aboutsummaryrefslogtreecommitdiff
path: root/manifests/duplicity.pp
blob: bb70045380d3489faa4b2488922b9a7135354bb5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Run duplicity-backup as part of a backupninja run.
#
# Valid attributes for this type are:
#
#   order:
#
#      The prefix to give to the handler config filename, to set order in
#      which the actions are executed during the backup run.
#
#   ensure:
#
#      Allows you to delete an entry if you don't want it any more (but be
#      sure to keep the configdir, name, and order the same, so that we can
#      find the correct file to remove).
#
#   options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey,
#   password, include, exclude, vsinclude, incremental, keep, bandwidthlimit,
#   sshoptions, destdir, desthost, desuser:
#
#      As defined in the backupninja documentation.  The options will be
#      placed in the correct sections automatically.  The include and
#      exclude options should be given as arrays if you want to specify
#      multiple directories.
#
#   directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser,
#   installkey, backuptag:
#
#      Options for the bakupninja::server::sandbox define, check that
#      definition for more info.
#
# Some notes about this handler:
#
#   - When specifying a password, be sure to enclose it in single quotes,
#     this is particularly important if you have any special characters, such
#     as a $ which puppet will attempt to interpret resulting in a different
#     password placed in the file than you expect!
#   - There's no support for a 'local' type in backupninja's duplicity
#     handler on version 0.9.6-4, which is the version available in stable and
#     testing debian repositories by the time of this writing.
define backupninja::duplicity( $order  = 90,
                               $ensure = present,
                               # options to the config file
                               $options     = false,
                               $nicelevel   = false,
                               $testconnect = false,
                               $tmpdir      = false,
                               # [gpg]
                               $sign       = false,
                               $encryptkey = false,
                               $signkey    = false,
                               $password   = false,
                               # [source]
                               $include = [ "/var/spool/cron/crontabs",
                                            "/var/backups",
                                            "/etc",
                                            "/root",
                                            "/home",
                                            "/usr/local/*bin",
                                            "/var/lib/dpkg/status*" ],
                               $exclude = [ "/home/*/.gnupg",
                                            "/home/*/.local/share/Trash",
                                            "/home/*/.Trash",
                                            "/home/*/.thumbnails",
                                            "/home/*/.beagle",
                                            "/home/*/.aMule",
                                            "/home/*/.gnupg",
                                            "/home/*/.gpg",
                                            "/home/*/.ssh",
                                            "/home/*/gtk-gnutella-downloads",
                                            "/etc/ssh/*" ],
                               $vsinclude = false,
                               # [dest]
                               $incremental   = "yes",
                               $increments   = false,
                               $keep          = false,
                               $keepincroffulls = false,
                               $bandwidthlimit = false,
                               $sshoptions    = false,
                               $destdir       = false,
                               $desthost      = false,
                               $destuser      = false,
                               $desturl       = false,
                               # configs to backupninja client
                               $backupkeystore       = $backupninja::keystore,
                               $backupkeystorefspath = $backupninja::keystorefspath,
                               $backupkeytype        = $backupninja::keytype,
                               $backupkeydest        = $backupninja::keydest,
                               $backupkeydestname    = $backupninja::keydestname,
                               # options to backupninja server sandbox
                               $ssh_dir_manage       = true,
                               $ssh_dir              = "${destdir}/.ssh",
                               $authorized_keys_file = 'authorized_keys',
                               $sandbox              = true,
                               $installuser          = true,
                               $backuptag            = "backupninja-${::fqdn}",
                               # key options
                               $createkey            = false,
                               $keymanage            = $backupninja::keymanage ) {

  # install client dependencies
  ensure_resource('package', 'duplicity', {'ensure' => $backupninja::ensure_duplicity_version})

  case $desthost { false: { err("need to define a destination host for remote backups!") } }
  case $destdir { false: { err("need to define a destination directory for remote backups!") } }
  case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } }

  # guarantees there's a configured backup space for this backup
  if $sandbox {
    backupninja::server::sandbox { "${user}-${name}":
      user                 => $destuser,
      host                 => $desthost,
      dir                  => $destdir,
      manage_ssh_dir       => $ssh_dir_manage,
      ssh_dir              => $ssh_dir,
      authorized_keys_file => $authorized_keys_file,
      installuser          => $installuser,
      backuptag            => $backuptag,
      backupkeys           => $backupkeystore,
      keytype              => $backupkeytype,
    }
  }

  # the client's ssh key
  backupninja::key { "${destuser}-${name}":
    user           => $destuser,
    createkey      => $createkey,
    keymanage      => $keymanage,
    keytype        => $backupkeytype,
    keystore       => $backupkeystore,
    keystorefspath => $backupkeystorefspath,
    keydest        => $backupkeydest,
    keydestname    => $backupkeydestname
  }

  # the backupninja rule for this duplicity backup
  file { "${backupninja::configdir}/${order}_${name}.dup":
    ensure  => $ensure,
    content => template('backupninja/dup.conf.erb'),
    owner   => root,
    group   => root,
    mode    => 0600,
    require => File["${backupninja::configdir}"]
  }

  if $backupninja::manage_nagios {
    nagios::service::passive { $nagios_description: }
  }

}