168 lines
6.2 KiB
YAML
168 lines
6.2 KiB
YAML
---
|
|
# Bits an pieces of this play are stolen from https://github.com/gavinwill/ansible-role-pfsense-backup/tree/main
|
|
- name: PFSense Backups
|
|
hosts: pfsense_nodes
|
|
tasks:
|
|
- name: Get Cookies and CSRF Token
|
|
ansible.builtin.uri:
|
|
url: "https://{{ backup_url }}/diag_backup.php"
|
|
validate_certs: false
|
|
method: GET
|
|
return_content: true
|
|
register: pfsense_cookie_token
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
delegate_to: blacktide
|
|
|
|
- name: Set CSRF Token and Cookie Fact
|
|
ansible.builtin.set_fact:
|
|
pfsense_backup_csrf: "{{ pfsense_cookie_token.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}"
|
|
pfsense_backup_cookie: "{{ pfsense_cookie_token.set_cookie }}"
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Authenticate with backup page and register backup CSRF
|
|
ansible.builtin.uri:
|
|
url: "https://{{ backup_url }}/diag_backup.php"
|
|
validate_certs: false
|
|
follow_redirects: false
|
|
method: POST
|
|
return_content: true
|
|
body_format: form-urlencoded
|
|
status_code: 302
|
|
body:
|
|
login: Login
|
|
usernamefld: "{{ backup_user }}"
|
|
passwordfld: "{{ backup_user_password }}"
|
|
__csrf_magic: "{{ pfsense_backup_csrf }}"
|
|
headers:
|
|
Cookie: "{{ pfsense_backup_cookie }}"
|
|
register: pfsense_cookie_token_2
|
|
delegate_to: blacktide
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Set Cookie Fact from Backup page
|
|
ansible.builtin.set_fact:
|
|
pfsense_backup_cookie_1: "{{ pfsense_cookie_token_2.set_cookie }}"
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Fetch Target page for new CSRF token
|
|
ansible.builtin.uri:
|
|
url: "https://{{ backup_url }}/diag_backup.php"
|
|
validate_certs: false
|
|
follow_redirects: false
|
|
method: GET
|
|
return_content: true
|
|
headers:
|
|
Cookie: "{{ pfsense_backup_cookie_1 }}"
|
|
register: pfsense_cookie_token_3
|
|
delegate_to: blacktide
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Set fact for CSRF Token and Cookie
|
|
ansible.builtin.set_fact:
|
|
pfsense_backup_csrf_1: "{{ pfsense_cookie_token3.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}"
|
|
pfsense_backup_cookie_2: "{{ pfsense_cookie_token_3.set_cookie }}"
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Download Backup Configuration
|
|
ansible.builtin.uri:
|
|
url: "https://{{ backup_url }}/diag_backup.php"
|
|
validate_certs: false
|
|
follow_redirects: false
|
|
method: "POST"
|
|
return_content: true
|
|
body_format: form-urlencoded
|
|
body:
|
|
download: download
|
|
backupssh: "yes"
|
|
backupdata: "yes"
|
|
donotbackuprrd: "yes"
|
|
__csrf_magic: "{{ pfsense_backup_csrf_1 }}"
|
|
headers:
|
|
Cookie: "{{ pfsense_backup_cookie_2 }}"
|
|
dest: "{{ backup_location }}/{{ inventory_hostname }}_{{ now().strftime('%Y%m%d%H%M%S') }}.xml"
|
|
changed_when: false
|
|
no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
|
|
|
|
- name: Find all PFSense backups for the current host
|
|
ansible.builtin.find:
|
|
paths: "{{ backup_location }}"
|
|
patterns: "{{ inventory_hostname }}*"
|
|
register: all_pfsense_backups
|
|
|
|
- name: If too many backups kept
|
|
when: all_pfsense_backups | length > backup_number_to_keep
|
|
block:
|
|
- name: Get the oldest file paths
|
|
ansible.builtin.set_fact:
|
|
oldest_file_paths: >-
|
|
{{ (all_pfsense_backups.files | sort(attribute='mtime'))[:all_pfsense_backups.files | length - backup_number_to_keep] |
|
|
map(attribute=path) | list }}
|
|
|
|
- name: Remove the files
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ oldest_file_paths }}"
|
|
|
|
- name: Docker Infrastructure Compose Backups
|
|
hosts: docker_nodes
|
|
become: true
|
|
become_method: sudo
|
|
collections:
|
|
- community.docker
|
|
- community.general
|
|
vars:
|
|
env_backups_to_keep: 10
|
|
tasks:
|
|
- name: Run container mounts backup
|
|
ansible.builtin.import_role:
|
|
name: docker_backup
|
|
vars:
|
|
backup_rules: "{{ item }}"
|
|
when: docker_backup is defined and docker_backup | length != 0
|
|
loop: "{{ docker_backup }}"
|
|
|
|
- name: Stat the /root/infrastructure-compose folder
|
|
ansible.builtin.stat:
|
|
path: "/root/infrastructure-compose"
|
|
register: infra_compose_stat
|
|
|
|
- name: Find all .env files
|
|
ansible.builtin.find:
|
|
paths: "/root/infrastructure-compose"
|
|
patterns: ".*.env"
|
|
when: infra_compose_stat.stat.exists
|
|
register: all_env_files
|
|
|
|
- name: .env Backup block
|
|
when: infra_compose_stat.stat.exists and all_env_files.files is defined and all_env_files.files | length != 0
|
|
block:
|
|
- name: Archive .env files
|
|
community.general.archive:
|
|
path: "{{ all_env_files.files }}"
|
|
dest: >-
|
|
/backup/env/{{ inventory_hostname }}_{{ now().strftime("%Y%m%d%H%M%S") }}.tar.gz
|
|
format: gz
|
|
force_archive: true
|
|
|
|
- name: Find all .env backup files for the current host
|
|
ansible.builtin.find:
|
|
paths: "/backup/env"
|
|
patterns: "{{ inventory_hostname }}*"
|
|
register: backup_env_files
|
|
|
|
- name: If too many backups kept
|
|
when: backup_env_files.files | length > env_backups_to_keep
|
|
block:
|
|
- name: Get the oldest file paths
|
|
ansible.builtin.set_fact:
|
|
oldest_file_paths: >-
|
|
{{ (backup_env_files.files | sort(attribute='mtime'))[:backup_env_files.files | length - env_backups_to_keep] |
|
|
map(attribute=path) | list }}
|
|
|
|
- name: Remove the files
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ oldest_file_paths }}"
|