cleaned up restic role a bit

roles/unhb_backup_scripts/restic_scripts/files/98-backup-conf

@@ -1,12 +0,0 @@
-# allow members of the sudo group to run backups, but without password
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
-#%sudo  ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
-
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
-#%sudo  ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
-%sudo   ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh

roles/unhb_backup_scripts/restic_scripts/files/restic-backup-scripts/restic-check-read-data.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-
-restic check --read-data 
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/files/restic-backup-scripts/restic-check.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-
-restic check 
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/files/restic-backup-scripts/restic-mount.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-
-restic mount /mnt/restic
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/files/restic-backup-scripts/restic-unlock.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-restic unlock
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/tasks/main.yml

@@ -1,111 +0,0 @@
----
-
-- name: "Install restic"
-  ansible.builtin.apt:
-    name: 
-      - restic
-    state: latest
-    update_cache: true
-  become: true
-  when: ansible_os_family == 'Debian'
-
-- name: "Ensure /opt/scripts/ exists"
-  ansible.builtin.file:
-    path: /opt/scripts
-    state: directory
-    mode: '0755'
-  when: "ansible_os_family == 'Debian'"
-    
-- name: "Ensure /opt/db_dumps/ exists"
-  ansible.builtin.file:
-    path: /opt/db_dumps/
-    state: directory
-    owner: postgres
-    group: postgres
-    mode: '0774'
-  ignore_errors: true #to do: auf mautrix-signal kein User "postgres" weil in Docker, muss gelöst werden
-  when: "ansible_os_family == 'Debian' and 'desktops' not in group_names and 'mautrix-signal' not in inventory_hostname"
-
-- name: "Copy restic backup scripts"
-  ansible.builtin.copy:
-    src: "restic-backup-scripts/"
-    dest: /opt/scripts/restic/.
-    owner: root
-    group: root
-    mode:  u+rwx
-    force: true
-  when: "ansible_os_family == 'Debian'"
-    
-- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
-  ansible.builtin.template:
-    src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
-    dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
-    owner: root
-    group: root
-    mode: 'u+rwx'
-    force: true
-  when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
-  
-#- name: "Template restic backup script ENTWURF"
-#  ansible.builtin.template:
-#    src: ../templates/restic-backup_ENTWURF.sh.j2
-#    dest: /opt/scripts/restic/restic-backup_ENTWURF.sh
-#    owner: root
-#    group: root
-#    mode: 'u+rwx'
-  
-- name: "Template restic backup script restic-backup_desktops.sh"
-  ansible.builtin.template:
-    src: ../templates/restic-backup_desktops.sh.j2
-    dest: /opt/scripts/restic/restic-backup_desktops.sh
-    owner: root
-    group: root
-    mode: 'u+rwx'
-    force: true
-  when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
-  
-- name: "Template restic prune script restic-prune.sh"
-  ansible.builtin.template:
-    src: ../templates/restic-prune.sh.j2
-    dest: /opt/scripts/restic/restic-prune.sh
-    owner: root
-    group: root
-    mode: 'u+rwx'
-    force: true
-  when: "ansible_os_family == 'Debian'"
-
-- name: "Template environment variable file restic.env"
-  ansible.builtin.template:
-    src: ../templates/restic.env.j2
-    dest: /opt/scripts/restic/restic.env
-    owner: root
-    group: root
-    mode: '0644'
-    force: true
-  when: "ansible_os_family == 'Debian'"
-
-- name: "Template restic password file restic-password-repo"
-  ansible.builtin.template:
-    src: ../templates/restic-password-repo.j2
-    dest: /opt/scripts/restic/restic-password-repo
-    owner: root
-    group: root
-    mode:  '0440'
-    force: true
-  when: "ansible_os_family == 'Debian'"
-
-- name: "Cronjob for Backups"
-  ansible.builtin.cron:
-    name: "Restic Backup"
-    minute: "0"
-    hour: "3"
-    job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
-  when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
-
-- name: "Cronjob for Backups"
-  ansible.builtin.cron:
-    name: "Restic Backup"
-    minute: "0"
-    hour: "3"
-    job: "/opt/scripts/restic/restic-backup_desktops.sh"
-  when: "ansible_os_family == 'Debian' and 'desktops' in group_names"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_ENTWURF.sh

@@ -1,25 +0,0 @@
-#!/bin/bash
-source {{ restic_env_file }}
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-
-{% if restic_execute_before is defined %}
-{{ restic_execute_before }}
-{% else %}
-# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
-{% endif %}
-restic backup --verbose {{ restic_backup_paths }}
-{% if restic_execute_after is defined %}
-{{ restic_execute_after }}
-{% else %}
-# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
-{% endif %}
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_ENTWURF.sh.j2

@@ -1,25 +0,0 @@
-#!/bin/bash
-{{ restic_env_file }}
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-
-{% if restic_execute_before is defined %}
-{{ restic_execute_before }}
-{% else %}
-# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
-{% endif %}
-restic backup --verbose {{ restic_backup_paths }}
-{% if restic_execute_after is defined %}
-{{ restic_execute_after }}
-{% else %}
-# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
-{% endif %}
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_desktops.sh.j2

@@ -1,45 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-restic backup --verbose / \
-    --exclude /home/{{ user }}/.cache \
-    --exclude /home/{{ user }}/cache \
-    --exclude /home/{{ user }}/.config/Element/Cache/ \
-    --exclude /home/{{ user }}/.config/Element/GPUCache \
-    --exclude /home/{{ user }}/.config/Element/Code\ Cache/ \
-    --exclude /home/{{ user }}/.config/Signal/attachments.noindex \
-    --exclude /home/{{ user }}/.config/SchildiChat/Cache \
-    --exclude /home/{{ user }}/.config/SchildiChat/GPUCache \
-    --exclude /home/{{ user }}/.config/SchildiChat/Code\ Cache/ \
-    --exclude /home/{{ user }}/.config/Signal/Cache \
-    --exclude /home/{{ user }}/.config/Signal/GPUCache \
-    --exclude /home/{{ user }}/.config/Signal/Code\ Cache/ \
-    --exclude /home/{{ user }}/.local/share/Trash \
-    --exclude /home/{{ user }}/Bilder \
-    --exclude /home/{{ user }}/Downloads \
-    --exclude /home/{{ user }}/gPodder/Downloads/ \
-    --exclude /home/{{ user }}/Nextcloud \
-    --exclude /home/{{ user }}/no-backup \
-    --exclude /home/{{ user }}/synced_folders \
-    --exclude /home/{{ user }}/sync \
-    --exclude /home/{{ user }}/Signal_Backups \
-    --exclude /lost+found \
-    --exclude /media \
-    --exclude /mnt \
-    --exclude /proc \
-    --exclude /run \
-    --exclude /root/.cache \
-    --exclude /sys \
-    --exclude /tmp \
-    --exclude /var/cache \
-    --exclude /var/tmp
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_erebion-matrix.sh.j2

@@ -1,21 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-su - postgres --session-command 'pg_dump "{{ matrix_db_name }}" -f /opt/db_dumps/db-dump-{{ matrix_db_name }}.sql'
-su - postgres --session-command 'pg_dump "mautrix_googlechat" -f /opt/db_dumps/db-dump-mautrix_googlechat.sql'
-su - postgres --session-command 'pg_dump "mautrix_slack" -f /opt/db_dumps/db-dump-mautrix_slack.sql'
-
-restic backup --verbose \
-    /etc/matrix-synapse \
-    /opt \
-    /var/lib/matrix-synapse
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_mautrix-signal.sh.j2

@@ -1,24 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-# systemctl disable --now mautrix-signal.service
-
-su - postgres --session-command 'pg_dump "{{ database_vars.mautrix_signal.db }}" -f /opt/db_dumps/db-dump-mautrix-signal.sql'
-
-restic backup --verbose \
-    /data-usb \
-    /etc/matrix-synapse \
-    /opt \
-    /var/lib/matrix-synapse
-
-# systemctl enable --now mautrix-signal.service
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb-proxmox-local.sh.j2

@@ -1,20 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-restic backup --verbose \
-    /etc \
-    /home \
-    /opt \
-    /root \
-    /srv \
-    /var/www 
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb2.sh.j2

@@ -1,29 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-echo "Now dumping databases, this might take a while..."
-set -x
-docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
-#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
-source /opt/scripts/restic/restic_db_passwords.env
-docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
-set +x
-
-restic backup --verbose \
-    /etc \
-    /home \
-    /opt \
-    /root \
-    /srv \
-    /var/lib/docker/volumes/ \
-    /var/www 
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-backup_unhb4.sh.j2

@@ -1,42 +0,0 @@
-#!/bin/bash
-#
-#
-# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
-#
-#
-source /opt/scripts/restic/restic.env
-source /opt/scripts/restic/restic_db_passwords.env
-#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
-restic snapshots
-if [ "$?" -eq "0" ]
-then
-  echo "Repo is already initialized, no need to do that."
-else
-  echo "We need to initialize the repo first." && restic init
-fi
-
-echo "Now dumping databases, this might take a while..."
-set -x
-docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
-docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
-docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
-docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
-docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
-docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
-docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
-docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
-docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
-docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
-docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
-set +x
-
-restic backup --verbose \
-    /etc \
-    /home \
-    /opt \
-    /root \
-    /srv \
-    /var/lib/docker/volumes/ \
-    /var/www 
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic-password-repo.j2

@@ -1 +0,0 @@
-{{ restic_password_repo[inventory_hostname]["password"] }}

roles/unhb_backup_scripts/restic_scripts/templates/restic-prune.sh.j2

@@ -1,6 +0,0 @@
-#!/bin/bash
-source /opt/scripts/restic/restic.env
-
-restic forget --prune --keep-within 1m  --host={{ ansible_hostname }}
-
-echo "done! :)"

roles/unhb_backup_scripts/restic_scripts/templates/restic.env.j2

@@ -1,3 +0,0 @@
-#!/bin/bash
-export RESTIC_REPOSITORY="{{ restic_repository_location }}{{ inventory_hostname }}"
-export RESTIC_PASSWORD_FILE="/opt/scripts/restic/restic-password-repo"

roles/unhb_backup_scripts/templates/restic-backup_unhb-proxmox-local.sh.j2

@@ -9,7 +9,7 @@ else
   echo "We need to initialize the repo first." && restic init
 fi
 
-restic backup --verbose \
+restic backup --host="{{ inventory_hostname }}" --verbose \
     /etc \
     /home \
     /opt \

roles/unhb_backup_scripts/templates/restic-backup_unhb2.sh.j2

@@ -19,7 +19,7 @@ docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -uroot --
 
 set +x
 
-restic backup --verbose \
+restic backup --host="{{ inventory_hostname }}" --verbose \
     /etc \
     /home \
     /opt \

roles/unhb_backup_scripts/templates/restic-backup_unhb4.sh.j2

@@ -30,7 +30,7 @@ docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot
 docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
 set +x
 
-restic backup --verbose \
+restic backup --host="{{ inventory_hostname }}" --verbose \
     /etc \
     /home \
     /opt \

roles/unhb_backup_scripts/templates/restic-prune.sh.j2

@@ -1,6 +1,6 @@
 #!/bin/bash
 source /opt/scripts/restic/restic.env
 
-restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ ansible_hostname }}
+restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ inventory_hostname }}
 
 echo "done! :)"