ref(playbook): Change to role-based structure

roles/backup/files/snapper-snap-script

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+CONFIG="${SNAP_CONFIG:-root}"
+
+echo RUNNING: snapper --config="$CONFIG" --quiet create --description="${*//sudo /}" --cleanup-algorithm="number"
+
+"$@"

roles/backup/tasks/main.yaml

@@ -0,0 +1,5 @@
+- name: Set up snapper snapshots
+  import_tasks: snapper.yaml
+  tags:
+    - btrfs
+    - snapshots

roles/backup/tasks/snapper.yaml

@@ -0,0 +1,67 @@
+- name: Install snapper
+  community.general.xbps:
+    name:
+      - snapper
+    state: present
+
+# https://wiki.archlinux.org/title/Snapper#updatedb
+- name: Disable updatedb indexing for snapshot directories
+  ansible.builtin.copy:
+    content: 'PRUNENAMES = ".snapshots"'
+    dest: "/etc/updatedb.conf"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+
+- name: Ensure snapper configs directory exists
+  ansible.builtin.file:
+    dest: "/etc/snapper/configs"
+    state: directory
+    recurse: true
+
+- name: Ensure root /.snapshots directory exists
+  ansible.builtin.file:
+    dest: "/.snapshots"
+    state: directory
+    mode: 0755
+
+- name: Create root backup configuration
+  ansible.builtin.template:
+    src: snapper-configurations/root.j2
+    dest: "/etc/snapper/configs/root"
+    mode: 0640
+    force: true # ensure contents are always exact
+
+- name: Ensure home /.snapshots directory exists
+  ansible.builtin.file:
+    dest: "/home/.snapshots"
+    state: directory
+    mode: 0755
+
+- name: Create homedir backup configuration
+  ansible.builtin.template:
+    src: snapper-configurations/home.j2
+    dest: "/etc/snapper/configs/home"
+    mode: 0640
+    force: true
+
+- name: Add snap manual safety command
+  ansible.builtin.copy:
+    src: snapper-snap-script
+    dest: "/usr/bin/snap"
+    owner: root
+    group: root
+    mode: 0755
+
+# For now we never activate the snapper daemon
+# Does not work without elogind?
+# Using snooze (i.e. cron) enabled recurring
+# backup tasks instead.
+# - name: Activate snapper service
+#   ansible.builtin.file:
+#     force: "yes"
+#     src: "/etc/sv/snapperd"
+#     dest: "/etc/runit/runsvdir/default/snapperd"
+#     state: link
+#   tags: never

roles/backup/templates/snapper-configurations/home.j2

@@ -0,0 +1,55 @@
+# subvolume to snapshot
+SUBVOLUME="/home"
+
+# filesystem type
+FSTYPE="btrfs"
+
+# btrfs qgroup for space aware cleanup algorithms
+QGROUP=""
+
+# fraction or absolute size of the filesystems space the snapshots may use
+SPACE_LIMIT="0.5"
+
+# fraction or absolute size of the filesystems space that should be free
+FREE_LIMIT="0.2"
+
+# users and groups allowed to work with config
+ALLOW_USERS="{{ user_name }}"
+ALLOW_GROUPS=""
+
+# sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots
+# directory
+SYNC_ACL="no"
+
+# start comparing pre- and post-snapshot in background after creating
+# post-snapshot
+BACKGROUND_COMPARISON="yes"
+
+# run daily number cleanup
+NUMBER_CLEANUP="yes"
+
+# limit for number cleanup
+NUMBER_MIN_AGE="1800"
+NUMBER_LIMIT="4"
+NUMBER_LIMIT_IMPORTANT="2"
+
+# create hourly snapshots
+TIMELINE_CREATE="yes"
+
+# cleanup hourly snapshots after some time
+TIMELINE_CLEANUP="yes"
+
+# limits for timeline cleanup
+TIMELINE_MIN_AGE="1800"
+TIMELINE_LIMIT_HOURLY="10"
+TIMELINE_LIMIT_DAILY="2"
+TIMELINE_LIMIT_WEEKLY="1"
+TIMELINE_LIMIT_MONTHLY="1"
+TIMELINE_LIMIT_QUARTERLY="0"
+TIMELINE_LIMIT_YEARLY="0"
+
+# cleanup empty pre-post-pairs
+EMPTY_PRE_POST_CLEANUP="yes"
+
+# limits for empty pre-post-pair cleanup
+EMPTY_PRE_POST_MIN_AGE="1800"

roles/backup/templates/snapper-configurations/root.j2

@@ -0,0 +1,55 @@
+# subvolume to snapshot
+SUBVOLUME="/"
+
+# filesystem type
+FSTYPE="btrfs"
+
+# btrfs qgroup for space aware cleanup algorithms
+QGROUP=""
+
+# fraction or absolute size of the filesystems space the snapshots may use
+SPACE_LIMIT="0.5"
+
+# fraction or absolute size of the filesystems space that should be free
+FREE_LIMIT="0.2"
+
+# users and groups allowed to work with config
+ALLOW_USERS="{{ user_name }}"
+ALLOW_GROUPS=""
+
+# sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots
+# directory
+SYNC_ACL="no"
+
+# start comparing pre- and post-snapshot in background after creating
+# post-snapshot
+BACKGROUND_COMPARISON="yes"
+
+# run daily number cleanup
+NUMBER_CLEANUP="yes"
+
+# limit for number cleanup
+NUMBER_MIN_AGE="1800"
+NUMBER_LIMIT="6"
+NUMBER_LIMIT_IMPORTANT="4"
+
+# create hourly snapshots
+TIMELINE_CREATE="yes"
+
+# cleanup hourly snapshots after some time
+TIMELINE_CLEANUP="yes"
+
+# limits for timeline cleanup
+TIMELINE_MIN_AGE="1800"
+TIMELINE_LIMIT_HOURLY="6"
+TIMELINE_LIMIT_DAILY="5"
+TIMELINE_LIMIT_WEEKLY="2"
+TIMELINE_LIMIT_MONTHLY="1"
+TIMELINE_LIMIT_QUARTERLY="1"
+TIMELINE_LIMIT_YEARLY="0"
+
+# cleanup empty pre-post-pairs
+EMPTY_PRE_POST_CLEANUP="yes"
+
+# limits for empty pre-post-pair cleanup
+EMPTY_PRE_POST_MIN_AGE="1800"