cisti/infra
3
0
Fork 1
Code Issues Pull requests Releases Activity

Compare commits

merge into: cisti:feat/koha
Branches Tags
cisti:master
cisti:feat/koha
...
pull from: cisti:master
Branches Tags
cisti:master
cisti:feat/koha

7 commits
feat/koha ... master

Author SHA1 Message Date
gibix
a201969120 rm old service 2022-11-03 10:47:15 +01:00
lesion
f06f8c1ab4 stereodon + upload file x cicles, gancio e mastodon 2022-03-27 23:48:17 +02:00
gibix
cf6d393af1 aggiunto reverse per cal e rss 2022-03-27 19:18:39 +02:00
lesion
93175038b6 cicles, hackrocchio, autogestione 2022-03-26 18:37:11 +01:00
lesion
28a0d5e356 madonnadiddio 2022-03-26 18:21:41 +01:00
lesion
b2a32a8b9e add restic to stereodon, using rsyncable pigz 2022-03-11 10:03:45 +01:00
lesion
b42edb434f nice and ionice to restic backup 2022-02-24 14:36:45 +01:00
7 changed files with 86 additions and 12 deletions
Show stats Expand all files Collapse all files

18
backup.yml
View file

@ -1,9 +1,19 @@
--- ---
## FRONTEND - name: Mastodon backup
- name: Test backup
hosts: mastodon hosts: mastodon
roles: ['stable/restic'] roles: ['stable/restic']
vars: vars:
restic_dump_compression_enabled: true
restic_databases: restic_databases:
- {name: 'mastodon', dump_command: sudo -Hiu postgres pg_dump -Fc mastodon} - {name: 'mastodon', dump_command: sudo -Hiu postgres pg_dump -Z0 -Fc mastodon}
restic_folders: ['/var/lib/redis/dump.rdb','/home/mastodon/live/.env.production'] restic_folders: ['/var/lib/redis/dump.rdb','/home/mastodon/live/.env.production']
- name: Stereodon Backup
hosts: stereodon
roles: ['stable/restic']
vars:
restic_dump_compression_enabled: true
restic_databases:
- {name: 'stereodon', dump_command: sudo -Hiu postgres pg_dump -Z0 -Fc mastodon}
restic_folders: ['/var/lib/redis/dump.rdb','/home/mastodon/live/.env.production']

7
frontend.yml Normal file
View file

@ -0,0 +1,7 @@
---
## FRONTEND
- name: Frontend
hosts: frontend2
roles: ['stable/common', 'stable/nginx']
vars_files: vars/frontend.yml
tags: frontend

2
infra.yml
View file

@ -1,7 +1,7 @@
--- ---
## FRONTEND ## FRONTEND
- name: Frontend - name: Frontend
hosts: frontend hosts: frontend2
roles: ['stable/common', 'stable/nginx'] roles: ['stable/common', 'stable/nginx']
vars_files: vars/frontend.yml vars_files: vars/frontend.yml
tags: frontend tags: frontend

6
inventory.yml
View file

@ -13,12 +13,18 @@ cicles:
mastodon: mastodon:
hosts: cisti.mastodon hosts: cisti.mastodon
stereodon:
hosts: cisti.stereodon
farma: farma:
hosts: cisti.farma hosts: cisti.farma
frontend: frontend:
hosts: cisti.frontend hosts: cisti.frontend
frontend2:
hosts: cisti.frontend2
radicale: radicale:
hosts: cisti.cal hosts: cisti.cal

2
roles/stable/nginx/tasks/certbot.yml
View file

@ -17,7 +17,7 @@
- name: Generate certificate if needed - name: Generate certificate if needed
become: yes become: yes
command: /snap/bin/certbot --nginx --non-interactive --agree-tos command: /snap/bin/certbot --nginx --non-interactive --agree-tos --expand
--domains {{ fpm_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }} --domains {{ fpm_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
{{ reverse_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }} {{ reverse_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
--email {{certbot_email}} --email {{certbot_email}}

6
roles/stable/restic/templates/restic-backup.service.j2
View file

@ -7,6 +7,10 @@ User={{ restic_user }}
CPUQuota={{ 25 * ansible_processor_vcpus }}% CPUQuota={{ 25 * ansible_processor_vcpus }}%
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
{% if restic_ssh_enabled %} {% if restic_ssh_enabled %}
Environment="RESTIC_REPOSITORY=sftp:{{ restic_ssh_host }}:{{ restic_repository_name }}" Environment="RESTIC_REPOSITORY=sftp:{{ restic_ssh_host }}:{{ restic_repository_name }}"
{% else %} {% else %}
@ -28,7 +32,7 @@ ExecStart={{ restic_path }} backup --verbose {{ folder }}
{% endfor -%} {% endfor -%}
{% for database in restic_databases %} {% for database in restic_databases %}
ExecStart=/bin/sh -c "{{ database.dump_command }} {{ '| pigz |' if restic_dump_compression_enabled else '|' }} {{ restic_path }} backup --verbose --stdin --stdin-filename {{ database.name }}{{ '.sql.gz' if restic_dump_compression_enabled else '.sql' }}" ExecStart=/bin/sh -c "{{ database.dump_command }} {{ '| pigz --rsyncable |' if restic_dump_compression_enabled else '|' }} {{ restic_path }} backup --verbose --stdin --stdin-filename {{ database.name }}{{ '.sql.gz' if restic_dump_compression_enabled else '.sql' }}"
{% endfor -%} {% endfor -%}
{% if restic_forget %} {% if restic_forget %}

57
vars/frontend.yml
View file

@ -1,10 +1,57 @@
--- ---
with_certbot: true with_certbot: true
certbot_email: info@cisti.org certbot_email: info@cisti.org
servers: reverse_services:
- cicles: - pad:
server_name: antani.cisti.org server_name: pad.cisti.org
proxy_pass: http://localhost:8001 proxy_pass: http://192.168.200.12:8001
- gancio:
server_name: gancio.cisti.org
proxy_pass: http://192.168.200.14:13120
custom_config: | custom_config: |
sendfile on; sendfile on;
client_max_body_size 500m; client_max_body_size 10m;
- mastodon:
server_name: mastodon.cisti.org
proxy_pass: http://192.168.200.13:80
custom_config: |
sendfile on;
client_max_body_size 10m;
- stereodon:
server_name: stereodon.social
proxy_pass: http://192.168.200.18:80
custom_config: |
sendfile on;
client_max_body_size 10m;
- cicles:
server_name: cicles.cisti.org
proxy_pass: http://192.168.200.15:8080
custom_config: |
sendfile on;
client_max_body_size 1000m;
## WEB STATICO
- cisti:
server_name: cisti.org
proxy_pass: http://192.168.200.10
- facciamo:
server_name: facciamo.cisti.org
proxy_pass: http://192.168.200.10
- farma:
server_name: farma.cisti.org
proxy_pass: http://192.168.200.10
- hackrocchio:
server_name: hackrocchio.org
proxy_pass: http://192.168.200.10
- autogestione:
server_name: autogestione.social
proxy_pass: http://192.168.200.10