From c3012c032b47cd8002c9ffb125c5bb94e3bce0d7 Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Wed, 5 Jun 2024 18:45:30 +0200
Subject: [PATCH] add unots

---
 .../tasks/admin.yml                           | 34 -----------
 .../mgrote_docker_housekeeping/tasks/ldap.yml | 56 -------------------
 .../templates/restic.service.j2               | 15 +++++
 .../templates/restic.timer.j2                 | 10 ++++
 4 files changed, 25 insertions(+), 90 deletions(-)
 delete mode 100644 roles/mgrote_docker_housekeeping/tasks/admin.yml
 delete mode 100644 roles/mgrote_docker_housekeeping/tasks/ldap.yml
 create mode 100644 roles/mgrote_docker_housekeeping/templates/restic.service.j2
 create mode 100644 roles/mgrote_docker_housekeeping/templates/restic.timer.j2

diff --git a/roles/mgrote_docker_housekeeping/tasks/admin.yml b/roles/mgrote_docker_housekeeping/tasks/admin.yml
deleted file mode 100644
index 789e9fc1..00000000
--- a/roles/mgrote_docker_housekeeping/tasks/admin.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-# die Variablen kommen aus
-# - https://docs.gitea.com/administration/command-line
-# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
-# und
-# den jeweiligen group/host-Vars!
-
-- name: Check if Admin-User exists
-  no_log: true
-  become_user: gitea
-  become: true
-  ansible.builtin.command: |
-    forgejo admin user list \
-      --config "{{ gitea_configuration_path }}/gitea.ini"
-  register: check
-  changed_when: false
-
-- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
-  #no_log: true
-  become_user: gitea
-  become: true
-  ansible.builtin.command: |
-    forgejo admin user create \
-      --config "{{ gitea_configuration_path }}/gitea.ini" \
-      --username "{{ gitea_admin_user }}" \
-      --password "{{ gitea_admin_user_pass }}" \
-      --email "{{ gitea_admin_user }}@mgrote.net" \
-      --admin
-  when: 'not "{{ gitea_admin_user }}@mgrote.net" in check.stdout'
-
-- name: Show existing users
-  ansible.builtin.debug:
-    msg: "{{ check.stdout_lines }}"
-...
diff --git a/roles/mgrote_docker_housekeeping/tasks/ldap.yml b/roles/mgrote_docker_housekeeping/tasks/ldap.yml
deleted file mode 100644
index 7fbb7436..00000000
--- a/roles/mgrote_docker_housekeeping/tasks/ldap.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-# die Variablen kommen aus
-# - https://docs.gitea.com/administration/command-line
-# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
-# und
-# den jeweiligen group/host-Vars!
-- name: Ensure LDAP config is set up
-  no_log: true
-  become_user: gitea
-  become: true
-  ansible.builtin.command: |
-    forgejo admin auth add-ldap \
-      --config "{{ gitea_configuration_path }}/gitea.ini" \
-      --name "lldap" \
-      --security-protocol "unencrypted" \
-      --host "{{ gitea_ldap_host }}" \
-      --port "3890" \
-      --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \
-      --bind-password "{{ gitea_ldap_bind_pass }}" \
-      --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \
-      --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \
-      --username-attribute "uid" \
-      --email-attribute "mail" \
-      --firstname-attribute "givenName" \
-      --surname-attribute "sn" \
-      --avatar-attribute "jpegPhoto" \
-      --synchronize-users
-  register: setup
-  ignore_errors: true
-  failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist
-  changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
-
-- name: Modify LDAP config
-  no_log: true
-  become_user: gitea
-  become: true
-  ansible.builtin.command: |
-    forgejo admin auth update-ldap \
-      --config "{{ gitea_configuration_path }}/gitea.ini" \
-      --id "1" \
-      --security-protocol "unencrypted" \
-      --host "{{ gitea_ldap_host }}" \
-      --port "3890" \
-      --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \
-      --bind-password "{{ gitea_ldap_bind_pass }}" \
-      --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \
-      --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \
-      --username-attribute "uid" \
-      --email-attribute "mail" \
-      --firstname-attribute "givenName" \
-      --surname-attribute "sn" \
-      --avatar-attribute "jpegPhoto" \
-      --synchronize-users
-  when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist
-  changed_when: false # keine idee wie ich changed feststellen kann
-...
diff --git a/roles/mgrote_docker_housekeeping/templates/restic.service.j2 b/roles/mgrote_docker_housekeeping/templates/restic.service.j2
new file mode 100644
index 00000000..bf498f75
--- /dev/null
+++ b/roles/mgrote_docker_housekeeping/templates/restic.service.j2
@@ -0,0 +1,15 @@
+{{ file_header | default () }}
+[Unit]
+Description=Backup with restic
+Requires=media-restic.mount
+After=media-restic.mount
+OnFailure=restic_mail.service
+
+[Service]
+Type=simple
+EnvironmentFile={{ restic_conf_dir }}/restic.env
+ExecStart=/usr/bin/restic backup --one-file-system --no-cache --exclude-file {{ restic_conf_dir }}/excludes {{ restic_folders_to_backup }}
+{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://restic.readthedocs.io/en/latest/040_backup.html #}
+User={{ restic_user }}
+Group={{ restic_group }}
+RestartSec={{ restic_failure_delay }}
diff --git a/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 b/roles/mgrote_docker_housekeeping/templates/restic.timer.j2
new file mode 100644
index 00000000..c40f99da
--- /dev/null
+++ b/roles/mgrote_docker_housekeeping/templates/restic.timer.j2
@@ -0,0 +1,10 @@
+{{ file_header | default () }}
+[Unit]
+Description=Timer for restic backups.
+
+[Timer]
+OnCalendar={{ restic_schedule }}
+RandomizedDelaySec=30 min
+
+[Install]
+WantedBy=timers.target multi-user.target