initial commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

roles/restic/tasks/backend_sftp.yml

@@ -0,0 +1,30 @@
+---
+- name: Deploy Restic SSH key
+  ansible.builtin.copy:
+    src: restic_backup         # local path in your playbook repo
+    dest: "{{ restic_ssh_key }}"    # e.g. /root/.ssh/restic_backup
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: Ensure restic repo directory exists on Storage Box
+  ansible.builtin.shell: |
+    ssh -i {{ restic_ssh_key }} -o BatchMode=yes -o StrictHostKeyChecking=no -p {{ restic_ssh_port }} {{ restic_user }}@{{ restic_host }} \
+    "mkdir -p {{ restic_remote_path }} && chmod 700 {{ restic_remote_path }}" < /dev/null
+  changed_when: false
+
+- name: Write the ssh config for the root user
+  # TODO: this replaces roots config and should be much smarter, safe for me currently
+  template:
+    src: restic-ssh-config.j2
+    dest: /root/.ssh/config
+    mode: "0644"
+
+- name: Initialize restic repo on Storage Box (if needed)
+  ansible.builtin.shell: |
+    source /etc/restic/restic.env
+    restic snapshots > /dev/null 2>&1 || restic init
+    touch /etc/restic/.initialized
+  args:
+    creates: /etc/restic/.initialized
+