init

ansible/roles/restic/tasks/install-restic.yml

@@ -0,0 +1,57 @@
+---
+-
+    name: Install restic
+    apt:
+        name: restic
+        state: present
+        update_cache: yes
+
+-
+    name: Initialize restic S3 repository
+    command: restic init --repo s3:{{ s3_endpoint }}/{{ s3_bucket }}/{{ host_id }}
+    environment:
+        RESTIC_PASSWORD: "{{ password }}"
+        AWS_ACCESS_KEY_ID: "{{ s3_access_key_id }}"
+        AWS_SECRET_ACCESS_KEY: "{{ s3_secret_access_key }}"
+    register: restic_init
+    changed_when: restic_init.rc == 0
+    failed_when: restic_init.rc != 0 and 'already initialized' not in restic_init.stderr
+    no_log: true
+
+-
+    name: Create pre-backup scripts directory
+    file:
+        path: /etc/restic/pre-backup.d
+        state: directory
+        mode: "0755"
+
+-
+    name: Deploy backup script
+    template:
+        src: restic-backup.sh.j2
+        dest: /usr/local/bin/restic-backup.sh
+        mode: "0700"
+
+-
+    name: Deploy backup systemd service
+    template:
+        src: restic-backup.service.j2
+        dest: /etc/systemd/system/restic-backup.service
+
+-
+    name: Deploy backup systemd timer
+    template:
+        src: restic-backup.timer.j2
+        dest: /etc/systemd/system/restic-backup.timer
+
+-
+    name: Reload systemd
+    systemd:
+        daemon_reload: yes
+
+-
+    name: Enable backup timer
+    systemd:
+        name: restic-backup.timer
+        enabled: yes
+        state: started

ansible/roles/restic/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+-
+    name: Install and configure restic
+    ansible.builtin.include_tasks: install-restic.yml

ansible/roles/restic/tasks/restore-restic.yml

@@ -0,0 +1,20 @@
+---
+-
+    name: Install restic
+    apt:
+        name: restic
+        state: present
+        update_cache: yes
+
+-
+    name: Restore latest snapshot from S3
+    command: >
+        restic restore latest
+        --repo s3:{{ s3_endpoint }}/{{ s3_bucket }}/{{ host_id }}
+        --target /
+        {{ '--include ' + restore_include if restore_include is defined else '' }}
+    environment:
+        RESTIC_PASSWORD: "{{ password }}"
+        AWS_ACCESS_KEY_ID: "{{ s3_access_key_id }}"
+        AWS_SECRET_ACCESS_KEY: "{{ s3_secret_access_key }}"
+    no_log: true