From c111d737bb731dc20b2d2a465f31ac4aec3ffa67 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Sat, 24 Jan 2026 10:44:35 +0100
Subject: [PATCH] align borg and burp folders to backup, switch to systemd for
 scheduling

---
 README.md                     |  3 +--
 defaults/main.yml             |  5 +----
 tasks/cron.yml                | 26 ++++++++++++++++----------
 tasks/install.yml             | 10 ++++------
 tasks/repo.yml                |  5 ++---
 templates/borg_backup.service |  9 +++++++++
 templates/borg_backup.timer   |  8 ++++++++
 7 files changed, 41 insertions(+), 25 deletions(-)
 create mode 100644 templates/borg_backup.service
 create mode 100644 templates/borg_backup.timer

diff --git a/README.md b/README.md
index fbd2ce8..a289888 100644
--- a/README.md
+++ b/README.md
@@ -16,8 +16,7 @@ Role Variables
 
 Defaults set in defaults/main.yml
 
-borg_dirs - list of directories to backup - default to [ "/root", "/etc" ]
-borg_release - default to 1.1.4
+borg_dirs - list of directories to backup - default to "{{ burp_folders }}"
 borg_server - default to maison.opendoor.fr
 borg_account - default to backup_borg
 borg_remote_dir - remote base directory for repos - default to /media/Backups/
diff --git a/defaults/main.yml b/defaults/main.yml
index 1efc5f5..02c3b2d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,6 @@
 ---
 # defaults file for borg_client
-borg_release: 1.2.9
-borg_dirs:
-  - /etc
-  - /root
+borg_dirs: "{{ burp_folders }}"
 borg_remote_dir: /media/Backups/
 borg_account: backup_borg
 borg_server: maison.opendoor.fr
diff --git a/tasks/cron.yml b/tasks/cron.yml
index 88a5415..6e52924 100644
--- a/tasks/cron.yml
+++ b/tasks/cron.yml
@@ -1,10 +1,16 @@
-- name: Deploy cronjob backup_tout_court
-  vars:
-    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
-  cron:
-    name: backup
-    cron_file: backup
-    user: root
-    hour: "2"
-    minute: "{{ minutes }}"
-    job: "{{ borg_script_dir }}/borg.sh"
+- name: Deploy systemd service and timer unit files
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: /etc/systemd/system/
+  notify: reload systemd
+  loop:
+  - borg_backup.service
+  - borg_backup.timer
+
+- ansible.builtin.meta: flush_handlers
+
+- name: enable and start timer
+  ansible.builtin.systemd:
+    name: borg_backup.timer
+    state: started
+    enabled: true
diff --git a/tasks/install.yml b/tasks/install.yml
index 6607825..bf3abff 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -6,7 +6,7 @@
       path: /root/.ssh
       mode: 0700
       state: directory
-  - name: .ssh/confi 
+  - name: .ssh/config 
     ansible.builtin.copy:
       dest: /root/.ssh/config
       content: |
@@ -14,11 +14,9 @@
           Port 2222
 
 - name: get borg binary
-  get_url:
-    dest: /usr/bin/borg
-    owner: root
-    mode: "0755"
-    url: https://github.com/borgbackup/borg/releases/download/{{ borg_release }}/borg-linuxnew64
+  ansible.builtin.package:
+    name: borgbackup
+    state: present
 
 - name: ensure /root/bin exists
   ansible.builtin.file:
diff --git a/tasks/repo.yml b/tasks/repo.yml
index 6a8ec01..c58eeef 100644
--- a/tasks/repo.yml
+++ b/tasks/repo.yml
@@ -14,7 +14,7 @@
     path: "{{ borg_remote_dir }}{{ inventory_hostname }}"
     state: directory
     owner: "{{ borg_account }}"
-    group:  "{{ borg_account }}"
+    group:  "backup"
   delegate_to: "{{ borg_server }}"
 
 - name: get public key
@@ -32,7 +32,7 @@
     line: 'command="borg serve --restrict-to-path {{ borg_remote_dir }}" {{ public_key }} from {{ inventory_hostname }}'
     create: true
     owner: "{{ borg_account }}"
-    group: "{{ borg_account }}"
+    group: "backup"
     mode: 0600
   delegate_to: "{{ borg_server }}"
 
@@ -49,5 +49,4 @@
   ansible.builtin.command: "/usr/bin/borg init --encryption=keyfile {{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}{{ inventory_hostname }}"
   environment:
     BORG_PASSPHRASE: "{{ borg_passphrase }}"
-    
 
diff --git a/templates/borg_backup.service b/templates/borg_backup.service
new file mode 100644
index 0000000..30d7bf9
--- /dev/null
+++ b/templates/borg_backup.service
@@ -0,0 +1,9 @@
+# {{ansible_managed}}
+# this file was created from the role: {{ ansible_role_name }}
+[Unit]
+Description = get installed packages list
+
+[Service]
+Type = oneshot
+ExecStart = {{ borg_script_dir }}/borg.sh
+User = tom
\ No newline at end of file
diff --git a/templates/borg_backup.timer b/templates/borg_backup.timer
new file mode 100644
index 0000000..a0bb0ad
--- /dev/null
+++ b/templates/borg_backup.timer
@@ -0,0 +1,8 @@
+# {{ansible_managed}}
+# this file was created from the role: {{ ansible_role_name }}
+[Unit]
+Description= daily borg backup
+[Timer]
+OnCalendar=*-*-* 22:{{ 59|random( seed=inventory_hostname ) }}:0
+[Install]
+WantedBy=multi-user.target