nitial version of proxmox backup collection

Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>

roles/backup/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+backup_proxmox_cron_hour: '4'
+backup_proxmox_paths: 'root.pxar:/'
+
+backup_proxmox_signing_key_url: 'https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg'
+backup_proxmox_signing_key_file: '/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg'
+backup_proxmox_repo_url: 'http://download.proxmox.com/debian/pbs-client'

roles/backup/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: 'Install proxmox repository signing key'
+  become: true
+  ansible.builtin.get_url:
+    url: '{{ backup_proxmox_signing_key_url }}'
+    dest: '{{ backup_proxmox_signing_key_file }}'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+
+- name: 'Install proxmox backup software repository'
+  become: true
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64 signed-by={{ backup_proxmox_signing_key_file }}] {{ backup_proxmox_repo_url }} bookworm main'
+    filename: 'pbs-client'
+
+- name: 'Install static proxmox backup client'
+  become: true
+  ansible.builtin.apt:
+    name: 'proxmox-backup-client-static'
+    state: 'present'
+
+- name: 'Create directory for encryption key'
+  become: true
+  ansible.builtin.file:
+    path: '/root/.config/proxmox-backup'
+    state: 'directory'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rwx,g=rx,o=rx'
+
+- name: 'Deploy encryption key to host'
+  become: true
+  ansible.builtin.template:
+    src: 'encryption-key.json.j2'
+    dest: '/root/.config/proxmox-backup/encryption-key.json'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=,o='
+
+- name: 'Create cronjob'
+  become: true
+  block:
+    - name: 'Generate the cronjob itself'
+      ansible.builtin.cron:
+        cron_file: 'proxmox-backup'
+        user: 'root'
+        name: 'proxmox-backup'
+        job: 'proxmox-backup-client backup {{ backup_proxmox_paths }}'
+        hour: '{{ backup_proxmox_cron_hour }}'
+        minute: '{{ backup_proxmox_cron_minute }}'
+    - name: 'Configure environment variable for repository'
+      ansible.builtin.cron:
+        cron_file: 'proxmox-backup'
+        user: 'root'
+        env: true
+        name: 'PBS_REPOSITORY'
+        value: '{{ backup_proxmox_repository }}'
+    - name: 'Configure environment variable for user password'
+      ansible.builtin.cron:
+        cron_file: 'proxmox-backup'
+        user: 'root'
+        env: true
+        name: 'PBS_PASSWORD'
+        value: '{{ backup_proxmox_password }}'
+    - name: 'Configure environment variable for encryption'
+      ansible.builtin.cron:
+        cron_file: 'proxmox-backup'
+        user: 'root'
+        env: true
+        name: 'PBS_ENCRYPTION_PASSWORD'
+        value: '{{ backup_proxmox_encryption_password }}'

roles/backup/templates/encryption-key.json.j2

@@ -0,0 +1,14 @@
+{
+  "kdf": {
+    "Scrypt": {
+      "n": 65536,
+      "r": 8,
+      "p": 1,
+      "salt": "{{ backup_proxmox_encryption_key_kdf_salt }}"
+    }
+  },
+  "created": "{{ backup_proxmox_encryption_key_created }}",
+  "modified": "{{ backup_proxmox_encryption_key_modified }}",
+  "data": "{{ backup_proxmox_encryption_key_data }}",
+  "fingerprint": "{{ backup_proxmox_encryption_key_fingerprint }}"
+}