Files
@ 3d7effd414c9
Branch filter:
Location: majic-ansible-roles/roles/backup_client/templates/duply_main_conf.j2 - annotation
3d7effd414c9
2.6 KiB
text/plain
MAR-189: Dropped deprecation-related tasks and tests for xmpp_server role:
- Migration from Prosody project repositories should have been done
already as part of the 7.0.1 release.
- Simplifies the code a bit.
- Drop leftover deprecated library plugin path.
- Migration from Prosody project repositories should have been done
already as part of the 7.0.1 release.
- Simplifies the code a bit.
- Drop leftover deprecated library plugin path.
a45dcc06530a a45dcc06530a c6f217756635 a45dcc06530a c6f217756635 6b87dd13b24c a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 19020779a000 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 a45dcc06530a a45dcc06530a a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 6b87dd13b24c a45dcc06530a a45dcc06530a da9815c2a23c | # GnuPG keys that should be used for encryption. Normally the encryption key is
# not available locally.
GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'
# GnuPG key used for signing.
GPG_KEY_SIGN='{{ backup_encryption_key_id.stdout }}'
# Trust all keys available in the GnuPG keyring.
GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"
# Destination where the backups are stored at.
#
# Use the pexpect+sftp backend for Duplicity so we can (see also
# DUPL_PARAMS and --ssh-options):
#
# - Pass in custom options for user/global known_hosts files (not
# possible with Duplicity shipping with Debian 10 Buster).
# - Reduce logging verbosity (avoiding output from sftp that mentions
# updates of user's known_hosts file with IP addresses).
TARGET='pexpect+sftp://{{ backup_client_username }}@{{ backup_server }}:{{ backup_server_port }}/{{ backup_server_destination }}'
# Base directory to backup (root). File selection is done via include/exclude
# patterns.
SOURCE='/'
# Maximum age for preserving old backups. Used when running the "purge"
# command.
MAX_AGE=6M
# Maximum age of the last full backup performed before a new full backup is
# taken.
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
# Duplicity volume size in megabytes.
VOLSIZE=1024
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
VERBOSITY=4
# Path to a directory used for restoring files from backups. The file is stored
# there temporarily.
TEMP_DIR="/tmp"
# Directory for storing (caching) unencrypted metadata. This metadata is used
# for producting incremental backups.
ARCH_DIR="/var/cache/duply/main/"
# Use the GnuPG agent for passwords prompts. Since we deploy the signing key
# without any encryption, this effectively means no prompts.
DUPL_PARAMS="$DUPL_PARAMS --use-agent"
# Rely only on global known_hosts file (which should only contain
# resolvable names), bypassing addition of IP addresses to root's
# known_hosts file. Log level is configured to reduce verbosity
# (mentions of IP address additions to user's known_hosts file). Use
# dedicated private key for performing logins towards the backup
# server.
DUPL_PARAMS="$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null -oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'"
# By default we exclude everything, and then include only specific patterns.
DUPL_PARAMS="$DUPL_PARAMS --include-filelist /etc/duply/main/include"
|