Files
@ 5eb7821a1e4d
Branch filter:
Location: majic-ansible-roles/roles/backup_client/templates/duply_main_conf.j2 - annotation
5eb7821a1e4d
2.3 KiB
text/plain
MAR-218: Switch to using ldap_attrs module:
- Update invocations and syntax.
- Drop the workaround for configuring TLS on the LDAP server (should
be possible to set all relevant attributes at the same time at this
point).
- Group some invocations where it makes sense.
- Update invocations and syntax.
- Drop the workaround for configuring TLS on the LDAP server (should
be possible to set all relevant attributes at the same time at this
point).
- Group some invocations where it makes sense.
a45dcc06530a a45dcc06530a c6f217756635 a45dcc06530a c6f217756635 6b87dd13b24c a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a 36ce706cb123 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a 36ce706cb123 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 a45dcc06530a a45dcc06530a a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 a718023f9e76 36ce706cb123 a45dcc06530a a45dcc06530a da9815c2a23c | # GnuPG keys that should be used for encryption. Normally the encryption key is
# not available locally.
GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'
# GnuPG key used for signing.
GPG_KEY_SIGN='{{ backup_encryption_key_id.stdout }}'
# Trust all keys available in the GnuPG keyring.
GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"
# Destination where the backups are stored at.
TARGET='paramiko+sftp://{{ backup_client_username }}@{{ backup_server }}:{{ backup_server_port }}/{{ backup_server_destination }}'
# Base directory to backup (root). File selection is done via include/exclude
# patterns.
SOURCE='/'
# Maximum age for preserving old backups. Used when running the "purge"
# command.
MAX_AGE=6M
# Maximum age of the last full backup performed before a new full backup is
# taken.
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
# Duplicity volume size in megabytes.
VOLSIZE=1024
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
VERBOSITY=notice
# Path to a directory used for restoring files from backups. The file is stored
# there temporarily.
TEMP_DIR="/tmp"
# Directory for storing (caching) unencrypted metadata. This metadata is used
# for producting incremental backups.
ARCH_DIR="/var/cache/duply/main/"
# Use the GnuPG agent for passwords prompts. Since we deploy the signing key
# without any encryption, this effectively means no prompts.
DUPL_PARAMS="$DUPL_PARAMS --use-agent"
# Rely only on global known_hosts file (which should only contain
# resolvable names), bypassing addition of IP addresses to root's
# known_hosts file. Log level is configured to reduce verbosity
# (mentions of IP address additions to user's known_hosts file). Use
# dedicated private key for performing logins towards the backup
# server.
DUPL_PARAMS="$DUPL_PARAMS --ssh-options='-oUserKnownHostsFile=/dev/null -oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'"
# By default we exclude everything, and then include only specific patterns.
DUPL_PARAMS="$DUPL_PARAMS --include-filelist /etc/duply/main/include"
|