| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| .editorconfig | ||
| .pre-commit-config.yaml | ||
| README.md | ||
backup role using duplicity for GPG encrypted backups
This role install duplicity on Ubuntu/Debian based systems and configures a cron job to ship the backup via ssh or webdav from the system.
Variables
- backup_enabled
Defaults to true, installing resources and secrets. When set to false, hardly does anything. When set to false on a system where the role was previously used, leaves everything as it is, but removes the cron job.
- backup_targethost
Hostname to use when using SSH based shipping of backups elsewhere.
- backup_client_ssh_privkey
ansible-vault encrypted SSH private key to authenticate to backup_targethost
- backup_client_ssh_pubkey
Public key matching the SSH private key. Not needed perse. Optional
- backup_full_interval
Internval to create a full backup. Inbetween incremental backups are performed. Defaults to 14 days (14D in duplicity speak)
- backup_transfer_method
Use either ssh or webdav as shipping method for backup files. Orf course duplicity supports a lot more, by my shellscript is limited. Defaults to webdav
- backup_webdav_url
Base URL for webdav based backups
- backup_webdav_user
Username for webdav access
- backup_webdav_password
Password for webdav access
- backup_webdav_folder
Folder to store the backups in on the webdav host. Defaults to ansible var inventory_hostname_short
- backup_gpg_key_id
short ID of the GPG key used to encrypt backups
- backup_gpg_public_key
public key part of the GPG key used to encrypt backups
- backup_gpg_private_key
ansible vault encrypted private key of the GPG key used to encrypt backups
- backup_gpg_key_passphrase
ansible vault encrypted passphrase of the GPG key used to encrypt backups