Merge 714cb2dd6f into 4faab60075

.github/workflows/main.yml

@@ -19,3 +19,19 @@ jobs:
     #   uses: mxschmitt/action-tmate@v3.5
     - name: Test using Molecule
       run: molecule test
+  test-rocky8:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.10"
+    - name: Install Molecule
+      run: |
+        pip install -U pip setuptools wheel
+        pip install -r requirements-dev-rocky8.txt
+    # - name: Debugging with tmate
+    #   uses: mxschmitt/action-tmate@v3.5
+    - name: Test using Molecule
+      run: molecule test -s rocky8

EXAMPLES.md

@@ -55,9 +55,11 @@ remote backup server. (not tested)
       keep_daily: 7
       keep_weekly: 4
       keep_monthly: 6
-    borgmatic_hooks:
-      before_backup:
-      - echo "`date` - Starting backup."
+    borgmatic_commands:
+      - before: action
+        when: [create]
+        run:
+          - echo "`date` - Before backup"
   tasks:
     - name: Configure Borg Backup and Backupmatic
       tags:

README.md

@@ -19,6 +19,11 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
   Systemd timers, be sure to remove the Cron job in `/etc/cron.d/borgmatic` first.
   The role will also alert you when trying to use both timers.
 
+## TODO
+
+- [ ] Support database backup (https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
+- [ ] Support healthchecks (https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+
 ## Example playbook with root as backup user, using the distro package and Cron timer
 
 ```
@@ -31,13 +36,16 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
       - ssh://xxxxxx@xxxxxx.repo.borgbase.com/./repo
     borg_source_directories:
       - /var/www
-    borgmatic_hooks:
-      before_backup:
-      - echo "`date` - Starting backup."
-      postgresql_databases:
-      - name: users
-        hostname: database1.example.org
-        port: 5433
+    borgmatic_commands:
+      - before: action
+        when: [create]
+        run:
+          - echo "Before create!"
+    borgmatic_databases:
+      postgresql:
+        - name: users
+          hostname: database1.example.org
+          port: 5433
 ```
 
 ## Example playbook with service user and Systemd timer
@@ -111,7 +119,7 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
 - `borgmatic_timer_hour`: Hour when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 6 | random }}`
 - `borgmatic_timer_minute`: Minute when regular create and prune cron/systemd-timer job will run. Defaults to  `{{ 59 | random }}`
 - `borgmatic_timer_flags`: Flags to pass to borgmatic cron/systemd-timer job, like "--log-file /path/to/file.log --log-file-verbosity 2"
-- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more.
+- `borgmatic_commands`: Invoke script before/after actions. See [How to add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/) for more.
 - `borgmatic_timer`: If the variable is set, a timer is installed. A choice must be made between `cron` and `systemd`.
 - `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false`
 - `borgmatic_unknown_unencrypted_repo_access_is_ok`: Bypass Borg error about a previously unknown unencrypted repository. Defaults to `false`

defaults/main.yml

@@ -27,13 +27,23 @@ borg_install_method: "pip"
 borg_require_epel: "{{ ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' }}"
 
 borgmatic_config_name: config.yaml
-borgmatic_hooks:
-  on_error:
-    - echo "`date` - Error while creating a backup."
-  before_backup:
-    - echo "`date` - Starting backup."
-  after_backup:
-    - echo "`date` - Finished backup."
+borgmatic_commands:
+  - before: action
+    when: [create]
+    run:
+      - echo "Before create!"
+  - after: action
+    when:
+      - create
+      - prune
+    run:
+      - echo "After create or prune!"
+  - after: error
+    run:
+      - echo "Something went wrong!"
+
+borgmatic_databases: {}
+
 borgmatic_checks:
   - name: repository
     frequency: "4 weeks"

meta/argument_specs.yml

@@ -67,6 +67,10 @@ argument_specs:
           Your own server or [BorgBase.com](https://www.borgbase.com) repo.
           Not required when using auto creation of repositories.
           Can be a list if you want to backup to multiple repositories.
+      borg_repository_label:
+        type: str
+        required: false
+        description: Label for the repository.
       borgmatic_store_atime:
         type: bool
         required: false
@@ -167,10 +171,11 @@ argument_specs:
         type: int
         required: false
         description: Restrict the number of checked archives to the last n. Applies only to the "archives" check.
-      borgmatic_hooks:
-        type: dict
+      borgmatic_commands:
+        type: list
+        elements: dict
         required: false
-        description: Shell commands or scripts to execute before and after a backup or if an error has occurred.
+        description: Shell commands or scripts to execute before and after a backup or if an error has occurred. See https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/
       borgmatic_timer_cron_name:
         type: str
         required: false
@@ -207,3 +212,8 @@ argument_specs:
         type: str
         required: false
         description: Comment added to the SSH public key.
+      borgmatic_databases:
+        type: dict
+        required: false
+        description: Database server name to list of databases to backup, see EXAMPLES.md
+

molecule/default/converge.yml

@@ -46,10 +46,13 @@
         keep_daily: 7
         keep_weekly: 4
         keep_monthly: 6
-      borgmatic_hooks:
-        before_backup:
-        - echo "`date` - Starting backup."
-        postgresql_databases:
-        - name: users
-          hostname: database1.example.org
-          port: 5433
+      borgmatic_commands:
+        - before: action
+          when: [create]
+          run:
+            - echo "Before create!"
+      borgmatic_databases:
+        postgresql:
+          - name: users
+            hostname: database1.example.org
+            port: 5433

molecule/default/molecule.yml

@@ -14,6 +14,11 @@ platforms:
     image: debian:bookworm
   - name: ubuntu-latest
     image: ubuntu:latest
+  # TODO: setup ansible<10 for this
+  # - name: rockylinux-8
+  #   image: rockylinux/rockylinux:8
+  - name: rockylinux-9
+    image: rockylinux/rockylinux:9
 provisioner:
   name: ansible
 verifier:

molecule/rocky8/Dockerfile.j2

@@ -0,0 +1,23 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-pip sudo bash ca-certificates iproute2 python3-apt aptitude && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v pacman) ]; then pacman --noconfirm -Suy python python-pip sudo openssh; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi

molecule/rocky8/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'

molecule/rocky8/converge.yml

@@ -0,0 +1,58 @@
+---
+- name: Converge
+  hosts: all
+  pre_tasks:
+    - name: Set ssh server package name for non-Archlinux ansible_os_family
+      set_fact:
+        openssh_package: "openssh-server"
+        pip3_extra_args: ""
+      when: ansible_os_family != "Archlinux"
+
+    - name: Set ssh server package name and pip3 argument for Archlinux ansible_os_family
+      set_fact:
+        openssh_package: "openssh"
+        pip3_extra_args: "--break-system-packages"
+      when: ansible_os_family == "Archlinux"
+
+    - name: Install openssh
+      package:
+        name: "{{ openssh_package }}"
+        state: present
+
+    - name: Enable EPEL for yamllint
+      package:
+        name: epel-release
+        state: present
+      when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora'
+
+    - name: Install yamllint
+      package:
+        name: yamllint
+        state: present
+
+  roles:
+    - role: borgbase.ansible_role_borgbackup
+      borg_install_method: pip
+      borgmatic_timer: cron
+      borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
+      borg_encryption_passphrase: CHANGEME
+      borg_source_directories:
+        - /srv/www
+        - /var/lib/automysqlbackup
+      borg_exclude_patterns:
+        - /srv/www/old-sites
+      borg_retention_policy:
+        keep_hourly: 3
+        keep_daily: 7
+        keep_weekly: 4
+        keep_monthly: 6
+      borgmatic_commands:
+        - before: action
+          when: [create]
+          run:
+            - echo "Before create!"
+      borgmatic_databases:
+        postgresql:
+          - name: users
+            hostname: database1.example.org
+            port: 5433

molecule/rocky8/molecule.yml

@@ -0,0 +1,16 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: rockylinux-8
+    image: rockylinux/rockylinux:8
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .

molecule/rocky8/verify.yml

@@ -0,0 +1,13 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+  - name: Ensure Borgmatic is installed correctly
+    command: borgmatic --version
+
+  - name: Ensure Borg is installed correctly
+    command: borgmatic borg --version
+
+  - name: Ensure produced YAML is valid
+    command: |
+      yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" /etc/borgmatic/config.yaml

requirements-dev-rocky8.txt

@@ -0,0 +1,4 @@
+ansible<10
+ansible-lint
+molecule
+molecule-plugins[docker]

tasks/00_assert.yml

@@ -5,5 +5,5 @@
       - borgmatic_failure_command is undefined
       - borgmatic_before_backup_command is undefined
       - borgmatic_after_backup_command is undefined
-    msg: Please use the new borgmatic_hooks variable instead of individual before/after/failure hooks.
+    msg: Please use the new borgmatic_commands variable instead of individual before/after/failure hooks.
 ...

tasks/noauto_install_package.yml

@@ -18,4 +18,8 @@
         name: "{{ item }}"
         state: present
       loop: "{{ borg_distro_packages }}"
+
+    - name: Set absolute path to /usr/bin
+      ansible.builtin.set_fact:
+        borg_abs_path: "/usr/bin"
 ...

tasks/noauto_install_pip.yml

@@ -5,7 +5,16 @@
       community.general.dnf_config_manager:
         name: crb
         state: enabled
-      when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora'
+      when:
+        - ansible_os_family == 'RedHat'
+        - ansible_distribution != 'Fedora'
+        - ansible_distribution != 'Rocky' or ansible_distribution_major_version == "9"
+
+    - name: Ensure that devel repository in enabled for Rocky 8 (need xxxhash-devel)
+      community.general.dnf_config_manager:
+        name: devel
+        state: enabled
+      when: ansible_distribution == 'Rocky' and ansible_distribution_major_version == "8"
 
     - name: Install build dependencies
       ansible.builtin.package:
@@ -54,4 +63,9 @@
           borg "$@"
         dest: /usr/local/bin/borg
         mode: "0755"
+
+    - name: Set absolute path to /usr/bin
+      ansible.builtin.set_fact:
+        borg_abs_path: "/usr/local/bin"
+
 ...

templates/borgmatic.service.j2

@@ -1,4 +1,4 @@
-# Managed by Ansible, please don't edit manually
+#{{ ansible_managed }}
 
 [Unit]
 Description=borgmatic backup
@@ -12,7 +12,7 @@ ConditionACPower=true
 [Service]
 Type=oneshot
 User={{ borg_user }}
-ExecStart=borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }} {{ borgmatic_timer_flags }}
+ExecStart={{ borg_abs_path }}/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }} {{ borgmatic_timer_flags }}
 
 # Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
 # Security settings for systemd running as root, optional but recommended to improve security. You

templates/config.yaml.j2

@@ -1,185 +1,196 @@
 #jinja2: lstrip_blocks: True, trim_blocks: True
 ---
-# Managed by Ansible, please don't edit manually
+# {{ ansible_managed }}
 
 # Full config: https://torsion.org/borgmatic/docs/reference/config.yaml
-location:
 {% if borg_source_directories is not defined or borg_source_directories | length == 0 %}
-    source_directories:
-        - /etc/hostname # prevent empty backupconfig
+source_directories:
+    - /etc/hostname # prevent empty backupconfig
 {% else %}
-    source_directories:
-    {% for dir in borg_source_directories %}
-        - {{ dir }}
-    {% endfor %}
+source_directories:
+{% for dir in borg_source_directories %}
+    - {{ dir }}
+{% endfor %}
 {% endif %}
 
-    # Stay in same file system (do not cross mount points).
-    one_file_system: {{ borg_one_file_system }}
-    repositories:
+# Stay in same file system (do not cross mount points).
+one_file_system: {{ borg_one_file_system }}
+repositories:
 {% if borg_repository is iterable and (borg_repository is not string and borg_repository is not mapping) %}
   {% for repo in borg_repository %}
-        - path: {{ repo }}
+    - path: {{ repo }}
+    {% if borg_repository_label is defined and borg_repository_label is string %}
+      label: {{ borg_repository_label }}
+    {% endif %}
   {% endfor %}
 {% elif borg_repository is defined and borg_repository is string %}
-        - path: {{ borg_repository }}
+    - path: {{ borg_repository }}
+{% if borg_repository_label is defined and borg_repository_label is string %}
+      label: {{ borg_repository_label }}
+{% endif %}
 {% endif %}
 
-    # Store atime into archive.
-    atime: {{ borgmatic_store_atime }}
+# Store atime into archive.
+atime: {{ borgmatic_store_atime }}
 
-    # Store ctime into archive.
-    ctime: {{ borgmatic_store_ctime }}
+# Store ctime into archive.
+ctime: {{ borgmatic_store_ctime }}
 
 {% if borg_exclude_patterns %}
     # Any paths matching these patterns are excluded from backups. Globs and tildes
     # are expanded. See the output of "borg help patterns" for more details.
-    exclude_patterns:
+exclude_patterns:
 {% for dir in borg_exclude_patterns %}
-        - '{{ dir }}'
+    - '{{ dir }}'
 {% endfor %}
 {% endif %}
 {% if borg_exclude_from %}
-    # Read exclude patterns from one or more separate named files, one pattern per
-    # line. See the output of "borg help patterns" for more details.
-    exclude_from:
+# Read exclude patterns from one or more separate named files, one pattern per
+# line. See the output of "borg help patterns" for more details.
+exclude_from:
 {% for dir in borg_exclude_from %}
-        - {{ dir }}
+    - {{ dir }}
 {% endfor %}
 {% endif %}
 
-    # Exclude directories that contain a CACHEDIR.TAG file. See
-    # http://www.brynosaurus.com/cachedir/spec.html for details.
-    exclude_caches: true
+# Exclude directories that contain a CACHEDIR.TAG file. See
+# http://www.brynosaurus.com/cachedir/spec.html for details.
+exclude_caches: true
 
-    # Exclude directories that contain a file with the given filename.
-    exclude_if_present: .nobackup
+# Exclude directories that contain a file with the given filename.
+exclude_if_present:
+    - .nobackup
 
-    # Alternate Borg remote executable. Defaults to "borg".
-    # remote_path: borg1
+# Alternate Borg remote executable. Defaults to "borg".
+# remote_path: borg1
 {% if borg_remote_path %}
-    remote_path: {{ borg_remote_path }}
+remote_path: {{ borg_remote_path }}
 {% endif %}
 
 # Repository storage options. See
 # https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
 # https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
 # details.
-storage:
 {% if borg_encryption_passphrase %}
-    encryption_passphrase: {{ borg_encryption_passphrase }}
+encryption_passphrase: {{ borg_encryption_passphrase }}
 
 {% endif %}
-    # The standard output of this command is used to unlock the encryption key. Only
-    # use on repositories that were initialized with passcommand/repokey encryption.
-    # Note that if both encryption_passcommand and encryption_passphrase are set,
-    # then encryption_passphrase takes precedence.
-    # encryption_passcommand: secret-tool lookup borg-repository repo-name
+# The standard output of this command is used to unlock the encryption key. Only
+# use on repositories that were initialized with passcommand/repokey encryption.
+# Note that if both encryption_passcommand and encryption_passphrase are set,
+# then encryption_passphrase takes precedence.
+# encryption_passcommand: secret-tool lookup borg-repository repo-name
 {% if borg_encryption_passcommand %}
-    encryption_passcommand: {{ borg_encryption_passcommand }}
+encryption_passcommand: {{ borg_encryption_passcommand }}
 {% endif %}
 
-    # Type of compression to use when creating archives. See
-    # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
-    # Defaults to no compression.
-    compression: {{ borg_compression|default('auto,zstd') }}
+# Type of compression to use when creating archives. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
+# Defaults to no compression.
+compression: {{ borg_compression|default('auto,zstd') }}
 
-    # Remote network upload rate limit in kiBytes/second.
+# Remote network upload rate limit in kiBytes/second.
 {% if borg_remote_rate_limit %}
-    remote_rate_limit: {{ borg_remote_rate_limit }}
+remote_rate_limit: {{ borg_remote_rate_limit }}
 {% endif %}
 
-    # Command to use instead of just "ssh". This can be used to specify ssh options.
-    # ssh_command: ssh -i ~/.ssh/id_ed25519
+# Command to use instead of just "ssh". This can be used to specify ssh options.
+# ssh_command: ssh -i ~/.ssh/id_ed25519
 {% if borg_ssh_command %}
-    ssh_command: {{ borg_ssh_command }}
+ssh_command: {{ borg_ssh_command }}
 {% endif %}
 
-    # Umask to be used for borg create.
-    umask: 0077
+# Umask to be used for borg create.
+umask: 0077
 
-    # Maximum seconds to wait for acquiring a repository/cache lock.
-    lock_wait: {{ borg_lock_wait_time }}
+# Maximum seconds to wait for acquiring a repository/cache lock.
+lock_wait: {{ borg_lock_wait_time }}
 
-    # Name of the archive. Borg placeholders can be used. See the output of
-    # "borg help placeholders" for details. Default is
-    # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
-    # also specify a prefix in the retention section to avoid accidental pruning of
-    # archives with a different archive name format. And you should also specify a
-    # prefix in the consistency section as well.
-    archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}'
+# Name of the archive. Borg placeholders can be used. See the output of
+# "borg help placeholders" for details. Default is
+# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
+# also specify a prefix in the retention section to avoid accidental pruning of
+# archives with a different archive name format. And you should also specify a
+# prefix in the consistency section as well.
+archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}'
 
-    # Bypass Borg error about a repository that has been moved.
-    relocated_repo_access_is_ok: {{ borgmatic_relocated_repo_access_is_ok }}
+# Bypass Borg error about a repository that has been moved.
+relocated_repo_access_is_ok: {{ borgmatic_relocated_repo_access_is_ok }}
 
-    # Bypass Borg error about a previously unknown unencrypted repository.
-    unknown_unencrypted_repo_access_is_ok: {{ borgmatic_unknown_unencrypted_repo_access_is_ok }}
+# Bypass Borg error about a previously unknown unencrypted repository.
+unknown_unencrypted_repo_access_is_ok: {{ borgmatic_unknown_unencrypted_repo_access_is_ok }}
 
 # Retention policy for how many backups to keep in each category. See
 # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
 # At least one of the "keep" options is required for pruning to work.
-retention:
 {% if borg_retention_policy.keep_secondly is defined %}
-    # Number of secondly archives to keep.
-    keep_secondly: {{ borg_retention_policy.keep_secondly }}
+# Number of secondly archives to keep.
+keep_secondly: {{ borg_retention_policy.keep_secondly }}
 {% endif %}
 
 {% if borg_retention_policy.keep_minutely is defined %}
-    # Number of minutely archives to keep.
-    keep_minutely: {{ borg_retention_policy.keep_minutely }}
+# Number of minutely archives to keep.
+keep_minutely: {{ borg_retention_policy.keep_minutely }}
 {% endif %}
 
 {% if borg_retention_policy.keep_hourly is defined %}
-    # Number of hourly archives to keep.
-    keep_hourly: {{ borg_retention_policy.keep_hourly }}
+# Number of hourly archives to keep.
+keep_hourly: {{ borg_retention_policy.keep_hourly }}
 {% endif %}
 
 {% if borg_retention_policy.keep_daily is defined %}
-    # Number of daily archives to keep.
-    keep_daily: {{ borg_retention_policy.keep_daily }}
+# Number of daily archives to keep.
+keep_daily: {{ borg_retention_policy.keep_daily }}
 {% endif %}
 
 {% if borg_retention_policy.keep_weekly is defined %}
-    # Number of weekly archives to keep.
-    keep_weekly: {{ borg_retention_policy.keep_weekly }}
+# Number of weekly archives to keep.
+keep_weekly: {{ borg_retention_policy.keep_weekly }}
 {% endif %}
 
 {% if borg_retention_policy.keep_monthly is defined %}
-    # Number of monthly archives to keep.
-    keep_monthly: {{ borg_retention_policy.keep_monthly }}
+# Number of monthly archives to keep.
+keep_monthly: {{ borg_retention_policy.keep_monthly }}
 {% endif %}
 
 {% if borg_retention_policy.keep_yearly is defined %}
-    # Number of yearly archives to keep.
-    keep_yearly: {{ borg_retention_policy.keep_yearly }}
+# Number of yearly archives to keep.
+keep_yearly: {{ borg_retention_policy.keep_yearly }}
 {% endif %}
 
 # Consistency checks to run after backups. See
 # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
 # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
-consistency:
-    # List of one or more consistency checks to run: "repository",
-    # "archives", "data", and/or "extract". Defaults to
-    # "repository" and "archives". Set to "disabled" to disable
-    # all consistency checks. "repository" checks the consistency
-    # of the repository, "archives" checks all of the archives,
-    # "data" verifies the integrity of the data within the
-    # archives, and "extract" does an extraction dry-run of the
-    # most recent archive. Note that "data" implies "archives".
-    checks:
-    {% for checks in borgmatic_checks %}
-        - {{ checks }}
-    {% endfor %}
 
-    # Restrict the number of checked archives to the last n. Applies only to the "archives" check.
-    check_last: {{ borgmatic_check_last }}
+# List of one or more consistency checks to run: "repository",
+# "archives", "data", and/or "extract". Defaults to
+# "repository" and "archives". Set to "disabled" to disable
+# all consistency checks. "repository" checks the consistency
+# of the repository, "archives" checks all of the archives,
+# "data" verifies the integrity of the data within the
+# archives, and "extract" does an extraction dry-run of the
+# most recent archive. Note that "data" implies "archives".
+checks:
+{% for checks in borgmatic_checks %}
+    - {{ checks }}
+{% endfor %}
 
+# Restrict the number of checked archives to the last n. Applies only to the "archives" check.
+check_last: {{ borgmatic_check_last }}
+
+{% if borgmatic_commands is defined %}
 # Shell commands or scripts to execute before and after a backup or if an error has occurred.
 # IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
 # Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
 # prevent potential shell injection or privilege escalation.
-hooks:
-{% for hook in borgmatic_hooks %}
-    {{ hook }}:
-{{ borgmatic_hooks[hook] | to_nice_yaml(indent=4) | indent(8, first=true) }}
+commands:
+{{ borgmatic_commands | to_nice_yaml(indent=4) }}
+{% endif %}
+
+{% if borgmatic_databases is defined %}
+# Databases specific backup
+{% for database in borgmatic_databases %}
+{{ database }}_databases:
+{{ borgmatic_databases[database] | to_nice_yaml(indent=4) }}
 {% endfor %}
+{% endif %}

vars/Rocky-8.yml

@@ -0,0 +1,27 @@
+borg_dep_packages:
+  - openssh-clients
+  - python3.9
+
+borg_cron_package: cronie
+
+borg_pip_packages:
+  - libacl-devel
+  - libacl
+  - gcc
+  - gcc-c++
+  - openssl-devel
+  - lz4-devel
+  - libzstd-devel
+  - xxhash-devel
+  - python39-pip
+  - python39-wheel
+  - python39-devel
+  - python39-setuptools
+  - python3-virtualenv
+
+borg_distro_packages:
+  - borgbackup
+  - borgmatic
+
+python_bin: python3.9
+pip_bin: pip3.9