Allow controlling cron logging

README.md

@@ -27,6 +27,9 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 | `restic_group` | "root" | system group to run restic |
 | `restic_shell` | "/bin/false" | the shell for the restic user, change this if you want to be able to su to it |
 | `restic_install_path` | "/usr/local/bin" | directory where restic binary will be installed |
+| `restic_cron_mailto` | restic_user | who to mail results of the restic crons to, set to "" to not mail |
+| `restic_cron_stdout_file` | null | what file to log restic output to, null means include in mailto, use /dev/null to discard |
+| `restic_cron_stderr_file` | null | what file to log restic errors to, null means include in mailto, use /dev/null to discard |
 | `restic_repos` | [] | restic repositories and cron jobs configuration. More in [defaults/main.yml](defaults/main.yml) |
 
 ## Security

defaults/main.yml

@@ -10,7 +10,9 @@ restic_install_path: '/usr/local/bin'
 
 restic_initialize_repos: true
 
-restic_discard_cron_stdout: false
+restic_cron_mailto: "{{ restic_user }}"
+restic_cron_stdout_file: null
+restic_cron_stderr_file: null
 
 restic_repos: []
 # restic_repos:

tasks/install.yml

@@ -20,6 +20,27 @@
     state: 'directory'
     path: '{{ restic_install_path }}'
 
+- name: Ensure restic user can write to log dirs if defined
+  file:
+    state: 'directory'
+    path: '{{ item | dirname }}'
+  with_items:
+    - "{{ restic_cron_stdout_file }}"
+    - "{{ restic_cron_stderr_file }}"
+  when: item != None
+
+- name: Ensure restic user can write to log files if defined
+  file:
+    state: 'touch'
+    path: '{{ item }}'
+    owner: '{{ restic_user }}'
+    group: '{{ restic_group }}'
+    mode: 0640
+  with_items:
+    - "{{ restic_cron_stdout_file }}"
+    - "{{ restic_cron_stderr_file }}"
+  when: item != None
+
 - name: Download client binary
   become: false
   get_url:

templates/restic.cron.j2

@@ -1,6 +1,6 @@
-# jinja2: lstrip_blocks: "True"
 # vi: ft=jinja.crontab
 {{ ansible_managed | comment }}
+MAILTO={{ restic_cron_mailto }}
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:{{ restic_install_path }} 
 RESTIC_REPOSITORY={{ item.url | trim | quote }}
@@ -15,19 +15,21 @@ RESTIC_PASSWORD={{ item.password | trim | quote }}
 # Apply retention policy
 {{ item.retention_time | default('17 3 * * *') }} {{ restic_user }} restic forget --prune
 {%- if item.retention.last is defined %} --keep-last {{ item.retention.last }}{% endif -%}
-{% if item.retention.hourly is defined %} --keep-hourly {{ item.retention.hourly }}{% endif -%}
-{% if item.retention.daily is defined %} --keep-daily {{ item.retention.daily }}{% endif -%}
-{% if item.retention.weekly is defined %} --keep-weekly {{ item.retention.weekly }}{% endif -%}
-{% if item.retention.monthly is defined %} --keep-monthly {{ item.retention.monthly }}{% endif -%}
-{% if item.retention.yearly is defined %} --keep-yearly {{ item.retention.yearly }}{% endif -%}
-{% if item.retention.tags is defined %} --keep-tag {% for tag in item.retention.tags %}{{ tag }}{% if not loop.last %},{% endif %}{% endfor %}{% endif -%}{% if restic_discard_cron_stdout %} > /dev/null{% endif %}
-;{% endif %}
-{% if item.check | default(true) -%}
+{%- if item.retention.hourly is defined %} --keep-hourly {{ item.retention.hourly }}{% endif -%}
+{%- if item.retention.daily is defined %} --keep-daily {{ item.retention.daily }}{% endif -%}
+{%- if item.retention.weekly is defined %} --keep-weekly {{ item.retention.weekly }}{% endif -%}
+{%- if item.retention.monthly is defined %} --keep-monthly {{ item.retention.monthly }}{% endif -%}
+{%- if item.retention.yearly is defined %} --keep-yearly {{ item.retention.yearly }}{% endif -%}
+{%- if item.retention.tags is defined %} --keep-tag {% for tag in item.retention.tags %}{{ tag }}{% if not loop.last %},{% endif %}{% endfor %}{% endif -%}{% if restic_cron_stdout_file %} >{{ restic_cron_stdout_file }}{% endif %}{% if restic_cron_stderr_file %} 2>{{ restic_cron_stderr_file }}{% endif %}
+
+{% endif %}
+{% if item.check | default(true) %}
 # Check repository
-{{ item.check_time | default('17 4 * * *') }} {{ restic_user }} restic check{% if restic_discard_cron_stdout %} > /dev/null{% endif %}
+{{ item.check_time | default('17 4 * * *') }} {{ restic_user }} restic check{% if restic_cron_stdout_file %} >{{ restic_cron_stdout_file }}{% endif %}{% if restic_cron_stderr_file %} 2>{{ restic_cron_stderr_file }}{% endif %}
 {%- endif %}
 
 # Do an actual backup
 {% for job in item.jobs %}
-{{ job.at }} {{ restic_user }} {{ job.command }}
+{{ job.at }} {{ restic_user }} {{ job.command }}{% if restic_cron_stdout_file %} >{{ restic_cron_stdout_file }}{% endif %}{% if restic_cron_stderr_file %} 2>{{ restic_cron_stderr_file }}{% endif %}
+
 {% endfor %}