From b509ca1dffff1330ef619f43c3fcc4501f5e9057 Mon Sep 17 00:00:00 2001
From: Kuba Orlik <kontakt@kuba-orlik.name>
Date: Thu, 16 Oct 2025 16:29:51 +0200
Subject: [PATCH] More sane dir backup list management

---
 README.md                                | 12 +++++++++++-
 defaults/main.yml                        |  1 +
 tasks/backup.yml                         | 15 +++++++++++++++
 tasks/main.yml                           | 10 +---------
 templates/backup-is-restore-needed.sh.j2 | 13 +++++--------
 templates/backup-send.sh.j2              |  4 +---
 templates/backup-vars.sh.j2              |  2 --
 7 files changed, 34 insertions(+), 23 deletions(-)
 create mode 100644 tasks/backup.yml

diff --git a/README.md b/README.md
index 718e2a3..cc15d37 100644
--- a/README.md
+++ b/README.md
@@ -29,10 +29,20 @@ Then in your playbook run:
     - setup-backups
   vars:
     backup_bucket_prefix: "backup"
-    all_backup_paths:
+    extra_backup_paths: # most sealcode-roles automatically register their backup dirs in the /backup-dirs txt file, but we can add anything not covered by that here
       - /var/homebox/data
     cloudflare_r2_access_key: "cloudflare R2 Access key (for S3-type API)"
     cloudflare_r2_secret_key: "cloudflare R2 secret key (for S3-type API)"
     cloudflare_r2_endpoint: https://some_endpoint.r2.cloudflarestorage.com
     BACKUP_PASSWORD: password
 ```
+
+
+If you are implementing a role that has to register a directory for
+automatic backups, add a task in your role's `tasks/backup.yml`:
+
+```yml
+- ansible.builtin.lineinfile:
+    path: "/backup-dirs"
+    line: "{{juice_sqlite_path}}"
+```
diff --git a/defaults/main.yml b/defaults/main.yml
index acea701..0e0d3f3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1 +1,2 @@
 backup_bucket_prefix: backup
+extra_backup_paths: []
diff --git a/tasks/backup.yml b/tasks/backup.yml
new file mode 100644
index 0000000..cb05134
--- /dev/null
+++ b/tasks/backup.yml
@@ -0,0 +1,15 @@
+## The playbook first runs the 'backup.yml' from each role
+- name: create the /backup-dirs file
+  file:
+    path: "/backup-dirs"
+    state: "touch"
+    mode: "0400"
+  changed_when: "true" # we always want ti give roles a chance to register dirs
+
+- name: Ensure file contains lines from array
+  lineinfile:
+    path: /backup-dirs
+    line: "{{ item }}"
+    create: yes
+    state: present
+  loop: "{{ extra_backup_paths }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 87999b3..bef3981 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,14 +1,6 @@
 - debug:
     var: group_names
 
-- set_fact:
-    all_backup_paths: "{{ all_backup_paths | default([]) + (lookup('file', 'inventory/group_vars/' + item + '.yml') | from_yaml | dict2items | selectattr('key', 'equalto', 'backup_paths') | map(attribute='value') | list | first | default([])) }}"
-  loop: "{{ group_names }}"
-  when: all_backup_paths is not defined
-
-- debug:
-    var: all_backup_paths
-
 - name: make sure restic is installed
   apt: state=latest pkg=restic
 
@@ -21,7 +13,7 @@
     content: "{{ BACKUP_PASSWORD }}"
     mode: "0400"
 
-- name: Install boto3 and botocore using apt
+- name: Install rclone
   become: yes
   apt:
     name:
diff --git a/templates/backup-is-restore-needed.sh.j2 b/templates/backup-is-restore-needed.sh.j2
index a4def21..899b263 100644
--- a/templates/backup-is-restore-needed.sh.j2
+++ b/templates/backup-is-restore-needed.sh.j2
@@ -1,13 +1,10 @@
 #!/bin/bash
 
 # returns code 0 if backup is necessary, 1 otherwise
-
-eval "$DIRS_TO_BACKUP_STR"
-
-for file in "${DIRS_TO_BACKUP[@]}"; do
-    if [ ! -e "$file" ]; then
-        exit 0
-    fi
-done
+while IFS= read -r file; do
+	if [ ! -e "$file" ]; then
+		exit 0
+	fi
+done </backup-dirs
 
 exit 1
diff --git a/templates/backup-send.sh.j2 b/templates/backup-send.sh.j2
index 8163026..036fef9 100644
--- a/templates/backup-send.sh.j2
+++ b/templates/backup-send.sh.j2
@@ -7,9 +7,7 @@ $RESTIC --password-file=$PWD_FILE unlock
 date
 echo "Sending the backup to the destination..."
 
-eval "$DIRS_TO_BACKUP_STR" # turn the string into an array
-
-$RESTIC --password-file=$PWD_FILE backup "${DIRS_TO_BACKUP[@]}"
+cat /backup-dirs | xargs -d '\n' $RESTIC --password-file=$PWD_FILE backup 
 
 date
 echo "Pruning the backup on the destination..."
diff --git a/templates/backup-vars.sh.j2 b/templates/backup-vars.sh.j2
index b825e9d..1a99749 100644
--- a/templates/backup-vars.sh.j2
+++ b/templates/backup-vars.sh.j2
@@ -1,5 +1,3 @@
-declare -a DIRS_TO_BACKUP=({% for item in all_backup_paths %}"{{ item }}"{% if not loop.last %} {% endif %}{% endfor %})
-export DIRS_TO_BACKUP_STR=$(declare -p DIRS_TO_BACKUP)
 export RESTIC_REPOSITORY="rclone:cloudflare-r2:{{ backup_bucket_prefix }}-{{ inventory_hostname }}"
 export PWD_FILE=/backup-pwd
 export RESTIC=/usr/bin/restic