tarsnap: disable backups on future stage wordpress hosts

We're not interested in backing up staging data that can be re-created
anyways.

Author: supertassu

hieradata/environments/staging/roles/docs/wordpress.yaml

@@ -3,6 +3,8 @@ profile::wordpress::docs::builder_email: [email protected]
 profile::wordpress::docs::robots_txt_deny_all: true
 profile::wordpress::docs::wordpress_version: ~
 
+profile::tarsnap::enabled: false
+
 profile::certbot::certificates:
   wordpress:
     domains:

hieradata/nodes/wp-02.stage.ops.jquery.net.yaml

@@ -0,0 +1,2 @@
+# Was previously enabled on this host, which is now being removed.
+profile::tarsnap::enabled: true

modules/profile/manifests/tarsnap.pp

@@ -1,4 +1,8 @@
 # @summary configures the tarsnap backup client
-class profile::tarsnap () {
-  class { 'tarsnap': }
+class profile::tarsnap (
+  Boolean $enable = lookup('profile::tarsnap::enabled', {default_value => true}),
+) {
+  if $enable {
+    class { 'tarsnap': }
+  }
 }

modules/tarsnap/manifests/backup.pp

@@ -4,31 +4,6 @@
   Optional[String[1]]     $take_backup_command = undef,
   Jqlib::Ensure           $ensure              = present,
 ) {
-  # todo: move to a separate class?
-  if !defined(File['/etc/tarsnap.conf']) {
-    file { '/etc/tarsnap.conf':
-      ensure => file,
-      source => 'puppet:///modules/tarsnap/backup/tarsnap.conf',
-    }
-
-    file { '/etc/tarsnap.key':
-      ensure    => file,
-      content   => jqlib::secret("tarsnap-keys/${::fqdn}.key"),
-      owner     => 'root',
-      group     => 'root',
-      mode      => '0440',
-      show_diff => false,
-    }
-
-    file { '/usr/local/sbin/jq-tarsnap-take-backup':
-      ensure => file,
-      source => 'puppet:///modules/tarsnap/backup/jq-tarsnap-take-backup.sh',
-      owner  => 'root',
-      group  => 'root',
-      mode   => '0554',
-    }
-  }
-
   $hour = fqdn_rand(24, "backup-hour-${title}")
   $minute = fqdn_rand(60, "backup-minute-${title}")
 
@@ -37,11 +12,12 @@
     "/usr/local/sbin/jq-tarsnap-take-backup ${title} ${paths.join(' ')}"
   ].filter |$it| { $it != undef }
 
-  systemd::timer { "backup-${title}":
+  @systemd::timer { "backup-${title}":
     description => "Back up ${title} to Tarsnap",
     user        => 'root',
     command     => $commands,
     interval    => ["OnCalendar=*-*-* ${hour}:${minute}:00"],
     require     => Package['tarsnap'],
+    tag         => 'tarsnap::backup',
   }
 }

modules/tarsnap/manifests/init.pp

@@ -33,4 +33,28 @@
     mode    => '0755',
     require => [Systemd::Sysuser['tarsnap'], Service['systemd-sysusers']],
   }
+
+  file { '/etc/tarsnap.conf':
+    ensure => file,
+    source => 'puppet:///modules/tarsnap/backup/tarsnap.conf',
+  }
+
+  file { '/etc/tarsnap.key':
+    ensure    => file,
+    content   => jqlib::secret("tarsnap-keys/${::fqdn}.key"),
+    owner     => 'root',
+    group     => 'root',
+    mode      => '0440',
+    show_diff => false,
+  }
+
+  file { '/usr/local/sbin/jq-tarsnap-take-backup':
+    ensure => file,
+    source => 'puppet:///modules/tarsnap/backup/jq-tarsnap-take-backup.sh',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0554',
+  }
+
+  Systemd::Timer <| tag == 'tarsnap::backup' |>
 }