add new and improved backup-scripts system

2026-04-04 20:48:50 +02:00 · 2026-04-04 20:48:50 +02:00 · 77e6f77aba
commit 77e6f77aba
parent 6c77886916
8 changed files with 173 additions and 0 deletions
--- a/roles/any.tools.backup-scripts/tasks/main.yml
+++ b/roles/any.tools.backup-scripts/tasks/main.yml
@ -0,0 +1,69 @@
+- name: Ensure backup scripts directory is present
+  ansible.builtin.file:
+    path: "{{ backup_scripts_dir }}"
+    state: directory
+    mode: "0755"
+
+- name: Ensure backups group exists
+  ansible.builtin.group:
+    name: backups
+    system: true
+    state: present
+
+- name: Ensure Restic backups password file is present
+  ansible.builtin.copy:
+    src: "restic_backups_passwd"
+    dest: "{{ backup_restic_password_file }}"
+    owner: root
+    group: backups
+    mode: "0640"
+
+- name: Ensure all backup scripts are present
+  ansible.builtin.template:
+    src: "{{ item.type }}.backup.sh.j2"
+    dest: "{{ backup_scripts_dir }}/{{ item.name }}.backup.sh"
+    owner: root
+    group: backups
+    mode: "0750"
+  loop: "{{ backups }}"
+
+- name: Ensure backup users are in the backups group
+  ansible.builtin.user:
+    name: "{{ item.user }}"
+    groups: backups
+    append: true
+  loop: "{{ backups }}"
+  when: item.user is defined
+
+- name: Ensure systemd service unit is present for each backup
+  ansible.builtin.template:
+    src: "backup.service.j2"
+    dest: "/etc/systemd/system/backup-{{ item.name }}.service"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ backups }}"
+  notify: Reload systemd
+
+- name: Ensure systemd timer unit is present for each backup
+  ansible.builtin.template:
+    src: "backup.timer.j2"
+    dest: "/etc/systemd/system/backup-{{ item.name }}.timer"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ backups }}"
+  notify: Reload systemd
+
+- name: Ensure backup timers are enabled and started
+  ansible.builtin.systemd:
+    name: "backup-{{ item.name }}.timer"
+    enabled: true
+    state: started
+    daemon_reload: true
+  loop: "{{ backups }}"
+
+- name: Remove legacy backup cronjob if present
+  ansible.builtin.cron:
+    name: "Perform nightly backups"
+    state: absent