Still a HACK should not be hard-coded but perhaps installed as a
runnable script on localhost for the role (e.g. `scan-paperless`)
which receives its scanner more dynamically.
Change the inclusion of backup containers so they actually work. They
check that restic is enabled globally, and that restic is enabled for
the individual stack they belong to. If either of the conditions is not
met they do not deploy.
This way we can simply enable restic globally with `restic_enable` and
by default all stacks will be backed up. But if we want to exclude
specific stacks from backups we can do so with the individual
`<role>_restic_enable = False` variable.
Finally found a good version of doing so with the help of the following
medium article: https://medium.com/opsops/is-defined-in-ansible-d490945611ae
which basically makes use of default fallbacks instead.
Each role (with outward-facing ingress needs) depends on caddy since
they depend on the availability of the 'caddy' network which is set in
that role.
Caddy in turn depends on docker.
If we only tag the geerlingguy docker 'role' as docker we do not always
install the necessary python dependencies for later working with ansible
docker compose and network roles.
Applying the docker tag to them we can target '--tags=docker' on
playbook run and be sure that all later roles will have the correct
dependencies.
If our chosen backup repo is a local one, each restic container needs to
mount the local path as a volume, otherwise the data is stuck in the
container itself.
Will pass through the hostname to any snapshots set up.
The hostname is _not_ derived from the random docker container string
but instead takes the name of the _host_ on which docker is running
(from ansible facts).
The hostname in combination with the tag should point to the correct
host -> stack which is being backed up.
Notifies double for each prune/check run which may need to be fixed.
Also custom notification contents cannot currently be passed.
Lastly, we should put identifying information into the notification body
(such as the hostname/container name for which the notification is
relevant).
Adapted from cloudserve-infrastructure, implements a backup stack using
restic. The actual backups have to be implemented by individual other
roles but this sets up initialization, pruning and checking of a repository.
Explanation here:
https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/vpn-port-forwarding.md
Whenever we receive a new forwarded port (around once a month?) we pass
it to qbit through its API. May require the setting no auth for local
connections in qbit.
Allows to remove the complete port-manager docker container which did
not work very well.
