.ansible-lint

@@ -1,4 +1,2 @@
 skip_list:
-  - "106" # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern'
+- '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern'
-warn_list:
-  - yaml[line-length]

.github/workflows/push.yml

@@ -0,0 +1,14 @@
+name: ansible-lint
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: ansible-lint
+    steps:
+      - uses: actions/checkout@master
+      - uses: actions/setup-python@v2
+      - run: pip install ansible ansible-lint
+      - run: ansible-lint --version
+      - run: ansible-lint .

.woodpecker/push.yaml

@@ -1,10 +0,0 @@
-when:
-  - event: push
-
-steps:
-  - name: lint
-    image: docker.io/libary/python:3-alpine
-    commands:
-      - pip install ansible ansible-lint
-      - ansible-lint --version
-      - ansible-lint .

README.md

@@ -31,8 +31,8 @@ Each folder has a `path` and an `exclude` property (which defaults to nothing).
 
 Each database has a `name` property which will be the name of the restic snapshot (`{{ database.name }}.sql`). They also have a `dump_command` property which is the command to dump the database to stdout (like `mysqldump dbname`).
 
-- `restic_forget`: run `restic forget` as `ExecStartPost` (`true`)
+- `restic_forget`: run `restic forget` as `ExecStartPost` with `--keep-within {{ restic_forget_keep_within }}` (`true`)
-- `restic_forget_args`: period of time to keep backups for. args passed to `restic forget` if `restic_forget` is enabled (`--keep-within 30d`)
+- `restic_forget_keep_within`: period of time to use with `--keep-within` (`30d`)
 - `restic_prune`: run `restic prune` as `ExecStartPost` (`true`)
 
 ### SSH/SFTP backend configuration
@@ -49,7 +49,7 @@ The SSH configuration will be written in `{{ restic_user_home }}/.ssh/config`.
 ### S3 backend configuration
 
 - `restic_ssh_enabled`: set to false
-- `restic_repository`: set to s3 endpoint + bucket, restic syntax (e.g. `s3:https://s3.fr-par.scw.cloud/restic-bucket`)
+- `restic_repository_name`: set to s3 endpoint + bucket, restic syntax (e.g. `s3:https://s3.fr-par.scw.cloud/restic-bucket`)
 - `restic_aws_access_key_id`: `AWS_ACCESS_KEY_ID`
 - `restic_aws_secret_access_key`: `AWS_SECRET_ACCESS_KEY`
 
@@ -70,17 +70,18 @@ You can see the logs of the backup with `journalctl`. (`journalctl -xefu restic-
 
 ```yaml
 ---
+
 - hosts: myhost
   roles: restic
   vars:
     restic_ssh_user: backupuser
     restic_ssh_hostname: storage-server.infra.tld
     restic_folders:
-      - { path: "/srv" }
+      - {path: "/srv"}
-      - { path: "/var/www" }
+      - {path: "/var/www"}
     restic_databases:
-      - { name: website, dump_command: sudo -Hiu postgres pg_dump -Fc website }
+    - {name: website, dump_command: sudo -Hiu postgres pg_dump -Fc website}
-      - { name: website2, dump_command: mysqldump website2 }
+    - {name: website2, dump_command: mysqldump website2}
     restic_password: mysuperduperpassword
     restic_ssh_private_key: |-
       -----BEGIN OPENSSH PRIVATE KEY-----
@@ -96,6 +97,7 @@ S3 example:
 
 ```yaml
 ---
+
 - hosts: myhost
   roles: restic
   vars:
@@ -104,11 +106,11 @@ S3 example:
     restic_aws_access_key_id: xxxxx
     restic_aws_secret_access_key: xxxxx
     restic_folders:
-      - { path: "/srv" }
+      - {path: "/srv"}
-      - { path: "/var/www" }
+      - {path: "/var/www"}
     restic_databases:
-      - { name: website, dump_command: sudo -Hiu postgres pg_dump -Fc website }
+    - {name: website, dump_command: sudo -Hiu postgres pg_dump -Fc website}
-      - { name: website2, dump_command: mysqldump website2 }
+    - {name: website2, dump_command: mysqldump website2}
     restic_password: mysuperduperpassword
 ```
 

defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 restic_install: false
-restic_version: 0.17.3
+restic_version: 0.14.0
 restic_path: /usr/local/bin/restic
 restic_user: root
 restic_user_home: /root
@@ -14,7 +14,7 @@ restic_folders: []
 restic_databases: []
 restic_dump_compression_enabled: false
 restic_forget: true
-restic_forget_args: "--keey-within 30d"
+restic_forget_keep_within: 30d
 restic_prune: true
 restic_check: true
 
@@ -25,10 +25,3 @@ restic_ssh_private_key_path: "/root/.ssh/backup"
 
 restic_systemd_timer_on_calender: "*-*-* 03:00:00"
 restic_systemd_timer_randomized_delay_sec: 0
-
-restic_failure_webhook_url: null
-
-restic_arch_map:
-  i386: '386'
-  x86_64: 'amd64'
-  aarch64: 'arm64'

handlers/main.yml

@@ -1,4 +1,4 @@
 ---
-- name: Reload systemd
+- name: systemd reload
   ansible.builtin.systemd:
-    daemon_reload: true
+    daemon_reload: yes

meta/main.yml

@@ -1,17 +1,17 @@
 galaxy_info:
   role_name: restic
-  author: jakew
+  author: angristan
-  description: Ansible role for Restic - forked from angristan/restic
+  description: Ansible role for Restic
   license: MIT
-  min_ansible_version: "2.4"
+  min_ansible_version: 2.4
 
   platforms:
-    - name: Debian
+  - name: Debian
-      versions:
+    versions:
-        - all
+    - all
-    - name: Ubuntu
+  - name: Ubuntu
-      versions:
+    versions:
-        - all
+    - all
 
   galaxy_tags:
     - debian

tasks/install.yml

@@ -1,35 +1,34 @@
 ---
 - name: Install fuse (to mount repositories)
-  ansible.builtin.package:
+  apt:
     name: fuse
 
 - name: Install bzip2 (to install restic)
-  ansible.builtin.package:
+  apt:
     name: bzip2
 
 - name: Install pigz (to compress db dumps)
-  ansible.builtin.package:
+  apt:
     name: pigz
 
 - name: Download restic
   ansible.builtin.get_url:
-    url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}.bz2"
+    url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_{{ ansible_architecture }}.bz2"
-    dest: "/tmp/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}.bz2"
+    dest: "/tmp/restic_{{ restic_version }}_linux_amd64.bz2"
-    mode: "0644"
 
 - name: Extract restic
-  ansible.builtin.command: "bzip2 -d /tmp/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}.bz2"
+  command: "bzip2 -d /tmp/restic_{{ restic_version }}_linux_amd64.bz2"
   args:
-    creates: "/tmp/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+    creates: "/tmp/restic_{{ restic_version }}_linux_amd64"
 
 - name: Install restic
   ansible.builtin.copy:
     remote_src: true
-    src: "/tmp/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+    src: "/tmp/restic_{{ restic_version }}_linux_amd64"
     dest: "{{ restic_path }}"
-    mode: "0755"
+    mode: 0755
 
 - name: Remove downloaded file
   ansible.builtin.file:
-    path: "/tmp/restic_{{ restic_version }}_linux_{{ restic_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+    path: "/tmp/restic_{{ restic_version }}_linux_amd64"
     state: absent

tasks/main.yml

@@ -4,8 +4,7 @@
     path: "{{ restic_path }}"
   register: restic_binary
 
-- name: Include install.yml if restic is not installed or restic_install is true
+- include_tasks: install.yml
-  ansible.builtin.include_tasks: install.yml
   when: not restic_binary.stat.exists or restic_install
 
 - name: Overwrite SSH config for backup server
@@ -39,22 +38,14 @@
     mode: "0644"
   vars:
     restic_folders_combined: "{{ restic_default_folders + restic_folders }}"
-  notify: Reload systemd
+  notify: systemd reload
-
-- name: Add systemd service for restic failure
-  when: restic_failure_webhook_url is not none
-  ansible.builtin.template:
-    src: restic-failure.service.j2
-    dest: /etc/systemd/system/restic-failure.service
-    mode: "0644"
-  notify: Reload systemd
 
 - name: Add systemd timer for restic
   ansible.builtin.template:
     src: restic-backup.timer.j2
     dest: /etc/systemd/system/restic-backup.timer
     mode: "0644"
-  notify: Reload systemd
+  notify: systemd reload
 
 - name: Enable and start restic timer
   ansible.builtin.systemd:

templates/restic-backup.service.j2

@@ -1,8 +1,5 @@
 [Unit]
 Description=Restic backup
-{% if restic_failure_webhook_url is not none %}
-OnFailure=restic-failure.service
-{% endif %}
 
 [Service]
 Type=oneshot
@@ -22,8 +19,6 @@ Environment="AWS_ACCESS_KEY_ID={{ restic_aws_access_key_id}}"
 Environment="AWS_SECRET_ACCESS_KEY={{ restic_aws_secret_access_key}}"
 {% endif %}
 
-ExecStartPre=/bin/sh -c '{{ restic_path }} snapshots || {{ restic_path }} init'
-
 {% if restic_check %}
 ExecStartPre={{ restic_path }} check
 {% endif -%}
@@ -37,7 +32,7 @@ ExecStart=/bin/sh -c "{{ database.dump_command }} {{ '| pigz |' if restic_dump_c
 {% endfor -%}
 
 {% if restic_forget %}
-ExecStartPost={{ restic_path }} forget {{ restic_forget_args }}
+ExecStartPost={{ restic_path }} forget --keep-within {{ restic_forget_keep_within }}
 {% endif -%}
 
 {% if restic_prune %}

templates/restic-failure.service.j2

@@ -1,7 +0,0 @@
-[Unit]
-Description=Restic backup failure
-
-[Service]
-Type=oneshot
-User={{ restic_user }}
-ExecStartPre=/bin/sh -c 'curl -X POST -H "Content-Type: application/json" -d "{\"text\": \"Restic backup service failed on {{ inventory_hostname }}!\"}" {{ restic_failure_webhook_url }}'