Files @ 1b05bae8e440
Branch filter:

Location: majic-ansible-roles/roles/backup_client/templates/duply_main_conf.j2

1b05bae8e440 2.2 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-56: Added LDIF templates to docs for relevant roles. Added warning about freshclam/clamav service restart during initial install (need to be restarted). Switched some TLS truststore vars to use concerete values. Introduced option for specifying additional Nginx config options. Added docs for some params. Assmeble Duplicity include pattern when needed. Don't set passwords for existing system users. Fix permissions for database users to be more restrictive. Fixed a couple of default param definitions (mainly tls cert/key stuff). Updated URL for downloading Prosody LDAP plugin. Updated testsite configs.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# GnuPG keys that should be used for encryption. Normally the encryption key is
# not available locally.
GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'

# GnuPG key used for signing.
GPG_KEY_SIGN='{{backup_encryption_key_id.stdout }}'

# Trust all keys available in the GnuPG keyring.
GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"

# Destination where the backups are stored at.
TARGET='sftp://{{ backup_client_username }}@{{ backup_server }}:{{ backup_server_port }}//{{ backup_server_destination }}'

# Base directory to backup (root). File selection is done via include/exclude
# patterns.
SOURCE='/'

# Maximum age for preserving old backups. Used when running the "purge"
# command.
MAX_AGE=6M

# Maximum age of the last full backup performed before a new full backup is
# taken.
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " 

# Duplicity volume size in megabytes.
VOLSIZE=1024
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
VERBOSITY=4

# Path to a directory used for restoring files from backups. The file is stored
# there temporarily.
TEMP_DIR="/tmp"

# Directory for storing (caching) unencrypted metadata. This metadata is used
# for producting incremental backups.
ARCH_DIR="/var/cache/duply/main/"

# Use the GnuPG agent for passwords prompts. Since we deploy the signing key
# without any encryption, this effectively means no prompts.
DUPL_PARAMS="$DUPL_PARAMS --use-agent"

# Use the pexepct backend for Duplicity so we can pass in all the
# ssh-options. Use dedicated known hosts and identity file when connecting over
# SFTP. Using -oLogLevel=ERROR makes output a bit less verbose. This is mainly
# to avoid output from sftp telling us it added IP address to known_hosts.
DUPL_PARAMS="$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null -oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'"

# By default we exclude everything, and then include only specific patterns.
DUPL_PARAMS="$DUPL_PARAMS --include-globbing-filelist /etc/duply/main/include"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.