ansible role to cleanup restic backup at the writeonly restic rest-server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
L3D 7776f1f586
Merge pull request #4 from roles-ansible/dependabot/github_actions/actions/checkout-2.3.4
1 month ago
.github Bump actions/checkout from 2 to 2.3.4 1 month ago
defaults Try to improve Mail Reporting 2 months ago
files implement logrotate 6 months ago
meta update to new ansible version 2 months ago
tasks update to new ansible version 2 months ago
templates Try to improve Mail Reporting 2 months ago
vars update to new ansible version 2 months ago
.gitignore adds Gitignore 2 years ago
.yamllint improve linting 4 months ago
LICENSE start preparing role for archiv cleanup functions 7 months ago Try to improve Mail Reporting 2 months ago


ansible role to "archive" restic backups.

The scenario for this role is:

  • You have the restic rest server running in write-only mode
  • you send backups from other servers to your restic backup server

Now you don't want to store all backups indefinitely, but only for the last days a daily backup and otherwise weekly, monthly, yearly a few... just like you do it.

Of course you don't want to give access to others, so you solve the whole thing with a local cronjob. And this cronjob is built with this Ansible role.

As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view.

this role does not install restic. For that, we recommend this ansible role. We have had good experience with this role for the restic rest server.


# which repos should we cleanup by default
restic_archiver__repos: {}
#  - name: example_server:
#    location: /srv/restic/example_server_repo
#    password: securepassword4eXaMpleSserver
#  - name: other_server
#    location: /srv/restic/other_server_repo
#    password: xtrasecuredifferentpassword4other
#    archive: true
#    archive_location: /mnt/archive/other_server_repo
#    archive_password: archive4other_server_password
#    archive_cleanup: true
#    keep_last: 5
#    keep_hourly: 4
#    keep_daily: 1
#    keep_weekly: 1
#    keep_monthly: 1
#    keep_yearly: 1
#    keep_within: 1

# how long should we store all backups by default
restic_archiver__keep: 5
restic_archiver__keep_hourly: 16
restic_archiver__keep_daily: 14
restic_archiver__keep_weekly: 8
restic_archiver__keep_monthly: 16
restic_archiver__keep_yearly: 12

# owner and user of all restic stuff
restic_archiver__owner: 'root'
restic_archiver__group: 'root'

# shedule restic cronjob
restic_archiver__hour: '3'
restic_archiver__minute: '32'

# validate if disk is mounted
restic_archiver__mount_required: false
# which disk have to be mounted
restic_archiver__mount_disk: '/mnt/'
# umount after use?
restic_archiver__umount_after_usage: false

# required packages
  - cron

  restic_archiver__log_output: true
  restic_archiver__logrotate: true

  restic_archiver__mailsummary: false
  restic_archiver__mail_on_error: false
  restic_archiver__mailaddress: 'root@localhost'

# restic default options
restic_archiver__default_opt: ''

# additional msgs
restic_archiver__additional_mail_msg: ''
# version check for this playbook (true is recomended)
submodules_versioncheck: false

restic_archiver__cache_config: false
restic_archiver__cache_dir: '~/.cache/restic'