From abac9630b405c0ef2aa75de853f3f7cd81769b4f Mon Sep 17 00:00:00 2001
From: Simon Zernisch <simon@zernis.ch>
Date: Thu, 30 Mar 2023 21:37:48 +0200
Subject: [PATCH] added NFS Backup as an alternative to smb

---
 host_vars/10.11.12.35                       | 45 +++++------
 roles/borgbackup/tasks/main.yml             | 35 ++++++++-
 roles/borgbackup/templates/.cifs.j2         |  2 -
 roles/borgbackup/templates/backup_to_nfs.sh | 83 +++++++++++++++++++++
 roles/borgbackup/templates/backup_to_smb.sh | 22 ++++--
 roles/borgbackup/templates/cifs.j2          |  2 +
 roles/borgbackup/vars/main.yml              | 37 +++++----
 7 files changed, 178 insertions(+), 48 deletions(-)
 delete mode 100644 roles/borgbackup/templates/.cifs.j2
 create mode 100644 roles/borgbackup/templates/backup_to_nfs.sh
 create mode 100644 roles/borgbackup/templates/cifs.j2

diff --git a/host_vars/10.11.12.35 b/host_vars/10.11.12.35
index a7ea18a..9354aa6 100644
--- a/host_vars/10.11.12.35
+++ b/host_vars/10.11.12.35
@@ -1,22 +1,25 @@
 $ANSIBLE_VAULT;1.1;AES256
-36383836393064636630303733643837613962613335613461623232666434326430633163633638
-6334366531373039626366663832643631353235663938310a303462646361666166383061306238
-66373838366663663862626137346236316466616361636363636331656330326265343335643236
-3731633438613062610a643333316364663366393964313339333363353136396137363133326439
-62633931613430376234663438376634663739383333643436326232653063613138373230646137
-32383362663064343231373338353537663966356336303330393462646431336336373736663365
-64383031333565366461613836383538353535623665383261396233326234356630666230373465
-30306535333138313962633462313762343631323566663461363461356233343130353664366439
-62313365613062663130353063616635333735643438396232653932393630383231376665373134
-39396238643861363639343261663738383137303062353834343030376564396539623063386661
-63386139336463353837653161323238666564343832393435353934376532613535383734373538
-62396439623565333662653336656665633166343533343363323637323230383338346436326132
-39386561643330396539626264343630326438613637333266336331643765373864356530626636
-37353833386635326564343739303966306138666530653763363539623539643564383131366339
-35633633623436343762353932623164303866343966633032623330373233333435356437353238
-38333534346462626365356262643835313561663338646134643032333737393234613763313431
-32363566366661376636656261353231346632626330323230623335373637393063353765663439
-62323964626136386637386531636537346238393664323835366439313638353463613164373362
-30663639393134333566386662656132323137373063333536633938613366303937623831383162
-38633232306663646261626533646462366633323536646361616334373865363235336135353937
-30323162656439333364663034343031373031363733363036363438396563386434
+35373961616333373836623537333162323833363437393036376230383866303262383235313039
+3636616561633430353132313461386139303931666563350a326162333664303966373363656662
+31633562613565386639623937653461363439343862633965386533373532323466636361373636
+3061383737633537390a653131643138653964623430323064353366656366303461386565626236
+38303461653166386165653862666665653139386637646561326537393766306464643933346330
+39643239343430363734613931336636356237393537323061363736633033373639663130316563
+34663162626262656632393763373834373461353165326137653438653331313738393166363438
+34346638343966363632396531366439666466313361646130623733373337663332623533653730
+65636534303632396164326139396236646133373731653235366466623664343331373863366136
+32333330623130383364653038383038366431633436646665653939646237396266363965313464
+36656539356231373039363334666432316331343534306162323335356161653331383163623035
+62643238663935636261653537333030653038383633646133326336303336343666353336643837
+33616362323261646665346638323639323964626263623665376165343231366435666535303063
+38643764373164393232376434653939623062623537366164393863633431386439623663346233
+30353862306139323731666531646336316635616537366363396663643133616363303031396136
+61363461393333366465666635666432666336343865623665633765306336306232646539353532
+37653433386334356439666261303234396636333565636437346530663035313564613436306433
+36643064643532653762376233373831396464623435646162303530333837613162613834623262
+63336433656638303632643463623634386635383066393766656636626666653236613934613430
+36376634393632373131393562643564666135336166653731623163386466373636376161323633
+65313363353939663866363064353237323130623037336636613134333163363863666531626536
+65656537333837356339626437666233316331616636623464353165363338353332306530313665
+64306532393835653032386132306230303339656566353531633938326362393939613232396339
+31326264386133316237
diff --git a/roles/borgbackup/tasks/main.yml b/roles/borgbackup/tasks/main.yml
index 2c3b2db..20f6be8 100644
--- a/roles/borgbackup/tasks/main.yml
+++ b/roles/borgbackup/tasks/main.yml
@@ -4,13 +4,16 @@
     state: present
     name: "{{ borgbackup_deps }}"
 
+## Samba (ungetestet)##
+
 - name: Copy smb credentials file
   ansible.builtin.template:
-    src: "../templates/.cifs.j2"
-    dest: /home/{{ user['name'] }}/.cifs
+    src: "../templates/cifs.j2"
+    dest: "/home/{{ user['name'] }}/.cifs"
     owner: "{{ user['name'] }}"
     group: "{{ user['name'] }}"
     mode: '0600'
+  when: backup_via_samba == true
 
 - name: Copy "backup_to_smb.sh" Skript
   ansible.builtin.template:
@@ -19,13 +22,37 @@
     owner: "{{ user['name'] }}"
     group: "{{ user['name'] }}"
     mode: '0700'
+  when: backup_via_samba == true
 
 - name: add cron backupjob for backups to samba server
   become: true
   ansible.builtin.cron:
     user: "{{ user['name'] }}"
-    name: "borgbackup the docker dir to smb"
+    name: "borgbackup the docker dir to smb share"
     minute: "30"
     hour: "3"
     job: "sudo /usr/local/bin/backup_to_smb.sh > /dev/null 2>&1"
-  notify: restart cron
\ No newline at end of file
+  notify: Restart cron
+  when: backup_via_samba == true
+## NFS ##
+
+- name: Copy "backup_to_nfs.sh" Skript
+  ansible.builtin.template:
+    src: "../templates/backup_to_nfs.sh"
+    dest: /usr/local/bin/
+    owner: "{{ user['name'] }}"
+    group: "{{ user['name'] }}"
+    mode: '0700'
+  when: backup_via_nfs == true
+
+
+- name: add cron backupjob for backups to NFS server
+  become: true
+  ansible.builtin.cron:
+    user: "{{ user['name'] }}"
+    name: "borgbackup the docker dir to nfs share"
+    minute: "30"
+    hour: "4"
+    job: "sudo /usr/local/bin/backup_to_nfs.sh > /dev/null 2>&1"
+  notify: Restart cron
+  when: backup_via_nfs == true
diff --git a/roles/borgbackup/templates/.cifs.j2 b/roles/borgbackup/templates/.cifs.j2
deleted file mode 100644
index 81300c5..0000000
--- a/roles/borgbackup/templates/.cifs.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-username= {{ smb_username }}
-password= {{ smb_pass }}
\ No newline at end of file
diff --git a/roles/borgbackup/templates/backup_to_nfs.sh b/roles/borgbackup/templates/backup_to_nfs.sh
new file mode 100644
index 0000000..f44f3be
--- /dev/null
+++ b/roles/borgbackup/templates/backup_to_nfs.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# Variablen
+data_dir="/home/{{ user['name'] }}/docker"
+nfs_share="{{ nfs_share }}"
+backup_target_usage_threshold="{{nfs_threshold}}" # Prozentuale Schwellenwert für die Speicherauslastung
+mount_point="{{ mount_point }}"
+backup_repository="$mount_point/{{borg_repo}}"
+borg_password="{{borg_pass}}"
+email_recipient="{{admin_mail}}"
+
+# Mounten des Backup-Ziels
+mount_successful=0
+mount_output=$(mount -t nfs "$nfs_share" "$mount_point" 2>&1)
+mount_status=$?
+
+if [ "$mount_status" -eq 0 ]; then
+    mount_successful=1
+else
+    echo "Mount fehlgeschlagen: $mount_output" >&2
+fi
+
+if [ "$mount_successful" -eq 1 ]; then
+    # Repository erstellen, falls nicht vorhanden
+    mkdir -p "$backup_repository"    
+
+    # Alle laufenden Container stoppen
+    running_containers=$(docker ps --format '{{ "{{.Names}}" }}')
+    for container in $running_containers; do
+      docker stop "$container"
+    done
+  
+    # Prüfen, ob das Repository existiert, und ggf. erstellen
+    export BORG_PASSPHRASE="$borg_password"
+    if ! borg list "$backup_repository" >/dev/null 2>&1; then
+        borg init --encryption=repokey "$backup_repository"
+    fi
+
+    # Backup mit BorgBackup erstellen
+    backup_result=$(borg create --progress --list --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
+    backup_status=$?
+
+    # Alle gestoppten Container starten
+    for container in $running_containers; do
+      docker start "$container"
+    done
+
+    # Backup-Integrität überprüfen
+    borg_check_result=$(borg check --repository-only "$backup_repository" 2>&1)
+
+    # Backup-Status und Speicherauslastung prüfen
+    if [ "$backup_status" -eq 0 ]; then
+      backup_result="Backup erfolgreich:\n$backup_result\n\nIntegrität des Backups überprüft:\n$borg_check_result"
+    else
+      backup_result="Backup fehlgeschlagen (Status: $backup_status):\n$backup_result\n\nIntegrität des Backups konnte nicht überprüft werden."
+    fi
+
+    # Retention Policy anwenden
+    borg_prune_result=$(borg prune --keep-daily=7 --keep-weekly=4 --keep-monthly=6 "$backup_repository" 2>&1)
+
+    # Unmounten des Backup-Ziels
+    umount_output=$(umount "$mount_point" 2>&1)
+    umount_status=$?
+    if [ "$umount_status" -ne 0 ]; then
+        echo "Unmount fehlgeschlagen: $umount_output" >&2
+    fi
+
+       # E-Mail senden
+    target_usage=$(df -h "$mount_point" | tail -1 | awk '{ print $5 }')
+    target_usage_number=${target_usage%%%}
+
+    if [ "$target_usage_number" -gt "$backup_target_usage_threshold" ]; then
+      target_usage_warning="\n\nWARNUNG: Die Speicherauslastung des Backup-Ziels beträgt $target_usage und überschreitet den festgelegten Schwellenwert von $backup_target_usage_threshold%."
+    else
+      target_usage_warning=""
+    fi
+
+hostname=$(hostname)
+mail_subject="Backup-Bericht: $hostname - $(date +'%Y-%m-%d %H:%M:%S')"
+mail_body="$backup_result\n"
+
+    echo -e "$mail_body$target_usage_warning" | mail -s "$mail_subject" -r "no-reply@homeserver.zernis.ch" "$email_recipient"
+fi
\ No newline at end of file
diff --git a/roles/borgbackup/templates/backup_to_smb.sh b/roles/borgbackup/templates/backup_to_smb.sh
index bf385f6..fa2abb6 100644
--- a/roles/borgbackup/templates/backup_to_smb.sh
+++ b/roles/borgbackup/templates/backup_to_smb.sh
@@ -23,14 +23,22 @@ else
 fi
 
 if [ "$mount_successful" -eq 1 ]; then
+    # Repository erstellen, falls nicht vorhanden
+    mkdir -p "$backup_repository"
+
     # Alle laufenden Container stoppen
-    running_containers=$(docker ps --format '{{.Names}}')
+    running_containers=$(docker ps --format '{{ "{{.Names}}" }}')
     for container in $running_containers; do
       docker stop "$container"
     done
 
-    # Backup mit BorgBackup erstellen
+    # Prüfen, ob das Repository existiert, und ggf. erstellen
     export BORG_PASSPHRASE="$borg_password"
+    if ! borg list "$backup_repository" >/dev/null 2>&1; then
+        borg init --encryption=repokey "$backup_repository"
+    fi
+
+    # Backup mit BorgBackup erstellen
     backup_result=$(borg create --progress --list --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
     backup_status=$?
 
@@ -59,7 +67,7 @@ if [ "$mount_successful" -eq 1 ]; then
         echo "Unmount fehlgeschlagen: $umount_output" >&2
     fi
 
-    # E-Mail senden
+       # E-Mail senden
     target_usage=$(df -h "$mount_point" | tail -1 | awk '{ print $5 }')
     target_usage_number=${target_usage%%%}
 
@@ -69,5 +77,9 @@ if [ "$mount_successful" -eq 1 ]; then
       target_usage_warning=""
     fi
 
-    mail_subject="Backup-Bericht: $(date +'%Y-%m-%d %H:%M:%S')"
-    mail_body="$backup_result\n
+hostname=$(hostname)
+mail_subject="Backup-Bericht: $hostname - $(date +'%Y-%m-%d %H:%M:%S')"
+mail_body="$backup_result\n"
+
+    echo -e "$mail_body$target_usage_warning" | mail -s "$mail_subject" -r "no-reply@homeserver.zernis.ch" "$email_recipient"
+fi
\ No newline at end of file
diff --git a/roles/borgbackup/templates/cifs.j2 b/roles/borgbackup/templates/cifs.j2
new file mode 100644
index 0000000..1dd758f
--- /dev/null
+++ b/roles/borgbackup/templates/cifs.j2
@@ -0,0 +1,2 @@
+username={{ smb_username }}
+password={{ smb_pass }}
\ No newline at end of file
diff --git a/roles/borgbackup/vars/main.yml b/roles/borgbackup/vars/main.yml
index b022d6c..706277d 100644
--- a/roles/borgbackup/vars/main.yml
+++ b/roles/borgbackup/vars/main.yml
@@ -1,17 +1,22 @@
 $ANSIBLE_VAULT;1.1;AES256
-31313762306564396437376639373533663934616265346631303230333162323461313039346662
-3139346239303931363936383235626236623966376234340a366363376562313730363131323232
-37613762663966363539613037363565643362323363376638363037653938343638633466396632
-3265616165663163610a393465636632306136623937633963356235636139636236626535343936
-39633065643539343265396430363664666332383661386264393566323738636337373035396633
-66303130376231383839353064666431626439373735396261376365646535623136343930623266
-35653464396334666564626237653631303837643062656338636236633439613133653831323065
-39323932363766333638373538616163363134636666613339623133653662323239386536333533
-66316434636162643139363037316166643736323939666432373132613637663739656663303166
-31643634666664626139376663393765356666666633306166393939353439393866303762323834
-32326165633437333532313131653038613738663837633436613630366361306536626631343165
-64616264373663663437636565303566363566616533376566373564376165636637613361346534
-30633630393864333462383133613762303434333464643564333261653038326463363263666566
-36333963616431373735653536376633363735613031623865366461306333623265386339646131
-30313162343231386664623933336661396438643665626339623931333966303433376266653562
-66363964386363623633
+38323533333730343930363765333334613963343566663761376365303935646663323939333065
+3762353331303463613139663066656135316664336466640a363131663435343562613066623562
+39656336613366383230613736646661613038633663326335626239323634393761336637333736
+3939653738386532610a666564363934306261386266656462616537373865336235373031323466
+33633331326430623965316565633465666136623632613135353033633731643432613461656630
+64303031376466323132396462623836373439363032653766336432373864306334613738303039
+65666333326265316139646331336132366136356437666530386364383234656638366462653430
+65616365623531303361623736373531353737316164303163306264663136333037333038663161
+64643032633061656466303237326336313661333635346362636630323937386234346438633134
+61373562303237623032373337613664656437663562383563613764306233653532626263643437
+38643764336232373631363663626662323063663061386231316265373165323364343861393461
+39393563323432316566306366363937626238636532313434356332626166363531313936333133
+66313930323939376130356237666638316262636539303637636365633365303766633534666139
+33333965333538383163373438333533636564346562353736666462626433386232306639636434
+65633839333338346162643565633165633935646438306235316263386135616530336165336234
+38323666313934393863643666623438306264316161383931336230616132363434396264653038
+39666232313738373535626637643633366662303835626538353836346239666135366634353838
+61373462346332336432663536666363303338653938643932643736396639393339653731343434
+31333235666133343539353638353066333131646136356135663763616533636662656363326337
+37333730373061663064356631623663616536653933393131663431346235303732623635393935
+3766