# Run duplicity-backup as part of a backupninja run. # # Valid attributes for this type are: # # order: # # The prefix to give to the handler config filename, to set order in # which the actions are executed during the backup run. # # ensure: # # Allows you to delete an entry if you don't want it any more (but be # sure to keep the configdir, name, and order the same, so that we can # find the correct file to remove). # # options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey, # password, include, exclude, vsinclude, incremental, keep, bandwidthlimit, # sshoptions, destdir, desthost, desuser: # # As defined in the backupninja documentation. The options will be # placed in the correct sections automatically. The include and # exclude options should be given as arrays if you want to specify # multiple directories. # # directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser, # installkey, backuptag: # # Options for the bakupninja::server::sandbox define, check that # definition for more info. # # Some notes about this handler: # # - When specifying a password, be sure to enclose it in single quotes, # this is particularly important if you have any special characters, such # as a $ which puppet will attempt to interpret resulting in a different # password placed in the file than you expect! # - There's no support for a 'local' type in backupninja's duplicity # handler on version 0.9.6-4, which is the version available in stable and # testing debian repositories by the time of this writing. define backupninja::duplicity( $order = 90, $ensure = present, # options to the config file $options = false, $nicelevel = false, $testconnect = false, $tmpdir = false, # [gpg] $sign = false, $encryptkey = false, $signkey = false, $password = false, # [source] $include = [ "/var/spool/cron/crontabs", "/var/backups", "/etc", "/root", "/home", "/usr/local/*bin", "/var/lib/dpkg/status*" ], $exclude = [ "/home/*/.gnupg", "/home/*/.local/share/Trash", "/home/*/.Trash", "/home/*/.thumbnails", "/home/*/.beagle", "/home/*/.aMule", "/home/*/.gnupg", "/home/*/.gpg", "/home/*/.ssh", "/home/*/gtk-gnutella-downloads", "/etc/ssh/*" ], $vsinclude = false, # [dest] $incremental = "yes", $increments = false, $keep = false, $keepincroffulls = false, $bandwidthlimit = false, $sshoptions = false, $destdir = false, $desthost = false, $destuser = false, $desturl = false, # configs to backupninja client $backupkeystore = $backupninja::keystore, $backupkeystorefspath = $backupninja::keystorefspath, $backupkeytype = $backupninja::keytype, $backupkeydest = $backupninja::keydest, $backupkeydestname = $backupninja::keydestname, # options to backupninja server sandbox $ssh_dir_manage = true, $ssh_dir = "${destdir}/.ssh", $authorized_keys_file = 'authorized_keys', $installuser = true, $backuptag = "backupninja-${::fqdn}", # key options $createkey = false, $keymanage = $backupninja::keymanage ) { # install client dependencies ensure_resource('package', 'duplicity', {'ensure' => $backupninja::ensure_duplicity_version}) case $desthost { false: { err("need to define a destination host for remote backups!") } } case $destdir { false: { err("need to define a destination directory for remote backups!") } } case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } } # guarantees there's a configured backup space for this backup backupninja::server::sandbox { "${user}-${name}": user => $destuser, host => $desthost, dir => $destdir, manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, authorized_keys_file => $authorized_keys_file, installuser => $installuser, backuptag => $backuptag, backupkeys => $backupkeystore, keytype => $backupkeytype, } # the client's ssh key backupninja::key { "${destuser}-${name}": user => $destuser, createkey => $createkey, keymanage => $keymanage, keytype => $backupkeytype, keystore => $backupkeystore, keystorefspath => $backupkeystorefspath, keydest => $backupkeydest, keydestname => $backupkeydestname } # the backupninja rule for this duplicity backup file { "${backupninja::configdir}/${order}_${name}.dup": ensure => $ensure, content => template('backupninja/dup.conf.erb'), owner => root, group => root, mode => 0600, require => File["${backupninja::configdir}"] } if $backupninja::manage_nagios { nagios::service::passive { $nagios_description: } } }