restic: Fix backup container conditionals

Change the inclusion of backup containers so they actually work. They
check that restic is enabled globally, and that restic is enabled for
the individual stack they belong to. If either of the conditions is not
met they do not deploy.

This way we can simply enable restic globally with `restic_enable` and
by default all stacks will be backed up. But if we want to exclude
specific stacks from backups we can do so with the individual
`<role>_restic_enable = False` variable.

Finally found a good version of doing so with the help of the following
medium article: https://medium.com/opsops/is-defined-in-ansible-d490945611ae
which basically makes use of default fallbacks instead.

roles/arr/meta/main.yaml

@@ -21,6 +21,5 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - caddy

roles/arr/templates/compose.yaml.jinja

@@ -197,9 +197,9 @@ services:
     networks:
       - caddy
     volumes:
-      - {{ arrstack_env_dir }}/config/homarr/configs:/app/data/configs
-      - {{ arrstack_env_dir }}/config/homarr/icons:/app/public/icons
-      - {{ arrstack_env_dir }}/config/homarr/data:/data
+      - "{{ arrstack_env_dir }}/config/homarr/configs:/app/data/configs"
+      - "{{ arrstack_env_dir }}/config/homarr/icons:/app/public/icons"
+      - "{{ arrstack_env_dir }}/config/homarr/data:/data"
       - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
     restart: unless-stopped
     labels:
@@ -290,10 +290,10 @@ services:
       caddy: "{{ arrstack_gonic_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}"
 
-{% if restic_enable is not undefined and not false and arrstack_restic_enable is not undefined and not false %}
+{% if restic_enable|d(False) == True and arrstack_restic_enable|d(False) == True %}
   backup:
     image: mazzolino/restic
-    hostname: "{{ ansible_hostname }}"
+    hostname: "{{ ansible_hostname | default() }}"
     environment:
       TZ: "{{ restic_tz }}"
       SKIP_INIT: true

roles/grocy/meta/main.yaml

@@ -29,6 +29,5 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - caddy

roles/grocy/templates/compose.yaml.jinja

@@ -16,10 +16,10 @@ services:
       caddy: "{{ stack_grocy_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}"
 
-{% if restic_enable is not undefined and not false and stack_grocy_restic_enable is not undefined and not false %}
+{% if restic_enable|d(False) == True and stack_grocy_restic_enable|d(False) == True %}
   backup:
     image: mazzolino/restic
-    hostname: "{{ ansible_hostname }}"
+    hostname: "{{ ansible_hostname | default() }}"
     environment:
       TZ: "{{ restic_tz }}"
       SKIP_INIT: true

roles/paperless/meta/main.yaml

@@ -29,6 +29,5 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - caddy

roles/paperless/templates/compose.yaml.jinja

@@ -65,10 +65,10 @@ services:
     environment:
       REDIS_ARGS: "--save 60 10"
 
-{% if restic_enable is not undefined and not false and stack_paperless_restic_enable is not undefined and not false %}
+{% if restic_enable|d(False) == True and stack_paperless_restic_enable|d(False) == True %}
   backup:
     image: mazzolino/restic
-    hostname: "{{ ansible_hostname }}"
+    hostname: "{{ ansible_hostname | default() }}"
     environment:
       TZ: "{{ restic_tz }}"
       BACKUP_CRON: "{{ stack_paperless_restic_cron }}"

roles/restic/templates/compose.yaml.jinja

@@ -1,7 +1,7 @@
 services:
   prune:
     image: "mazzolino/restic:{{ restic_version }}"
-    hostname: "{{ ansible_hostname }}"
+    hostname: "{{ ansible_hostname | default() }}"
     networks:
       - restic_notify
     environment:
@@ -16,15 +16,15 @@ services:
       AWS_SECRET_ACCESS_KEY: "{{ restic_s3_secret }}"
 {% if restic_notify_success != None %}
       POST_COMMANDS_SUCCESS: |-
-        curl -X POST --data "{\"title\": \"Restic Prune successful\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_success:5000
+        curl -X POST --data "{\"title\": \"Restic Prune successful\", \"body\": \"$HOSTNAME\"}" http://notify_success:5000
 {% endif %}
 {% if restic_notify_failure != None %}
       POST_COMMANDS_FAILURE: |-
-        curl -X POST --data "{\"title\": \"Restic Prune failed\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_failure:5000
+        curl -X POST --data "{\"title\": \"Restic Prune failed\", \"body\": \"$HOSTNAME\"}" http://notify_failure:5000
 {% endif %}
 {% if restic_notify_exit != None %}
       POST_COMMANDS_EXIT: |-
-        curl -X POST --data "{\"title\": \"Restic Prune exited\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_exit:5000
+        curl -X POST --data "{\"title\": \"Restic Prune exited\", \"body\": \"$HOSTNAME\"}" http://notify_exit:5000
 {% endif %}
 {% if restic_repo is regex('^/.+') %}
     volumes:
@@ -33,7 +33,7 @@ services:
 
   check:
     image: "mazzolino/restic:{{ restic_version }}"
-    hostname: docker
+    hostname: "{{ ansible_hostname | default() }}"
     networks:
       - restic_notify
     environment:
@@ -48,15 +48,15 @@ services:
       AWS_SECRET_ACCESS_KEY: "{{ restic_s3_secret }}"
 {% if restic_notify_success != None %}
       POST_COMMANDS_SUCCESS: |-
-        curl -X POST --data "{\"title\": \"Restic Check successful\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_success:5000
+        curl -X POST --data "{\"title\": \"Restic Check successful\", \"body\": \"$HOSTNAME\"}" http://notify_success:5000
 {% endif %}
 {% if restic_notify_failure != None %}
       POST_COMMANDS_FAILURE: |-
-        curl -X POST --data "{\"title\": \"Restic Check failed\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_failure:5000
+        curl -X POST --data "{\"title\": \"Restic Check failed\", \"body\": \"$HOSTNAME\"}" http://notify_failure:5000
 {% endif %}
 {% if restic_notify_exit != None %}
       POST_COMMANDS_EXIT: |-
-        curl -X POST --data "{\"title\": \"Restic Check exited\", \"body\": \"{{ ansible_hostname }}\"}" http://notify_exit:5000
+        curl -X POST --data "{\"title\": \"Restic Check exited\", \"body\": \"$HOSTNAME\"}" http://notify_exit:5000
 {% endif %}
 {% if restic_repo is regex('^/.+') %}
     volumes:

site.yaml

@@ -1,4 +1,22 @@
 ---
+# TODO: Add to bootstrapping role / make less dependent on apt-get & debian (python3)
+- name: Bootstrap python everywhere
+  hosts: all
+  gather_facts: False
+  become: true
+  tags:
+    - system
+    - bootstrap
+  tasks:
+    - name: check for python
+      ansible.builtin.raw: python3 --version
+      changed_when: false
+      failed_when: false
+      register: pythoncheck
+    - name: install debian python
+      ansible.builtin.raw: apt-get update && apt-get install python3 -y
+      when: pythoncheck.rc == 127
+
 - name: Prepare incus server host
   hosts: host_system
   tasks:
@@ -16,11 +34,11 @@
   # ansible-galaxy install geerlingguy.docker
 - name: Install docker
   hosts: instance_system
+  tags: docker
   tasks:
     - name: Install docker and docker compose
       ansible.builtin.import_role:
         name: geerlingguy.docker
-      tags: docker
 
     - name: Install docker python requirements
       ansible.builtin.package:
@@ -31,6 +49,7 @@
         - python3-requests # for docker network
 
 - name: Prepare all docker hosted containers
+  gather_facts: True
   hosts: instance_system
   tags:
     - containers