forked from ISTI-ansible-roles/ansible-roles
151 lines
7.2 KiB
Django/Jinja
151 lines
7.2 KiB
Django/Jinja
# gpg encryption settings, simple settings:
|
|
# GPG_KEY='disabled' - disables encryption alltogether
|
|
# GPG_KEY='<key1>[,<key2>]'; GPG_PW='pass' - encrypt with keys,
|
|
# sign if secret key of key1 is available use GPG_PW for sign & decrypt
|
|
# Note: you can specify keys via all methods described in gpg manpage,
|
|
# section "How to specify a user ID", escape commas (,) via backslash (\)
|
|
# e.g. 'Mueller, Horst', 'Bernd' -> 'Mueller\, Horst, Bernd'
|
|
# as they are used to separate the entries
|
|
# GPG_PW='passphrase' - symmetric encryption using passphrase only
|
|
#GPG_KEY='_KEY_ID_'
|
|
GPG_PW='{{ duplicity_passphrase }}'
|
|
# gpg encryption settings in detail (extended settings)
|
|
# the above settings translate to the following more specific settings
|
|
# GPG_KEYS_ENC='<keyid1>[,<keyid2>,...]' - list of pubkeys to encrypt to
|
|
# GPG_KEY_SIGN='<keyid1>|disabled' - a secret key for signing
|
|
# GPG_PW='<passphrase>' - needed for signing, decryption and symmetric
|
|
# encryption. If you want to deliver different passphrases for e.g.
|
|
# several keys or symmetric encryption plus key signing you can use
|
|
# gpg-agent. Simply make sure that GPG_AGENT_INFO is set in environment.
|
|
# also see "A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING" in duplicity manpage
|
|
# notes on en/decryption
|
|
# private key and passphrase will only be needed for decryption or signing.
|
|
# decryption happens on restore and incrementals (compare archdir contents).
|
|
# for security reasons it makes sense to separate the signing key from the
|
|
# encryption keys. https://answers.launchpad.net/duplicity/+question/107216
|
|
#GPG_KEYS_ENC='<pubkey1>,<pubkey2>,...'
|
|
#GPG_KEY_SIGN='<prvkey>'
|
|
# set if signing key passphrase differs from encryption (key) passphrase
|
|
# NOTE: available since duplicity 0.6.14, translates to SIGN_PASSPHRASE
|
|
#GPG_PW_SIGN='<signpass>'
|
|
|
|
|
|
# gpg options passed from duplicity to gpg process (default='')
|
|
# e.g. "--trust-model pgp|classic|direct|always"
|
|
# or "--compress-algo=bzip2 --bzip2-compress-level=9"
|
|
# or "--personal-cipher-preferences AES256,AES192,AES..."
|
|
# or "--homedir ~/.duply" - keep keyring and gpg settings duply specific
|
|
#GPG_OPTS=''
|
|
|
|
# disable preliminary tests with the following setting
|
|
#GPG_TEST='disabled'
|
|
|
|
# credentials & server address of the backup target (URL-Format)
|
|
# syntax is
|
|
# scheme://[user:password@]host[:port]/[/]path
|
|
# for details see duplicity manpage, section URL Format
|
|
# http://duplicity.nongnu.org/duplicity.1.html#sect8
|
|
# probably one out of
|
|
# # for cloudfiles backend user id is CLOUDFILES_USERNAME, password is
|
|
# # CLOUDFILES_APIKEY, you might need to set CLOUDFILES_AUTHURL manually
|
|
# cf+http://[user:password@]container_name
|
|
# dpbx:///some_dir
|
|
# file://[relative|/absolute]/local/path
|
|
# ftp[s]://user[:password]@other.host[:port]/some_dir
|
|
# gdocs://user[:password]@other.host/some_dir
|
|
# # for the google cloud storage (since duplicity 0.6.22)
|
|
# # user/password are GS_ACCESS_KEY_ID/GS_SECRET_ACCESS_KEY
|
|
# gs://bucket[/prefix]
|
|
# hsi://user[:password]@other.host/some_dir
|
|
# imap[s]://user[:password]@host.com[/from_address_prefix]
|
|
# mega://user[:password]@mega.co.nz/some_dir
|
|
# rsync://user[:password]@host.com[:port]::[/]module/some_dir
|
|
# # rsync over ssh (only keyauth)
|
|
# rsync://user@host.com[:port]/[relative|/absolute]_path
|
|
# # for the s3 user/password are AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY
|
|
# s3://[user:password@]host/bucket_name[/prefix]
|
|
# s3+http://[user:password@]bucket_name[/prefix]
|
|
# # scp and sftp are aliases for the ssh backend
|
|
# ssh://user[:password]@other.host[:port]/[/]some_dir
|
|
# # for authenticated swift define TARGET_USER or SWIFT_USERNAME,
|
|
# # TARGET_PASS or SWIFT_PASSWORD, SWIFT_AUTHURL (mandatory, the path to
|
|
# # your identity service, omitting leads to an error with swift),
|
|
# # optionally SWIFT_AUTHVERSION (which defaults to "1")
|
|
# swift://container_name
|
|
# tahoe://alias/directory
|
|
# webdav[s]://user[:password]@other.host/some_dir
|
|
# ATTENTION: characters other than A-Za-z0-9.-_.~ in the URL have
|
|
# to be replaced by their url encoded pendants, see
|
|
# http://en.wikipedia.org/wiki/Url_encoding
|
|
# if you define the credentials as TARGET_USER, TARGET_PASS below
|
|
# duply will try to url_encode them for you if the need arises
|
|
{% if duplicity_use_ftps %}
|
|
TARGET='ftps://{{ duplicity_backup_server }}/{{ duplicity_backup_dest_dir }}'
|
|
{% else %}
|
|
TARGET='{{ duplicity_target_protocol }}://{{ duplicity_backup_server }}/{{ duplicity_backup_dest_dir }}'
|
|
{% endif %}
|
|
# optionally the username/password can be defined as extra variables
|
|
# setting them here _and_ in TARGET results in an error
|
|
{% if not duplicity_use_ssh_keys %}
|
|
TARGET_USER='{{ duplicity_backup_user }}'
|
|
TARGET_PASS='{{ duplicity_ftp_password }}'
|
|
{% endif %}
|
|
|
|
# base directory to backup
|
|
SOURCE='/'
|
|
|
|
# a command that runs duplicity e.g.
|
|
# shape bandwidth use via trickle
|
|
# "trickle -s -u 640 -d 5120" # 5Mb up, 40Mb down"
|
|
#DUPL_PRECMD=""
|
|
|
|
# exclude folders containing exclusion file (since duplicity 0.5.14)
|
|
# Uncomment the following two lines to enable this setting.
|
|
#FILENAME='.duplicity-ignore'
|
|
#DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
|
|
|
|
# Time frame for old backups to keep, Used for the "purge" command.
|
|
# see duplicity man page, chapter TIME_FORMATS)
|
|
MAX_AGE={{ duplicity_max_backup_age }}
|
|
|
|
# Number of full backups to keep. Used for the "purge-full" command.
|
|
# See duplicity man page, action "remove-all-but-n-full".
|
|
MAX_FULL_BACKUPS={{ duplicity_max_full_backups }}
|
|
|
|
# Number of full backups for which incrementals will be kept for.
|
|
# Used for the "purge-incr" command.
|
|
# See duplicity man page, action "remove-all-inc-of-but-n-full".
|
|
MAX_FULLS_WITH_INCRS={{ duplicity_max_full_with_incrs }}
|
|
|
|
# activates duplicity --full-if-older-than option (since duplicity v0.4.4.RC3)
|
|
# forces a full backup if last full backup reaches a specified age, for the
|
|
# format of MAX_FULLBKP_AGE see duplicity man page, chapter TIME_FORMATS
|
|
# Uncomment the following two lines to enable this setting.
|
|
#MAX_FULLBKP_AGE=1M
|
|
#DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
|
|
|
|
# sets duplicity --volsize option (available since v0.4.3.RC7)
|
|
# set the size of backup chunks to VOLSIZE MB instead of the default 25MB.
|
|
# VOLSIZE must be number of MB's to set the volume size to.
|
|
# Uncomment the following two lines to enable this setting.
|
|
VOLSIZE={{ duplicity_volsize }}
|
|
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
|
|
|
|
# verbosity of output (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)
|
|
# default is 4, if not set
|
|
VERBOSITY={{ duplicity_verbosity }}
|
|
|
|
# temporary file space. at least the size of the biggest file in backup
|
|
# for a successful restoration process. (default is '/tmp', if not set)
|
|
TEMP_DIR={{ duplicity_temp_dir }}
|
|
|
|
# Modifies archive-dir option (since 0.6.0) Defines a folder that holds
|
|
# unencrypted meta data of the backup, enabling new incrementals without the
|
|
# need to decrypt backend metadata first. If empty or deleted somehow, the
|
|
# private key and it's password are needed.
|
|
# NOTE: This is confidential data. Put it somewhere safe. It can grow quite
|
|
# big over time so you might want to put it not in the home dir.
|
|
# default '~/.cache/duplicity/duply_<profile>/'
|
|
# if set '${ARCH_DIR}/<profile>'
|
|
#ARCH_DIR=/some/space/safe/.duply-cache
|