finallycoffee/base
5
0
Fork 1
Code Issues 1 Pull Requests 4 Packages Projects Releases Wiki Activity

Compare commits

base: finallycoffee:99a8c19aa3481b21f4f69ba7cc5e9d08e5368da4
Branches Tags
finallycoffee:main finallycoffee:transcaffeine/openldap finallycoffee:lego/set-e-fix finallycoffee:transcaffeine/openssh finallycoffee:transcaffeine/hostname finallycoffee:transcaffeine/docker-redhat finallycoffee:transcaffeine/docker finallycoffee:transcaffeine/user finallycoffee:transcaffeine/restic-systemd-template-units finallycoffee:transcaffeine/base-use-find finallycoffee:transcaffeine/redis finallycoffee:transcaffeine/nscd-nslcd finallycoffee:transcaffeine/debian-proxmox
finallycoffee:0.3.0 finallycoffee:0.2.1 finallycoffee:0.2.0 finallycoffee:0.1.2 finallycoffee:0.1.1 finallycoffee:0.1.0 finallycoffee:0.0.2
..
compare: finallycoffee:transcaffeine/restic-systemd-template-units
Branches Tags
finallycoffee:main finallycoffee:transcaffeine/openldap finallycoffee:lego/set-e-fix finallycoffee:transcaffeine/openssh finallycoffee:transcaffeine/hostname finallycoffee:transcaffeine/docker-redhat finallycoffee:transcaffeine/docker finallycoffee:transcaffeine/user finallycoffee:transcaffeine/restic-systemd-template-units finallycoffee:transcaffeine/base-use-find finallycoffee:transcaffeine/redis finallycoffee:transcaffeine/nscd-nslcd finallycoffee:transcaffeine/debian-proxmox
finallycoffee:0.3.0 finallycoffee:0.2.1 finallycoffee:0.2.0 finallycoffee:0.1.2 finallycoffee:0.1.1 finallycoffee:0.1.0 finallycoffee:0.0.2

3 Commits
99a8c19aa3 ... transcaffe

Author SHA1 Message Date
transcaffeine
59505a0759 fix(lego): quoting issues leading to wrongful error 2025-04-07 16:27:03 +02:00
transcaffeine
eb587978c5 fix(lego): ensure variables are either defined or have null-check handling 2025-03-25 17:51:13 +01:00
transcaffeine
0aba4024de feat(restic): migrate to systemd template units 2025-03-23 14:35:28 +01:00
8 changed files with 37 additions and 20 deletions
Expand all files Collapse all files

8
roles/lego/files/lego_run.sh
View File

@ -3,8 +3,8 @@ set -euo pipefail
LEGO_BINARY=$(/usr/bin/env which lego) LEGO_BINARY=$(/usr/bin/env which lego)
if [[ -n "$LEGO_HTTP_FALLBACK_PORT" ]]; then if [[ -n "${LEGO_HTTP_FALLBACK_PORT:-}" ]]; then
if ! nc_binary="$(type -p \"nc\")" || [[ -z $nc_binary ]]; then if ! nc_binary="$(type -p 'nc')" || [[ -z $nc_binary ]]; then
echo "nc not found (in PATH), exiting" echo "nc not found (in PATH), exiting"
exit 1 exit 1
fi fi
@ -14,7 +14,7 @@ if [[ -n "$LEGO_HTTP_FALLBACK_PORT" ]]; then
fi fi
fi fi
if [[ -n "$LEGO_PRE_RENEWAL_HOOK" ]]; then if [[ -n "${LEGO_PRE_RENEWAL_HOOK:-}" ]]; then
$LEGO_PRE_RENEWAL_HOOK $LEGO_PRE_RENEWAL_HOOK
fi fi
@ -30,6 +30,6 @@ fi
find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chmod "$LEGO_CERT_MODE" "{}" find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chmod "$LEGO_CERT_MODE" "{}"
find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chown "${LEGO_CERT_USER}:${LEGO_CERT_GROUP}" "{}" find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chown "${LEGO_CERT_USER}:${LEGO_CERT_GROUP}" "{}"
if [[ -n "$LEGO_POST_RENEWAL_HOOK" ]]; then if [[ -n "${LEGO_POST_RENEWAL_HOOK:-}" ]]; then
$LEGO_POST_RENEWAL_HOOK $LEGO_POST_RENEWAL_HOOK
fi fi

4
roles/restic/defaults/main/config.yml
View File

@ -20,8 +20,8 @@ restic_policy_backup_frequency: hourly
restic_base_environment: restic_base_environment:
RESTIC_REPOSITORY: "{{ restic_repo_url }}" RESTIC_REPOSITORY: "{{ restic_repo_url }}"
RESTIC_PASSWORD: "{{ restic_password }}" RESTIC_PASSWORD: "{{ restic_repo_password }}"
RESTIC_JOBNAME: "{{ restic_job_name | default('unknown') }}" RESTIC_JOBNAME: "{{ restic_job_name }}"
RESTIC_FORGET_KEEP_WITHIN: "{{ restic_policy_keep_all_within }}" RESTIC_FORGET_KEEP_WITHIN: "{{ restic_policy_keep_all_within }}"
RESTIC_FORGET_KEEP_HOURLY: "{{ restic_policy_keep_hourly }}" RESTIC_FORGET_KEEP_HOURLY: "{{ restic_policy_keep_hourly }}"
RESTIC_FORGET_KEEP_DAILY: "{{ restic_policy_keep_daily }}" RESTIC_FORGET_KEEP_DAILY: "{{ restic_policy_keep_daily }}"

1
roles/restic/defaults/main/main.yml
View File

@ -13,3 +13,4 @@ restic_job_directory: "/etc/restic"
restic_package_name: restic restic_package_name: restic
restic_script_generate_snapshot_metrics: "/opt/restic-generate-snapshot-metrics.sh" restic_script_generate_snapshot_metrics: "/opt/restic-generate-snapshot-metrics.sh"
restic_start_job_on_unit_change: true

13
roles/restic/defaults/main/systemd.yml
View File

@ -1,7 +1,16 @@
--- ---
restic_systemd_job_name: ~ restic_systemd_job_description: "Restic backup service"
restic_systemd_job_description: "Restic backup job for {{ restic_job_name }}" restic_systemd_unit_naming_scheme: "restic-{{ restic_job_name }}"
restic_systemd_timer_naming_scheme: >-2
{{ restic_systemd_unit_naming_scheme }}.timer
restic_systemd_timer_state_map:
present: "started"
absent: "stopped"
masked: "started"
restic_systemd_timer_state: >-2
{{ restic_systemd_timer_state_map[restic_job_state] }}
restic_systemd_syslog_identifier: "restic@%i"
restic_systemd_working_directory: /tmp restic_systemd_working_directory: /tmp
restic_systemd_install_wanted_by: "basic.target" restic_systemd_install_wanted_by: "basic.target"
restic_systemd_install_default_instance: "default" restic_systemd_install_default_instance: "default"

9
roles/restic/handlers/main.yml
View File

@ -1,13 +1,12 @@
--- ---
- name: Ensure system daemon is reloaded - name: Ensure system daemon is reloaded
listen: reload-systemd listen: reload-systemd
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: Ensure systemd service for '{{ restic_job_name }}' is started immediately - name: Ensure systemd service for '{{ restic_job_name }}' is started immediately
listen: trigger-restic listen: trigger-restic
systemd: ansible.builtin.systemd:
name: "{{ restic_systemd_unit_naming_scheme }}.service" name: "{{ restic_systemd_timer_naming_scheme }}"
state: started state: started
when: restic_start_job_on_unit_change when: (not ansible_check_mode) and restic_start_job_on_unit_change

5
roles/restic/tasks/configure.yml
View File

@ -1,12 +1,13 @@
--- ---
- name: Ensure systemd timer file for '{{ restic_job_name }}' is {{ restic_state }}' - name: Ensure systemd timer file for '{{ restic_job_name }}' is {{ restic_state }}'
template: ansible.builtin.template:
dest: "/etc/systemd/system/{{ restic_systemd_unit_naming_scheme }}.timer" dest: "/etc/systemd/system/{{ restic_systemd_unit_naming_scheme }}.timer"
src: restic.timer.j2 src: restic.timer.j2
owner: root owner: root
group: root group: root
mode: "0640" mode: "0640"
when: restic_state == 'present' when: restic_state == 'present'
register: restic_systemd_timer_info
notify: notify:
- reload-systemd - reload-systemd
@ -27,5 +28,3 @@
- name: Flush handlers to ensure systemd knows about '{{ restic_job_name }}' - name: Flush handlers to ensure systemd knows about '{{ restic_job_name }}'
meta: flush_handlers meta: flush_handlers

15
roles/restic/tasks/main.yml
View File

@ -21,10 +21,19 @@
- name: Ensure systemd timer for '{{ restic_job_name }}' is activated - name: Ensure systemd timer for '{{ restic_job_name }}' is activated
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ restic_systemd_unit_naming_scheme }}.timer" name: "{{ restic_systemd_timer_naming_scheme }}"
enabled: true enabled: true
when:
- restic_systemd_timer_info.changed
- not restic_systemd_timer_info.failed
- not ansible_check_mode
- name: Ensure systemd timer for '{{ restic_job_name }}' is {{ restic_job_state }} - name: Ensure systemd timer for '{{ restic_job_name }}' is {{ restic_job_state }}
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ restic_systemd_unit_naming_scheme }}.timer" name: "{{ restic_systemd_timer_naming_scheme }}"
state: started # TODO: mask a timer? state: "{{ restic_job_state }}"
masked: "{{ (restic_job_state == 'masked') | ternary('true', omit) }}"
when:
- restic_systemd_timer_info.changed
- not restic_systemd_timer_info.failed
- not ansible_check_mode