Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

roles/custom/matrix-backup-borg/templates/config.yaml.j2

@@ -0,0 +1,43 @@
+#jinja2: lstrip_blocks: "True", trim_blocks: "True"
+
+location:
+  source_directories: {{ matrix_backup_borg_location_source_directories|to_json }}
+  repositories: {{ matrix_backup_borg_location_repositories|to_json }}
+  one_file_system: true
+  exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
+
+storage:
+  compression: {{ matrix_backup_borg_storage_compression|to_json }}
+  ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
+  archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
+  encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
+  unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
+
+retention:
+  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
+  keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }}
+  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }}
+  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }}
+  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }}
+  prefix: {{ matrix_backup_borg_retention_prefix|to_json }}
+
+consistency:
+  checks:
+    - repository
+    - archives
+
+hooks:
+{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %}
+  postgresql_databases:
+  {% for database in matrix_backup_borg_postgresql_databases %}
+  - name: {{ database|to_json }}
+    hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
+    username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
+    password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
+    port: {{ matrix_backup_borg_postgresql_databases_port|to_json }}
+  {% endfor %}
+{% endif %}
+  after_backup:
+    - echo "Backup created."
+  on_error:
+    - echo "Error while creating a backup."

roles/custom/matrix-backup-borg/templates/passwd.j2

@@ -0,0 +1,29 @@
+{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #}
+root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/mail:/sbin/nologin
+news:x:9:13:news:/usr/lib/news:/sbin/nologin
+uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+man:x:13:15:man:/usr/man:/sbin/nologin
+postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
+cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
+ftp:x:21:21::/var/lib/ftp:/sbin/nologin
+sshd:x:22:22:sshd:/dev/null:/sbin/nologin
+at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
+squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
+xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
+games:x:35:35:games:/usr/games:/sbin/nologin
+cyrus:x:85:12::/usr/cyrus:/sbin/nologin
+vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
+ntp:x:123:123:NTP:/var/empty:/sbin/nologin
+smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
+guest:x:405:100:guest:/dev/null:/sbin/nologin
+{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash
+nobody:x:65534:65534:nobody:/:/sbin/nologin

roles/custom/matrix-backup-borg/templates/sshkey.j2

@@ -0,0 +1 @@
+{{ matrix_backup_borg_ssh_key_private }}

roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2

@@ -0,0 +1,58 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Borg Backup
+{% for service in matrix_backup_borg_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_backup_borg_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
+			--log-driver=none \
+			--cap-drop=ALL \
+			--read-only \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--network={{ matrix_docker_network }} \
+			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
+			--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
+			--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
+			{% for source in matrix_backup_borg_location_source_directories %}
+			--mount type=bind,src={{ source }},dst={{ source }},ro \
+			{% endfor %}
+			{% for arg in matrix_backup_borg_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_backup_borg_docker_image }} \
+			sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
+			--log-driver=none \
+			--cap-drop=ALL \
+			--read-only \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--network={{ matrix_docker_network }} \
+			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
+			--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
+			--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
+			{% for source in matrix_backup_borg_location_source_directories %}
+			--mount type=bind,src={{ source }},dst={{ source }},ro \
+			{% endfor %}
+			{% for arg in matrix_backup_borg_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_backup_borg_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
+SyslogIdentifier=matrix-backup-borg
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Matrix Borg Backup timer
+
+[Timer]
+Unit=matrix-backup-borg.service
+OnCalendar={{ matrix_backup_borg_schedule }}
+RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }}
+
+[Install]
+WantedBy=timers.target