add resticprofile for backups

.gitignore

@@ -1,3 +1,4 @@
 .vscode/
 *.log
-nmap.xml
+nmap.xml
+.DS_Store

Ansible/homelab-vault

@@ -1 +1 @@
-Subproject commit c32f82f99d6b33febc8cdf8bfb3c0381fbd37ecb
+Subproject commit a1017fe0d47c5ce649c9da281c4609cc395900e3

Ansible/playbooks/resticprofile.yml

@@ -0,0 +1,128 @@
+---
+- name: Install restic backup profile
+  hosts: debian_servers
+  vars:
+    target_bin: /usr/local/bin
+    temp_dir: /var/tmp/ansible
+  remote_user: bhays
+  become: true
+  become_user: root
+  pre_tasks:
+    - name: Update apt cache if needed.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+  tasks:
+    # Dependencies
+    - name: Install packages
+      ansible.builtin.apt:
+        name:
+          - python3-pip
+          - libssl-dev
+        state: present
+
+    # Create an empty temp directory
+    - name: Remove temp directory
+      ansible.builtin.file:
+        path: "{{ temp_dir }}"
+        state: absent
+
+    - name: Create a temp directory if it does not exist
+      ansible.builtin.file:
+        path: "{{ temp_dir }}"
+        state: directory
+        mode: "0755"
+
+    # Install restic
+
+    - name: Install restic
+      ansible.builtin.apt:
+        name:
+          - restic
+        state: present
+
+    # Install resticprofile
+
+    - name: Download resticprofile
+      ansible.builtin.get_url:
+        url: "https://github.com/creativeprojects/resticprofile/releases/download/v{{ ver }}/resticprofile_{{ ver }}_linux_amd64.tar.gz"
+        dest: "{{ temp_dir }}/resticprofile.tar.gz"
+        mode: "0644"
+      vars:
+        ver: "0.29.0" # hardcoded for now
+
+    - name: Extract resticprofile.tgz
+      ansible.builtin.unarchive:
+        src: "{{ temp_dir }}/resticprofile.tar.gz"
+        dest: "{{ temp_dir }}/"
+        remote_src: true
+
+    - name: Install resticprofile
+      ansible.builtin.command: "install {{ temp_dir }}/resticprofile {{ target_bin }}/"
+      changed_when: true
+
+    # TODO: unschedule all profiles (resticprofile unschedule --all)
+
+    - name: Ensures resticprofile configuration directory exists
+      ansible.builtin.file:
+        path: "/opt/resticprofile"
+        state: directory
+        owner: "bhays"
+        group: "bhays"
+        mode: "770"
+
+    - name: Generates resticprofile configuration file
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "/opt/resticprofile/"
+        owner: "bhays"
+        group: "bhays"
+        mode: "0440"
+      with_fileglob:
+        - "../homelab-vault/resticprofile/*"
+    - name: Copy SFTP key
+      ansible.builtin.copy:
+        owner: bhays
+        mode: "0600"
+        src: ~/.ssh/id_rsa
+        dest: /home/bhays/.ssh/id_rsa
+    - name: Copy SSH config
+      ansible.builtin.copy:
+        owner: bhays
+        mode: "0600"
+        src: ../../Configs/ssh_config
+        dest: /home/bhays/.ssh/config
+
+    # TODO: schedule all profiles (resticprofile schedule --all)
+    - name: Unschedule home folder backup
+      ansible.builtin.command:
+        cmd: "resticprofile homes.unschedule"
+        chdir: "/opt/resticprofile/"
+      changed_when: true
+      become: true
+      become_user: bhays
+
+    - name: Unschedule root home folder backup
+      ansible.builtin.command:
+        cmd: "resticprofile homes.unschedule"
+        chdir: "/opt/resticprofile/"
+      changed_when: true
+
+    - name: Schedule home folder backup
+      ansible.builtin.command:
+        cmd: "resticprofile homes.schedule"
+        chdir: "/opt/resticprofile/"
+      changed_when: true
+      become: true
+      become_user: bhays
+
+    - name: Enable linger so that user timers run when loggedoff
+      ansible.builtin.command:
+        cmd: "loginctl enable-linger bhays"
+      changed_when: true
+
+    # Cleanup
+    - name: Remove temp directory
+      ansible.builtin.file:
+        path: "{{ temp_dir }}"
+        state: absent

Configs/ssh_config

@@ -0,0 +1,2 @@
+Host *.benhays.cloud
+    StrictHostKeyChecking no