- name: Install restic package: name: restic become: true - name: Install runitor kewlfft.aur.aur: name: runitor-bin become: true - name: Make user user: name: restic shell: /bin/nologin system: false become: true - name: Install scripts template: src: files/{{ item }} dest: /home/restic/{{ item }} mode: "0700" owner: restic loop: - backrest.sh - restic-backup.sh - restic-forget.sh become: true - name: Install includes files copy: content: "{{ restic_backup_locations | join('\n') }}" dest: /home/restic/restic-include.txt mode: "0644" owner: restic become: true - name: Install excludes files copy: content: "{{ restic_backup_excludes | join('\n') }}" dest: /home/restic/restic-excludes.txt mode: "0644" owner: restic become: true - name: Set restic binary permissions file: path: /usr/bin/restic mode: "0750" owner: root group: restic become: true - name: Set cap_sys_chroot=+ep on restic community.general.capabilities: path: /usr/bin/restic capability: cap_dac_read_search=+ep become: true - name: Schedule backup cron: name: restic backup hour: 0 minute: 0 job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh user: restic become: true - name: Schedule forget cron: name: restic forget hour: 2 minute: 0 weekday: 0 job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh user: restic become: true when: restic_forget - name: Install pacman post script template: src: files/restic-post.sh dest: /usr/share/libalpm/scripts/restic-post.sh mode: "0700" become: true when: ansible_os_family == 'Archlinux' - name: Install pacman post hook template: src: files/restic-post.hook dest: /usr/share/libalpm/hooks/restic-post.hook mode: "0600" become: true when: ansible_os_family == 'Archlinux' - name: Install HomeAssistant mounts include_tasks: homeassistant.yml when: ansible_hostname == 'pve-restic'