From c9bedfa177f10522e6ed675976e9eb0a7404c323 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Tue, 14 May 2024 19:12:39 +0200
Subject: [PATCH] Add role backup-secrets.

---
 playbooks/backup-services.yml       |  1 +
 roles/backup-secrets/tasks/main.yml | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 roles/backup-secrets/tasks/main.yml

diff --git a/playbooks/backup-services.yml b/playbooks/backup-services.yml
index 54660d6..e17ee51 100644
--- a/playbooks/backup-services.yml
+++ b/playbooks/backup-services.yml
@@ -3,6 +3,7 @@
   roles:
     - include-vars
     - borg-init
+    - backup-secrets
 
 - name: Backup project(s)
   hosts: localhost
diff --git a/roles/backup-secrets/tasks/main.yml b/roles/backup-secrets/tasks/main.yml
new file mode 100644
index 0000000..f532f07
--- /dev/null
+++ b/roles/backup-secrets/tasks/main.yml
@@ -0,0 +1,22 @@
+- name:
+  become: true
+  block:
+    - name: Create borg backup
+      command:
+        cmd: |
+          borg create
+          --compression=lzma
+          "{{ borg_repodir }}::secrets-{now:%Y-%m-%d_%H-%M-%S}"
+          {{ playbook_dir }}/../secrets.yml
+      environment:
+        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+
+    - name: Prune borg repository
+      command:
+        cmd: |
+          borg prune
+          --glob-archives='secrets-*'
+          {{ borg_prune_options }}
+          {{ borg_repodir }}
+      environment:
+        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"