ansible-roles/backup/tasks/main.yml

---
- name: generate backup config from destination
  set_fact:
    backup_config: "{{ backup_destination | parse_backup_destination }}"

- name: generate ssh key for root if sftp backup
  become: yes
  openssh_keypair:
    path: /root/.ssh/id_rsa
  when: backup_config.protocol == 'sftp'

- name: try to add backup server to known hosts
  become: yes
  command: 'ssh -o StrictHostKeyChecking=accept-new {{ backup_config.connection_string }} echo ok'
  when: backup_config.protocol == 'sftp'
  failed_when: false

- name: ensure restic is installed
  become: yes
  package:
    name: restic
    state: latest
  when: ansible_distribution|lower != 'openbsd'

- name: ensure restic is installed
  become: yes
  community.general.openbsd_pkg:
    name: restic
    state: latest
    snapshot: "{{ force_openbsd_snapshot|default(false) }}"
  when: ansible_distribution|lower == 'openbsd'

- name: copy backup password file to remote host
  become: yes
  copy:
    content: "{{ backup_password }}"
    dest: "{{ backup_password_file }}"
    mode: "0400"
    owner: "{{ backup_user }}"

- name: template backup script
  become: yes
  template:
    src: "backup.sh"
    dest: "{{ backup_script_path }}"
    owner: "{{ backup_user }}"
    mode: "0700"

- name: create backup repository if it does not exist already
  become: yes
  shell: "{{ backup_init_command }}"
  changed_when: "'created restic repositroy' in backup_init_task.stdout"
  failed_when: "'config file already exists' not in backup_init_task.stderr and backup_init_task.rc != 0"
  register: backup_init_task

- name: run backup
  become: yes
  shell: "{{ backup_job }}"
  throttle: "{{ backup_throttle }}"
  when: do_backup | default(false)

- name: run cleanup
  become: yes
  shell: "{{ backup_cleanup_job }}"
  throttle: "{{ backup_throttle }}"
  when: do_backup | default(false)