Add hint about vault

This commit is contained in:
phil 2023-04-09 12:11:35 +02:00
parent 093222dd21
commit 1aeb58245e

View file

@ -14,6 +14,8 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
## Example playbook with Cron timer and borgbase.com repository enabled ## Example playbook with Cron timer and borgbase.com repository enabled
No need to configure the variable `borg_repository`. It's evaluated via borgbase API call.
```YAML ```YAML
- hosts: all - hosts: all
roles: roles:
@ -21,9 +23,6 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
borgbase: true borgbase: true
borgbase_api_key: abcd1234 borgbase_api_key: abcd1234
borg_encryption_passphrase: CHANGEME borg_encryption_passphrase: CHANGEME
borg_repository:
- path: ssh://xxxxxx@xxxxxx.repo.borgbase.com/./repo
label: borgbase
borg_source_directories: borg_source_directories:
- /var/www - /var/www
borgmatic_hooks: borgmatic_hooks:
@ -35,6 +34,26 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
port: 5433 port: 5433
``` ```
## Example playbook with local repository
```YAML
- hosts: all
roles:
- role: ansible-role-borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository:
- path: /var/lib/backup
label: local
borg_source_directories:
- /var/www
borgmatic_hooks:
before_backup:
- echo "`date` - Starting backup."
postgresql_databases:
- name: users
hostname: database1.example.org
```
## Installation ## Installation
- Clone latest version from Git: - Clone latest version from Git:
@ -90,6 +109,16 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true` - `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
- `borgmatic_version`: Force a specific borgmatic version to be installed - `borgmatic_version`: Force a specific borgmatic version to be installed
## Security
You can create a dictionary for `borg_encryption_passphrase` in an Ansible vault file:
```YAML
borg_backup_passphrases:
host1: acbd1234
host2: efgh5678
```
Additionally you have to define `borg_encryption_passphrase: "{{ borg_backup_passphrases[inventory_hostname] }}"` in your `group_vars`.
## Credits ## Credits
This role is based on [Ansible Role: BorgBackup Client](https://github.com/borgbase/ansible-role-borgbackup). This role is based on [Ansible Role: BorgBackup Client](https://github.com/borgbase/ansible-role-borgbackup).