--- - name: "Configure restic and backup schedule" hosts: all vars_files: - vars/secrets.yml vars: backup_config_dir: "/etc/backup" backup_config_file: "{{ (backup_config_dir, 'config.ini') | path_join }}" restic_shell_script: "{{ (bin_prefix, 'restic-shell.sh') | path_join }}" backup_all_script: "{{ (bin_prefix, 'backup-all.py') | path_join }}" tasks: - name: "Create backup config directory" ansible.builtin.file: path: "{{ backup_config_dir }}" state: "directory" owner: root group: root mode: "0755" - name: "Create backup config file" ansible.builtin.template: src: "files/backups/config.template.ini" dest: "{{ backup_config_file }}" owner: root group: root mode: "0640" - name: "Allow user to run the backup script without a password" ansible.builtin.lineinfile: path: /etc/sudoers state: present line: "{{ primary_user }} ALL=(ALL) NOPASSWD: {{ backup_all_script }}" validate: /usr/sbin/visudo -cf %s # ВАЖНО: проверка синтаксиса перед сохранением create: no # Файл уже должен существовать - name: "Copy restic shell script" ansible.builtin.template: src: "files/backups/restic-shell.sh.j2" dest: "{{ restic_shell_script }}" owner: root group: root mode: "0700" - name: "Copy backup all script" ansible.builtin.copy: src: "files/backups/backup-all.py" dest: "{{ backup_all_script }}" owner: root group: root mode: "0700" - name: "Setup paths for backup cron file" ansible.builtin.cron: cron_file: "ansible_restic_backup" user: "root" env: true name: "PATH" job: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" - name: "Setup mail for backup cron file" ansible.builtin.cron: cron_file: "ansible_restic_backup" user: "root" env: true name: "MAILTO" job: "" - name: "Creates a cron file for backups under /etc/cron.d" ansible.builtin.cron: name: "restic backup" minute: "0" hour: "1" job: "{{ backup_all_script }} 2>&1 | logger -t backup" cron_file: "ansible_restic_backup" user: "root"