From febee5c72e0894847579c7aae2a58f95640009a9 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 7 Apr 2024 14:35:04 +0000
Subject: [PATCH] backup_github: New role

---
 roles/backup_github/files/backup-github.sh | 22 +++++++++++++++
 roles/backup_github/meta/main.yml          |  3 ++
 roles/backup_github/tasks/main.yml         | 32 ++++++++++++++++++++++
 3 files changed, 57 insertions(+)
 create mode 100755 roles/backup_github/files/backup-github.sh
 create mode 100644 roles/backup_github/meta/main.yml
 create mode 100644 roles/backup_github/tasks/main.yml

diff --git a/roles/backup_github/files/backup-github.sh b/roles/backup_github/files/backup-github.sh
new file mode 100755
index 0000000..6d2c598
--- /dev/null
+++ b/roles/backup_github/files/backup-github.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+ORGS="foo-sh"
+
+set -eu
+umask 027
+
+cd /srv/backup/github.com
+
+for _org in $ORGS ; do
+    curl -sSf "https://api.github.com/orgs/foo-sh/repos" | jq -r '.[] | .name' | \
+        while read -r _repo
+    do
+        _url="https://github.com/${_org}/${_repo}.git"
+        _gitdir="${_org}/${_repo}"
+        if [ ! -d "$_gitdir" ]; then
+            mkdir -p "$_gitdir"
+            git --git-dir="$_gitdir" init --quiet --bare
+        fi
+        git --git-dir="$_gitdir" fetch --quiet --force --prune --tags "$_url" "refs/heads/*:refs/heads/*"
+    done
+done
diff --git a/roles/backup_github/meta/main.yml b/roles/backup_github/meta/main.yml
new file mode 100644
index 0000000..9eea2ce
--- /dev/null
+++ b/roles/backup_github/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: backup_server}
diff --git a/roles/backup_github/tasks/main.yml b/roles/backup_github/tasks/main.yml
new file mode 100644
index 0000000..6d6ffdc
--- /dev/null
+++ b/roles/backup_github/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: Install dependencies
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - git
+    - jq
+
+- name: Create backup directory
+  ansible.builtin.file:
+    path: /srv/backup/github.com
+    state: directory
+    mode: "0770"
+    owner: root
+    group: backup
+
+- name: Copy backup script
+  ansible.builtin.copy:
+    dest: /usr/local/sbin/backup-github
+    src: backup-github.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Add cron job
+  ansible.builtin.cron:
+    name: github-backup
+    job: /usr/local/sbin/backup-github
+    hour: "03"
+    minute: "20"
+    user: backup