Add borgmatic

roles/borgmatic_config/defaults/main.yaml

@@ -0,0 +1,8 @@
+---
+borgmatic_config_backup_frequency:
+  unit: h
+  amount: 1
+
+borgmatic_config_keep_backups_months: 6
+
+borgmatic_config_targets: "{{ borgmatic_targets }}"

roles/borgmatic_config/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Restart borgmatic timer {{ borgmatic_config_name }}
+  ansible.builtin.systemd_service:
+    name: "borgmatic@{{ borgmatic_config_name }}.timer"
+    state: restarted
+    daemon_reload: true

roles/borgmatic_config/meta/argument_specs.yaml

@@ -0,0 +1,65 @@
+---
+argument_specs:
+  main:
+    short_description: Borgmatic config
+    description:
+      - Creates a bormatic configuration in /etc/borgmatic.d/ and creates the repos
+    options:
+      borgmatic_config_name:
+        description:
+          - Name of the borgmatic config.
+          - Must be unique within the (source) host.
+        type: str
+        required: true
+      borgmatic_config_directories:
+        description: Directories to backup
+        type: list
+        required: true
+        elements: str
+      borgmatic_config_encryption_passphrase:
+        description: Passphrase for borg repo encryption
+        type: str
+        required: true
+      borgmatic_config_targets:
+        description:
+          - List of backup targets for this config.
+          - All backup targets and directories must be listed in borgmatic_targets.
+          - Defaults to all defined in borgmatic_targets.
+        type: list
+        required: false
+        elements: dict
+        options:
+          host:
+            description: Target hostname
+            type: str
+            required: true
+          directories:
+            description: Directories on the host where backup repos will be created under
+            type: list
+            required: true
+            elements: str
+      borgmatic_config_backup_frequency:
+        description: How often to take backups. Defaults to once per hour.
+        type: dict
+        required: false
+        default:
+          unit: h
+          amount: 1
+        options:
+          unit:
+            description: Time unit
+            type: str
+            required: true
+            choices:
+              - min
+              - h
+              - d
+          amount:
+            description: Every how many time units to take backpus
+            type: int
+            required: true
+      borgmatic_config_keep_backups_months:
+        description: How many months to keep backups for
+        type: int
+        required: false
+        default: 6

roles/borgmatic_config/meta/main.yaml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - borgmatic

roles/borgmatic_config/tasks/main.yaml

@@ -0,0 +1,35 @@
+---
+- name: Fail if hosts or directories listed in borgmatic_config_targets not in borgmatic_targets.
+  ansible.builtin.fail:
+    msg: All backup targets and directories must be listed in borgmatic_targets.
+  when: >-
+    borgmatic_config_targets
+    | items2dict(key_name='host', value_name='directories')
+    | ansible.builtin.combine(
+      borgmatic_targets | items2dict(key_name='host', value_name='directories'), list_merge='prepend_rp'
+    )
+    | dict2items(key_name='host', value_name='directories')
+    | difference(borgmatic_targets)
+    | length != 0
+
+- name: Add borgmatic configuration for {{ borgmatic_config_name }}
+  ansible.builtin.template:
+    src: borgmatic.yaml.j2
+    dest: /etc/borgmatic.d/{{ borgmatic_config_name }}.yaml
+    mode: "0600"
+  no_log: true
+
+- name: Add systemd timer for borgmatic {{ borgmatic_config_name }}
+  ansible.builtin.template:
+    src: borgmatic@.timer.j2
+    dest: /etc/systemd/system/borgmatic@{{ borgmatic_config_name }}.timer
+    mode: "0644"
+  register: _borgmatic_config_systemd_timer
+  notify: Restart borgmatic timer {{ borgmatic_config_name }}
+
+- name: Enable systemd timer for borgmatic {{ borgmatic_config_name }}
+  ansible.builtin.systemd_service:
+    name: borgmatic@{{ borgmatic_config_name }}.timer
+    state: started
+    enabled: true
+  when: "not (ansible_check_mode and _borgmatic_config_systemd_timer.changed and _borgmatic_config_systemd_timer.diff.before == '')"

roles/borgmatic_config/templates/borgmatic.yaml.j2

@@ -0,0 +1,35 @@
+# {{ ansible_managed }}
+# vim:ft=yaml
+
+source_directories:
+  {{ borgmatic_config_directories | to_nice_yaml }}
+repositories:
+{% for target in borgmatic_config_targets %}
+{% for directory in target.directories %}
+  - path: "ssh://{{ hostvars[target.host].ansible_user_id }}@{{ target.host }}/{{ directory }}/{{ ansible_fqdn }}/{{ borgmatic_config_name }}"
+{% endfor %}
+{% endfor %}
+working_directory: "~"
+
+one_file_system: true
+exclude_patterns:
+  - /var/cache
+exclude_caches: true
+exclude_if_present:
+  - .nobackup
+keep_exclude_tags: true
+
+source_directories_must_exist: true
+
+compression: zstd
+
+encryption_passphrase: "{{ borgmatic_config_encryption_passphrase }}"
+ssh_command: ssh -i ~/.ssh/id_ed25519_borg
+
+
+keep_within: 48H
+keep_hourly: 168
+keep_daily: 30
+keep_weekly: 26
+keep_monthly: {{ (borgmatic_config_keep_backups_months / 2) | round(0, 'ceil') | int }}
+keep_yearly: {{ (borgmatic_config_keep_backups_months / 12) | round(0, 'ceil') | int }}

roles/borgmatic_config/templates/borgmatic@.timer.j2

@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Run borgmatic backup
+
+[Timer]
+{% if borgmatic_config_backup_frequency.unit == "min" %}
+OnCalendar=*:0/{{ borgmatic_config_backup_frequency.amount }}
+{% elif borgmatic_config_backup_frequency.unit == "h" %}
+OnCalendar=0/{{ borgmatic_config_backup_frequency.amount }}:30
+{% elif borgmatic_config_backup_frequency.unit == "d" %}
+OnCalendar=*-1/{{ borgmatic_config_backup_frequency.amount }} 22:00
+{% else %}
+{{ dafuq }}
+{% endif %}
+Persistent=true
+RandomizedDelaySec={{ 10 * borgmatic_config_backup_frequency.amount }}{{ _borgmatic_config_previous_time_unit[borgmatic_config_backup_frequency.unit] }}
+FixedRandomDelay=true
+
+[Install]
+WantedBy=timers.target

roles/borgmatic_config/vars/main.yaml

@@ -0,0 +1,5 @@
+---
+_borgmatic_config_previous_time_unit:
+  min: s
+  h: min
+  d: h