ansible/roles/unhb_backup_scripts/tasks/main.yml

143 lines
3.7 KiB
YAML

---
- name: "Install restic"
ansible.builtin.apt:
name:
- restic
state: latest
update_cache: true
become: true
when: ansible_os_family == 'Debian'
- name: "Ensure /opt/scripts/ exists"
ansible.builtin.file:
path: /opt/scripts
state: directory
mode: '0755'
when: "ansible_os_family == 'Debian'"
- name: "Ensure /opt/db_dumps/ exists"
ansible.builtin.file:
path: /opt/db_dumps/
state: directory
owner: root
group: root
mode: '0644'
when: "ansible_os_family == 'Debian'"
- name: "Copy restic backup scripts"
ansible.builtin.copy:
src: "restic-backup-scripts/"
dest: /opt/scripts/restic/.
owner: root
group: root
mode: u+rwx
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
ansible.builtin.template:
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
owner: root
group: root
mode: 'u+rwx'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template restic prune script restic-prune.sh"
ansible.builtin.template:
src: ../templates/restic-prune.sh.j2
dest: /opt/scripts/restic/restic-prune.sh
owner: root
group: root
mode: 'u+rwx'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template environment variable file restic.env"
ansible.builtin.template:
src: ../templates/restic.env.j2
dest: /opt/scripts/restic/restic.env
owner: root
group: root
mode: '0644'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template restic password file restic-password-repo"
ansible.builtin.template:
src: ../templates/restic-password-repo.j2
dest: /opt/scripts/restic/restic-password-repo
owner: root
group: root
mode: '0440'
force: true
when: "ansible_os_family == 'Debian'"
- name: "Template systemd units for restic"
ansible.builtin.template:
src: "restic.service.j2"
dest: "/etc/systemd/system/restic@.service"
owner: root
group: root
mode: 'u+rw'
register: unit
when: "ansible_os_family == 'Debian'"
- name: "Template systemd timers for restic"
ansible.builtin.template:
src: "restic.timer.j2"
dest: "/etc/systemd/system/restic@.timer"
owner: root
group: root
mode: 'u+rw'
register: unit
when: "ansible_os_family == 'Debian'"
- name: "Reload systemd units"
ansible.builtin.systemd:
daemon_reload: true
when: unit.changed
- name: "Enable systemd units for restic"
ansible.builtin.systemd:
enabled: true
name: "{{ item }}"
with_items:
- "restic@{{ inventory_hostname }}.service"
- "restic@{{ inventory_hostname }}.timer"
when: unit.changed
#- name: "Enable systemd units for restic-wasabi"
# ansible.builtin.systemd:
# enabled: true
# name: "{{ item }}"
# with_items:
# - "restic@{{ inventory_hostname }}.service"
# - "restic@{{ inventory_hostname }}.timer"
#- name: "Cronjob for Backups"
# ansible.builtin.cron:
# name: "Restic Backup"
# minute: "0"
# hour: "3"
# job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
# when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
#- name: "Cronjob for Backups"
# ansible.builtin.cron:
# name: "Restic Backup"
# minute: "0"
# hour: "3"
# job: "/opt/scripts/restic/restic-backup_desktops.sh"
# when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
- name: "Template restic_db_passwords.env"
ansible.builtin.template:
src: "restic_db_passwords.env_{{ inventory_hostname }}.j2"
dest: /opt/scripts/restic/restic_db_passwords.env
owner: root
group: root
mode: '0440'
force: true