- name: Install restic package: name: restic - name: Install runitor kewlfft.aur.aur: name: runitor-bin - name: Make user user: name: restic shell: /bin/nologin system: false - name: Install scripts template: src: files/{{ item }} dest: /home/restic/{{ item }} mode: "0700" owner: restic loop: - backrest.sh - restic-backup.sh - restic-forget.sh - name: Install includes files copy: content: "{{ restic_backup_locations | join('\n') }}" dest: /home/restic/restic-include.txt mode: "0644" owner: restic - name: Install excludes files copy: content: "{{ restic_backup_excludes | join('\n') }}" dest: /home/restic/restic-excludes.txt mode: "0644" owner: restic - name: Set restic binary permissions file: path: /usr/bin/restic mode: "0750" owner: root group: restic - name: Set cap_sys_chroot=+ep on restic community.general.capabilities: path: /usr/bin/restic capability: cap_dac_read_search=+ep - name: Schedule backup cron: name: restic backup hour: 0 minute: 0 job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh user: restic - name: Install pacman post script template: src: files/restic-post.sh dest: /usr/share/libalpm/scripts/restic-post.sh mode: "0700" when: ansible_os_family == 'Archlinux' - name: Install pacman post hook template: src: files/restic-post.hook dest: /usr/share/libalpm/hooks/restic-post.hook mode: "0600" when: ansible_os_family == 'Archlinux' - name: Install HomeAssistant mounts include_tasks: homeassistant.yml when: ansible_hostname == 'pve-restic'