-
Notifications
You must be signed in to change notification settings - Fork 1
/
pillar.example
94 lines (79 loc) · 3.13 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
borg:
# clients need to know where they are supposed to push backup to
# path to folder without the actual repository folder (e.g. /srv/borg-repos)
archive_base: ssh://borguser@backuphost.example.org/srv/borg-repos
# the last part of the repo name
# if unset, $HOSTNAME will be used
reponame: client-host
# use your own archive naming pattern.
# if unset, {hostname}-{now:%Y-%m-%dT%H-%M} will be used (which will be
# expanded by borg)
archive_name: '{hostname}-{now:%Y-%m-%dT%H-%M}'
# if unset, no passphrase will be used
# passphrase: abc
# exclude paths and pattern from borg create
# on the master, make sure to exclude the master_archive_base by including it
# in this list
# Attention: by default, borg/defaults.yaml already includes a default_exclude
# list and a default_include list which backs up / but excludes a few
# directories e.g. /dev /proc /sys /tmp etc. look at them and verify
# correctness
exclude:
- /path/to/ignore
- /another/path
- '/tmp/*' # pattern
# / is already included in default_include
include:
- /
# configure for master
master:
# the user for which ssh keys are installed and which runs `borg serve` as
# receiver. Will be created if it doesn't exist. Required.
user: borg
# the master needs to know where the repos are located (e.g. /srv/borg-repos)
# will be created if it doesn't exist. Required.
archive_base: /srv/borg-repos
# all repos will be created if not present
repos:
# reponame will be appended to borg:archive_base
# must be equal to the minion host borg:reponame value
# required
- reponame: host1
# will be exported via environment variable BORG_PASSPHRASE if set if a
# passphrase is set, you must also set a corresponding init_option for
# borg to set up encryption/authentication. If unset, no encryption and
# authentication will take place. Default: unset
# passphrase: foobar
# exposes options which can be passed to borg on repository creation
init_options:
- '--append-only'
- '--make-parent-dirs'
#- '--encryption=repokey'
#- '--storage-quota=1.5T'
# configure which ssh pubkeys are allowed to access the repo
pubkeys:
- pubkey: minion_ssh_pubkey_here
# comment is optional
comment: root@minion1
# enc can be ssh-rsa, etc (see ssh_auth.present states in the
# official docs). Defaults to ssh-ed25519
enc: ssh-ed25519
- pubkey: another_minion_ssh_pubkey_here
# comment is optional
# comment: root@minion2
# enc can be ssh-rsa, etc (see state.ssh_auth.present states in the
# official salt docs). Defaults to ssh-ed25519
enc: ssh-rsa
- pubkey: yet_another_minion_ssh_pubkey_here
enc: ssh-rsa
delete: True
# override some defaults
# see borg/defaults.yaml for full documentation
lookup:
pkg: borgbackup
cronic_pkg: cronic
#default_include:
# - /mnt
# - /home
# - /var
#default_exclude: []