storage

1---
2# Restic Backup Server Deployment
3
4- name: Create Restic backup server directories
5  file:
6    path: "{{ item }}"
7    state: directory
8    owner: "{{ storage_user }}"
9    group: "{{ storage_group }}"
10    mode: '0755'
11  loop:
12    - "{{ restic_backup_config_dir }}"
13    - "{{ restic_backup_data_dir }}"
14  tags: ['restic', 'backup', 'directories']
15
16- name: Generate htpasswd for Restic authentication
17  htpasswd:
18    path: "{{ restic_backup_htpasswd_file }}"
19    name: "{{ restic_backup_username }}"
20    password: "{{ restic_backup_password }}"
21    owner: "{{ storage_user }}"
22    group: "{{ storage_group }}"
23    mode: '0600'
24  when: 
25    - restic_backup_username is defined
26    - restic_backup_password is defined
27    - restic_backup_username != ""
28    - restic_backup_password != ""
29  tags: ['restic', 'backup', 'auth']
30
31- name: Generate Restic backup server environment file
32  template:
33    src: restic-server.env.j2
34    dest: "{{ restic_backup_config_dir }}/.env"
35    owner: "{{ storage_user }}"
36    group: "{{ storage_group }}"
37    mode: '0600'
38  notify: restart restic-server
39  tags: ['restic', 'backup', 'config', 'env']
40
41- name: Deploy Restic server docker-compose configuration
42  template:
43    src: restic-server-compose.yml.j2
44    dest: "{{ restic_backup_config_dir }}/docker-compose.yml"
45    owner: "{{ storage_user }}"
46    group: "{{ storage_group }}"
47    mode: '0644'
48  notify: restart restic-server
49  tags: ['restic', 'backup', 'config', 'compose']
50
51- name: Start Restic backup server
52  community.docker.docker_compose_v2:
53    project_src: "{{ restic_backup_config_dir }}"
54    state: present
55  tags: ['restic', 'backup', 'deploy']
56
57- name: Verify Restic server is running
58  uri:
59    url: "http://localhost:{{ restic_backup_port }}/"
60    method: GET
61    status_code: [200, 401]  # 401 is expected if auth is required
62  register: restic_health
63  retries: 5
64  delay: 10
65  until: restic_health.status in [200, 401]
66  ignore_errors: true
67  tags: ['restic', 'backup', 'validation']
68
69- name: Create Restic backup client configuration example
70  template:
71    src: restic-client-example.sh.j2
72    dest: "{{ restic_backup_config_dir }}/client-setup-example.sh"
73    owner: "{{ storage_user }}"
74    group: "{{ storage_group }}"
75    mode: '0755'
76  tags: ['restic', 'backup', 'client']
77
78- name: Display Restic backup server status
79  debug:
80    msg: |
81      Restic Backup Server Status: {{ 'Running' if restic_health.status in [200, 401] else 'Starting up...' }}
82      Server URL: http://{{ ansible_default_ipv4.address }}:{{ restic_backup_host_port }}/
83      Data Directory: {{ restic_backup_data_dir }}
84      Configuration: {{ restic_backup_config_dir }}
85      
86      Client Setup:
87      1. Install restic on client machines
88      2. Use the example script: {{ restic_backup_config_dir }}/client-setup-example.sh
89      3. Initialize repository: restic init
90      4. Create backup: restic backup /path/to/backup
91      
92      Security Notes:
93      - Authentication configured: {{ 'Yes' if restic_backup_username != '' else 'No (Configure vault variables)' }}
94      - Access is restricted to authenticated users only
95      - Consider setting up TLS/SSL for production use
96  tags: ['restic', 'backup']