- name: Install restic
  package:
    name: restic
  become: true

- name: Make user
  user:
    name: restic
    shell: /bin/nologin
    system: false
  become: true

- name: Install backrest
  template:
    src: files/backrest.sh
    dest: /home/restic/backrest.sh
    mode: "0700"
    owner: restic
  become: true

- name: Install includes files
  copy:
    content: "{{ restic_backup_locations | join('\n') }}"
    dest: /home/restic/restic-include.txt
    mode: "0644"
    owner: restic
  become: true

- name: Install excludes files
  copy:
    content: "{{ restic_backup_excludes | join('\n') }}"
    dest: /home/restic/restic-excludes.txt
    mode: "0644"
    owner: restic
  become: true

- name: Set restic binary permissions
  file:
    path: /usr/bin/restic
    mode: "0750"
    owner: root
    group: restic
  become: true

- name: Set cap_sys_chroot=+ep on restic
  community.general.capabilities:
    path: /usr/bin/restic
    capability: cap_dac_read_search=+ep
  become: true

- name: Schedule backup
  cron:
    name: restic backup
    hour: 2
    minute: 0
    job: /home/restic/backrest.sh cron_backup
    user: restic
  become: true

- name: Schedule forget
  cron:
    name: restic forget
    hour: 5
    minute: 0
    weekday: 0
    job: /home/restic/backrest.sh cron_forget
    user: restic
  become: true
  when: restic_forget

- name: backrest fail2ban config
  template:
    src: files/backrest-logrotate
    dest: /etc/logrotate.d/backrest
    mode: "0600"
  become: true

- name: Install pacman post script
  template:
    src: files/restic-post.sh
    dest: /usr/share/libalpm/scripts/restic-post.sh
    mode: "0700"
  become: true
  when: ansible_os_family == 'Archlinux'

- name: Install pacman post hook
  template:
    src: files/restic-post.hook
    dest: /usr/share/libalpm/hooks/restic-post.hook
    mode: "0600"
  become: true
  when: ansible_os_family == 'Archlinux'

- name: Install HomeAssistant mounts
  include_tasks: homeassistant.yml
  when: ansible_hostname == 'pve-restic'