Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint

playbooks/roles/backup/files/backup.timer

@@ -0,0 +1,4 @@
+[Timer]
+OnCalendar=*-*-* 04:10:00
+[Install]
+WantedBy=timers.target

playbooks/roles/backup/files/hooks/immich_database

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+backup_path="$1"
+
+cd /opt/services/immich || exit
+docker compose exec database sh -c 'pg_dump -U "$DB_USERNAME" "$DB_DATABASE"' | gzip >"$backup_path/immich.sql.gz"

playbooks/roles/backup/files/hooks/mailcowdockerized

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+export MAILCOW_BACKUP_LOCATION="$1"
+
+/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all --delete-days 1

playbooks/roles/backup/files/hooks/postgresql

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+cd "$1"
+
+postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WHERE datistemplate = false;")
+
+for i in $postgres_tables
+do
+	printf "dumping %s ..." "$i"
+	sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.sql.gz"
+	echo " done"
+done
+
+echo "dumping all"
+sudo -u postgres pg_dumpall | gzip >"pg_dumpall.sql.gz"

playbooks/roles/backup/tasks/hooks.yml

@@ -0,0 +1,21 @@
+---
+- name: Set hooks path
+  ansible.builtin.set_fact:
+    hooks_path: "{{ (service_path, 'hooks') | path_join }}"
+- name: Create hooks directory
+  ansible.builtin.file:
+    path: "{{ hooks_path }}"
+    state: directory
+    mode: "0755"
+- name: Copy the hooks
+  ansible.builtin.copy:
+    src: hooks/
+    dest: "{{ hooks_path }}"
+    mode: "0755"
+- name: Create the from directories
+  ansible.builtin.file:
+    path: "{{ ('/opt/services/_backup', item | basename) | path_join }}"
+    state: directory
+    mode: "0755"
+  with_fileglob:
+    - "hooks/*"

playbooks/roles/backup/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    yml: "{{ backup_yml }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Template the main backup script
+      ansible.builtin.template:
+        src: backup.sh.j2
+        dest: "{{ (service_path, 'backup.sh') | path_join }}"
+        mode: "0755"
+
+    - name: Template autorestic.yml
+      ansible.builtin.template:
+        src: yml.j2
+        dest: "{{ (service_path, '.autorestic.yml') | path_join }}"
+        mode: "0644"
+
+    - name: Template autorestic.all.yml
+      ansible.builtin.template:
+        src: yml.j2
+        dest: "{{ (service_path, '.autorestic.all.yml') | path_join }}"
+        mode: "0644"
+      vars:
+        yml: "{{ backup_yml_all }}"
+
+    - name: Import tasks specific to the hooks scripts
+      ansible.builtin.import_tasks: hooks.yml
+    - name: Import tasks specific to systemd
+      ansible.builtin.import_tasks: systemd.yml
+
+    - name: Verify service
+      ansible.builtin.command:
+        cmd: autorestic -v check
+        chdir: "{{ service_path }}"
+      changed_when: false
+      become: true
+      register: cmd_result_verify
+      until: "cmd_result_verify is not failed"
+      retries: 10
+      delay: 10

playbooks/roles/backup/tasks/systemd.yml

@@ -0,0 +1,20 @@
+---
+- name: Copy the system service
+  ansible.builtin.template:
+    src: backup.service.j2
+    dest: /etc/systemd/system/backup.service
+    mode: "0644"
+  become: true
+- name: Copy the system timer
+  ansible.builtin.copy:
+    src: backup.timer
+    dest: /etc/systemd/system/backup.timer
+    mode: "0644"
+  become: true
+- name: Enable the system timer
+  ansible.builtin.systemd_service:
+    name: backup.timer
+    state: started
+    enabled: true
+    daemon_reload: true
+  become: true

playbooks/roles/backup/templates/backup.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Run the backup script
+StartLimitIntervalSec=7200
+StartLimitBurst=5
+
+[Service]
+Type=oneshot
+ExecStart={{ (service_path, 'backup.sh') | path_join }}
+WorkingDirectory={{ service_path }}
+Restart=on-failure
+RestartSec=15min

playbooks/roles/backup/templates/backup.sh.j2

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+{{ backup_hc_command_start }}
+
+if autorestic backup -av --ci
+then
+    {{ backup_hc_command_success }}
+    {{ backup_gatus_command_success }}
+else
+    {{ backup_hc_command_fail }}
+    {{ backup_gatus_command_fail }}
+fi

playbooks/roles/backup/vars/main.yml

@@ -0,0 +1,58 @@
+---
+backup_list: "{{ all_services | my_service_attributes(inventory_hostname, 'backup') }}"
+backup_list_all: "{{ all_services | my_service_attributes('', 'backup') }}"
+
+backup_msg_start: "Backup started"
+backup_msg_fail: "Backup failed"
+backup_msg_fail_location: "Backup failed for location: "
+backup_msg_success: "Backup successful"
+
+backup_curl_base: 'curl -L -m 10 --retry 5'
+backup_hc_curl_base: '{{ backup_curl_base }} -X POST -H "Content-Type: text/plain"'
+backup_gatus_curl_base: '{{ backup_curl_base }} -X POST -H "Authorization: Bearer {{ host_backup.gatus_token }}"'
+backup_hc_url: '{{ host_backup.hc_url }}'
+backup_gatus_url: 'https://status.serguzim.me/api/v1/endpoints/8-backups_backup@{{ ansible_facts.hostname }}/external'
+
+backup_hc_command_start: '{{ backup_hc_curl_base }} --data "{{ backup_msg_start }}" {{ backup_hc_url }}/start'
+backup_hc_command_success: '{{ backup_hc_curl_base }} --data "{{ backup_msg_success }}" {{ backup_hc_url }}'
+backup_hc_command_fail: '{{ backup_hc_curl_base }} --data "{{ backup_msg_fail }}" {{ backup_hc_url }}/fail'
+
+backup_gatus_command_success: '{{ backup_gatus_curl_base }} "{{ backup_gatus_url }}?success=true"'
+backup_gatus_command_fail: '{{ backup_gatus_curl_base }} "{{ backup_gatus_url }}?success=false&error={{ backup_msg_fail | urlencode }}"'
+
+backup_default_hooks:
+  failure:
+    - '{{ backup_hc_curl_base }} --data "{{ backup_msg_fail_location }}${AUTORESTIC_LOCATION}" {{ backup_hc_url }}/fail'
+    - '{{ backup_gatus_curl_base }} "{{ backup_gatus_url }}?success=false&error={{ backup_msg_fail_location | urlencode }}${AUTORESTIC_LOCATION}'
+
+backup_global:
+  all:
+    cache-dir: "{{ (service_path, 'cache') | path_join }}"
+    retry-lock: 5m
+  forget:
+    keep-last: 7
+    keep-daily: 14
+    keep-weekly: 16
+    keep-monthly: 12
+    keep-yearly: 2
+    host: "{{ ansible_facts.hostname }}"
+  backup:
+    host: "{{ ansible_facts.hostname }}"
+
+backup_yml:
+  version: 2
+
+  backends: "{{ vault_backup.backends }}"
+
+  locations: "{{ backup_list | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
+
+  global: "{{ backup_global }}"
+
+backup_yml_all:
+  version: 2
+
+  backends: "{{ vault_backup.backends }}"
+
+  locations: "{{ backup_list_all | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
+
+  global: "{{ backup_global }}"