snapshot: add support for btrbk

Also simplify `use_polkit` check everwhere.

TODO.md

@@ -6,7 +6,6 @@ Stuff that are planned to be added/changed.
 
 - [ ] /etc/security/access.conf
 - [ ] Filesystem snapshot:
-  - [ ] btrbk (rootfs=btrfs)
   - [ ] sanoid / zrepl (rootfs=zfs)
 - [ ] Filesystem backup (I don't have spare hard drives -_- so not supported for now):
   - [ ] Local incremental backups (to spare disk)

group_vars/all.yml

@@ -90,7 +90,7 @@ disable_uefi_access: false
 
 # Should polkit be used
 # NOTE: have no effect when seat_manager == 'elogind'
-polkit: false
+use_polkit: false
 
 # Should be a file name existed inside /usr/share/consolefonts/
 console_font: ter-h22b.psf.gz
@@ -165,7 +165,26 @@ snapper:
     timeline:
       cleanup_enabled: false
 
+# NOTE: some caveats to reduce config complexity
+# - use the same targets for all subvolumes in each volume definition
+# - use the same global retention policy for snapshot/backup/archive
+# - there's only 1 global ssh config
 btrbk:
+  options:
+    lockfile: /var/lock/btrbk.lock
+    logfile: /var/log/btrbk.log
+    syslog: cron
+    timestamp_format: long
+    snapshot:
+      min_age: 6h
+      policy: 16h 8d 4w 2m
+  volumes:
+    - path: /mnt/root
+      snapshot_dir: '@snapshots'
+      subvolumes: ['@home', '@']
+    - path: /mnt/media
+      snapshot_dir: '@snapshots'
+      subvolumes: ['@']
 
 sanoid:
 

roles/fstab/tasks/main.yml

@@ -21,7 +21,7 @@
 # Note: Add the normal user to polkitd group afterward
 - name: fstab | Configure /proc restriction
   vars:
-    proc_group: '{{ use_polkit | ternary("polkitd", "wheel") }}'
+    proc_group: '{{ (use_polkit or (seat_manager == "elogind")) | ternary("polkitd", "wheel") }}'
   block:
     # Busybox's mount doesn't interpret group name in GID, so check it
     # wheel group on Alpine by default has GID=10

roles/libvirt/tasks/main.yml

@@ -23,7 +23,7 @@
     regexp: '^#?{{ item[1] | regex_replace(" =.*$", "") }}'
     line: '{{ item[1] }}'
   loop: '{{ libvirt_daemons | product(libvirt_daemons_conf) | list }}'
-  when: not use_polkit
+  when: (not use_polkit) and (seat_manager != 'elogind')
 
 - name: libvirt | Start modular services on runlevel 'default'
   service:

roles/snapshot/handlers/main.yml

@@ -1,7 +1,14 @@
 ---
-- name: Create .snapshots subvolumes manually
+- name: Create snapshots btrfs subvolumes manually
   debug:
-    msg: >
-      Please create .snapshots/ directories and corresponding mounted subvolumes
-      under {{ snapper | map(attribute='subvolume') | join(', ') }} targets
-      manually.
+    msg: |
+      {% if snapshot_tool == 'snapper' %}
+      Please create .snapshots/ directories and corresponding mounted subvolumes under {{ snapper | map(attribute='subvolume') | join(', ') }} paths manually.
+      {% elif snapshot_tool == 'btrbk' %}
+      Please create corresponding subvolumes:
+      {% for volume in btrbk.volumes %}
+      {% if volume.snapshot_dir is defined %}
+      * {{ volume.snapshot_dir }} inside {{ volume.path }} path.
+      {% endif %}
+      {% endfor %}
+      {% endif %}

roles/snapshot/tasks/btrbk.yml

@@ -1 +1,15 @@
 ---
+- name: btrbk | Install btrbk package
+  community.general.apk:
+    name: btrbk
+    state: present
+
+- name: btrbk | Copy config btrbk.conf
+  template:
+    src: btrbk.conf.j2
+    dest: /etc/btrbk/btrbk.conf
+    mode: '644'
+    owner: root
+    group: root
+  notify:
+    - Create snapshots btrfs subvolumes manually

roles/snapshot/tasks/snapper.yml

@@ -23,4 +23,4 @@
     owner: root
     group: root
   notify:
-    - Create .snapshots subvolumes manually
+    - Create snapshots btrfs subvolumes manually

roles/snapshot/templates/btrbk.conf.j2

@@ -0,0 +1,66 @@
+# btrbk.conf
+# See btrbk.conf(5) for more details.
+
+{% if btrbk.options.logfile is defined %}
+transaction_log {{ btrbk.options.logfile }}
+{% endif %}
+
+{% if btrbk.options.syslog is defined %}
+transaction_syslog {{ btrbk.options.syslog }}
+{% endif %}
+
+{% if btrbk.options.lockfile is defined %}
+lockfile {{ btrbk.options.lockfile }}
+{% endif %}
+
+{% if btrbk.options.ssh.remote_user is defined %}
+ssh_user {{ btrbk.options.ssh.remote_user }}
+{% endif %}
+{% if btrbk.options.ssh.private_key_path is defined %}
+ssh_identity {{ btrbk.options.ssh.private_key_path }}
+{% endif %}
+
+{% for type in ['snapshot', 'target', 'archive'] %}
+
+{% if btrbk.options[type].policy is defined %}
+{{ type }}_preserve {{ btrbk.options[type].policy }}
+{% endif %}
+{% if btrbk.options[type].min_age is defined %}
+{{ type }}_preserve_min {{ btrbk.options[type].min_age }}
+{% endif %}
+{% endfor %}
+
+timestamp_format {{ btrbk.options.timestamp_format }}
+
+compat busybox
+
+backend_local_user btrfs-progs-doas
+backend_remote     btrfs-progs-doas
+
+stream_compress zstd
+
+{% if btrbk.options.stream_buffer.local is defined %}
+stream_buffer {{ btrbk.options.stream_buffer.local }}
+{% endif %}
+{% if btrbk.options.stream_buffer.remote is defined %}
+stream_buffer_remote {{ btrbk.options.stream_buffer.remote }}
+{% endif %}
+
+{% for volume in btrbk.volumes %}
+
+volume {{ volume.path }}
+    snapshot_dir {{ volume.snapshot_dir }}
+{% if volume.archive_exclude_pattern is defined %}
+    archive_exclude {{ archive_exclude_pattern }}
+{% endif %}
+{% if volume.subvolumes is defined %}
+{% for subvolume in volume.subvolumes %}
+    subvolume {{ subvolume }}
+{% endfor %}
+{% endif %}
+{% if volume.targets is defined %}
+{% for target in volume.targets %}
+    target {{ target }}
+{% endfor %}
+{% endif %}
+{% endfor %}

roles/user/tasks/main.yml

@@ -35,7 +35,7 @@
     append: true
     groups:
       - polkitd
-  when: use_polkit
+  when: use_polkit or (seat_manager == 'elogind')
 
 - name: user | Add the user to seat group
   user:

setup.yml

@@ -6,8 +6,6 @@
     # Determine the fstype of root filesystem
     # PERF: a shorter version but requires `py3-jmespath`: '{{ ansible_mounts | json_query("[?mount == `/`].fstype") | first }}'
     rootfs: '{{ ansible_mounts | selectattr("mount", "equalto", "/") | map(attribute="fstype") | first }}'
-    # elogind needs polkit to function
-    use_polkit: '{{ (seat_manager == "elogind") | ternary("True", polkit) }}'
   pre_tasks:
     - name: Sanity checks
       tags: always