personal_infra/ansible/services/lnbits/setup_backup_lnbits_to_lapy.yml

- name: Configure local backup for LNBits from remote
  hosts: lapy
  gather_facts: no
  vars_files:
    - ../../infra_vars.yml
    - ./lnbits_vars.yml
  vars:
    remote_data_path: "{{ lnbits_data_dir }}"
    remote_lnbits_dir: "{{ lnbits_dir }}/lnbits"
    gpg_recipient: "{{ hostvars['localhost']['gpg_recipient'] | default('') }}"
    gpg_key_id: "{{ hostvars['localhost']['gpg_key_id'] | default('') }}"

  tasks:
    - name: Debug remote backup vars
      debug:
        msg:
          - "remote_host={{ remote_host }}"
          - "remote_user={{ remote_user }}"
          - "remote_data_path='{{ remote_data_path }}'"
          - "local_backup_dir={{ local_backup_dir }}"
          - "gpg_recipient={{ gpg_recipient }}"
          - "gpg_key_id={{ gpg_key_id }}"

    - name: Ensure local backup directory exists
      file:
        path: "{{ local_backup_dir }}"
        state: directory
        mode: '0755'

    - name: Ensure ~/.local/bin exists
      file:
        path: "{{ lookup('env', 'HOME') }}/.local/bin"
        state: directory
        mode: '0755'

    - name: Create backup script
      copy:
        dest: "{{ backup_script_path }}"
        mode: '0750'
        content: |
          #!/bin/bash
          set -euo pipefail

          TIMESTAMP=$(date +'%Y-%m-%d')
          ENCRYPTED_BACKUP="{{ local_backup_dir }}/lnbits-backup-$TIMESTAMP.tar.gz.gpg"

          {% if remote_key_file %}
          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          # Stop LNBits service before backup
          echo "Stopping LNBits service..."
          $SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl stop lnbits.service"

          # Create encrypted backup on the fly
          # First, create a tar archive of the data directory and pipe it through gpg
          echo "Creating backup..."
          $SSH_CMD {{ remote_user }}@{{ remote_host }} "cd {{ remote_data_path }} && tar -czf - ." | \
          gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "$ENCRYPTED_BACKUP"

          # Also backup the .env file separately (smaller, might need quick access)
          $SSH_CMD {{ remote_user }}@{{ remote_host }} "cat {{ remote_lnbits_dir }}/.env" | \
          gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "{{ local_backup_dir }}/lnbits-env-$TIMESTAMP.gpg"

          # Start LNBits service after backup
          echo "Starting LNBits service..."
          $SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl start lnbits.service"

          # Rotate old backups (keep 14 days)
          # Calculate cutoff date (14 days ago) and delete backups older than that
          CUTOFF_DATE=$(date -d '14 days ago' +'%Y-%m-%d')
          for backup_file in "{{ local_backup_dir }}"/lnbits-backup-*.tar.gz.gpg; do
            if [ -f "$backup_file" ]; then
              # Extract date from filename: lnbits-backup-YYYY-MM-DD.tar.gz.gpg
              file_date=$(basename "$backup_file" | sed -n 's/lnbits-backup-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.tar\.gz\.gpg/\1/p')
              if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then
                rm -f "$backup_file"
              fi
            fi
          done
          for env_file in "{{ local_backup_dir }}"/lnbits-env-*.gpg; do
            if [ -f "$env_file" ]; then
              # Extract date from filename: lnbits-env-YYYY-MM-DD.gpg
              file_date=$(basename "$env_file" | sed -n 's/lnbits-env-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.gpg/\1/p')
              if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then
                rm -f "$env_file"
              fi
            fi
          done

          echo "Backup completed successfully"

    - name: Ensure cronjob for backup exists
      cron:
        name: "LNBits backup"
        user: "{{ lookup('env', 'USER') }}"
        job: "{{ backup_script_path }}"
        minute: 5
        hour: "9,12,15,18"

    - name: Run the backup script to make the first backup
      command: "{{ backup_script_path }}"
more stuff 2025-08-21 22:45:47 +02:00			`- name: Configure local backup for LNBits from remote`
			`hosts: lapy`
			`gather_facts: no`
			`vars_files:`
			`- ../../infra_vars.yml`
			`- ./lnbits_vars.yml`
			`vars:`
			`remote_data_path: "{{ lnbits_data_dir }}"`
			`remote_lnbits_dir: "{{ lnbits_dir }}/lnbits"`
			`gpg_recipient: "{{ hostvars['localhost']['gpg_recipient'] \| default('') }}"`
			`gpg_key_id: "{{ hostvars['localhost']['gpg_key_id'] \| default('') }}"`

			`tasks:`
			`- name: Debug remote backup vars`
			`debug:`
			`msg:`
			`- "remote_host={{ remote_host }}"`
			`- "remote_user={{ remote_user }}"`
			`- "remote_data_path='{{ remote_data_path }}'"`
			`- "local_backup_dir={{ local_backup_dir }}"`
			`- "gpg_recipient={{ gpg_recipient }}"`
			`- "gpg_key_id={{ gpg_key_id }}"`

			`- name: Ensure local backup directory exists`
			`file:`
			`path: "{{ local_backup_dir }}"`
			`state: directory`
			`mode: '0755'`

			`- name: Ensure ~/.local/bin exists`
			`file:`
			`path: "{{ lookup('env', 'HOME') }}/.local/bin"`
			`state: directory`
			`mode: '0755'`

			`- name: Create backup script`
			`copy:`
			`dest: "{{ backup_script_path }}"`
			`mode: '0750'`
			`content: \|`
			`#!/bin/bash`
			`set -euo pipefail`

			`TIMESTAMP=$(date +'%Y-%m-%d')`
			`ENCRYPTED_BACKUP="{{ local_backup_dir }}/lnbits-backup-$TIMESTAMP.tar.gz.gpg"`

			`{% if remote_key_file %}`
too much stuff 2025-12-01 11:16:47 +01:00			`SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"`
more stuff 2025-08-21 22:45:47 +02:00			`{% else %}`
too much stuff 2025-12-01 11:16:47 +01:00			`SSH_CMD="ssh -p {{ remote_port }}"`
more stuff 2025-08-21 22:45:47 +02:00			`{% endif %}`

			`# Stop LNBits service before backup`
			`echo "Stopping LNBits service..."`
			`$SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl stop lnbits.service"`

			`# Create encrypted backup on the fly`
			`# First, create a tar archive of the data directory and pipe it through gpg`
			`echo "Creating backup..."`
			`$SSH_CMD {{ remote_user }}@{{ remote_host }} "cd {{ remote_data_path }} && tar -czf - ." \| \`
overwrite gpg encrypted backups for lnbits 2025-08-27 15:59:42 +02:00			`gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "$ENCRYPTED_BACKUP"`
more stuff 2025-08-21 22:45:47 +02:00
			`# Also backup the .env file separately (smaller, might need quick access)`
			`$SSH_CMD {{ remote_user }}@{{ remote_host }} "cat {{ remote_lnbits_dir }}/.env" \| \`
overwrite gpg encrypted backups for lnbits 2025-08-27 15:59:42 +02:00			`gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "{{ local_backup_dir }}/lnbits-env-$TIMESTAMP.gpg"`
more stuff 2025-08-21 22:45:47 +02:00
			`# Start LNBits service after backup`
			`echo "Starting LNBits service..."`
			`$SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl start lnbits.service"`

stuff 2025-12-06 23:44:17 +01:00			`# Rotate old backups (keep 14 days)`
			`# Calculate cutoff date (14 days ago) and delete backups older than that`
			`CUTOFF_DATE=$(date -d '14 days ago' +'%Y-%m-%d')`
			`for backup_file in "{{ local_backup_dir }}"/lnbits-backup-*.tar.gz.gpg; do`
			`if [ -f "$backup_file" ]; then`
			`# Extract date from filename: lnbits-backup-YYYY-MM-DD.tar.gz.gpg`
			`file_date=$(basename "$backup_file" \| sed -n 's/lnbits-backup-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.tar\.gz\.gpg/\1/p')`
			`if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then`
			`rm -f "$backup_file"`
			`fi`
			`fi`
			`done`
			`for env_file in "{{ local_backup_dir }}"/lnbits-env-*.gpg; do`
			`if [ -f "$env_file" ]; then`
			`# Extract date from filename: lnbits-env-YYYY-MM-DD.gpg`
			`file_date=$(basename "$env_file" \| sed -n 's/lnbits-env-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.gpg/\1/p')`
			`if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then`
			`rm -f "$env_file"`
			`fi`
			`fi`
			`done`
more stuff 2025-08-21 22:45:47 +02:00
			`echo "Backup completed successfully"`

			`- name: Ensure cronjob for backup exists`
			`cron:`
			`name: "LNBits backup"`
			`user: "{{ lookup('env', 'USER') }}"`
			`job: "{{ backup_script_path }}"`
			`minute: 5`
			`hour: "9,12,15,18"`

			`- name: Run the backup script to make the first backup`
			`command: "{{ backup_script_path }}"`