From 58946e4c9f6baeda2e748dee5d539e45df2f3ab8 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 27 Mar 2024 17:40:49 +0100 Subject: [PATCH 1/4] Making Duplicity use venvs. --- docs/roles/debian/duplicity.md | 5 +++ docs/roles/debian/mysql_server_oracle_ce.md | 1 + roles/debian/duplicity/README.md | 5 +++ roles/debian/duplicity/defaults/main.yml | 5 +++ roles/debian/duplicity/meta/main.yml | 3 -- roles/debian/duplicity/tasks/main.yml | 44 +++++++++++++++++-- .../templates/duplicity_backup-b2.j2 | 4 +- .../templates/duplicity_backup-s3.j2 | 4 +- .../duplicity/templates/duplicity_clean-b2.j2 | 2 +- .../duplicity/templates/duplicity_clean-s3.j2 | 2 +- .../templates/duplicity_restore-b2.j2 | 2 +- .../templates/duplicity_restore-s3.j2 | 2 +- roles/debian/mysql_server_oracle_ce/README.md | 1 + 13 files changed, 66 insertions(+), 14 deletions(-) delete mode 100644 roles/debian/duplicity/meta/main.yml diff --git a/docs/roles/debian/duplicity.md b/docs/roles/debian/duplicity.md index 9186201ed..1b71da9e6 100644 --- a/docs/roles/debian/duplicity.md +++ b/docs/roles/debian/duplicity.md @@ -9,6 +9,11 @@ Role to install and configure [the Duplicity backup engine](https://duplicity.us ```yaml --- duplicity: + # Location of Duplicity installation and components. + venv_path: "/home/{{ user_provision.username }}/duplicity" + venv_command: /usr/bin/python3 -m venv + install_username: "{{ user_provision.username }}" + # Duplicity configuration backend: s3 # currently also support b2 for Backblaze access_key_id: "somekey" secret_access_key: "somesecret" diff --git a/docs/roles/debian/mysql_server_oracle_ce.md b/docs/roles/debian/mysql_server_oracle_ce.md index 7ee28b24d..38ce85292 100644 --- a/docs/roles/debian/mysql_server_oracle_ce.md +++ b/docs/roles/debian/mysql_server_oracle_ce.md @@ -11,6 +11,7 @@ Installs MySQL Server 5.7. mysql_long_query_time: 4 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html mysql_server_oracle_ce_key_server: keyserver.ubuntu.com + ``` diff --git a/roles/debian/duplicity/README.md b/roles/debian/duplicity/README.md index 9186201ed..1b71da9e6 100644 --- a/roles/debian/duplicity/README.md +++ b/roles/debian/duplicity/README.md @@ -9,6 +9,11 @@ Role to install and configure [the Duplicity backup engine](https://duplicity.us ```yaml --- duplicity: + # Location of Duplicity installation and components. + venv_path: "/home/{{ user_provision.username }}/duplicity" + venv_command: /usr/bin/python3 -m venv + install_username: "{{ user_provision.username }}" + # Duplicity configuration backend: s3 # currently also support b2 for Backblaze access_key_id: "somekey" secret_access_key: "somesecret" diff --git a/roles/debian/duplicity/defaults/main.yml b/roles/debian/duplicity/defaults/main.yml index f85a94b36..c54cee8cf 100644 --- a/roles/debian/duplicity/defaults/main.yml +++ b/roles/debian/duplicity/defaults/main.yml @@ -1,5 +1,10 @@ --- duplicity: + # Location of Duplicity installation and components. + venv_path: "/home/{{ user_provision.username }}/duplicity" + venv_command: /usr/bin/python3 -m venv + install_username: "{{ user_provision.username }}" + # Duplicity configuration backend: s3 # currently also support b2 for Backblaze access_key_id: "somekey" secret_access_key: "somesecret" diff --git a/roles/debian/duplicity/meta/main.yml b/roles/debian/duplicity/meta/main.yml deleted file mode 100644 index 61df1afb0..000000000 --- a/roles/debian/duplicity/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: debian/python_boto diff --git a/roles/debian/duplicity/tasks/main.yml b/roles/debian/duplicity/tasks/main.yml index 96581e0aa..725ac9090 100644 --- a/roles/debian/duplicity/tasks/main.yml +++ b/roles/debian/duplicity/tasks/main.yml @@ -1,8 +1,46 @@ -- name: Ensure duplicity is installed. +--- +- name: Ensure system Duplicity is not installed. ansible.builtin.apt: pkg: duplicity - state: present - when: ansible_distribution_major_version | int >= 12 + state: absent + +- name: Ensure Duplicity is not installed globally with pip or pip3 on older versions of Debian. + ansible.builtin.pip: + name: + - duplicity + state: absent + executable: "{{ item }}" + when: ansible_distribution_major_version | int < 12 + with_items: + - pip + - pip3 + failed_when: false # don't stop the build if there's no system pip + +# Install Python applications. +- name: Set up Python venv variables. + ansible.builtin.set_fact: + _venv_path: "{{ duplicity.venv_path }}" + _venv_command: "{{ duplicity.venv_command }}" + _install_username: "{{ duplicity.install_username }}" + +- name: Ensure pip is at latest version. + ansible.builtin.pip: + name: + - pip + state: latest + virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}" + virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}" + +- name: Install python_boto. + ansible.builtin.include_role: + name: debian/python_boto + +- name: Install Duplicity. + ansible.builtin.pip: + name: + - duplicity + virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}" + virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}" - name: Ensure duplicity is installed. ansible.builtin.pip: diff --git a/roles/debian/duplicity/templates/duplicity_backup-b2.j2 b/roles/debian/duplicity/templates/duplicity_backup-b2.j2 index b41b992b8..d819090c2 100644 --- a/roles/debian/duplicity/templates/duplicity_backup-b2.j2 +++ b/roles/debian/duplicity/templates/duplicity_backup-b2.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/debian/duplicity/templates/duplicity_backup-s3.j2 b/roles/debian/duplicity/templates/duplicity_backup-s3.j2 index 993de8643..0a8fd0d64 100644 --- a/roles/debian/duplicity/templates/duplicity_backup-s3.j2 +++ b/roles/debian/duplicity/templates/duplicity_backup-s3.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/debian/duplicity/templates/duplicity_clean-b2.j2 b/roles/debian/duplicity/templates/duplicity_clean-b2.j2 index d8c8bb4b4..92a766071 100644 --- a/roles/debian/duplicity/templates/duplicity_clean-b2.j2 +++ b/roles/debian/duplicity/templates/duplicity_clean-b2.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/debian/duplicity/templates/duplicity_clean-s3.j2 b/roles/debian/duplicity/templates/duplicity_clean-s3.j2 index 81b898fda..34dd3fa6b 100644 --- a/roles/debian/duplicity/templates/duplicity_clean-s3.j2 +++ b/roles/debian/duplicity/templates/duplicity_clean-s3.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 + {{ _venv_path }}/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/debian/duplicity/templates/duplicity_restore-b2.j2 b/roles/debian/duplicity/templates/duplicity_restore-b2.j2 index 372431934..abe2281ee 100644 --- a/roles/debian/duplicity/templates/duplicity_restore-b2.j2 +++ b/roles/debian/duplicity/templates/duplicity_restore-b2.j2 @@ -36,7 +36,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + {{ _venv_path }}/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE diff --git a/roles/debian/duplicity/templates/duplicity_restore-s3.j2 b/roles/debian/duplicity/templates/duplicity_restore-s3.j2 index da038389f..332db8a4f 100644 --- a/roles/debian/duplicity/templates/duplicity_restore-s3.j2 +++ b/roles/debian/duplicity/templates/duplicity_restore-s3.j2 @@ -37,7 +37,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + {{ _venv_path }}/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE diff --git a/roles/debian/mysql_server_oracle_ce/README.md b/roles/debian/mysql_server_oracle_ce/README.md index 7ee28b24d..38ce85292 100644 --- a/roles/debian/mysql_server_oracle_ce/README.md +++ b/roles/debian/mysql_server_oracle_ce/README.md @@ -11,6 +11,7 @@ Installs MySQL Server 5.7. mysql_long_query_time: 4 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html mysql_server_oracle_ce_key_server: keyserver.ubuntu.com + ``` From 5304595f596018beb8c2ff70373f40b0dce2b19f Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 27 Mar 2024 18:16:53 +0100 Subject: [PATCH 2/4] Installing venvs as the correct user. --- roles/debian/ansible/tasks/main.yml | 6 +++++ roles/debian/ce_provision/tasks/main.yml | 2 ++ roles/debian/duplicity/tasks/main.yml | 29 +++++++++++------------- roles/debian/ldap_server/tasks/main.yml | 9 +------- roles/debian/mysql_client/tasks/main.yml | 9 +------- roles/debian/nginx/tasks/main.yml | 9 +------- roles/debian/python_boto/tasks/main.yml | 2 ++ 7 files changed, 26 insertions(+), 40 deletions(-) diff --git a/roles/debian/ansible/tasks/main.yml b/roles/debian/ansible/tasks/main.yml index f14197d28..32f14a1f5 100644 --- a/roles/debian/ansible/tasks/main.yml +++ b/roles/debian/ansible/tasks/main.yml @@ -40,6 +40,8 @@ state: latest virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}" virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}" + become_user: "{{ ce_ansible.install_username | default(_install_username) }}" + become: true - name: Install Ansible. ansible.builtin.pip: @@ -47,6 +49,8 @@ - ansible virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}" virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}" + become_user: "{{ ce_ansible.install_username | default(_install_username) }}" + become: true - name: Install linters. ansible.builtin.pip: @@ -55,6 +59,8 @@ - yamllint virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}" virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}" + become_user: "{{ ce_ansible.install_username | default(_install_username) }}" + become: true when: ce_ansible.linters.enabled - name: Ensure Ansible venv permissions. diff --git a/roles/debian/ce_provision/tasks/main.yml b/roles/debian/ce_provision/tasks/main.yml index 1ee53dcc7..35ffb1d29 100644 --- a/roles/debian/ce_provision/tasks/main.yml +++ b/roles/debian/ce_provision/tasks/main.yml @@ -159,6 +159,8 @@ - pyopenssl virtualenv: "{{ _venv_path }}" virtualenv_command: "{{ _venv_command }}" + become_user: "{{ ce_provision.install_username | default(_install_username) }}" + become: true - name: Ensure Ansible venv permissions. ansible.builtin.file: diff --git a/roles/debian/duplicity/tasks/main.yml b/roles/debian/duplicity/tasks/main.yml index 725ac9090..5766f5808 100644 --- a/roles/debian/duplicity/tasks/main.yml +++ b/roles/debian/duplicity/tasks/main.yml @@ -30,6 +30,8 @@ state: latest virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}" virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}" + become_user: "{{ duplicity.install_username | default(_install_username) }}" + become: true - name: Install python_boto. ansible.builtin.include_role: @@ -41,13 +43,8 @@ - duplicity virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}" virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}" - -- name: Ensure duplicity is installed. - ansible.builtin.pip: - name: duplicity - executable: pip3 - state: present - when: ansible_distribution_major_version | int < 12 + become_user: "{{ duplicity.install_username | default(_install_username) }}" + become: true - name: Create install dir. ansible.builtin.file: @@ -68,25 +65,25 @@ ansible.builtin.template: src: "duplicity_backup-{{ duplicity.backend }}.j2" dest: "{{ duplicity.install_dir }}/bin/duplicity_backup" - owner: root - group: root - mode: 0700 + owner: "{{ duplicity.install_username | default(_install_username) }}" + group: "{{ duplicity.install_username | default(_install_username) }}" + mode: 0770 - name: Copy restore script in place. ansible.builtin.template: src: duplicity_restore-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_restore" - owner: root - group: root - mode: 0700 + owner: "{{ duplicity.install_username | default(_install_username) }}" + group: "{{ duplicity.install_username | default(_install_username) }}" + mode: 0770 - name: Copy clean-up script in place. ansible.builtin.template: src: duplicity_clean-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_clean" - owner: root - group: root - mode: 0700 + owner: "{{ duplicity.install_username | default(_install_username) }}" + group: "{{ duplicity.install_username | default(_install_username) }}" + mode: 0770 - name: Copy include-exclude filelist. ansible.builtin.template: diff --git a/roles/debian/ldap_server/tasks/main.yml b/roles/debian/ldap_server/tasks/main.yml index 55e2d9999..e9a2ae55c 100644 --- a/roles/debian/ldap_server/tasks/main.yml +++ b/roles/debian/ldap_server/tasks/main.yml @@ -34,17 +34,10 @@ pkg: ["libsasl2-dev", "libssl-dev", "python3-dev"] # python-ldap needs some dev packages state: present -- name: Install python-ldap with pip3. - ansible.builtin.pip: - name: python-ldap - executable: pip3 - when: ansible_distribution_major_version | int < 12 - -- name: Ensure python3-ldap is installed with apt. +- name: Ensure python3-ldap is installed. ansible.builtin.apt: pkg: python3-ldap state: present - when: ansible_distribution_major_version | int >= 12 - name: Create the slapd config file. ansible.builtin.template: diff --git a/roles/debian/mysql_client/tasks/main.yml b/roles/debian/mysql_client/tasks/main.yml index aa4057005..b51330d3a 100644 --- a/roles/debian/mysql_client/tasks/main.yml +++ b/roles/debian/mysql_client/tasks/main.yml @@ -16,17 +16,10 @@ install_packages: - python3-pip -- name: Ensure PyMySQL is installed with pip3. - ansible.builtin.pip: - name: pymysql - executable: pip3 - when: ansible_distribution_major_version | int < 12 - -- name: Ensure PyMySQL is installed with apt. +- name: Ensure PyMySQL is installed. ansible.builtin.apt: pkg: python3-pymysql state: present - when: ansible_distribution_major_version | int >= 12 - name: Copy debian.cnf credentials file. ansible.builtin.template: diff --git a/roles/debian/nginx/tasks/main.yml b/roles/debian/nginx/tasks/main.yml index 23f8d1e4c..e81ca1a9e 100644 --- a/roles/debian/nginx/tasks/main.yml +++ b/roles/debian/nginx/tasks/main.yml @@ -16,17 +16,10 @@ install_packages: - python3-pip -- name: Ensure passlib is installed with pip3. - ansible.builtin.pip: - name: passlib - executable: pip3 - when: ansible_distribution_major_version | int < 12 - -- name: Ensure python3-passlib is installed with apt. +- name: Ensure python3-passlib is installed. ansible.builtin.apt: pkg: python3-passlib state: present - when: ansible_distribution_major_version | int >= 12 - name: Copy main nginx config. ansible.builtin.template: diff --git a/roles/debian/python_boto/tasks/main.yml b/roles/debian/python_boto/tasks/main.yml index 3195336e8..4cdf5ab9b 100644 --- a/roles/debian/python_boto/tasks/main.yml +++ b/roles/debian/python_boto/tasks/main.yml @@ -30,6 +30,8 @@ name: "{{ _boto3_install_package }}" virtualenv: "{{ python_boto.venv_path | default(_venv_path) }}" virtualenv_command: "{{ python_boto.venv_command | default(_venv_command) }}" + become_user: "{{ python_boto.install_username | default(_install_username) }}" + become: true - name: Ensure Ansible venv permissions. ansible.builtin.file: From 0c483df57c7fd6ec9cc77bb8317109a9787e7f35 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 27 Mar 2024 18:31:13 +0100 Subject: [PATCH 3/4] Setting Duplicity user back to root and installing 'fasteners' in the venv. --- roles/debian/duplicity/tasks/main.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/roles/debian/duplicity/tasks/main.yml b/roles/debian/duplicity/tasks/main.yml index 5766f5808..535161d4b 100644 --- a/roles/debian/duplicity/tasks/main.yml +++ b/roles/debian/duplicity/tasks/main.yml @@ -37,9 +37,10 @@ ansible.builtin.include_role: name: debian/python_boto -- name: Install Duplicity. +- name: Install Duplicity and dependencies. ansible.builtin.pip: name: + - fasteners - duplicity virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}" virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}" @@ -65,25 +66,25 @@ ansible.builtin.template: src: "duplicity_backup-{{ duplicity.backend }}.j2" dest: "{{ duplicity.install_dir }}/bin/duplicity_backup" - owner: "{{ duplicity.install_username | default(_install_username) }}" - group: "{{ duplicity.install_username | default(_install_username) }}" - mode: 0770 + owner: root + group: root + mode: 0700 - name: Copy restore script in place. ansible.builtin.template: src: duplicity_restore-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_restore" - owner: "{{ duplicity.install_username | default(_install_username) }}" - group: "{{ duplicity.install_username | default(_install_username) }}" - mode: 0770 + owner: root + group: root + mode: 0700 - name: Copy clean-up script in place. ansible.builtin.template: src: duplicity_clean-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_clean" - owner: "{{ duplicity.install_username | default(_install_username) }}" - group: "{{ duplicity.install_username | default(_install_username) }}" - mode: 0770 + owner: root + group: root + mode: 0700 - name: Copy include-exclude filelist. ansible.builtin.template: From bf85fb201c0ae0334081ede598922968fe6ccce7 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 27 Mar 2024 18:50:01 +0100 Subject: [PATCH 4/4] Duplicity --s3-european-buckets option deprecated. --- docs/roles/debian/duplicity.md | 2 +- roles/debian/duplicity/README.md | 2 +- roles/debian/duplicity/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/roles/debian/duplicity.md b/docs/roles/debian/duplicity.md index 1b71da9e6..7e4911527 100644 --- a/docs/roles/debian/duplicity.md +++ b/docs/roles/debian/duplicity.md @@ -18,7 +18,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" - s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options + s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/debian/duplicity/README.md b/roles/debian/duplicity/README.md index 1b71da9e6..7e4911527 100644 --- a/roles/debian/duplicity/README.md +++ b/roles/debian/duplicity/README.md @@ -18,7 +18,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" - s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options + s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/debian/duplicity/defaults/main.yml b/roles/debian/duplicity/defaults/main.yml index c54cee8cf..6d7a6f3d6 100644 --- a/roles/debian/duplicity/defaults/main.yml +++ b/roles/debian/duplicity/defaults/main.yml @@ -9,7 +9,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" - s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options + s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot"