add restic_keep cose

roles/stable/restic/defaults/main.yml

@@ -5,20 +5,33 @@ restic_path: /usr/local/bin/restic
 restic_user: root
 restic_user_home: /root
 
-restic_repository_name: restic
 restic_default_folders: []
 restic_folders: []
 restic_databases: []
 restic_dump_compression_enabled: false
 restic_forget: true
-restic_forget_keep_within: 30d
+
+restic_keep_last: false
+restic_keep_hourly: false
+restic_keep_daily: 4
+restic_keep_weekly: 2
+restic_keep_monthly: 3
+restic_keep_yearly: 1
+restic_keep_within: false
+
 restic_prune: true
 restic_check: true
 
 restic_ssh_enabled: true
-restic_ssh_host: backup
-restic_ssh_port: 22
-restic_ssh_private_key_path: '/root/.ssh/backup'
 
 restic_systemd_timer_on_calender: '*-*-* 03:00:00'
-restic_systemd_timer_randomized_delay_sec: 1000
+restic_systemd_timer_randomized_delay_sec: 60*60*3
+
+restic_ssh_host: backup
+restic_ssh_private_key_path: '/root/.ssh/backup'
+restic_password: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/{{ansible_hostname}}_pwd create=True nosymbols=true')}}"
+restic_repository_name: "{{ansible_hostname | default('restic') }}"
+restic_ssh_private_key: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_private returnall=true')}}"
+restic_ssh_hostname: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_hostname')}}"
+restic_ssh_user: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_user')}}"
+restic_ssh_port: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_port') | default(22)}}"

roles/stable/restic/tasks/main.yml

@@ -7,6 +7,7 @@
 - include_tasks: install.yml
   when: not restic_binary.stat.exists or restic_install
 
+  # TODO: check if exists?
 - name: Overwrite SSH config for backup server
   become: yes
   template:
@@ -66,7 +67,7 @@
     RESTIC_REPOSITORY: "sftp:{{ restic_ssh_host }}:{{ restic_repository_name }}"
     RESTIC_PASSWORD: "{{restic_password}}"
   no_log: true
-  register: restic_init    
+  register: restic_init
   changed_when: "'created restic repository' in restic_init.stdout"
   failed_when:
     - restic_init.rc != 0

roles/stable/restic/templates/restic-backup.service.j2

@@ -24,7 +24,7 @@ ExecStartPre={{ restic_path }} check
 {% endif -%}
 
 {% for folder in restic_folders_combined %}
-ExecStart={{ restic_path }} backup --verbose {{ folder.path }} {{ folder.exclude if folder.exclude is defined else '' }}
+ExecStart={{ restic_path }} backup --verbose {{ folder }}
 {% endfor -%}
 
 {% for database in restic_databases %}
@@ -32,8 +32,14 @@ ExecStart=/bin/sh -c "{{ database.dump_command }} {{ '| pigz |' if restic_dump_c
 {% endfor -%}
 
 {% if restic_forget %}
-ExecStartPost={{ restic_path }} forget --keep-within {{ restic_forget_keep_within }}
-{% endif -%}
+ExecStartPost={{ restic_path }} {% if restic_keep_last is defined and restic_keep_last != false %}--keep-last{{ restic_keep_last }}{% endif %}
+  {% if restic_keep_hourly is defined and restic_keep_hourly != false %}--keep-hourly {{ restic_keep_hourly }}{% endif %}
+  {% if restic_keep_daily is defined and restic_keep_daily != false %}--keep-daily {{ restic_keep_daily }}{% endif %}
+  {% if restic_keep_weekly is defined and restic_keep_weekly != false %}--keep-weekly {{ restic_keep_weekly }}{% endif %}
+  {% if restic_keep_monthly is defined and restic_keep_monthly != false %}--keep-monthly {{ restic_keep_monthly }}{% endif %}
+  {% if restic_keep_yearly is defined and restic_keep_yearly != false %}--keep-yearly {{ restic_keep_yearly }}{% endif %}
+  {% if restic_keep_within is defined and restic_keep_within != false %}--keep-within {{ restic_keep_within }}{% endif %}
+{% endif -%} forget
 
 {% if restic_prune %}
 ExecStartPost={{ restic_path }} prune