feat(restic): Add restic backup maintenance stack

Sets up regular backup maintenance for a restic (S3) backend, and enables global variables for other roles to use for their individual backup. Example found in nextcloud role.
2025-02-03 18:45:22 +01:00 · 2025-02-03 18:45:22 +01:00 · 135aadf3a0
commit 135aadf3a0
parent eaeeb4ed6c
8 changed files with 139 additions and 19 deletions
--- a/roles/nextcloud/templates/docker-stack.yml.j2
+++ b/roles/nextcloud/templates/docker-stack.yml.j2
@ -160,24 +160,22 @@ services:
    networks:
      - backend

-{% if nextcloud_backup_db_enable is not undefined and not false %}
+{% if backup_enable is not undefined and not false and nextcloud_backup_enable is not undefined and not false %}
  backup:
    image: mazzolino/restic
    environment:
-      - "TZ={{ nextcloud_backup_db_timezone }}"
+      - "TZ={{ restic_timezone }}"
       # go-cron starts w seconds
-      - "BACKUP_CRON=0 30 3 * * *"
-      - "RESTIC_REPOSITORY={{ nextcloud_backup_db_repo }}"
-      - "AWS_ACCESS_KEY_ID={{ nextcloud_backup_db_key }}"
-      - "AWS_SECRET_ACCESS_KEY={{ nextcloud_backup_db_secret }}"
-      - "RESTIC_PASSWORD={{ nextcloud_backup_db_pass }}"
-      - "RESTIC_BACKUP_TAGS=nextcloud-db"
-      - "RESTIC_BACKUP_SOURCES=/mnt/volumes"
+      - "BACKUP_CRON={{ nextcloud_backup_cron }}"
+      - "RESTIC_REPOSITORY={{ restic_repo }}"
+      - "AWS_ACCESS_KEY_ID={{ restic_s3_key }}"
+      - "AWS_SECRET_ACCESS_KEY={{ restic_s3_secret }}"
+      - "RESTIC_PASSWORD={{ restic_pass }}"
+      - "RESTIC_BACKUP_TAGS=nextcloud"
+      - "RESTIC_BACKUP_SOURCES=/volumes"
    volumes:
-      - db:/mnt/volumes/nextcloud_db:ro
-      - data:/mnt/volumes/nextcloud_data:ro
-    networks:
-      - backend
+      - db:/volumes/nextcloud_db:ro
+      - data:/volumes/nextcloud_data:ro
 {% endif %}

  # metrics: