1.0.0 Release IaaS

config/services/systemd/common/kopia/kopia-backup.service.j2

@@ -0,0 +1,49 @@
+[Unit]
+Description=Kopia backup service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=kopia
+Group=kopia
+
+Type=oneshot
+
+# logging
+StandardOutput=journal
+StandardError=journal
+
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+
+ProtectSystem=strict
+ProtectHome=tmpfs
+InaccessiblePaths=/boot /root
+
+{% if node['name'] == 'infra' %}
+BindReadOnlyPaths=/home/infra/containers/postgresql/backups
+{% elif node['name'] == 'app' %}
+BindReadOnlyPaths=/home/app/data
+{% endif %}
+# In root namescope, %u always bring 0
+BindPaths=/etc/kopia
+BindPaths=/etc/secrets/{{ kopia_uid }}
+BindPaths=/var/cache/kopia
+EnvironmentFile=/etc/secrets/{{ kopia_uid }}/kopia.env
+
+ExecStartPre=/usr/bin/kopia repository connect server \
+    --url=https://{{ infra_uri['kopia']['domain'] }}:{{ infra_uri['kopia']['ports']['https'] }} \
+    --override-username={{ node['name'] }} \
+    --override-hostname={{ node['name'] }}.ilnmors.internal
+
+{% if node['name'] == 'infra' %}
+ExecStart=/usr/bin/kopia snapshot create \
+    /home/infra/containers/postgresql/backups
+{% elif node['name'] == 'app' %}
+ExecStart=/usr/bin/kopia snapshot create \
+    /home/app/data
+{% endif %}
+
+
+[Install]
+WantedBy=multi-user.target

config/services/systemd/common/kopia/kopia-backup.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily Kopia backup timer
+
+[Timer]
+OnCalendar=*-*-* 03:00:00
+Persistent=true
+RandomizedDelaySec=300
+
+[Install]
+WantedBy=timers.target

config/services/systemd/common/kopia/kopia.env.j2

@@ -0,0 +1,5 @@
+KOPIA_PASSWORD={{ hostvars['console']['kopia']['user'][node['name']] }}
+KOPIA_CONFIG_PATH=/etc/kopia/repository.config
+KOPIA_CACHE_DIRECTORY=/var/cache/kopia
+KOPIA_LOG_DIR=/var/cache/kopia/logs
+KOPIA_CHECK_FOR_UPDATES=false