ansible/roles/borg/tasks/main.yml

---
- name: Borg installieren
  apt:
    name: borgbackup
    state: present
    update_cache: yes

- name: SSH Private Key deployen
  copy:
    src: id_rsa
    dest: "{{ borg_ssh_key }}"
    mode: '0600'

- name: SSH Public Key deployen
  copy:
    src: id_rsa.pub
    dest: "{{ borg_ssh_key }}.pub"
    mode: '0644'

- name: SSH Config für Storage Box
  blockinfile:
    path: /root/.ssh/config
    create: yes
    mode: '0600'
    marker: "# {mark} BORG STORAGEBOX"
    block: |
      Host storagebox
        Hostname {{ hetzner_storage_host }}
        User {{ hetzner_storage_user }}
        Port {{ hetzner_storage_port }}
        IdentityFile {{ borg_ssh_key }}
        IdentitiesOnly yes
        StrictHostKeyChecking accept-new

- name: Backup-Verzeichnis auf Storage Box anlegen
  command: ssh storagebox mkdir -p home/{{ inventory_hostname }}
  changed_when: false

- name: Borg Repo initialisieren
  environment:
    BORG_PASSPHRASE: "{{ borg_passphrase }}"
  command: borg init --encryption=repokey {{ borg_repo }}
  register: borg_init
  failed_when: borg_init.rc != 0 and 'already exists' not in borg_init.stderr
  changed_when: borg_init.rc == 0

- name: Passphrase-Datei deployen
  copy:
    dest: /root/.borg-passphrase
    content: "{{ borg_passphrase }}"
    mode: '0400'

- name: Backup-Script deployen
  template:
    src: borg-backup.sh.j2
    dest: /usr/local/bin/borg-backup.sh
    mode: '0700'

- name: Systemd Timer Unit
  copy:
    dest: /etc/systemd/system/borg-backup.timer
    content: |
      [Unit]
      Description=Borg Backup Timer

      [Timer]
      OnCalendar=*-*-* 03:00:00
      RandomizedDelaySec=1800
      Persistent=true

      [Install]
      WantedBy=timers.target

- name: Systemd Service Unit
  copy:
    dest: /etc/systemd/system/borg-backup.service
    content: |
      [Unit]
      Description=Borg Backup
      After=network-online.target
      Wants=network-online.target

      [Service]
      Type=oneshot
      ExecStart=/usr/local/bin/borg-backup.sh
      Nice=19
      IOSchedulingClass=idle

- name: Timer aktivieren und starten
  systemd:
    name: borg-backup.timer
    enabled: true
    state: started
    daemon_reload: true