better backps, gitea up to date

deployer/group_vars/all/vars.yml

@@ -11,7 +11,7 @@ wordpress:
   version: 5.4
   checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e
 gitea:
-  version: 1.11.4
+  version: 1.12.1
 synapse:
   version: v1.15.1-py3
 
@@ -19,118 +19,118 @@ postgres:
   pg_hba_path: "/etc/postgresql/9.6/main/pg_hba.conf"
 
 sites:
-  # - slug: rdb # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: rennesdesbois.fr
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: yes
-  #   # What kind of site is that?
-  #   type: wordpress
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.1.0/24
-  #   subnet_gateway_ip: 172.27.1.1
-  #   subnet_nginx_ip: 172.27.1.2
-  #   subnet_site_ip: 172.27.1.3
-  #   # MySQL
-  #   mysql_database: rdb
-  #   mysql_username: rdb
-  #   mysql_password: "{{ vault_rdb_mysql_password }}"
+  - slug: rdb # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: rennesdesbois.fr
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: yes
+    # What kind of site is that?
+    type: wordpress
+    # Subnet addresses
+    subnet_cidr_address: 172.27.1.0/24
+    subnet_gateway_ip: 172.27.1.1
+    subnet_nginx_ip: 172.27.1.2
+    subnet_site_ip: 172.27.1.3
+    # MySQL
+    mysql_database: rdb
+    mysql_username: rdb
+    mysql_password: "{{ vault_rdb_mysql_password }}"
 
-  # - slug: arvuhez # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: arvuhez.org
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: wordpress
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.2.0/24
-  #   subnet_gateway_ip: 172.27.2.1
-  #   subnet_nginx_ip: 172.27.2.2
-  #   subnet_site_ip: 172.27.2.3
-  #   # MySQL    
-  #   mysql_database: arvuhez
-  #   mysql_username: arvuhez
-  #   mysql_password: "{{ vault_arvuhez_mysql_password }}"
+  - slug: arvuhez # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: arvuhez.org
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: wordpress
+    # Subnet addresses
+    subnet_cidr_address: 172.27.2.0/24
+    subnet_gateway_ip: 172.27.2.1
+    subnet_nginx_ip: 172.27.2.2
+    subnet_site_ip: 172.27.2.3
+    # MySQL    
+    mysql_database: arvuhez
+    mysql_username: arvuhez
+    mysql_password: "{{ vault_arvuhez_mysql_password }}"
 
-  # - slug: zinzoscope # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: zinz.luxeylab.net
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: wordpress
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.3.0/24
-  #   subnet_gateway_ip: 172.27.3.1
-  #   subnet_nginx_ip: 172.27.3.2
-  #   subnet_site_ip: 172.27.3.3
-  #   # MySQL
-  #   mysql_database: zinzoscope
-  #   mysql_username: zinzoscope
-  #   mysql_password: "{{ vault_zinzoscope_mysql_password }}"
+  - slug: zinzoscope # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: zinz.luxeylab.net
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: wordpress
+    # Subnet addresses
+    subnet_cidr_address: 172.27.3.0/24
+    subnet_gateway_ip: 172.27.3.1
+    subnet_nginx_ip: 172.27.3.2
+    subnet_site_ip: 172.27.3.3
+    # MySQL
+    mysql_database: zinzoscope
+    mysql_username: zinzoscope
+    mysql_password: "{{ vault_zinzoscope_mysql_password }}"
 
-  # - slug: lexperimental # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: lexperimental.fr
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: wordpress
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.4.0/24
-  #   subnet_gateway_ip: 172.27.4.1
-  #   subnet_nginx_ip: 172.27.4.2
-  #   subnet_site_ip: 172.27.4.3
-  #   # MySQL
-  #   mysql_database: lexperimental
-  #   mysql_username: lexperimental
-  #   mysql_password: "{{ vault_lexperimental_mysql_password }}"
+  - slug: lexperimental # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: lexperimental.fr
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: wordpress
+    # Subnet addresses
+    subnet_cidr_address: 172.27.4.0/24
+    subnet_gateway_ip: 172.27.4.1
+    subnet_nginx_ip: 172.27.4.2
+    subnet_site_ip: 172.27.4.3
+    # MySQL
+    mysql_database: lexperimental
+    mysql_username: lexperimental
+    mysql_password: "{{ vault_lexperimental_mysql_password }}"
 
-  # - slug: mts # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: editionsmangetasoupe.fr
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: drupal
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.5.0/24
-  #   subnet_gateway_ip: 172.27.5.1
-  #   subnet_site_ip: 172.27.5.2
-  #   # This will allow setting up MySQL
-  #   # Configuration on Drupal's side must be done by hand:
-  #   # Edit your <drupal_install>/sites/default/settings.php
-  #   mysql_database: mts8
-  #   mysql_username: mts
-  #   mysql_password: "{{ vault_mts_mysql_password }}"
+  - slug: mts # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: editionsmangetasoupe.fr
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: drupal
+    # Subnet addresses
+    subnet_cidr_address: 172.27.5.0/24
+    subnet_gateway_ip: 172.27.5.1
+    subnet_site_ip: 172.27.5.2
+    # This will allow setting up MySQL
+    # Configuration on Drupal's side must be done by hand:
+    # Edit your <drupal_install>/sites/default/settings.php
+    mysql_database: mts8
+    mysql_username: mts
+    mysql_password: "{{ vault_mts_mysql_password }}"
 
-  # - slug: gitea # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: git.deuxfleurs.fr
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: gitea
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.6.0/24
-  #   subnet_gateway_ip: 172.27.6.1
-  #   subnet_site_ip: 172.27.6.2
-  #   # User IDs
-  #   user_name: git
-  #   user_uid: 1007
-  #   user_group: git
-  #   user_gid: 1006
-  #   # MySQL
-  #   mysql_database: gitea
-  #   mysql_username: gitea
-  #   mysql_password: "{{ vault_gitea_mysql_password }}"
+  - slug: gitea # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: git.deuxfleurs.fr
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: gitea
+    # Subnet addresses
+    subnet_cidr_address: 172.27.6.0/24
+    subnet_gateway_ip: 172.27.6.1
+    subnet_site_ip: 172.27.6.2
+    # User IDs
+    user_name: git
+    user_uid: 1007
+    user_group: git
+    user_gid: 1006
+    # MySQL
+    mysql_database: gitea
+    mysql_username: gitea
+    mysql_password: "{{ vault_gitea_mysql_password }}"
 
   - slug: synapse # Shorthand name to use as directory/file name
     # The site URL (without www)

deployer/roles/build/tasks/backup.yml

@@ -3,64 +3,72 @@
 #   - site: dict describing the site install (cf group_vars/all/vars.yml)
 #   - site_data_path: path of the site's data
 
-- name: "Data backups"
-  block:
-    - name: "Setup weekly backup of site's data"
-      cron:
-        name: "backup {{ site.slug }} data"
-        # hour: "{{ 24 | random }}"
-        # minute: "{{ 60 | random }}"
-        special_time: weekly
-        user: "root"
-        job: "tar czf {{ backups_path }}/{{ site.slug }}.tar.gz {{ site_data_path }}"
-      become: yes
-    - name: "Setup data backup rotation with logrotate"
-      blockinfile:
-        path: "/etc/logrotate.d/{{ site.slug }}"
-        marker: "# {mark} DATA BACKUP"
-        create: yes
-        block: |
-          {{ backups_path }}/{{ site.slug }}.tar.gz {
-            weekly
-            rotate 4
-            nocompress
-            dateext
-            dateformat _%Y-%m-%d
-            extension .tar.gz
-            missingok
-          }
-      become: yes
+
+- name: "Setup periodic site files backup"
+  blockinfile:
+    path: "/etc/logrotate.d/{{ site.slug }}"
+    marker: "# {mark} DATA BACKUP"
+    create: yes
+    block: |
+      {{ backups_path }}/{{ site.slug }}.tar.gz {
+        prerotate
+          tar czf {{ backups_path }}/{{ site.slug }}.tar.gz {{ site_data_path }}
+        endscript
+        weekly
+        rotate 4
+        nocompress
+        dateext
+        dateformat _%Y-%m-%d
+        extension .tar.gz
+        missingok
+        su www-data www-data
+        nocreate
+      }
+  become: yes
   when: site_data_path is defined
 
-- name: "MySQL Database backups"
-  block:
-    # You need your root MySQL password stored in /root/.my.cnf to avoid
-    # putting the password in the crontab
-    - name: "Setup weekly backup of database"
-      cron:
-        name: "backup {{ site.slug }} database"
-        special_time: weekly
-        user: "root" # need root for passwordless mysqldump
-        job: "mysqldump {{ site.mysql_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz"
-      become: yes
-    - name: "Setup database backup rotation with logrotate"
-      blockinfile:
-        path: "/etc/logrotate.d/{{ site.slug }}"
-        marker: "# {mark} DATABASE BACKUP"
-        create: yes
-        block: |
-          {{ backups_path }}/{{ site.slug }}.sql.gz {
-            weekly
-            rotate 4
-            nocompress
-            dateext
-            dateformat _%Y-%m-%d
-            extension .sql.gz
-            missingok
-          }
-      become: yes
+- name: "Setup periodic MySQL database backup"
+  blockinfile:
+    path: "/etc/logrotate.d/{{ site.slug }}"
+    marker: "# {mark} DATABASE BACKUP"
+    create: yes
+    block: |
+      {{ backups_path }}/{{ site.slug }}.sql.gz {
+        prerotate
+          mysqldump {{ site.mysql_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz
+        endscript
+        weekly
+        rotate 4
+        nocompress
+        dateext
+        dateformat _%Y-%m-%d
+        extension .sql.gz
+        missingok
+        su www-data www-data
+        nocreate
+      }
+  become: yes
   when: site.mysql_database is defined
 
-- name: "PostgreSQL Database backups"
-  debug: msg="TODO PUTAIN BOSSE LÀ"
+- name: "Setup periodic PostgreSQL database backup"
+  blockinfile:
+    path: "/etc/logrotate.d/{{ site.slug }}"
+    marker: "# {mark} DATABASE BACKUP"
+    create: yes
+    block: |
+      {{ backups_path }}/{{ site.slug }}.sql.gz {
+        prerotate
+          sudo -u postgres pg_dump {{ site.postgres_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz
+        endscript
+        weekly
+        rotate 4
+        nocompress
+        dateext
+        dateformat _%Y-%m-%d
+        extension .sql.gz
+        missingok
+        su www-data www-data
+        nocreate
+      }
+  become: yes
   when: site.postgres_database is defined

deployer/roles/build/tasks/main.yml

@@ -6,7 +6,7 @@
   loop_control:
     loop_var: site
   when: site.type == "wordpress"
-  tags: wordpress
+  tags: wordpress,sites
 
 - name: Build Drupal sites
   include_tasks: drupal.yml  
@@ -14,7 +14,7 @@
   loop_control:
     loop_var: site
   when: site.type == "drupal"
-  tags: drupal
+  tags: drupal,sites
 
 - name: Build Gitea sites
   include_tasks: gitea.yml  
@@ -22,7 +22,7 @@
   loop_control:
     loop_var: site
   when: site.type == "gitea"
-  tags: gitea
+  tags: gitea,sites
 
 - name: Build Synapse sites
   include_tasks: synapse.yml  
@@ -30,4 +30,4 @@
   loop_control:
     loop_var: site
   when: site.type == "synapse"
-  tags: synapse
+  tags: synapse,sites