system-config/playbooks/roles/backup/tasks/main.yaml

- name: Generate bup username for this host
  set_fact:
    bup_username: 'bup-{{ inventory_hostname.split(".", 1)[0] }}'
  when: bup_username is not defined

- debug:
    var: bup_username

- name: Install bup
  package:
    name:
      - bup
    state: present

- name: Generate keypair for backups
  openssh_keypair:
    path: /root/.ssh/id_backup_ed25519
    type: ed25519
  register: bup_keypair

- name: Initalise bup
  command: bup init
  when: bup_keypair.changed

- name: Configure ssh for backup server
  blockinfile:
    path: /root/.ssh/config
    create: true
    block: |
      Host {{ item }}
      HostName {{ item }}
      IdentityFile /root/.ssh/id_backup_ed25519
      User {{ bup_username }}
    mode: 0600
  with_inventory_hostnames: backup-server

- name: Generate bup_user info tuple
  set_fact:
    bup_user: '{{ [ bup_username, bup_keypair["public_key"] ] }}'

- name: Accept hostkey of backup server
  known_hosts:
    state: present
    key: '{{ item }} ssh-ed25519 {{ hostvars[item]["ansible_ssh_host_key_ed25519_public"] }}'
    name: '{{ item }}'
  with_inventory_hostnames: backup-server

- name: Write /etc/bup-excludes
  copy:
    src: bup-excludes
    dest: /etc/bup-excludes
    mode: 0444

- name: Install backup cron job
  cron:
    name: "Run bup backup"
    job: "tar -X /etc/bup-excludes -cPF - / | bup split -r {{ bup_username }}@{{ item }}: -n root -q"
    user: root
    hour: '5'
    minute: '{{ 59|random(seed=item) }}'
  with_inventory_hostnames: backup-server