lilik_playbook/roles/borgrepo/tasks/main.yaml

---
- name: 'install borg'
  apt:
    pkg: 'borgbackup'
    state: 'latest'
    update_cache: true
    cache_valid_time: 3600

- name: 'create .ssh folder'
  file:
    path: '/root/.ssh'
    mode: '0700'
    state: 'directory'

- name: 'create backup keypair'
  openssh_keypair:
    path: '/root/.ssh/id_ed25519_BORG'
    force: '{{ borgrepo_force_new_key }}'
    type: 'ed25519'
    comment: 'backup@{{ host_fqdn }}'
  register: ssh_keypair

- name: 'create host repos namespace'
  file:
    path: '/home/borg/repos/{{ host_fqdn }}'
    owner: 'borg'
    group: 'borg'
    mode: '0700'
    state: 'directory'
  delegate_to: '{{ item.ansible_host }}'
  loop: '{{ borgrepo_servers }}'

- name: 'authorize host key'
  lineinfile:
    path: '/home/borg/.ssh/authorized_keys'
    owner: 'borg'
    group: 'borg'
    mode: '0600'
    create: yes
    line: >-
      command="cd {{ repodir }}; borg serve --append-only --restrict-to-path {{ repodir }}",restrict
      {{ ssh_keypair.public_key }}
    regexp: '{{ ssh_keypair.comment }}$'
    state: 'present'
  vars:
    repodir: '/home/borg/repos/{{ host_fqdn }}'
  delegate_to: '{{ item.ansible_host }}'
  loop: '{{ borgrepo_servers }}'


- name: 'upload host ssh ca'
  copy:
    content: |
      {% for ca in ssh_server_ca %}
      @cert-authority *.dmz.{{ domain }} {{ ca }}
      {% endfor %}
    dest: '/root/.ssh/known_hosts'
    mode: '0600'

##ToDo setup encryption
- name: 'initialize repo'
  shell:
    cmd: >
      borg init -e {{ item[1].encryption }} borg@{{ item[1].ansible_host }}.dmz.{{ domain }}:{{ item[0].key }}
  register: borgrepo_init_cmd
  failed_when:
    - borgrepo_init_cmd.rc != 0
    - borgrepo_init_cmd.stderr !='A repository already exists at borg@'+item[1].ansible_host+'.dmz.'+domain+':'+item[0].key+'.'
  changed_when: borgrepo_init_cmd.rc == 0
  environment:
    BORG_RSH: 'ssh -i /root/.ssh/id_ed25519_BORG'
    BORG_PASSPHRASE: '{{ item[1].encryption_passphrase | d("") }}'
  loop: '{{ borgrepo_repos|dict2items | product(borgrepo_servers) | list }}'

- name: 'create backup directory'
  file:
    path: '/etc/backup'
    state: 'directory'
    owner: 'root'
    group: 'root'
    mode: '0700'

- name: 'create log backup directory'
  file:
    path: '/var/log/backup-status'
    state: 'directory'
    owner: 'root'
    group: 'root'
    mode: '0755'

- name: 'create repo log directory'
  file:
    path: '/var/log/backup-status/{{ item[0].key }}.{{ item[1].ansible_host }}'
    state: 'directory'
    owner: 'root'
    group: 'root'
    mode: '0755'
  loop: '{{ borgrepo_repos|dict2items | product(borgrepo_servers) | list}}'

- name: 'create backup scripts'
  template:
    src: 'backupscript.sh.j2'
    dest: '/etc/backup/{{ item[0].key }}.{{ item[1].ansible_host }}.sh'
    owner: 'root'
    group: 'root'
    mode: '0700'
  loop: '{{ borgrepo_repos|dict2items | product(borgrepo_servers) | list}}'

- name: 'create systemd service'
  template:
    src: 'backupservice.service'
    dest: '/etc/systemd/system/borg-backup@.service'
  notify: reload systemd

- name: 'create systemd timers'
  copy:
    content: |
      [Unit]
      Description=BorgBackup %I repo timer.

      [Timer]
      WakeSystem=false
      OnCalendar=*-*-* 02:00:00
      RandomizedDelaySec=20min

      [Install]
      WantedBy=timers.target
    dest: '/etc/systemd/system/borg-backup@.timer'
  notify: reload systemd

- name: 'enable systemd timers'
  systemd:
    name: 'borg-backup@{{ item[0].key }}.{{ item[1].ansible_host }}.timer'
    daemon_reload: true
    enabled: true
    state: 'restarted'
  loop: '{{ borgrepo_repos|dict2items | product(borgrepo_servers) | list }}'

- name: 'MONITORING | create entry'
  set_fact:
    borg_monitoring_repos: >
      {{ borg_monitoring_repos|d({})|combine({
                     item[0].key+"."+item[1].ansible_host:
                       {
                          "backup_wage": item[0].value.interval|d(86400)|int,
                          "backup_cage": (item[0].value.interval|d(86400)|int+7200)*2
                       }
      }) }}
  loop: '{{ borgrepo_repos|dict2items | product(borgrepo_servers) | list }}'
  tags:
    - 'monitoring'

- name: 'MONITORING | update facts'
  set_fact:
    monitoring_facts: >
      {{ hostvars[monitoring_host]["monitoring_facts"]
          | default({})
          | combine({
                      host_fqdn:
                        {
                           "address": ansible_host,
                           "borg_repos": borg_monitoring_repos
                        }
                    }, recursive=True) }}
  delegate_to: '{{ monitoring_host }}'
  delegate_facts: true
  tags:
    - 'monitoring'
...