99 lines
2.1 KiB
YAML
99 lines
2.1 KiB
YAML
- name: Install restic
|
|
package:
|
|
name: restic
|
|
become: true
|
|
|
|
- name: Install runitor
|
|
kewlfft.aur.aur:
|
|
name: runitor-bin
|
|
become: true
|
|
|
|
- name: Make user
|
|
user:
|
|
name: restic
|
|
shell: /bin/nologin
|
|
system: false
|
|
become: true
|
|
|
|
- name: Install scripts
|
|
template:
|
|
src: files/{{ item }}
|
|
dest: /home/restic/{{ item }}
|
|
mode: "0700"
|
|
owner: restic
|
|
loop:
|
|
- backrest.sh
|
|
- restic-backup.sh
|
|
- restic-forget.sh
|
|
become: true
|
|
|
|
- name: Install includes files
|
|
copy:
|
|
content: "{{ restic_backup_locations | join('\n') }}"
|
|
dest: /home/restic/restic-include.txt
|
|
mode: "0644"
|
|
owner: restic
|
|
become: true
|
|
|
|
- name: Install excludes files
|
|
copy:
|
|
content: "{{ restic_backup_excludes | join('\n') }}"
|
|
dest: /home/restic/restic-excludes.txt
|
|
mode: "0644"
|
|
owner: restic
|
|
become: true
|
|
|
|
- name: Set restic binary permissions
|
|
file:
|
|
path: /usr/bin/restic
|
|
mode: "0750"
|
|
owner: root
|
|
group: restic
|
|
become: true
|
|
|
|
- name: Set cap_sys_chroot=+ep on restic
|
|
community.general.capabilities:
|
|
path: /usr/bin/restic
|
|
capability: cap_dac_read_search=+ep
|
|
become: true
|
|
|
|
- name: Schedule backup
|
|
cron:
|
|
name: restic backup
|
|
hour: 0
|
|
minute: 0
|
|
job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh
|
|
user: restic
|
|
become: true
|
|
|
|
- name: Schedule forget
|
|
cron:
|
|
name: restic forget
|
|
hour: 2
|
|
minute: 0
|
|
weekday: 0
|
|
job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh
|
|
user: restic
|
|
become: true
|
|
when: restic_forget
|
|
|
|
- name: Install pacman post script
|
|
template:
|
|
src: files/restic-post.sh
|
|
dest: /usr/share/libalpm/scripts/restic-post.sh
|
|
mode: "0700"
|
|
become: true
|
|
when: ansible_os_family == 'Archlinux'
|
|
|
|
- name: Install pacman post hook
|
|
template:
|
|
src: files/restic-post.hook
|
|
dest: /usr/share/libalpm/hooks/restic-post.hook
|
|
mode: "0600"
|
|
become: true
|
|
when: ansible_os_family == 'Archlinux'
|
|
|
|
- name: Install HomeAssistant mounts
|
|
include_tasks: homeassistant.yml
|
|
when: ansible_hostname == 'pve-restic'
|