Ansible role for backuping up to Backblaze B2

b2-backup.sh

#!/bin/sh

cd ../

B2_BUCKET_NAME="example-com"
INSTALL_NAME="example.com"

SQL_FILE=database_backup.sql
UPLOADS_FILE=uploads_backups.tar.gz
UPLOADS_DIR=/srv/www/$INSTALL_NAME/shared/

# Backup database
wp db export $SQL_FILE --add-drop-table --quiet --url=http://blah.com

# Compress the database dump file
gzip $SQL_FILE

# Upload db export to B2
/usr/local/bin/b2 upload_file $B2_BUCKET_NAME $SQL_FILE.gz $SQL_FILE.gz

# Remove db export file from server
rm $SQL_FILE.gz

# Move to uploads directory
cd $UPLOADS_DIR

# Compress upload directory
tar -zcf $UPLOADS_FILE uploads

# Upload compressed uploads to B2
/usr/local/bin/b2 upload_file $B2_BUCKET_NAME $UPLOADS_FILE $UPLOADS_FILE

# Remove compress uploads file from server
rm $UPLOADS_FILE

main.yml

---
- name: Ensure pip is dependency is installed
  apt:
    name:
      - python-pip
    state: present

- name: Install B2 CLI via pip
  pip:
    name: b2

- name: Authorize B2 account via CLI
  become_user: "{{ web_user }}"
  shell: b2 authorize-account {{ b2_account_id }} {{ b2_application_key }}

- name: Setup cron to trigger B2 backups
  cron:
    name: "{{ item.key }} site cron"
    hour: "{{ item.value.cron.hour | default('*') }}"
    minute: "{{ item.value.cron.minute | default('*') }}"
    user: "{{ web_user }}"
    job: "cd {{ www_root }}/{{ item.key }}/{{ item.value.current_path | default('current') }}/scripts && chmod +x {{ item.value.cron.filename }} && ./{{ item.value.cron.filename }}"
    cron_file: "custom-{{ item.key | replace('.', '_') }}"
  with_dict: "{{ wordpress_sites }}"
  when: item.value.cron | default(false)

server.yml

---
- include: variable-check.yml
  vars:
    playbook: server.yml

- name: Test Connection and Determine Remote User
  hosts: web:&{{ env }}
  gather_facts: false
  roles:
    - { role: connection, tags: [connection, always] }

- name: Install prerequisites
  hosts: web:&{{ env }}
  gather_facts: false
  become: yes
  tasks:
    - name: Install Python 2.x
      raw: which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson
      register: python_check
      changed_when: not python_check.stdout | search('/usr/bin/python')

- name: WordPress Server - Install LEMP Stack with PHP 7.1 and MariaDB MySQL
  hosts: web:&{{ env }}
  become: yes
  roles:
    - { role: common, tags: [common] }
    - { role: swapfile, swapfile_size: 1GB, tags: [swapfile] }
    - { role: fail2ban, tags: [fail2ban] }
    - { role: ferm, tags: [ferm] }
    - { role: ntp, tags: [ntp] }
    - { role: users, tags: [users] }
    - { role: sshd, tags: [sshd] }
    - { role: mariadb, tags: [mariadb] }
    - { role: ssmtp, tags: [ssmtp, mail] }
    - { role: php, tags: [php] }
    - { role: memcached, tags: [memcached] }
    - { role: nginx, tags: [nginx] }
    - { role: logrotate, tags: [logrotate] }
    - { role: composer, tags: [composer] }
    - { role: wp-cli, tags: [wp-cli] }
    - { role: letsencrypt, tags: [letsencrypt], when: sites_using_letsencrypt | count }
    - { role: wordpress-setup, tags: [wordpress, wordpress-setup, letsencrypt] }
    - { role: b2-backups, tags: [b2-backups] }

vault.yml

# Documentation: https://roots.io/trellis/docs/vault/
vault_mysql_root_password: "example"

# Documentation: https://roots.io/trellis/docs/security/
vault_users:
  - name: "{{ admin_user }}"
    password: "example"
    salt: "uexample"

# Variables to accompany `group_vars/production/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
  example.com:
    env:
      db_password: "example"
      # Generate your keys here: https://roots.io/salts.html
      auth_key: "example"
      secure_auth_key: "example"
      logged_in_key: "example"
      nonce_key: "example"
      auth_salt: "example"
      secure_auth_salt: "example"
      logged_in_salt: "example"
      nonce_salt: "example"

# B2 credentials
b2_account_id: example
b2_application_key: example     

wordpress_sites.yml

# Documentation: https://roots.io/trellis/docs/remote-server-setup/
# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
# Define accompanying passwords/secrets in group_vars/production/vault.yml

wordpress_sites:
  example.com:
    site_hosts:
      - canonical: www.example.com
        redirects:
          - example.com
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    repo: [email protected]:example/example.git # replace with your Git repo URL
    repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
    branch: master
    multisite:
      enabled: false
    ssl:
      enabled: true
      provider: letsencrypt
    cache:
      enabled: true
    cron:
      filename: "b2-backup.sh" # this is the file that the backup cron will be run against
      hour: "3" # Runs at 3am
      minute: "0" # Runs on the hour

Thanks for sharing this!

One small detail, since the authorize-account command will log the key and ID, you should use this to hide those secrets:

- name: Authorize B2 account
  command: "b2 authorize-account {{ app_id }} {{ app_key }}"
  no_log: True # Protect secrets