Add backup restoration logic to NFS role

Passing the `backup_nfs_restore` variable will restore that timestamp.

roles/backup_nfs/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
-backup_nfs_directory: /podman-nfs-backups
+backup_nfs_create_directory: /podman-nfs-backups
+backup_nfs_restore_directory: /podman-nfs-backups
 backup_nfs_mountpoint: /opt/podman-nfs-backups

roles/backup_nfs/tasks/main.yml

@@ -20,13 +20,23 @@
 
 - name: This block ensures the NFS directory will be unmounted if a task fails
   block:
-    - name: Mount backup NFS directory
+    - name: Mount backup NFS directory (for creating backups)
       ansible.posix.mount:
-        src: "{{ backup_nfs_remote }}:{{ backup_nfs_directory }}"
+        src: "{{ backup_nfs_remote }}:{{ backup_nfs_create_directory }}"
         path: "{{ backup_nfs_mountpoint }}"
         opts: rw,sync,hard,vers=4
         state: ephemeral
         fstype: nfs
+      when: backup_nfs_restore is undefined
+
+    - name: Mount backup NFS directory (for restoring backups)
+      ansible.posix.mount:
+        src: "{{ backup_nfs_remote }}:{{ backup_nfs_restore_directory }}"
+        path: "{{ backup_nfs_mountpoint }}"
+        opts: ro,sync,hard,vers=4
+        state: ephemeral
+        fstype: nfs
+      when: backup_nfs_restore is defined
 
     - name: Execute backup tasks inside service account
       ansible.builtin.include_tasks: machinectl.yml

roles/backup_nfs/tasks/per-container-restore.yml

@@ -0,0 +1,24 @@
+---
+- name: Ensure container is stopped
+  ansible.builtin.systemd_service:
+    name: container-{{ container }}.service
+    state: stopped
+    scope: user
+  register: container_state
+
+- name: Import the volumes
+  containers.podman.podman_import:
+    volume: "{{ item }}"
+    src: "{{ backup_nfs_mountpoint }}/{{ container }}-{{ item }}-{{ backup_nfs_restore }}.tar"
+  loop: "{{ backup_nfs_containers['volumes'] }}"
+
+# A container is not always running, so if it was stopped before
+# the backup procedure even started, do not start it again.
+# It's quite a hassle to have this behaviour with a handler, so
+# we just suppress the linting error.
+- name: Start container again if necessary # noqa: no-handler
+  ansible.builtin.systemd_service:
+    name: container-{{ container }}.service
+    state: started
+    scope: user
+  when: container_state is changed

roles/backup_nfs/tasks/per-user.yml

@@ -1,8 +1,18 @@
 ---
 - name: Iterate over configured nginx sites
-  ansible.builtin.include_tasks: per-container.yml
+  ansible.builtin.include_tasks: per-container-create.yml
   loop: "{{ backup_nfs_users['containers'] }}"
   loop_control:
     loop_var: backup_nfs_containers
   vars:
     container: "{{ backup_nfs_containers['name'] }}"
+  when: backup_nfs_restore is undefined
+
+- name: Iterate over configured nginx sites
+  ansible.builtin.include_tasks: per-container-restore.yml
+  loop: "{{ backup_nfs_users['containers'] }}"
+  loop_control:
+    loop_var: backup_nfs_containers
+  vars:
+    container: "{{ backup_nfs_containers['name'] }}"
+  when: backup_nfs_restore is defined