Files @ fec5f67faec1
Branch filter:

Location: majic-ansible-roles/roles/backup_client/templates/duply_main_conf.j2

fec5f67faec1 2.6 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-191: Drop support for Debian 10 Buster from the wsgi_website role.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# GnuPG keys that should be used for encryption. Normally the encryption key is
# not available locally.
GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'

# GnuPG key used for signing.
GPG_KEY_SIGN='{{ backup_encryption_key_id.stdout }}'

# Trust all keys available in the GnuPG keyring.
GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"

# Destination where the backups are stored at.
#
# Use the pexpect+sftp backend for Duplicity so we can (see also
# DUPL_PARAMS and --ssh-options):
#
#   - Pass in custom options for user/global known_hosts files (not
#     possible with Duplicity shipping with Debian 10 Buster).
#   - Reduce logging verbosity (avoiding output from sftp that mentions
#     updates of user's known_hosts file with IP addresses).
TARGET='pexpect+sftp://{{ backup_client_username }}@{{ backup_server }}:{{ backup_server_port }}/{{ backup_server_destination }}'

# Base directory to backup (root). File selection is done via include/exclude
# patterns.
SOURCE='/'

# Maximum age for preserving old backups. Used when running the "purge"
# command.
MAX_AGE=6M

# Maximum age of the last full backup performed before a new full backup is
# taken.
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " 

# Duplicity volume size in megabytes.
VOLSIZE=1024
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
VERBOSITY=4

# Path to a directory used for restoring files from backups. The file is stored
# there temporarily.
TEMP_DIR="/tmp"

# Directory for storing (caching) unencrypted metadata. This metadata is used
# for producting incremental backups.
ARCH_DIR="/var/cache/duply/main/"

# Use the GnuPG agent for passwords prompts. Since we deploy the signing key
# without any encryption, this effectively means no prompts.
DUPL_PARAMS="$DUPL_PARAMS --use-agent"

# Rely only on global known_hosts file (which should only contain
# resolvable names), bypassing addition of IP addresses to root's
# known_hosts file. Log level is configured to reduce verbosity
# (mentions of IP address additions to user's known_hosts file). Use
# dedicated private key for performing logins towards the backup
# server.
DUPL_PARAMS="$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null -oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'"

# By default we exclude everything, and then include only specific patterns.
DUPL_PARAMS="$DUPL_PARAMS --include-filelist /etc/duply/main/include"
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.