# Do not need as a playbook if included inside another playbook --- - name: Setup restic user and scripts. hosts: all vars_files: - 'vault' become: yes remote_user: ansible gather_facts: true tasks: - name: Create Restic user user: name: restic uid: 2001 group: users state: present create_home: yes home: /home/restic shell: /bin/bash - name: Add Authorized key for Restic user ansible.posix.authorized_key: user: restic state: present key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsDIrV6QIMtpJFNpZEgHnkYgFC6OXMJQFc1JqrnpCzY fake@gmail.com" - name: Install Restic Private key copy: dest: /home/restic/.ssh/resticuser.ed25519 content: "{{ restic_private }}" owner: restic group: users mode: '0600' - name: Copy Restic Repo Pass copy: dest: /home/restic/.resticpassword content: "{{ restic_repopass }}" owner: restic group: users mode: '0600' - name: Copy restic.sh copy: dest: /home/restic/restic.sh content: | #!/bin/bash cd /home/restic/ # Check if a flag was passed if [[ "$#" -lt 2 ]]; then echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" exit 1 fi # Initialize variables backup=false forget=false check=false init=false password=($cat ./.resticpassword) last_arg="" # Parse arguments case $1 in --backup) backup=true shift ;; --forget) forget=true shift ;; --check) check=true shift ;; --init) init=true shift ;; *) echo "Usage: $0 [--backup] [--forget] [--check] [--init] dirtobackup" ;; esac # Check if last argument is valid last_arg=$1 if [ -n "$last_arg" ]; then if [ -d "$last_arg" ]; then #Last argument is a directory: $last_arg backupdir=$last_arg elif [ -f "$last_arg" ]; then #Last argument is a file: $last_arg backupdir=$last_arg else echo "Last argument is neither a directory nor a file: $last_arg" fi else echo "No valid argument provided after options" fi # Execute Restic commands based on flags if $backup; then echo "Backing up... to misamisa" echo "Date: $(date '+%Y-%m-%d_%H-%M-%S')" # Add your Restic backup command here restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) backup --exclude="*lost+found*" $backupdir \ | tee backup.out status=$? if [ $status -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) backup complete" elif [ $status -eq 3 ]; then ./discord.sh "$(hostname) backup complete" else # If the exit status is not 0 (failure), send a failure message ./discord.sh "$(hostname) Backup has failed" fi echo "Backup completed $(date '+%Y-%m-%d_%H-%M-%S')" fi if $forget; then echo "Removing old backups..." # Add your Restic forget command here restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) forget --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 1y if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) forget command completed successfully" else # If the exit status is not 0 (failure), send a failure message ./discord.sh "$(hostname) forget command has failed" fi fi if $check; then echo "Checking backups..." # Add your Restic check command here restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) check --read-data if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) Restic Verification complete" else # If the exit status is not 0 (failure), send a failure message ./discord.sh "$(hostname) Restic Verification failed!! there is an issue" fi restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) unlock fi if $init; then echo "Init backup..." # Generate password if [[ -z $(grep '[^[:space:]]' ./.resticpassword) ]] ; then echo "Password file empty. generating passwordwq" tr -dc A-Za-z0-9 ./.resticpassword fi restic --password-file ./.resticpassword -r sftp:misamisa://home/restic/$(hostname) init if [ $? -eq 0 ]; then # If the exit status is 0 (success), send a success message ./discord.sh "$(hostname) Restic Init complete for $(hostname)" else # If the exit status is not 0 (failure), send a failure message ./discord.sh "$(hostname) Restic init failed!! there is an issue on $(hostname)" fi fi owner: restic group: users mode: '0755' - name: Copy discord.sh copy: dest: /home/restic/discord.sh content: "{{ discord_webhook }}" owner: restic group: users mode: '0755' - name: Create SSH config file copy: dest: /root/.ssh/config content: | Hostname misamisa.netbird.cloud Port 25456 User restic IdentityFile /home/restic/.ssh/resticuser.ed25519 owner: root group: root mode: '0644' - name: Add known host entry for misamisa become: yes shell: "ssh-keyscan -p 25456 -H misamisa.netbird.cloud >> ~/.ssh/known_hosts" - name: Download restic bz2 file get_url: url: "https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2" dest: "/tmp/restic.bz2" mode: '0755' force: yes register: restic_download - name: Extract restic bz2 file ansible.builtin.command: cmd: bunzip2 /tmp/restic.bz2 creates: /tmp/restic when: restic_download.changed - name: Move restic to /usr/bin/ copy: src: "/tmp/restic" dest: "/usr/bin/restic" mode: "0755" owner: root group: root remote_src: yes when: restic_download.changed # This can be removed later if needed. used to cleanup existing crontab entries. Leaving incase any older # configured hosts are brought online. - name: Remove crontab entries containing restic.sh for root become: yes shell: crontab -l -u root | grep -v restic.sh | crontab -u root - register: cron_output changed_when: false failed_when: false