Still a HACK should not be hard-coded but perhaps installed as a
runnable script on localhost for the role (e.g. `scan-paperless`)
which receives its scanner more dynamically.
Change the inclusion of backup containers so they actually work. They
check that restic is enabled globally, and that restic is enabled for
the individual stack they belong to. If either of the conditions is not
met they do not deploy.
This way we can simply enable restic globally with `restic_enable` and
by default all stacks will be backed up. But if we want to exclude
specific stacks from backups we can do so with the individual
`<role>_restic_enable = False` variable.
Finally found a good version of doing so with the help of the following
medium article: https://medium.com/opsops/is-defined-in-ansible-d490945611ae
which basically makes use of default fallbacks instead.
Each role (with outward-facing ingress needs) depends on caddy since
they depend on the availability of the 'caddy' network which is set in
that role.
Caddy in turn depends on docker.
If our chosen backup repo is a local one, each restic container needs to
mount the local path as a volume, otherwise the data is stuck in the
container itself.
Will pass through the hostname to any snapshots set up.
The hostname is _not_ derived from the random docker container string
but instead takes the name of the _host_ on which docker is running
(from ansible facts).
The hostname in combination with the tag should point to the correct
host -> stack which is being backed up.
Global options such as 'timezone' or 'puid' can be set on a host and all
(relevant) roles will inherit them. Will be used for more variables in
the future.
