summaryrefslogtreecommitdiff
path: root/puppet/modules/backupninja/manifests/duplicity.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/backupninja/manifests/duplicity.pp')
-rw-r--r--puppet/modules/backupninja/manifests/duplicity.pp147
1 files changed, 147 insertions, 0 deletions
diff --git a/puppet/modules/backupninja/manifests/duplicity.pp b/puppet/modules/backupninja/manifests/duplicity.pp
new file mode 100644
index 00000000..a05da876
--- /dev/null
+++ b/puppet/modules/backupninja/manifests/duplicity.pp
@@ -0,0 +1,147 @@
+# Run duplicity-backup as part of a backupninja run.
+#
+# Valid attributes for this type are:
+#
+# order:
+#
+# The prefix to give to the handler config filename, to set order in
+# which the actions are executed during the backup run.
+#
+# ensure:
+#
+# Allows you to delete an entry if you don't want it any more (but be
+# sure to keep the configdir, name, and order the same, so that we can
+# find the correct file to remove).
+#
+# options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey,
+# password, include, exclude, vsinclude, incremental, keep, bandwidthlimit,
+# sshoptions, destdir, desthost, desuser:
+#
+# As defined in the backupninja documentation. The options will be
+# placed in the correct sections automatically. The include and
+# exclude options should be given as arrays if you want to specify
+# multiple directories.
+#
+# directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser,
+# installkey, backuptag:
+#
+# Options for the bakupninja::server::sandbox define, check that
+# definition for more info.
+#
+# Some notes about this handler:
+#
+# - When specifying a password, be sure to enclose it in single quotes,
+# this is particularly important if you have any special characters, such
+# as a $ which puppet will attempt to interpret resulting in a different
+# password placed in the file than you expect!
+# - There's no support for a 'local' type in backupninja's duplicity
+# handler on version 0.9.6-4, which is the version available in stable and
+# testing debian repositories by the time of this writing.
+define backupninja::duplicity( $order = 90,
+ $ensure = present,
+ # options to the config file
+ $options = false,
+ $nicelevel = false,
+ $testconnect = false,
+ $tmpdir = false,
+ # [gpg]
+ $sign = false,
+ $encryptkey = false,
+ $signkey = false,
+ $password = false,
+ # [source]
+ $include = [ "/var/spool/cron/crontabs",
+ "/var/backups",
+ "/etc",
+ "/root",
+ "/home",
+ "/usr/local/*bin",
+ "/var/lib/dpkg/status*" ],
+ $exclude = [ "/home/*/.gnupg",
+ "/home/*/.local/share/Trash",
+ "/home/*/.Trash",
+ "/home/*/.thumbnails",
+ "/home/*/.beagle",
+ "/home/*/.aMule",
+ "/home/*/.gnupg",
+ "/home/*/.gpg",
+ "/home/*/.ssh",
+ "/home/*/gtk-gnutella-downloads",
+ "/etc/ssh/*" ],
+ $vsinclude = false,
+ # [dest]
+ $incremental = "yes",
+ $increments = false,
+ $keep = false,
+ $keepincroffulls = false,
+ $bandwidthlimit = false,
+ $sshoptions = false,
+ $destdir = false,
+ $desthost = false,
+ $destuser = false,
+ $desturl = false,
+ # configs to backupninja client
+ $backupkeystore = $backupninja::keystore,
+ $backupkeystorefspath = $backupninja::keystorefspath,
+ $backupkeytype = $backupninja::keytype,
+ $backupkeydest = $backupninja::keydest,
+ $backupkeydestname = $backupninja::keydestname,
+ # options to backupninja server sandbox
+ $ssh_dir_manage = true,
+ $ssh_dir = "${destdir}/.ssh",
+ $authorized_keys_file = 'authorized_keys',
+ $installuser = true,
+ $backuptag = "backupninja-${::fqdn}",
+ # key options
+ $createkey = false,
+ $keymanage = $backupninja::keymanage ) {
+
+ # install client dependencies
+ ensure_resource('package', 'duplicity', {'ensure' => $backupninja::ensure_duplicity_version})
+
+ case $desthost { false: { err("need to define a destination host for remote backups!") } }
+ case $destdir { false: { err("need to define a destination directory for remote backups!") } }
+ case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } }
+
+ # guarantees there's a configured backup space for this backup
+ backupninja::server::sandbox { "${user}-${name}":
+ user => $destuser,
+ host => $desthost,
+ dir => $destdir,
+ manage_ssh_dir => $ssh_dir_manage,
+ ssh_dir => $ssh_dir,
+ authorized_keys_file => $authorized_keys_file,
+ installuser => $installuser,
+ backuptag => $backuptag,
+ backupkeys => $backupkeystore,
+ keytype => $backupkeytype,
+ }
+
+ # the client's ssh key
+ backupninja::key { "${destuser}-${name}":
+ user => $destuser,
+ createkey => $createkey,
+ keymanage => $keymanage,
+ keytype => $backupkeytype,
+ keystore => $backupkeystore,
+ keystorefspath => $backupkeystorefspath,
+ keydest => $backupkeydest,
+ keydestname => $backupkeydestname
+ }
+
+ # the backupninja rule for this duplicity backup
+ file { "${backupninja::configdir}/${order}_${name}.dup":
+ ensure => $ensure,
+ content => template('backupninja/dup.conf.erb'),
+ owner => root,
+ group => root,
+ mode => 0600,
+ require => File["${backupninja::configdir}"]
+ }
+
+ if $backupninja::manage_nagios {
+ nagios::service::passive { $nagios_description: }
+ }
+
+}
+