- name: Configure local backup for LNBits from remote hosts: lapy gather_facts: no vars_files: - ../../infra_vars.yml - ./lnbits_vars.yml vars: remote_data_path: "{{ lnbits_data_dir }}" remote_lnbits_dir: "{{ lnbits_dir }}/lnbits" gpg_recipient: "{{ hostvars['localhost']['gpg_recipient'] | default('') }}" gpg_key_id: "{{ hostvars['localhost']['gpg_key_id'] | default('') }}" tasks: - name: Debug remote backup vars debug: msg: - "remote_host={{ remote_host }}" - "remote_user={{ remote_user }}" - "remote_data_path='{{ remote_data_path }}'" - "local_backup_dir={{ local_backup_dir }}" - "gpg_recipient={{ gpg_recipient }}" - "gpg_key_id={{ gpg_key_id }}" - name: Ensure local backup directory exists file: path: "{{ local_backup_dir }}" state: directory mode: '0755' - name: Ensure ~/.local/bin exists file: path: "{{ lookup('env', 'HOME') }}/.local/bin" state: directory mode: '0755' - name: Create backup script copy: dest: "{{ backup_script_path }}" mode: '0750' content: | #!/bin/bash set -euo pipefail TIMESTAMP=$(date +'%Y-%m-%d') ENCRYPTED_BACKUP="{{ local_backup_dir }}/lnbits-backup-$TIMESTAMP.tar.gz.gpg" {% if remote_key_file %} SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}" {% else %} SSH_CMD="ssh -p {{ remote_port }}" {% endif %} # Stop LNBits service before backup echo "Stopping LNBits service..." $SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl stop lnbits.service" # Create encrypted backup on the fly # First, create a tar archive of the data directory and pipe it through gpg echo "Creating backup..." $SSH_CMD {{ remote_user }}@{{ remote_host }} "cd {{ remote_data_path }} && tar -czf - ." | \ gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "$ENCRYPTED_BACKUP" # Also backup the .env file separately (smaller, might need quick access) $SSH_CMD {{ remote_user }}@{{ remote_host }} "cat {{ remote_lnbits_dir }}/.env" | \ gpg --batch --yes --encrypt --recipient "{{ gpg_recipient }}" --output "{{ local_backup_dir }}/lnbits-env-$TIMESTAMP.gpg" # Start LNBits service after backup echo "Starting LNBits service..." $SSH_CMD {{ remote_user }}@{{ remote_host }} "sudo systemctl start lnbits.service" # Rotate old backups (keep 14 days) # Calculate cutoff date (14 days ago) and delete backups older than that CUTOFF_DATE=$(date -d '14 days ago' +'%Y-%m-%d') for backup_file in "{{ local_backup_dir }}"/lnbits-backup-*.tar.gz.gpg; do if [ -f "$backup_file" ]; then # Extract date from filename: lnbits-backup-YYYY-MM-DD.tar.gz.gpg file_date=$(basename "$backup_file" | sed -n 's/lnbits-backup-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.tar\.gz\.gpg/\1/p') if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then rm -f "$backup_file" fi fi done for env_file in "{{ local_backup_dir }}"/lnbits-env-*.gpg; do if [ -f "$env_file" ]; then # Extract date from filename: lnbits-env-YYYY-MM-DD.gpg file_date=$(basename "$env_file" | sed -n 's/lnbits-env-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\)\.gpg/\1/p') if [ -n "$file_date" ] && [ "$file_date" != "$TIMESTAMP" ] && [ "$file_date" \< "$CUTOFF_DATE" ]; then rm -f "$env_file" fi fi done echo "Backup completed successfully" - name: Ensure cronjob for backup exists cron: name: "LNBits backup" user: "{{ lookup('env', 'USER') }}" job: "{{ backup_script_path }}" minute: 5 hour: "9,12,15,18" - name: Run the backup script to make the first backup command: "{{ backup_script_path }}"