configpolicy/roles/restic/tasks/main.yml

- name: ensure restic is installed
  package:
    name: restic
    state: present
  tags:
  - install

- name: ensure restic configuration directory exists
  file:
    path: /etc/restic
    owner: root
    group: root
    mode: u=rwx,go=rx
    state: directory
  tags:
  - config

- name: ensure restic environment is configured
  template:
    src: restic.env.j2
    dest: /etc/restic/environment
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config
  - restic-environment
- name: ensure restic file list is populated
  template:
    src: include.j2
    dest: /etc/restic/include
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config
  - restic-include
- name: ensure restic exclude list is populated
  template:
    src: exclude.j2
    dest: /etc/restic/exclude
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config
  - restic-exclude

- name: ensure restic password is set
  copy:
    content: >-
      {{ restic_password }}
    dest: /etc/credstore/restic.password
    owner: root
    group: root
    mode: a=
  diff: false
  tags:
  - config
  - credentials
- name: ensure restic aws credentials are set
  template:
    src: credentials.j2
    dest: /etc/credstore/restic.aws.credentials
    owner: root
    group: root
    mode: a=
  diff: false
  tags:
  - config
  - credentials

- name: ensure restic-backup systemd service unit is installed
  copy:
    src: restic-backup.service
    dest: /etc/systemd/system/restic-backup.service
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - systemd
  notify:
  - reload systemd
  - restart restic backup timer
- name: ensure restic-backup systemd timer unit is installed
  copy:
    src: restic-backup.timer
    dest: /etc/systemd/system/restic-backup.timer
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - systemd

- name: ensure restic-backup timer is enabled
  systemd:
    name: restic-backup.timer
    enabled: true
  tags:
  - service
- name: ensure restic-backup timer is running
  systemd:
    name: restic-backup.timer
    state: started
  tags:
  - service