Files @ 9ca9c3ada58a
Branch filter:

Location: majic-ansible-roles/roles/backup_client/templates/duply_main_conf.j2

9ca9c3ada58a 2.6 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-181: Use Debian-provided Prosody package for testing optional parameter:

- Still properly tests the role, while at the same time making it
possible to use custom apt repository for Debian Buster (due to
Prosody project dropping all repository archives for it).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# GnuPG keys that should be used for encryption. Normally the encryption key is
# not available locally.
GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'

# GnuPG key used for signing.
GPG_KEY_SIGN='{{ backup_encryption_key_id.stdout }}'

# Trust all keys available in the GnuPG keyring.
GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"

# Destination where the backups are stored at.
#
# Use the pexpect+sftp backend for Duplicity so we can (see also
# DUPL_PARAMS and --ssh-options):
#
#   - Pass in custom options for user/global known_hosts files (not
#     possible with Duplicity shipping with Debian 10 Buster).
#   - Reduce logging verbosity (avoiding output from sftp that mentions
#     updates of user's known_hosts file with IP addresses).
TARGET='pexpect+sftp://{{ backup_client_username }}@{{ backup_server }}:{{ backup_server_port }}/{{ backup_server_destination }}'

# Base directory to backup (root). File selection is done via include/exclude
# patterns.
SOURCE='/'

# Maximum age for preserving old backups. Used when running the "purge"
# command.
MAX_AGE=6M

# Maximum age of the last full backup performed before a new full backup is
# taken.
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " 

# Duplicity volume size in megabytes.
VOLSIZE=1024
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
VERBOSITY=4

# Path to a directory used for restoring files from backups. The file is stored
# there temporarily.
TEMP_DIR="/tmp"

# Directory for storing (caching) unencrypted metadata. This metadata is used
# for producting incremental backups.
ARCH_DIR="/var/cache/duply/main/"

# Use the GnuPG agent for passwords prompts. Since we deploy the signing key
# without any encryption, this effectively means no prompts.
DUPL_PARAMS="$DUPL_PARAMS --use-agent"

# Rely only on global known_hosts file (which should only contain
# resolvable names), bypassing addition of IP addresses to root's
# known_hosts file. Log level is configured to reduce verbosity
# (mentions of IP address additions to user's known_hosts file). Use
# dedicated private key for performing logins towards the backup
# server.
DUPL_PARAMS="$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null -oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'"

# By default we exclude everything, and then include only specific patterns.
DUPL_PARAMS="$DUPL_PARAMS --include-globbing-filelist /etc/duply/main/include"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.