (#1754)

* matrix-backup-borg: added option for unencrypted repo access

* matrix-backup-borg: fixed requiring password for unencrypted repos; changed variable name

* matrix-backup-borg: add unknown_unencrypted_repo_access_is_ok to config.yaml.j2

* matrix-backup-borg: cleanup comments

* matrix-backup-borg: add documentation regarding unencrypted repos

* matrix-backup-borg: add readability and ease of use to code

* matrix-backup-borg: fix wording in defaults/main.yml comment

* matrix-backup-borg: add quotes to docs

* Indicate the variable to use

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
This commit is contained in:
Adriel Sand 2022-04-18 14:48:37 +03:00 committed by GitHub
parent ca09b935c3
commit 949fdd0135
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 2 deletions

View file

@ -51,6 +51,8 @@ where:
* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
* PRIVATE KEY - the content of the **private** part of the SSH key you created before
To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable.
`matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.
Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.

View file

@ -44,12 +44,15 @@ matrix_backup_borg_location_repositories: []
# exclude following paths:
matrix_backup_borg_location_exclude_patterns: []
# borg encryption mode, only repokey-* is supported
# borg encryption mode, only "repokey-*" and "none" are supported
matrix_backup_borg_encryption: repokey-blake2
# private ssh key used to connect to the borg repo
matrix_backup_borg_ssh_key_private: ""
# allow unencrypted repo access
matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
# borg ssh command with ssh key
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey

View file

@ -7,4 +7,9 @@
with_items:
- "matrix_backup_borg_ssh_key_private"
- "matrix_backup_borg_location_repositories"
- "matrix_backup_borg_storage_encryption_passphrase"
- name: Fail if encryption passphrase is undefined unless repository is unencrypted
fail:
msg: >-
You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"

View file

@ -11,6 +11,7 @@ storage:
ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
retention:
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}