From b6532afc9d459189b781eb8bdb3c6298fa5c57b9 Mon Sep 17 00:00:00 2001
From: Thomas Kleinendorst <thomas@kleinendorst.info>
Date: Tue, 14 Jan 2025 14:37:48 +0100
Subject: [PATCH] Create backups in backup script

---
 roles/backups/files/backup_script.sh | 33 +++++++++++++++++++++++++++-
 roles/backups/vars/main/vault.yml    | 18 ++++++++-------
 roles/packages/tasks/main.yml        |  1 +
 3 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/roles/backups/files/backup_script.sh b/roles/backups/files/backup_script.sh
index c67a382..349bc00 100644
--- a/roles/backups/files/backup_script.sh
+++ b/roles/backups/files/backup_script.sh
@@ -7,7 +7,11 @@ logInfo() { printf '%(%Y-%m-%d %H:%m:%S)T [INFO]: %s\n' -1 "$*" >&2; }
 
 configurationFileLocation=$1
 
-workDirPath=/root/backup_work_dir
+# Working on the bulk directory which is mounted on a very big SSD, this way we don't have to wory about
+# running out of disk space. Note however that borg specifically might make use of cache directories
+# in the home directory which aren't on this disk, let's tackle this problem when it actually starts failing...
+workDirPath=/bulk/backup_work_dir
+borgRepoDir="$workDirPath/borg_backups" # Used throughout the script
 logInfo "Creating working directory at: $workDirPath..."
 mkdir -p "$workDirPath"
 
@@ -107,9 +111,36 @@ createAllDockerVolumeBackups() {
 }
 # endregion: --- DOCKER_VOLUME_BACKUPS ------------------------------------------------------------
 
+# region: ------ BORG_BACKUPS ---------------------------------------------------------------------
+createArchiveInRepository() {
+    logInfo "Creating new archive in Borg repository (at $borgRepoDir)..."
+
+    (
+        cd "$workDirPath"
+
+        # Note that BORG_PASSPHRASE is supposed to be set, otherwise a passowrd prompt will be present...
+        borg create --stats --verbose --show-rc --compression zstd,11 \
+            "$borgRepoDir::{fqdn}-{now:%Y-%m-%d}" \
+            ./docker_volumes ./postgres
+
+        logInfo "Pruning old backups..."
+        # Copied from: https://borgbackup.readthedocs.io/en/stable/quickstart.html as it seems
+        # like good defaults.
+        borg prune --verbose --glob-archives '{fqdn}-*' --show-rc \
+            --keep-daily 7 --keep-weekly 4 --keep-monthly 6 \
+            "$borgRepoDir"
+
+        logInfo "Compacting repository..."
+        borg compact --verbose --show-rc "$borgRepoDir"
+    )
+}
+# endregion: --- BORG_BACKUPS ---------------------------------------------------------------------
 
 # region: ------ PREPARE_BACKUP_FILES -------------------------------------------------------------
 createAllDatabaseBackups
 echo
 createAllDockerVolumeBackups
+echo
+# TODO: fetchOldBackupRepositoryFromCloud
+createArchiveInRepository
 # endregion: --- PREPARE_BACKUP_FILES -------------------------------------------------------------
diff --git a/roles/backups/vars/main/vault.yml b/roles/backups/vars/main/vault.yml
index 68b8b5f..16b7cc2 100644
--- a/roles/backups/vars/main/vault.yml
+++ b/roles/backups/vars/main/vault.yml
@@ -1,9 +1,11 @@
 $ANSIBLE_VAULT;1.1;AES256
-34646535396461343238663938663633376230346637306632616463383661613861343831303338
-6530366639356331656239303662316131373434333365360a303064623064613461366263613639
-30393537343934613038303263373566333861663061366334313331653934393530333630376338
-6236653034303738340a323835383034343132336462363461303463663565326235633461386536
-33303139393736346364636636376632663732313334353132613239383632613761373536643438
-36343262343436663866346463393138386437666566353038396432383730366536303763313461
-38653735633137303231343864643432666637333065663465363239376333646534333034383535
-64336434373339373532
+37316361316463376662353834626533623465383237343034393765616538313262303031383832
+3833623665663331383131373264366564376539386631320a363861643632663233326564616665
+39393161363661373764353534393865663264653861303033373034323836656137303162653631
+3764393530646366330a306338346531663932343531326361613238366434396433623838366334
+33636530656466623735346661373130613461616532626430346132303261366133343034336535
+64386365303937343637643366356133646434366566373532393431383864663635623164656262
+34613562396136616531383461656331383436363461626136396139303263653431626233633438
+36623332376436316236373737613632323630306331316264633432303265343931303034363333
+65353631316264356530383938636662366637616430336566363063653866333366666131313036
+3935303838363737303862613161656664666463643137336135
diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml
index 72cd669..fcecb77 100644
--- a/roles/packages/tasks/main.yml
+++ b/roles/packages/tasks/main.yml
@@ -4,6 +4,7 @@
   ansible.builtin.apt:
     pkg:
       - tldr
+      - tree
       - git
       - vim
       - dnsutils