restic_backend_type: "sftp"
restic_password: ""
# restic_repo: set explicitly when restic_backend_type is not 'sftp'

# SFTP backend: path to the SSH private key on the controller and on the target server
# Both are written by storage_box.yml — no need to set these manually
restic_local_key_path: "{{ lookup('env', 'LINDERHOF_DIR') }}/restic_backup"
restic_ssh_key: /root/.ssh/restic_backup

restic_backup_paths: >-
  {{
    ['/etc/letsencrypt', '/srv/caddy']
    + (['/etc/nebula'] if (enable_nebula | default(false)) else [])
    + (['/srv/forgejo'] if (enable_forgejo | default(false)) else [])
    + (['/srv/goaccess'] if (enable_goaccess | default(false)) else [])
    + (['/srv/mail'] if (enable_mail | default(false)) else [])
    + (['/srv/monitoring'] if (enable_monitoring | default(false)) else [])
    + (['/srv/tuwunel'] if (enable_tuwunel | default(false)) else [])
    + (['/srv/radicale'] if (enable_radicale | default(false)) else [])
    + (['/srv/diun'] if (enable_diun | default(false)) else [])
  }}

restic_exclude_patterns:
  - "**/tmp"
  - "**/cache"
  - "**/*.gz"

restic_backup_time: "02:00:00"
restic_prune_time: "04:00:00"

restic_retention:
  daily: 7
  weekly: 4
  monthly: 6