From 4a0b2102d71fc03435d196c8d70b930d98a0ec3e Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Sat, 14 May 2022 21:37:06 -0400
Subject: [PATCH] Add backup script

---
 group_vars/all/vars.yml          |  7 +++++
 roles/backup/tasks/main.yml      |  5 +++
 roles/backup/templates/lbk.sh.j2 | 54 ++++++++++++++++++++++++++++++++
 roles/system/tasks/essential.yml |  5 +++
 run.yml                          |  5 +++
 5 files changed, 76 insertions(+)
 create mode 100644 roles/backup/tasks/main.yml
 create mode 100644 roles/backup/templates/lbk.sh.j2

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index ce49784..73f67e0 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -34,6 +34,10 @@ site_repo: http://localhost:3000/dogeystamp/wb4.git
 # This is the raw partition, and not the mapped crypt device
 secondary_disk: /dev/sda1
 
+# Drive for backups (also separate from OS drive)
+# This is the raw partition, and not the mapped crypt device
+backup_disk: /dev/sda2
+
 # Title used for the static website generator
 web_name: dogeystamp
 
@@ -129,6 +133,9 @@ enable_dotfiles: yes
 # LUKS crypto and filesystem mounts
 enable_filesystems: yes
 
+# Deploy script to facilitate backups
+enable_backup: yes
+
 # Firewall (UFW)
 enable_firewall: yes
 
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
new file mode 100644
index 0000000..b0f45a2
--- /dev/null
+++ b/roles/backup/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Deploy backup script
+  template:
+    src: lbk.sh.j2
+    dest: "/home/{{ admin_username }}/.local/bin/lbk.sh"
+    mode: 0755
diff --git a/roles/backup/templates/lbk.sh.j2 b/roles/backup/templates/lbk.sh.j2
new file mode 100644
index 0000000..df101f5
--- /dev/null
+++ b/roles/backup/templates/lbk.sh.j2
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+# Local backup script (run as root)
+
+echo "Creating mountpoint."
+mkdir -p /mnt/disk_b/
+
+echo "Preparing to decrypt backup disk..."
+sleep 5
+echo "Decrypting disk..."
+cryptsetup luksOpen {{ backup_disk }} disk_b --key-file /k5e
+echo "Disk decrypted."
+
+echo "Mounting backup disk."
+mount /dev/mapper/disk_b /mnt/disk_b
+
+if ! mountpoint -q /mnt/disk;
+then
+	echo "Missing data disk mount!"
+	exit
+fi
+
+if [ ! -f /mnt/disk_b/bk-0.tgz ]
+then
+	echo "No full archive: preparing to perform complete backup."
+	sleep 5
+	echo "Performing complete backup."
+	tar -czvf /mnt/disk_b/bk-0.tgz -g /mnt/disk_b/bk.snar /mnt/disk
+	echo "Backup finished."
+	tput bel
+else
+	LABEL=$(date +"%Y_%m_%d")
+	echo "Preparing to perform incremental backup: $LABEL"
+	sleep 5.
+	echo "Performing incremental backup."
+	cp /mnt/disk_b/bk.snar "/mnt/disk_b/bk-$LABEL.snar"
+	tar -czvf /mnt/disk_b/bk-0.tgz -g /mnt/disk_b/bk.snar /mnt/disk
+	echo "Backup finished."
+	tput bel
+fi
+
+echo "Preparing to unmount backup disk."
+sleep 5
+echo "Unmounting backup disk."
+umount /mnt/disk_b
+echo "Unmounted backup disk."
+
+echo "Preparing to close backup disk."
+sleep 5
+echo "Closing backup disk."
+cryptsetup luksClose /dev/mapper/disk_b
+echo "Disk closed."
diff --git a/roles/system/tasks/essential.yml b/roles/system/tasks/essential.yml
index 47c023d..dcc9b51 100644
--- a/roles/system/tasks/essential.yml
+++ b/roles/system/tasks/essential.yml
@@ -1,3 +1,8 @@
+- name: Set locale
+  community.general.locale_gen:
+    name: en_US.UTF-8
+    state: present
+
 - name: Change hostname
   hostname:
     name: "{{ inventory_hostname }}"
diff --git a/run.yml b/run.yml
index b7450ee..37551f5 100644
--- a/run.yml
+++ b/run.yml
@@ -30,6 +30,11 @@
         - filesystems
       when: enable_filesystems
 
+    - role: backup
+      tags:
+        - backup
+      when: enable_backup
+
     - role: networking/connection
       tags:
         - connection