From 29d0c5f4803cb10b32d4a85e08048bf212ccc203 Mon Sep 17 00:00:00 2001
From: Manu <3916435+m3nu@users.noreply.github.com>
Date: Sun, 20 Feb 2022 14:42:09 +0400
Subject: [PATCH] Unify all Borgmatic hooks in one variable (#93)

---
 README.md                     | 41 ++++++++++++++++++++---------------
 defaults/main.yml             |  8 +++----
 molecule/default/converge.yml |  7 ++++++
 tasks/main.yml                |  8 +++++++
 templates/config.yaml.j2      | 18 ---------------
 5 files changed, 42 insertions(+), 40 deletions(-)

diff --git a/README.md b/README.md
index 157a8ec..445c8a5 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,14 @@ Main features:
       keep_daily: 7
       keep_weekly: 4
       keep_monthly: 6
+    borgmatic_hooks:
+      before_backup:
+      - echo "`date` - Starting backup."
+      postgresql_databases:
+      - name: users
+        hostname: database1.example.org
+        port: 5433
+
 ```
 
 
@@ -55,33 +63,30 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
 - `borg_source_directories`: List of local folders to back up.
 
 ### Optional Arguments
+- `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key.
 - `borg_encryption_passphrase`: Password to use for repokey or keyfile. Empty if repo is unencrypted.
-- `borgmatic_checks`: List of consistency checks. Defaults to `['repository']`
-- `borgmatic_check_last`: Number of archives to check. Defaults to `3`
-- `borgmatic_store_atime`: Store atime into archive. Defaults to `true`
-- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
-- `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false`
-- `borgmatic_config_name`: Name to use for the borgmatic config file. Defaults to `config.yaml`
-- `borgmatic_large_repo`: Less frequent, monthly repo checking. Defaults to `true`
-- `borgmatic_failure_command`: Run this command when an error occurs. E.g. `curl -s -F "token=xxx" -F "user=xxx" -F "message=Error during backup" https://api.pushover.net/1/messages.json`
-- `borgmatic_before_backup_command`: Run this command before the backup. E.g. `dump-a-database /to/file.sql`
-- `borgmatic_after_backup_command`: Run this command after the backup. E.g. `rm /to/file.sql`
-- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more.
-- `borg_exclude_patterns`: Paths or patterns to exclude from backup. See [official documentation](https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-help-patterns) for more.
-- `borg_one_file_system`: Don't cross file-system boundaries. Defaults to `true`
 - `borg_exclude_from`: Read exclude patterns from one or more separate named files, one pattern per line.
+- `borg_exclude_patterns`: Paths or patterns to exclude from backup. See [official documentation](https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-help-patterns) for more.
 - `borg_lock_wait_time`: Config maximum seconds to wait for acquiring a repository/cache lock. Defaults to 5 seconds.
-- `borg_ssh_command`: Command to use instead of just "ssh". This can be used to specify ssh options.
+- `borg_one_file_system`: Don't cross file-system boundaries. Defaults to `true`
 - `borg_remote_path`: Path to the borg executable on the remote. It will default to `borg`.
 - `borg_remote_rate_limit`: Remote network upload rate limit in kiBytes/second.
-- `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key.
 - `borg_retention_policy`: Retention policy for how many backups to keep in each category (daily, weekly, monthly, etc).
-- `ssh_key_file`: Path to a private ssh key file (default is `.ssh/id_ed25519`). It generates a ed25519 key if the file doesn't exist yet.
-- `borgmatic_cron_hour`: Hour when regular create and prune cron job will run. Defaults to `{{ 6 | random }}`
-- `borgmatic_cron_minute`: Minute when regular create and prune cron job will run. Defaults to  `{{ 59 | random }}`
+- `borg_ssh_command`: Command to use instead of just "ssh". This can be used to specify ssh options.
+- `borgmatic_check_last`: Number of archives to check. Defaults to `3`
+- `borgmatic_checks`: List of consistency checks. Defaults to `['repository']`
+- `borgmatic_config_name`: Name to use for the borgmatic config file. Defaults to `config.yaml`
 - `borgmatic_cron_checks_day`: Day when cron job for infrequent checks will run. Defaults to `{{ 28 | random }}`
 - `borgmatic_cron_checks_hour`: Hour when cron job for infrequent checks will run. Defaults to `{{ range(7, 24) | random }}`
 - `borgmatic_cron_checks_minute`: Minute when cron job for infrequent checks will run. Defaults to  `{{ 59 | random }}`
+- `borgmatic_cron_hour`: Hour when regular create and prune cron job will run. Defaults to `{{ 6 | random }}`
+- `borgmatic_cron_minute`: Minute when regular create and prune cron job will run. Defaults to  `{{ 59 | random }}`
+- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more.
+- `borgmatic_large_repo`: Less frequent, monthly repo checking. Defaults to `true`
+- `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false`
+- `borgmatic_store_atime`: Store atime into archive. Defaults to `true`
+- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
+- `ssh_key_file`: Path to a private ssh key file (default is `.ssh/id_ed25519`). It generates a ed25519 key if the file doesn't exist yet.
 
 
 ### Optional Arguments for [BorgBase.com](https://www.borgbase.com) repository auto creation
diff --git a/defaults/main.yml b/defaults/main.yml
index 21c9961..c8ff660 100755
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,12 +3,12 @@ borg_encryption_passphrase: ''
 borg_exclude_patterns: []
 borgmatic_config_name: config.yaml
 borgmatic_large_repo: true
-borgmatic_hooks: []
-borgmatic_failure_command:
+borgmatic_hooks:
+  on_error:
   - echo "`date` - Error while creating a backup."
-borgmatic_before_backup_command:
+  before_backup:
   - echo "`date` - Starting backup."
-borgmatic_after_backup_command:
+  after_backup:
   - echo "`date` - Finished backup."
 borgmatic_checks:
   - repository
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index a48969b..5477b13 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -31,6 +31,13 @@
         keep_daily: 7
         keep_weekly: 4
         keep_monthly: 6
+      borgmatic_hooks:
+        before_backup:
+        - echo "`date` - Starting backup."
+        postgresql_databases:
+        - name: users
+          hostname: database1.example.org
+          port: 5433
 
   post_tasks:
   - name: Install yamllint for checking config file
diff --git a/tasks/main.yml b/tasks/main.yml
index a546f5f..2421a71 100755
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,12 @@
 ---
+- name: Ensure legacy hooks aren't used
+  assert:
+    that:
+      - borgmatic_failure_command is undefined
+      - borgmatic_before_backup_command is undefined
+      - borgmatic_after_backup_command is undefined
+    msg: Please use the new borgmatic_hooks variable instead of individual before/after/failure hooks.
+
 - name: Include OS-specific variables
   include_vars: "{{ item }}"
   with_first_found:
diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2
index 9f56d8b..c5148ee 100644
--- a/templates/config.yaml.j2
+++ b/templates/config.yaml.j2
@@ -177,24 +177,6 @@ consistency:
 # Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
 # prevent potential shell injection or privilege escalation.
 hooks:
-    # List of one or more shell commands or scripts to execute before creating a backup.
-    before_backup:
-{% for cmd in borgmatic_before_backup_command %}
-        - {{ cmd }}
-{% endfor %}
-
-    # List of one or more shell commands or scripts to execute after creating a backup.
-    after_backup:
-{% for cmd in borgmatic_after_backup_command %}
-        - {{ cmd }}
-{% endfor %}
-
-    # List of one or more shell commands or scripts to execute in case an exception has occurred.
-    on_error:
-{% for cmd in borgmatic_failure_command %}
-        - {{ cmd }}
-{% endfor %}
-
 {% for hook in borgmatic_hooks %}
     {{ hook }}:
         {{ borgmatic_hooks[hook] | to_nice_yaml(indent=2) | trim | indent(8) }}