Add restic-rest server role

group_vars/nas/vars.yml

@@ -1,8 +1,13 @@
 raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
+
 lambroek_password: "{{ vault_lambroek_password }}"
+
 s3_access_key_id: "{{ vault_s3_access_key_id }}"
 s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
 rclone_obf_pass: "{{ vault_rclone_obf_pass }}"
 rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}"
+
 lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
 lander_api_key: "{{ vault_lander_api_key }}"
+
+restic_rest_version: '0.12.1'

nas.yml

@@ -55,3 +55,10 @@
   roles:
     - lander
   tags: lander
+
+- name: Install Restic REST server
+  hosts: nas
+  become: yes
+  roles:
+    - restic-rest
+  tags: restic-rest

roles/mount-nfs/tasks/main.yml

@@ -1,13 +0,0 @@
----
-- name: Install NFS client.
-  apt:
-    name: nfs-common
-    state: present
-
-- name: Mount NFS share.
-  ansible.posix.mount:
-    src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
-    path: /mnt/data
-    fstype: nfs4
-    opts: defaults,user,exec
-    state: mounted

roles/restic-rest/files/restic-rest-server.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Restic REST server
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=exec
+User=restic
+Group=restic
+ExecStart=/usr/local/bin/restic-rest-server --path /mnt/data1/restic-rest --no-auth
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/restic-rest/tasks/main.yml

@@ -0,0 +1,69 @@
+---
+- name: Ensure download directory is present
+  ansible.builtin.file:
+    path: "/home/debian/restic-rest-{{ restic_rest_version }}"
+    state: directory
+    mode: '0755'
+  
+- name: Ensure binary is downloaded
+  ansible.builtin.unarchive:
+    src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64.tar.gz"
+    remote_src: true
+    dest: "/home/debian/restic-rest-{{ restic_rest_version }}"
+    creates: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
+    include:
+      - "rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
+  register: res
+
+- name: Ensure binary is copied to correct location
+  ansible.builtin.copy:
+    src: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
+    remote_src: true
+    dest: '/usr/local/bin/restic-rest-server'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  when: 'res.changed'
+
+- name: Ensure system group exists
+  ansible.builtin.group:
+    name: 'restic'
+    gid: 202
+    system: true
+    state: present
+
+- name: Ensure system user exists
+  ansible.builtin.user:
+    name: 'restic'
+    group: 'restic'
+    uid: 202
+    system: true
+    create_home: false
+
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/restic-rest'
+    state: directory
+    mode: '0755'
+    owner: 'restic'
+    group: 'restic'
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'restic-rest-server.service'
+    dest: '/lib/systemd/system/restic-rest-server.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure service is enabled
+  ansible.builtin.service:
+    name: 'restic-rest-server'
+    state: started
+    enabled: true