---
- name: social.coop | server
  hosts: all
  become: yes
  vars_files:
    - secrets.vars.yml
  vars:
    s3_access_key_id: "{{lookup('passwordstore', 'deployment/backupninja/s3access')}}"
    s3_secret_access_key: "{{lookup('passwordstore', 'deployment/backupninja/s3sec')}}"
  roles:
    - role: server
    - role: social-coop

    - role: logcheck-custom
      tags: logcheck-custom

    # Installs a script to dump the mastodon-live PgSQL database, and
    # copy the GPG encrypted archive to our S3 space with rclone. This
    # is invoked daily using a systemd timer. Encryption is done with
    # the public key in the password store
    # deployment/backupninja/pub. To decrypt, you need to use the
    # associated private key
    - role: pg-dump-to-s3
      tags: pg-dump-to-s3
      pg_dump_to_s3_systemd_timer_section: OnCalendar=00:40:00
      pg_dump_to_s3_desturl: "spaces:social-coop-media/backups/{{inventory_hostname_short}}/"
      pg_dump_to_s3_pgdump_opts: -h localhost -U root -d mastodon-live -Fc 
      pg_dump_to_s3_pubkey: "{{lookup('passwordstore', 'deployment/backupninja/pub returnall=true')}}"
      pg_dump_to_s3_rclone_config: "{{lookup('template', 'templates/rclone-conf.j2')}}"