[backup] set up golang

.github/workflows/molecule_tests.yml

@@ -30,6 +30,7 @@ jobs:
           - figgy_filewatcher_worker
           - figgy_pubsub_worker
           - freetds
+          - golang
           - gitlab
           # - geoserver
           - hr_share
@@ -56,6 +57,7 @@ jobs:
           # - pas
           - passenger
           - php
+          - plakar
           - postfix
           - postgresql
           # - pulfalight

devbox.json

@@ -6,17 +6,19 @@
     "python311Packages.virtualenv",
     "ruby_3_2",
     "nodejs_20",
-    "awscli2",
     "lastpass-cli",
-    "git"
+    "git",
+    "google-cloud-sdk@latest",
+    "awscli@latest",
+    "awscli2@latest"
   ],
   "env": {
-    "PYTHON_VERSION": "3.11.1",
-    "RUBY_VERSION": "3.2.0",
-    "NODE_VERSION": "20",
-    "LPASS_AGENT_TIMEOUT": "32400",
-    "PATH": "$DEVBOX_PROJECT_ROOT/.venv/bin:$PATH",
-    "VIRTUAL_ENV": "$DEVBOX_PROJECT_ROOT/.venv",
+    "PYTHON_VERSION":              "3.11.1",
+    "RUBY_VERSION":                "3.2.0",
+    "NODE_VERSION":                "20",
+    "LPASS_AGENT_TIMEOUT":         "32400",
+    "PATH":                        "$DEVBOX_PROJECT_ROOT/.venv/bin:$PATH",
+    "VIRTUAL_ENV":                 "$DEVBOX_PROJECT_ROOT/.venv",
     "ANSIBLE_VAULT_PASSWORD_FILE": "$DEVBOX_PROJECT_ROOT/bin/lastpass-ansible",
     "ANSIBLE_VAULT_IDENTITY_LIST": "pul@$DEVBOX_PROJECT_ROOT/bin/lastpass-ansible,princeton@$DEVBOX_PROJECT_ROOT/bin/lastpass-ansible,ansible@$DEVBOX_PROJECT_ROOT/bin/lastpass-ansible,default@$DEVBOX_PROJECT_ROOT/bin/lastpass-ansible"
   },

devbox.lock

@@ -1,17 +1,131 @@
 {
   "lockfile_version": "1",
   "packages": {
-    "awscli2": {
-      "resolved": "github:NixOS/nixpkgs/32f313e49e42f715491e1ea7b306a87c16fe0388?narHash=sha256-nNaeJjo861wFR0tjHDyCnHs1rbRtrMgxAKMoig9Sj%2Fw%3D#awscli2",
-      "source": "nixpkg",
+    "awscli2@latest": {
+      "last_modified": "2025-11-30T18:29:45Z",
+      "resolved": "github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d#awscli2",
+      "source": "devbox-search",
+      "version": "2.31.39",
       "systems": {
         "aarch64-darwin": {
           "outputs": [
             {
-              "path": "/nix/store/jg3mq99j92671mkxsv2y595mhz1idm0z-awscli2-2.28.1",
+              "name": "out",
+              "path": "/nix/store/h4b0scch07rfyy3jr5lv3cmj7myhn1nl-awscli2-2.31.39",
               "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/nhnmx2dgfd8rd8pnyv396qzsq4gf0933-awscli2-2.31.39-dist"
             }
-          ]
+          ],
+          "store_path": "/nix/store/h4b0scch07rfyy3jr5lv3cmj7myhn1nl-awscli2-2.31.39"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/bxbryfgqh3srva8c7snqr97iir5qrjka-awscli2-2.31.39",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/gc65qq3jlkk17ajk4yscz5j1kws6bcmb-awscli2-2.31.39-dist"
+            }
+          ],
+          "store_path": "/nix/store/bxbryfgqh3srva8c7snqr97iir5qrjka-awscli2-2.31.39"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/lpzh5s8cgp0z8a5l8dscmx2v0hcr3adm-awscli2-2.31.39",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/dxaq2vpl8pykf25bydc433mq521iha4q-awscli2-2.31.39-dist"
+            }
+          ],
+          "store_path": "/nix/store/lpzh5s8cgp0z8a5l8dscmx2v0hcr3adm-awscli2-2.31.39"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/g0i13qaim2j6amiz22qzxinxyvgs0pb3-awscli2-2.31.39",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/b2l8xsgwsw7sg0jwwbsz53rpnv1sc1ns-awscli2-2.31.39-dist"
+            }
+          ],
+          "store_path": "/nix/store/g0i13qaim2j6amiz22qzxinxyvgs0pb3-awscli2-2.31.39"
+        }
+      }
+    },
+    "awscli@latest": {
+      "last_modified": "2025-11-23T21:50:36Z",
+      "resolved": "github:NixOS/nixpkgs/ee09932cedcef15aaf476f9343d1dea2cb77e261#awscli",
+      "source": "devbox-search",
+      "version": "1.42.18",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/2clwsf4dvcdh3p7jzfhpa744j467bh87-awscli-1.42.18",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/y89wxym3smjws52ddngi8ml283aifv0n-awscli-1.42.18-dist"
+            }
+          ],
+          "store_path": "/nix/store/2clwsf4dvcdh3p7jzfhpa744j467bh87-awscli-1.42.18"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/8g9bjs1b1pzfy6v53m4580p3bw6w7rcb-awscli-1.42.18",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/j7841jck3pspvc6xvy8bg3avggv55d3s-awscli-1.42.18-dist"
+            }
+          ],
+          "store_path": "/nix/store/8g9bjs1b1pzfy6v53m4580p3bw6w7rcb-awscli-1.42.18"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/5vkjqj9fbkay8l7jjkhwnflkbh9qk44l-awscli-1.42.18",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/06d27cjqr6p9j7lsxql85y75182xrwnx-awscli-1.42.18-dist"
+            }
+          ],
+          "store_path": "/nix/store/5vkjqj9fbkay8l7jjkhwnflkbh9qk44l-awscli-1.42.18"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/kv1428ahrpdrgidq8g2g9bj2488n2p1k-awscli-1.42.18",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/9jrlm8iz2pcgkwp8lxr2ifd9rla0sb3y-awscli-1.42.18-dist"
+            }
+          ],
+          "store_path": "/nix/store/kv1428ahrpdrgidq8g2g9bj2488n2p1k-awscli-1.42.18"
         }
       }
     },
@@ -33,6 +147,54 @@
       "last_modified": "2025-08-29T03:42:44Z",
       "resolved": "github:NixOS/nixpkgs/c73522789a3c7552b1122773d6eaa34e1491cc1c?lastModified=1756438964&narHash=sha256-yo473URkISSmBZeIE1o6Mf94VRSn5qFVFS9phb7l6eg%3D"
     },
+    "google-cloud-sdk@latest": {
+      "last_modified": "2025-12-03T20:43:00Z",
+      "resolved": "github:NixOS/nixpkgs/ebc94f855ef25347c314258c10393a92794e7ab9#google-cloud-sdk",
+      "source": "devbox-search",
+      "version": "548.0.0",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/47dysafhb5mm3hxkwx6hyxasv05nhxjb-google-cloud-sdk-548.0.0",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/47dysafhb5mm3hxkwx6hyxasv05nhxjb-google-cloud-sdk-548.0.0"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/mri3dcpp8v1a2rdj3899cwywic9x3qz6-google-cloud-sdk-548.0.0",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/mri3dcpp8v1a2rdj3899cwywic9x3qz6-google-cloud-sdk-548.0.0"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/an736haac0wqqxyg20wwnwf0qywqax0y-google-cloud-sdk-548.0.0",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/an736haac0wqqxyg20wwnwf0qywqax0y-google-cloud-sdk-548.0.0"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/w69yfd51aagvba8lnq8ab556bypmywlq-google-cloud-sdk-548.0.0",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/w69yfd51aagvba8lnq8ab556bypmywlq-google-cloud-sdk-548.0.0"
+        }
+      }
+    },
     "lastpass-cli": {
       "resolved": "github:NixOS/nixpkgs/32f313e49e42f715491e1ea7b306a87c16fe0388?narHash=sha256-nNaeJjo861wFR0tjHDyCnHs1rbRtrMgxAKMoig9Sj%2Fw%3D#lastpass-cli",
       "source": "nixpkg",

group_vars/nfsserver/production.yml

@@ -1,4 +1,14 @@
 ---
+# plakar backups
+plakar_store_name: "nfs_prod_aws"
+plakar_repo_passphrase: "{{ vault_plakar_repo_passphrase }}"
+plakar_repo_bucket: "pul-nfs-backup"
+plakar_repo_access_key: "{{ vault_plakar_aws_access_key }}"
+plakar_repo_secret_key: "{{ vault_plakar_aws_secret_key }}"
+plakar_snapshot_root: "/var/nfs"
+plakar_configure_backup: true
+plakar_run_initial_backup: false
+plakar_scheduler_enabled: true
 # servers
 bibdata_prod1: "128.112.201.179"
 bibdata_prod2: "128.112.203.79"

group_vars/nfsserver/qa.yml

@@ -1,4 +1,13 @@
 ---
+# plakar backups
+plakar_store_name: "nfs_qa_aws"
+plakar_repo_passphrase: "{{ vault_plakar_repo_passphrase }}"
+plakar_repo_bucket: "pul-nfs-backup"
+plakar_repo_access_key: "{{ vault_plakar_aws_access_key }}"
+plakar_repo_secret_key: "{{ vault_plakar_aws_secret_key }}"
+plakar_snapshot_root: "/var/nfs"
+plakar_configure_backup: true
+plakar_run_initial_backup: false
 # servers
 bibdata_qa1: "172.20.80.89"
 bibdata_qa2: "172.20.80.97"

group_vars/nfsserver/staging.yml

@@ -1,4 +1,13 @@
 ---
+# plakar backups
+plakar_store_name: "nfs_aws"
+plakar_repo_passphrase: "{{ vault_plakar_repo_passphrase }}"
+plakar_repo_bucket: "pul-nfs-backup"
+plakar_repo_access_key: "{{ vault_plakar_aws_access_key }}"
+plakar_repo_secret_key: "{{ vault_plakar_aws_secret_key }}"
+plakar_snapshot_root: "/var/nfs"
+plakar_configure_backup: true
+plakar_run_initial_backup: false
 # servers
 bibdata_staging1: "172.20.80.66"
 bibdata_staging2: "172.20.80.64"

group_vars/nfsserver/vault.yml

@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.2;AES256;pul
+62653165653039313136353938343030633139646338326364353037623566656561353866376630
+3262616261373131616231623861363431343234333833360a393932643732613533626238633635
+37343864643837616365626465383664303930393930303132613839393137353566316264303539
+3361663762623137640a346635666136623236643235613730353036343265393835323062343063
+39343665666132626230313065626461303630313762373539313739613563346161373163663832
+61343463623532376564303233393763653233336231386131616165613934326366353131666537
+33383136343466313164346331663964386335383732373431663732313735363961343431656139
+30343139666364303563633162383038633338353637653566323266643765663965333831373637
+64376130656165366137333437643363356634396631653635393732386665303431653534363131
+30613638666635643038613132373132386633666561366533633832643234303661313833383138
+39653935666234626535356664363739396236623631326138653366613633366130353133633163
+35386266616537373436633135343562383365313463303961363238643234353935656561356332
+63643137633833326633623163626662663537616334373436643963633666383033363738613038
+6463333863383335303262323035633039613433613766643037

playbooks/nfsserver.yml

@@ -10,7 +10,9 @@
   vars_files:
     - ../group_vars/nfsserver/{{ runtime_env | default('staging') }}.yml
     - ../group_vars/nfsserver/common.yml
+    - ../group_vars/nfsserver/vault.yml
   roles:
+    - role: roles/plakar
     - role: roles/nfsserver
 
   post_tasks:

roles/golang/README.md

@@ -0,0 +1,92 @@
+# golang
+
+This role installs a specific version of the Go toolchain from the official
+`go.dev` tarballs into `/usr/local/go`, and ensures `go` is available on
+`$PATH` via `/usr/local/bin/go`.
+
+---
+
+## What it does
+
+On each run, the role:
+
+1. Figures out the correct architecture string (`amd64` / `arm64`) if you
+   didn’t override it.
+2. Checks if `{{ golang_install_dir }}/bin/go` exists and what version it is.
+3. If the version doesn’t match `golang_version`:
+   - Downloads `https://go.dev/dl/go{{ golang_version }}.linux-{{ golang_arch }}.tar.gz`
+     into `{{ golang_download_dir }}`.
+   - Removes any existing installation at `{{ golang_install_dir }}`.
+   - Extracts the new Go tree into `/usr/local`.
+4. Ensures a symlink `/usr/local/bin/go` → `{{ golang_install_dir }}/bin/go`
+   exists so `go` is on the PATH for non-interactive commands.
+
+The role is idempotent: if the requested version is already installed, no
+downloads or changes occur.
+
+> Note: This role assumes a typical Linux layout where `/usr/local` is
+> writable by `root` and is intended to be run with `become: true`.
+
+---
+
+## Default variables
+
+Defined in `roles/golang/defaults/main.yml`:
+
+```yaml
+# Go version to install (from go.dev)
+golang_version: "1.25.5"
+
+# Architecture string for Go tarball. Override if needed.
+# Normally auto-detected from ansible_architecture, but you can force it.
+golang_arch: "amd64"
+
+# Where to cache downloaded tarballs
+golang_download_dir: "/usr/local/src"
+
+# Where Go will be installed
+golang_install_dir: "/usr/local/go"
+You can override these in group/host vars as needed, for example to pin a
+different version:
+
+```
+
+```yaml
+golang_version: "1.23.3"
+```
+
+Example usage
+Simple playbook:
+
+```yaml
+- name: Install modern Go from go.dev
+  hosts: my_build_hosts
+  become: true
+
+  roles:
+    - role: golang
+```
+
+With overrides:
+
+```yaml
+- name: Install Go 1.23.3 on AMD64
+  hosts: my_build_hosts
+  become: true
+
+  vars:
+    golang_version: "1.23.3"
+    golang_download_dir: "/var/cache/go-downloads"
+
+  roles:
+    - role: golang
+```
+
+After the role runs, you should see something like:
+
+```bash
+$ go version
+go1.23.3 linux/amd64
+```
+
+and the binaries under `/usr/local/go/bin.`