Moved off AWS. (#2)

- Instance in Hetzner. - Data stored in Backblaze B2. Reviewed-on: #2 Co-authored-by: M. V. Hutz <git@maximhutz.me> Co-committed-by: M. V. Hutz <git@maximhutz.me>
2025-09-12 00:07:17 +00:00
parent 23cf397581
commit 23120b9559
25 changed files with 517 additions and 611 deletions
--- a/playbooks/restore.yml
+++ b/playbooks/restore.yml
@@ -1,19 +1,25 @@
- name: Deploy artifact to instance.
+- name: Set up real host.
+  gather_facts: false
  hosts: localhost
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Add remote host.
+      ansible.builtin.add_host:
+        name: server
+        ansible_ssh_host: "{{ server_ip.value }}"
+        ansible_user: root
+        ansible_port: 2222
+        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
+
+- name: Deploy artifact to instance.
+  hosts: server
  become: true
  gather_facts: false
  vars_files:
-    - ../config/ansible.secret.json
-    - ../config/infrastructure.secret.json
-  vars:
-    ansible_connection: aws_ssm
-    ansible_python_interpreter: /usr/bin/python3
-    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
-    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
-    ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
-    ansible_aws_ssm_region: "{{ aws_region }}"
-    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
-    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
  tasks:
    - name: Stop server.
      community.docker.docker_container:
@@ -22,38 +28,38 @@
      loop: [server, backup]

    - name: Copy backup from S3.
-      environment:
-        region: "{{ boot_region.value }}"
-        access_key: "{{ boot_id.value }}"
-        secret_key: "{{ boot_secret.value }}"
      amazon.aws.s3_object:
-        bucket: "{{ restore_bucket | mandatory(msg='You must specify the bucket of the data.') }}"
-        object: "{{ restore_key | mandatory(msg='You must specify the key of the data.') }}"
-        dest: /home/ssm-user/backup.tar.gz
+        bucket: "{{ secret.restore.bucket | mandatory(msg='You must specify the bucket of the data.') }}"
+        object: "{{ secret.restore.key | mandatory(msg='You must specify the key of the data.') }}"
+        dest: /root/snapshot.tar.gz
        mode: get
+        region: "{{ secret.restore.region }}"
+        access_key: "{{ secret.restore.access_key }}"
+        secret_key: "{{ secret.restore.secret_key }}"
+        ignore_nonexistent_bucket: true

    - name: Ensure backup directory exists.
      ansible.builtin.file:
-        path: /home/ssm-user/backup
+        path: /root/restore
        state: directory
        mode: '0777'

    - name: Extract backup.
      ansible.builtin.unarchive:
-        src: /home/ssm-user/backup.tar.gz
-        dest: /home/ssm-user/backup
+        src: /root/snapshot.tar.gz
+        dest: /root/restore
        remote_src: true

    - name: Move backup files to data folder.
      ansible.builtin.copy:
        remote_src: true
-        src: /home/ssm-user/backup/backup/my-app-backup/
-        dest: /home/ssm-user/data/
+        src: /root/restore/backup/my-app-backup/
+        dest: /root/data/
        mode: '0777'

    - name: Update permissions.
      ansible.builtin.file:
-        path: /home/ssm-user/data
+        path: /root/data
        recurse: true
        mode: '0777'
        owner: 1000