create separate role for backups

playbooks/roles/backups/README.md

@@ -0,0 +1,6 @@
+Custom backups
+=========
+
+Create a crontab job for:
+ - daily and weekly database dumps
+ - archiving the /srv directory

playbooks/roles/backups/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for backups

playbooks/roles/backups/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for backups

playbooks/roles/backups/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

playbooks/roles/backups/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+# tasks file for backups
+- name: Create daily cron job for database backup
+  ansible.builtin.cron:
+    name: "Database backup daily at 5am"
+    user: postgres
+    minute: "0"
+    hour: "5"
+    job: "PGPASSWORD='{{ db_password }}' pg_dump -h localhost -p {{ ports.db_port.port }}  -U {{ db_user }} -F c {{ db_name }} > /backups/prod_db_backups/daily_backup_$(date +\%F).dump"
+
+- name: Create weekly cron job for full database backup
+  ansible.builtin.cron:
+    name: "Database backup weekly sunday at 2am"
+    user: postgres
+    weekday: "7"
+    minute: "0"
+    hour: "2"
+    job: "pg_dumpall -h localhost -p {{ ports.db_port.port }}  -U postgres > /backups/prod_db_backups/full_backup_$(date +\%F).dump"
+
+
+- name: Create daily cron job for srv directory  backup
+  ansible.builtin.cron:
+    name: "srv directory backup daily at 5am"
+    user: root
+    minute: "0"
+    hour: "5"
+    job: "tar -czvf /backups/gitea_drone_backups/srv_backup_$(date +%F).tar.gz /srv"
+

playbooks/roles/backups/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - backups

playbooks/roles/backups/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for backups

playbooks/roles/drone/files/drone-compose.yaml

@@ -3,6 +3,7 @@ services:
     container_name: drone
     image: drone/drone:2.26.0
     environment:
+      DRONE_USER_CREATE: username:${USERNAME},admin:true
       DRONE_RPC_SECRET: '${DRONE_RPC_SECRET}'
       DRONE_SERVER_HOST: '${DRONE_SERVER_HOST}'
       DRONE_GITEA_SERVER: 'https://${GIT_DOMAIN}'