instrument restic using file lists for backups and ignores

playbook.yml

@@ -4,6 +4,10 @@
   vars:
     restic_repo_pw: "{{ vault_restic_pw_jake }}"
     restic_repo_url: "{{ vault_restic_url_jake }}"
+    restic_backup_pre_cmd:
+      - (cd "/tmp" && forgejo.sh dump --file="forgejo.zip")
+    restic_backup_targets:
+      - /tmp/forgejo.zip
     sendmail_mta_user: "{{ vault_mta_user }}" 
     sendmail_mta_user_pw: "{{ vault_mta_user_pw }}"
     sendmail_mailhub: "box.nilsnh.no:465"

roles/backup/tasks/main.yml

@@ -42,6 +42,26 @@
     owner: root
     group: root
 
+- name: upload restic backup targets
+  ansible.builtin.template:
+    src: restic-file-list.j2
+    dest: /root/restic-backup-targets
+    mode: '0700'
+    owner: root
+    group: root
+  vars:
+    restic_file_list: "{{ restic_backup_targets }}"
+
+- name: upload restic backup ignores
+  ansible.builtin.template:
+    src: restic-file-list.j2
+    dest: /root/restic-backup-ignores
+    mode: '0700'
+    owner: root
+    group: root
+  vars:
+    restic_file_list: "{{ restic_backup_ignores | default([]) }}"
+
 - name: upload system-email notification script
   ansible.builtin.template:
     src: system-email.sh.j2
@@ -59,7 +79,7 @@
   copy:
     src: "{{ item }}"
     dest: "/etc/systemd/system/{{ item }}"
-  with_items:
+  loop:
     - backup.service
     - backup.timer
 

roles/backup/templates/backup.j2

@@ -3,10 +3,13 @@
 # Fail fast
 set -e
 
-# Dump data from one or more services
-(cd "/tmp" && forgejo.sh dump --file="forgejo.zip")
+{% for cmd in restic_backup_pre_cmd %}
+{{ cmd }}
+{% endfor %}
 
-/root/restic.sh backup /tmp/forgejo.zip
+/root/restic.sh backup \
+    --files-from /root/restic-backup-targets \
+    --exclude-file /root/restic-backup-ignores
 
 /root/restic.sh forget \
     --keep-daily 7 \

roles/backup/templates/restic-file-list.j2

@@ -0,0 +1,3 @@
+{% for item in restic_file_list %}
+{{ item }}
+{% endfor %}