diff --git a/roles/stable/restic/defaults/main.yml b/roles/stable/restic/defaults/main.yml index f1b3b47..e435853 100644 --- a/roles/stable/restic/defaults/main.yml +++ b/roles/stable/restic/defaults/main.yml @@ -5,20 +5,33 @@ restic_path: /usr/local/bin/restic restic_user: root restic_user_home: /root -restic_repository_name: restic restic_default_folders: [] restic_folders: [] restic_databases: [] restic_dump_compression_enabled: false restic_forget: true -restic_forget_keep_within: 30d + +restic_keep_last: false +restic_keep_hourly: false +restic_keep_daily: 4 +restic_keep_weekly: 2 +restic_keep_monthly: 3 +restic_keep_yearly: 1 +restic_keep_within: false + restic_prune: true restic_check: true restic_ssh_enabled: true -restic_ssh_host: backup -restic_ssh_port: 22 -restic_ssh_private_key_path: '/root/.ssh/backup' restic_systemd_timer_on_calender: '*-*-* 03:00:00' -restic_systemd_timer_randomized_delay_sec: 1000 +restic_systemd_timer_randomized_delay_sec: 60*60*3 + +restic_ssh_host: backup +restic_ssh_private_key_path: '/root/.ssh/backup' +restic_password: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/{{ansible_hostname}}_pwd create=True nosymbols=true')}}" +restic_repository_name: "{{ansible_hostname | default('restic') }}" +restic_ssh_private_key: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_private returnall=true')}}" +restic_ssh_hostname: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_hostname')}}" +restic_ssh_user: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_user')}}" +restic_ssh_port: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_port') | default(22)}}" diff --git a/roles/stable/restic/tasks/main.yml b/roles/stable/restic/tasks/main.yml index 7600225..e935d40 100644 --- a/roles/stable/restic/tasks/main.yml +++ b/roles/stable/restic/tasks/main.yml @@ -7,6 +7,7 @@ - include_tasks: install.yml when: not restic_binary.stat.exists or restic_install + # TODO: check if exists? - name: Overwrite SSH config for backup server become: yes template: @@ -66,7 +67,7 @@ RESTIC_REPOSITORY: "sftp:{{ restic_ssh_host }}:{{ restic_repository_name }}" RESTIC_PASSWORD: "{{restic_password}}" no_log: true - register: restic_init + register: restic_init changed_when: "'created restic repository' in restic_init.stdout" failed_when: - restic_init.rc != 0 diff --git a/roles/stable/restic/templates/restic-backup.service.j2 b/roles/stable/restic/templates/restic-backup.service.j2 index 9d53831..fcdde62 100644 --- a/roles/stable/restic/templates/restic-backup.service.j2 +++ b/roles/stable/restic/templates/restic-backup.service.j2 @@ -24,7 +24,7 @@ ExecStartPre={{ restic_path }} check {% endif -%} {% for folder in restic_folders_combined %} -ExecStart={{ restic_path }} backup --verbose {{ folder.path }} {{ folder.exclude if folder.exclude is defined else '' }} +ExecStart={{ restic_path }} backup --verbose {{ folder }} {% endfor -%} {% for database in restic_databases %} @@ -32,8 +32,14 @@ ExecStart=/bin/sh -c "{{ database.dump_command }} {{ '| pigz |' if restic_dump_c {% endfor -%} {% if restic_forget %} -ExecStartPost={{ restic_path }} forget --keep-within {{ restic_forget_keep_within }} -{% endif -%} +ExecStartPost={{ restic_path }} {% if restic_keep_last is defined and restic_keep_last != false %}--keep-last{{ restic_keep_last }}{% endif %} + {% if restic_keep_hourly is defined and restic_keep_hourly != false %}--keep-hourly {{ restic_keep_hourly }}{% endif %} + {% if restic_keep_daily is defined and restic_keep_daily != false %}--keep-daily {{ restic_keep_daily }}{% endif %} + {% if restic_keep_weekly is defined and restic_keep_weekly != false %}--keep-weekly {{ restic_keep_weekly }}{% endif %} + {% if restic_keep_monthly is defined and restic_keep_monthly != false %}--keep-monthly {{ restic_keep_monthly }}{% endif %} + {% if restic_keep_yearly is defined and restic_keep_yearly != false %}--keep-yearly {{ restic_keep_yearly }}{% endif %} + {% if restic_keep_within is defined and restic_keep_within != false %}--keep-within {{ restic_keep_within }}{% endif %} +{% endif -%} forget {% if restic_prune %} ExecStartPost={{ restic_path }} prune