From 3934bffbd1177c0035f485a4daf8f8a17d35b531 Mon Sep 17 00:00:00 2001
From: "Ivo C.S. Wingelaar" <ivo@wingelaar.be>
Date: Sun, 13 Oct 2024 20:12:26 +0200
Subject: [PATCH] Add backup restoration logic to NFS role

Passing the `backup_nfs_restore` variable will restore that timestamp.
---
 roles/backup_nfs/defaults/main.yml            |  3 ++-
 roles/backup_nfs/tasks/main.yml               | 14 +++++++++--
 ...container.yml => per-container-create.yml} |  0
 .../tasks/per-container-restore.yml           | 24 +++++++++++++++++++
 roles/backup_nfs/tasks/per-user.yml           | 12 +++++++++-
 5 files changed, 49 insertions(+), 4 deletions(-)
 rename roles/backup_nfs/tasks/{per-container.yml => per-container-create.yml} (100%)
 create mode 100644 roles/backup_nfs/tasks/per-container-restore.yml

diff --git a/roles/backup_nfs/defaults/main.yml b/roles/backup_nfs/defaults/main.yml
index 15d7595..ff6e0f1 100644
--- a/roles/backup_nfs/defaults/main.yml
+++ b/roles/backup_nfs/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
-backup_nfs_directory: /podman-nfs-backups
+backup_nfs_create_directory: /podman-nfs-backups
+backup_nfs_restore_directory: /podman-nfs-backups
 backup_nfs_mountpoint: /opt/podman-nfs-backups
diff --git a/roles/backup_nfs/tasks/main.yml b/roles/backup_nfs/tasks/main.yml
index 13977b8..9850a08 100644
--- a/roles/backup_nfs/tasks/main.yml
+++ b/roles/backup_nfs/tasks/main.yml
@@ -20,13 +20,23 @@
 
 - name: This block ensures the NFS directory will be unmounted if a task fails
   block:
-    - name: Mount backup NFS directory
+    - name: Mount backup NFS directory (for creating backups)
       ansible.posix.mount:
-        src: "{{ backup_nfs_remote }}:{{ backup_nfs_directory }}"
+        src: "{{ backup_nfs_remote }}:{{ backup_nfs_create_directory }}"
         path: "{{ backup_nfs_mountpoint }}"
         opts: rw,sync,hard,vers=4
         state: ephemeral
         fstype: nfs
+      when: backup_nfs_restore is undefined
+
+    - name: Mount backup NFS directory (for restoring backups)
+      ansible.posix.mount:
+        src: "{{ backup_nfs_remote }}:{{ backup_nfs_restore_directory }}"
+        path: "{{ backup_nfs_mountpoint }}"
+        opts: ro,sync,hard,vers=4
+        state: ephemeral
+        fstype: nfs
+      when: backup_nfs_restore is defined
 
     - name: Execute backup tasks inside service account
       ansible.builtin.include_tasks: machinectl.yml
diff --git a/roles/backup_nfs/tasks/per-container.yml b/roles/backup_nfs/tasks/per-container-create.yml
similarity index 100%
rename from roles/backup_nfs/tasks/per-container.yml
rename to roles/backup_nfs/tasks/per-container-create.yml
diff --git a/roles/backup_nfs/tasks/per-container-restore.yml b/roles/backup_nfs/tasks/per-container-restore.yml
new file mode 100644
index 0000000..db5281f
--- /dev/null
+++ b/roles/backup_nfs/tasks/per-container-restore.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure container is stopped
+  ansible.builtin.systemd_service:
+    name: container-{{ container }}.service
+    state: stopped
+    scope: user
+  register: container_state
+
+- name: Import the volumes
+  containers.podman.podman_import:
+    volume: "{{ item }}"
+    src: "{{ backup_nfs_mountpoint }}/{{ container }}-{{ item }}-{{ backup_nfs_restore }}.tar"
+  loop: "{{ backup_nfs_containers['volumes'] }}"
+
+# A container is not always running, so if it was stopped before
+# the backup procedure even started, do not start it again.
+# It's quite a hassle to have this behaviour with a handler, so
+# we just suppress the linting error.
+- name: Start container again if necessary # noqa: no-handler
+  ansible.builtin.systemd_service:
+    name: container-{{ container }}.service
+    state: started
+    scope: user
+  when: container_state is changed
diff --git a/roles/backup_nfs/tasks/per-user.yml b/roles/backup_nfs/tasks/per-user.yml
index fb8acd7..08a0f7d 100644
--- a/roles/backup_nfs/tasks/per-user.yml
+++ b/roles/backup_nfs/tasks/per-user.yml
@@ -1,8 +1,18 @@
 ---
 - name: Iterate over configured nginx sites
-  ansible.builtin.include_tasks: per-container.yml
+  ansible.builtin.include_tasks: per-container-create.yml
   loop: "{{ backup_nfs_users['containers'] }}"
   loop_control:
     loop_var: backup_nfs_containers
   vars:
     container: "{{ backup_nfs_containers['name'] }}"
+  when: backup_nfs_restore is undefined
+
+- name: Iterate over configured nginx sites
+  ansible.builtin.include_tasks: per-container-restore.yml
+  loop: "{{ backup_nfs_users['containers'] }}"
+  loop_control:
+    loop_var: backup_nfs_containers
+  vars:
+    container: "{{ backup_nfs_containers['name'] }}"
+  when: backup_nfs_restore is defined