From bece0ede75eae0ebf2791c8f5146f69c6603b0e0 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Sat, 12 Mar 2022 11:42:29 +0100
Subject: [PATCH] refactor(restic): make role backend-agnostic, document
 backends

---
 README.md                                     |  4 +--
 roles/{restic-s3 => restic}/README.md         | 28 ++++++++++++++-----
 roles/{restic-s3 => restic}/defaults/main.yml |  0
 roles/{restic-s3 => restic}/handlers/main.yml |  0
 roles/{restic-s3 => restic}/tasks/main.yml    |  0
 .../templates/restic.service.j2               |  2 ++
 .../templates/restic.timer.j2                 |  0
 7 files changed, 25 insertions(+), 9 deletions(-)
 rename roles/{restic-s3 => restic}/README.md (68%)
 rename roles/{restic-s3 => restic}/defaults/main.yml (100%)
 rename roles/{restic-s3 => restic}/handlers/main.yml (100%)
 rename roles/{restic-s3 => restic}/tasks/main.yml (100%)
 rename roles/{restic-s3 => restic}/templates/restic.service.j2 (94%)
 rename roles/{restic-s3 => restic}/templates/restic.timer.j2 (100%)

diff --git a/README.md b/README.md
index 8fdaff7..da9da54 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,8 @@ concise area of concern.
 
 ## Roles
 
-- [`roles/restic-s3`](roles/restic-s3/README.md): Manage backups using restic
-  and persist them to an s3-compatible backend.
+- [`roles/restic`](roles/restic/README.md): Manage backups using restic
+  and persist them to a configurable backend.
 
 - [`roles/minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an
   s3-compatible object storage server, using docker containers.
diff --git a/roles/restic-s3/README.md b/roles/restic/README.md
similarity index 68%
rename from roles/restic-s3/README.md
rename to roles/restic/README.md
index b5d3528..ac5ea52 100644
--- a/roles/restic-s3/README.md
+++ b/roles/restic/README.md
@@ -1,14 +1,28 @@
-# `finallycoffee.services.restic-s3`
+# `finallycoffee.services.restic`
 
-Ansible role for backup up data using `restic` to an `s3`-compatible backend,
-utilizing `systemd` timers for scheduling
+Ansible role for backup up data using `restic`, utilizing `systemd` timers for scheduling.
 
 ## Overview
 
-The s3 repository and the credentials for it are specified in `restic_repo_url`,
-`restic_s3_key_id` and `restic_s3_access_key`. As restic encrypts the data before
-storing it, the `restic_repo_password` needs to be populated with a strong key,
-and saved accordingly as only this key can be used to decrypt the data for a restore!
+As restic encrypts the data before storing it, the `restic_repo_password` needs
+to be populated with a strong key, and saved accordingly as only this key can
+be used to decrypt the data for a restore!
+
+### Backends
+
+#### S3 Backend
+
+To use a `s3`-compatible backend like AWS buckets or minio, both `restic_s3_key_id`
+and `restic_s3_access_key` need to be populated, and the `restic_repo_url` has the
+format `s3:https://my.s3.endpoint:port/bucket-name`.
+
+#### SFTP Backend
+
+Using the `sftp` backend requires the configured `restic_user` to be able to
+authenticate to the configured SFTP-Server using password-less methods like
+publickey-authentication. The `restic_repo_url` then follows the format
+`sftp:{user}@{server}:/my-restic-repository` (or without leading `/` for relative
+paths to the `{user}`s home directory.
 
 ### Backing up data
 
diff --git a/roles/restic-s3/defaults/main.yml b/roles/restic/defaults/main.yml
similarity index 100%
rename from roles/restic-s3/defaults/main.yml
rename to roles/restic/defaults/main.yml
diff --git a/roles/restic-s3/handlers/main.yml b/roles/restic/handlers/main.yml
similarity index 100%
rename from roles/restic-s3/handlers/main.yml
rename to roles/restic/handlers/main.yml
diff --git a/roles/restic-s3/tasks/main.yml b/roles/restic/tasks/main.yml
similarity index 100%
rename from roles/restic-s3/tasks/main.yml
rename to roles/restic/tasks/main.yml
diff --git a/roles/restic-s3/templates/restic.service.j2 b/roles/restic/templates/restic.service.j2
similarity index 94%
rename from roles/restic-s3/templates/restic.service.j2
rename to roles/restic/templates/restic.service.j2
index fa16f29..11e89d5 100644
--- a/roles/restic-s3/templates/restic.service.j2
+++ b/roles/restic/templates/restic.service.j2
@@ -9,8 +9,10 @@ SyslogIdentifier={{ restic_systemd_syslog_identifier }}
 
 Environment=RESTIC_REPOSITORY={{ restic_repo_url }}
 Environment=RESTIC_PASSWORD={{ restic_repo_password }}
+{% if restic_s3_key_id and restic_s3_access_key %}
 Environment=AWS_ACCESS_KEY_ID={{ restic_s3_key_id }}
 Environment=AWS_SECRET_ACCESS_KEY={{ restic_s3_access_key }}
+{% endif %}
 
 ExecStartPre=-/bin/sh -c '/usr/bin/restic snapshots || /usr/bin/restic init'
 {% if restic_backup_stdin_command %}
diff --git a/roles/restic-s3/templates/restic.timer.j2 b/roles/restic/templates/restic.timer.j2
similarity index 100%
rename from roles/restic-s3/templates/restic.timer.j2
rename to roles/restic/templates/restic.timer.j2