--- # Bits an pieces of this play are stolen from https://github.com/gavinwill/ansible-role-pfsense-backup/tree/main - name: PFSense Backups hosts: pfsense_nodes tasks: - name: Get Cookies and CSRF Token ansible.builtin.uri: url: "https://{{ backup_url }}/diag_backup.php" validate_certs: false method: GET return_content: true register: pfsense_cookie_token no_log: "{{ pfsense_backup_disable_logging | default(false) }}" delegate_to: blacktide - name: Set CSRF Token and Cookie Fact ansible.builtin.set_fact: pfsense_backup_csrf: "{{ pfsense_cookie_token.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}" pfsense_backup_cookie: "{{ pfsense_cookie_token.set_cookie }}" no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Authenticate with backup page and register backup CSRF ansible.builtin.uri: url: "https://{{ backup_url }}/diag_backup.php" validate_certs: false follow_redirects: false method: POST return_content: true body_format: form-urlencoded status_code: 302 body: login: Login usernamefld: "{{ backup_user }}" passwordfld: "{{ backup_user_password }}" __csrf_magic: "{{ pfsense_backup_csrf }}" headers: Cookie: "{{ pfsense_backup_cookie }}" register: pfsense_cookie_token_2 delegate_to: blacktide no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Set Cookie Fact from Backup page ansible.builtin.set_fact: pfsense_backup_cookie_1: "{{ pfsense_cookie_token_2.set_cookie }}" no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Fetch Target page for new CSRF token ansible.builtin.uri: url: "https://{{ backup_url }}/diag_backup.php" validate_certs: false follow_redirects: false method: GET return_content: true headers: Cookie: "{{ pfsense_backup_cookie_1 }}" register: pfsense_cookie_token_3 delegate_to: blacktide no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Set fact for CSRF Token and Cookie ansible.builtin.set_fact: pfsense_backup_csrf_1: "{{ pfsense_cookie_token3.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}" pfsense_backup_cookie_2: "{{ pfsense_cookie_token_3.set_cookie }}" no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Download Backup Configuration ansible.builtin.uri: url: "https://{{ backup_url }}/diag_backup.php" validate_certs: false follow_redirects: false method: "POST" return_content: true body_format: form-urlencoded body: download: download backupssh: "yes" backupdata: "yes" donotbackuprrd: "yes" __csrf_magic: "{{ pfsense_backup_csrf_1 }}" headers: Cookie: "{{ pfsense_backup_cookie_2 }}" dest: "{{ backup_location }}/{{ inventory_hostname }}_{{ now().strftime('%Y%m%d%H%M%S') }}.xml" changed_when: false no_log: "{{ pfsense_backup_disable_logging | default(false) }}" - name: Find all PFSense backups for the current host ansible.builtin.find: paths: "{{ backup_location }}" patterns: "{{ inventory_hostname }}*" register: all_pfsense_backups - name: If too many backups kept when: all_pfsense_backups | length > backup_number_to_keep block: - name: Get the oldest file paths ansible.builtin.set_fact: oldest_file_paths: >- {{ (all_pfsense_backups.files | sort(attribute='mtime'))[:all_pfsense_backups.files | length - backup_number_to_keep] | map(attribute=path) | list }} - name: Remove the files ansible.builtin.file: path: "{{ item }}" state: absent loop: "{{ oldest_file_paths }}" - name: Docker Infrastructure Compose Backups hosts: docker_nodes become: true become_method: sudo collections: - community.docker - community.general vars: env_backups_to_keep: 10 tasks: - name: Run container mounts backup ansible.builtin.import_role: name: docker_backup vars: backup_rules: "{{ item }}" when: docker_backup is defined and docker_backup | length != 0 loop: "{{ docker_backup }}" - name: Stat the /root/infrastructure-compose folder ansible.builtin.stat: path: "/root/infrastructure-compose" register: infra_compose_stat - name: Find all .env files ansible.builtin.find: paths: "/root/infrastructure-compose" patterns: ".*.env" when: infra_compose_stat.stat.exists register: all_env_files - name: .env Backup block when: infra_compose_stat.stat.exists and all_env_files.files is defined and all_env_files.files | length != 0 block: - name: Archive .env files community.general.archive: path: "{{ all_env_files.files }}" dest: >- /backup/env/{{ inventory_hostname }}_{{ now().strftime("%Y%m%d%H%M%S") }}.tar.gz format: gz force_archive: true - name: Find all .env backup files for the current host ansible.builtin.find: paths: "/backup/env" patterns: "{{ inventory_hostname }}*" register: backup_env_files - name: If too many backups kept when: backup_env_files.files | length > env_backups_to_keep block: - name: Get the oldest file paths ansible.builtin.set_fact: oldest_file_paths: >- {{ (backup_env_files.files | sort(attribute='mtime'))[:backup_env_files.files | length - env_backups_to_keep] | map(attribute=path) | list }} - name: Remove the files ansible.builtin.file: path: "{{ item }}" state: absent loop: "{{ oldest_file_paths }}"