- debug:
    var: group_names

- set_fact:
    all_backup_paths: "{{ all_backup_paths | default([]) + (lookup('file', 'inventory/group_vars/' + item + '.yml') | from_yaml | dict2items | selectattr('key', 'equalto', 'backup_paths') | map(attribute='value') | list | first | default([])) }}"
  loop: "{{ group_names }}"

- debug:
    var: all_backup_paths

- name: make sure restic is installed
  apt: state=latest pkg=restic

- name: make sure fuse is installed (for mounting backups)
  apt: state=latest pkg=fuse

- name: save backup password
  copy:
    dest: "/backup-pwd"
    content: "{{ BACKUP_PASSWORD }}"
    mode: "0400"

- name: Install boto3 and botocore using apt
  become: yes
  apt:
    name:
      - rclone
    state: present
    update_cache: yes

- name: Install boto3 and botocore using apt
  become: yes
  apt:
    name:
      - python3-boto3
      - python3-botocore
    state: present

- name: Ensure rclone directory exists
  file:
    path: "/root/.config/rclone/"
    state: directory
    recurse: yes
    mode: "0700"

- name: Create rclone config
  template:
    src: "rclone.conf.j2"
    dest: /root/.config/rclone/rclone.conf
    mode: "0400"
    force: yes
    backup: yes

- name: "Create a bucket for the backups"
  amazon.aws.s3_bucket:
    name: "icd-backup-{{ inventory_hostname }}"
    state: present
    endpoint_url: "{{ cloudflare_r2_endpoint }}"
    access_key: "{{ cloudflare_r2_access_key }}"
    secret_key: "{{ cloudflare_r2_secret_key }}"

- name: initiate restic repository
  command: "restic init --password-file=/backup-pwd"
  register: command_result
  retries: 3
  delay: 3
  until: "command_result.rc==0 or 'repository master key and config already initialized'  in command_result.stderr"
  failed_when: "command_result.rc!=0 and 'repository master key and config already initialized' not in command_result.stderr"
  changed_when: "false"
  environment:
    RESTIC_REPOSITORY: "s3:{{ cloudflare_r2_endpoint }}/icd-backup-{{ inventory_hostname }}"
    AWS_ACCESS_KEY_ID: "{{ cloudflare_r2_access_key }}"
    AWS_SECRET_ACCESS_KEY: "{{ cloudflare_r2_secret_key }}"
  tags:
    - initiate
    - connection_sanity

- name: Create the backup vars script
  template:
    src: "backup-vars.sh.j2"
    dest: /root/backup-vars.sh
    mode: "0400"
    force: yes
    backup: yes

- name: Create the backup send script
  template:
    src: "backup-send.sh.j2"
    dest: /root/backup-send.sh
    mode: u+rwx
    force: yes
    backup: yes

- name: Create the backup mount script
  template:
    src: "backup-mount.sh.j2"
    dest: /root/backup-mount.sh
    mode: u+rwx
    force: yes
    backup: yes
  tags:
    - mount-script

- name: Create the backup restore script
  template:
    src: "backup-restore.sh.j2"
    dest: /root/backup-restore.sh
    mode: u+rwx
    force: yes
    backup: yes

- name: Create the backup prepare script
  ansible.builtin.template:
    src: "backup-scripts/{{inventory_hostname}}.sh.j2"
    dest: /root/backup-prepare.sh
    mode: u+rwx
    backup: yes
    force: yes

- name: Create is-restore-needed script
  ansible.builtin.template:
    src: "backup-is-restore-needed.sh.j2"
    dest: /root/backup-is-restore-needed.sh
    mode: u+rwx
    backup: yes
    force: yes

- name: Create the backup run script
  ansible.builtin.template:
    src: "backup-run.sh.j2"
    dest: /root/backup-run.sh
    mode: u+rwx
    backup: yes
    force: yes

- name: Create the restore-if-needed script
  ansible.builtin.template:
    src: "backup-restore-if-necessary.sh.j2"
    dest: /root/backup-restore-if-necessary.sh
    mode: u+rwx
    backup: yes
    force: yes

- name: setup CRON
  ansible.builtin.cron:
    name: "nightly backup for {{ inventory_hostname }}"
    minute: 15
    hour: 4
    job: "/root/backup-run.sh"

- name: "Restore backup if necessary"
  command: /root/backup-restore-if-necessary.sh
  register: command_output
  args:
    chdir: /root

- name: "Print command output"
  debug:
    var: command_output