matrix-backup-borg: add ability to backup to unencrypted repositories (#1754)
* matrix-backup-borg: added option for unencrypted repo access * matrix-backup-borg: fixed requiring password for unencrypted repos; changed variable name * matrix-backup-borg: add unknown_unencrypted_repo_access_is_ok to config.yaml.j2 * matrix-backup-borg: cleanup comments * matrix-backup-borg: add documentation regarding unencrypted repos * matrix-backup-borg: add readability and ease of use to code * matrix-backup-borg: fix wording in defaults/main.yml comment * matrix-backup-borg: add quotes to docs * Indicate the variable to use Co-authored-by: Slavi Pantaleev <slavi@devture.com>
This commit is contained in:
parent
ca09b935c3
commit
949fdd0135
|
@ -51,6 +51,8 @@ where:
|
|||
* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
|
||||
* PRIVATE KEY - the content of the **private** part of the SSH key you created before
|
||||
|
||||
To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable.
|
||||
|
||||
`matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.
|
||||
|
||||
Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.
|
||||
|
|
|
@ -44,12 +44,15 @@ matrix_backup_borg_location_repositories: []
|
|||
# exclude following paths:
|
||||
matrix_backup_borg_location_exclude_patterns: []
|
||||
|
||||
# borg encryption mode, only repokey-* is supported
|
||||
# borg encryption mode, only "repokey-*" and "none" are supported
|
||||
matrix_backup_borg_encryption: repokey-blake2
|
||||
|
||||
# private ssh key used to connect to the borg repo
|
||||
matrix_backup_borg_ssh_key_private: ""
|
||||
|
||||
# allow unencrypted repo access
|
||||
matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
|
||||
|
||||
# borg ssh command with ssh key
|
||||
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
|
||||
|
||||
|
|
|
@ -7,4 +7,9 @@
|
|||
with_items:
|
||||
- "matrix_backup_borg_ssh_key_private"
|
||||
- "matrix_backup_borg_location_repositories"
|
||||
- "matrix_backup_borg_storage_encryption_passphrase"
|
||||
|
||||
- name: Fail if encryption passphrase is undefined unless repository is unencrypted
|
||||
fail:
|
||||
msg: >-
|
||||
You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
|
||||
when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"
|
||||
|
|
|
@ -11,6 +11,7 @@ storage:
|
|||
ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
|
||||
archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
|
||||
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
|
||||
unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
|
||||
|
||||
retention:
|
||||
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
|
||||
|
|
Loading…
Reference in a new issue