:fire: add backup support

deploy/roles/os/tasks/sshd.yml

@@ -1,17 +1,10 @@
-- name: Backup sshd_config
-  become: true
-  ansible.builtin.copy:
-    src: /etc/ssh/sshd_config
-    dest: "{{ ansible_env.HOME }}/backups/etc_sshd_config"
-    remote_src: yes
-    backup: yes
-
 - name: Disable dns for sshd
   become: true
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
     regexp: "^UseDNS "
     line: UseDNS no
+    backup: true
 
 - name: Disable GSS api auth for sshd
   become: true
@@ -19,6 +12,7 @@
     path: /etc/ssh/sshd_config
     regexp: "^GSSAPIAuthentication "
     line: GSSAPIAuthentication no
+    backup: true
 
 - name: Disable root ssh login
   become: true
@@ -26,6 +20,7 @@
     path: /etc/ssh/sshd_config
     regexp: "^PermitRootLogin no"
     line: PermitRootLogin no
+    backup: true
 
 - name: Disable ssh login by password
   become: true
@@ -33,3 +28,4 @@
     path: /etc/ssh/sshd_config
     regexp: "^PasswordAuthentication no"
     line: PasswordAuthentication no
+    backup: true

deploy/roles/os/tasks/ulimits.yml

@@ -1,17 +1,10 @@
-- name: Backup system.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/system.conf
-    dest: "{{ ansible_env.HOME }}/backups/etc_systemd_system"
-    remote_src: yes
-    backup: yes
-
 - name: Setup nofile for system
   become: true
   ansible.builtin.lineinfile:
     path: /etc/systemd/system.conf
     regexp: "^DefaultLimitNOFILE="
     line: DefaultLimitNOFILE=2097152
+    backup: true
 
 - name: Setup nproc for system
   become: true
@@ -19,14 +12,7 @@
     path: /etc/systemd/system.conf
     regexp: "^DefaultLimitNPROC"
     line: DefaultLimitNPROC=524288
-
-- name: Backup user.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/user.conf
-    dest: "{{ ansible_env.HOME }}/backups/etc_systemd_user.conf"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: Setup nofile for user
   become: true
@@ -34,6 +20,7 @@
     path: /etc/systemd/user.conf
     regexp: "^DefaultLimitNOFILE="
     line: DefaultLimitNOFILE=1048576
+    backup: true
 
 - name: Setup nproc for user
   become: true
@@ -41,26 +28,21 @@
     path: /etc/systemd/user.conf
     regexp: "^DefaultLimitNPROC"
     line: DefaultLimitNPROC=262144
-
-- name: Backup limits.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/security/limits.conf
-    dest: "{{ ansible_env.HOME }}/backups/etc_security_limits.conf"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: Set user level open file limits for root
   become: true
   ansible.builtin.lineinfile:
     path: /etc/security/limits.conf
     line: root        soft nofile 10240
+    backup: true
 
-- name: Set user level open file limits for {{ansible_user}}
+- name: Set user level open file limits for {{ ansible_user }}
   become: true
   ansible.builtin.lineinfile:
     path: /etc/security/limits.conf
-    line: "{{ansible_user}}        soft nofile 10240"
+    line: "{{ ansible_user }}        soft nofile 10240"
+    backup: true
 
 # https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ladbi/changing-kernel-parameter-values.html#GUID-FB0CC366-61C9-4AA2-9BE7-233EB6810A31
 - name: Setup file max

deploy/roles/ubuntu/tasks/armbian.yml

@@ -1,10 +1,4 @@
-- name: backup /boot/armbianEnv.txt
-  become: true
-  copy:
-    src: /boot/armbianEnv.txt
-    dest: "{{ ansible_env.HOME }}/backups/boot_armbianEnv_txt"
-    remote_src: yes
-    backup: yes
+
 
 - name: enable uart for armbian
   become: true
@@ -12,3 +6,4 @@
     path: /boot/armbianEnv.txt
     regexp: "^overlays="
     line: overlays=usbhost2 usbhost3 uart1 uart2 analog-codec
+    backup: true

deploy/roles/ubuntu/tasks/clean.yml

@@ -3,6 +3,11 @@
   apt:
     autoclean: yes
 
+- name: Cleans the local repository of retrieved package files that can no longer be downloaded.
+  become: true
+  apt:
+    clean: yes
+
 - name: Remove dependencies that are no longer required
   become: true
   apt:

deploy/roles/ubuntu/tasks/friendly-core.yml

@@ -1,25 +1,10 @@
-- name: backup serial-getty@ttyAMA0.service.d/autologin.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
-    dest: "{{ ansible_env.HOME }}/backups/ttyAMA0_autologin_conf"
-    remote_src: yes
-    backup: yes
-
 - name: disable autologin for ttyAMA0
   become: true
   ansible.builtin.replace:
     path: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
     regexp: " --autologin pi "
     replace: " "
-
-- name: backup getty@tty1.service.d/autologin.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/system/getty@tty1.service.d/autologin.conf
-    dest: "{{ ansible_env.HOME }}/backups/tty1_autologin_conf"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: disable autologin for tty1
   become: true
@@ -27,14 +12,7 @@
     path: /etc/systemd/system/getty@tty1.service.d/autologin.conf
     regexp: " --autologin pi "
     replace: " "
-
-- name: backup serial-getty@ttyS0.service.d/autologin.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
-    dest: "{{ ansible_env.HOME }}/backups/ttyS0_autologin_conf"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: disable autologin for ttyS0
   become: true
@@ -42,14 +20,7 @@
     path: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
     regexp: " --autologin pi "
     replace: " "
-
-- name: backup serial-getty@ttySAC0.service.d/autologin.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
-    dest: "{{ ansible_env.HOME }}/backups/ttySAC0_autologin_conf"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: disable autologin for ttySAC0
   become: true
@@ -57,3 +28,4 @@
     path: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
     regexp: " --autologin pi "
     replace: " "
+    backup: true

deploy/roles/ubuntu/tasks/locales.yml

@@ -1,17 +1,10 @@
-- name: Backup locale.gen
-  become: true
-  copy:
-    src: /etc/locale.gen
-    dest: "{{ ansible_env.HOME }}/backups/etc_locale.gen"
-    remote_src: yes
-    backup: yes
-
 - name: Enable en-US locale
   become: true
   lineinfile:
     path: /etc/locale.gen
     state: present
     line: en_US.UTF-8 UTF-8
+    backup: true
 
 - name: Enable zh-CN locale
   become: true
@@ -19,6 +12,7 @@
     path: /etc/locale.gen
     state: present
     line: zh_CN.UTF-8 UTF-8
+    backup: true
 
 - name: Enable zh-TW locale
   become: true
@@ -26,6 +20,7 @@
     path: /etc/locale.gen
     state: present
     line: zh_TW.UTF-8 UTF-8
+    backup: true
 
 - name: Generate locales
   become: true

deploy/roles/ubuntu/tasks/pi.yml

@@ -6,19 +6,12 @@
 
 # --------------------------------------------
 
-- name: backup /etc/dhcp/dhclient.conf
-  become: true
-  ansible.builtin.copy:
-    src: /etc/dhcp/dhclient.conf
-    dest: "{{ ansible_env.HOME }}/backups/etc_dhcp_dhclient_conf"
-    remote_src: yes
-    backup: yes
-
 - name: enable option 72 for dhclient
   become: true
   ansible.builtin.lineinfile:
     path: /etc/dhcp/dhclient.conf
     line: "also request www-server;"
+    backup: true
 
 # --------------------------------------------
 

deploy/roles/ubuntu/tasks/raspbian.yml

@@ -1,19 +1,12 @@
 # https://www.raspberrypi.org/documentation/configuration/uart.md
 
-- name: backup /boot/config.txt
-  become: true
-  ansible.builtin.copy:
-    src: /boot/config.txt
-    dest: "{{ ansible_env.HOME }}/backups/boot_config_txt"
-    remote_src: yes
-    backup: yes
-
 - name: enable uart
   become: true
   lineinfile:
     path: /boot/config.txt
     regexp: "^enable_uart="
     line: enable_uart=1
+    backup: true
 
 - name: disable bluetooth
   become: true
@@ -21,6 +14,7 @@
     path: /boot/config.txt
     regexp: "^dtoverlay="
     line: dtoverlay=disable-bt
+    backup: true
 
 - name: hidden splash message
   become: true
@@ -28,14 +22,7 @@
     path: /boot/config.txt
     regexp: "^disable_splash="
     line: disable_splash=1
-
-- name: backup /boot/cmdline.txt
-  become: true
-  ansible.builtin.copy:
-    src: /boot/cmdline.txt
-    dest: "{{ ansible_env.HOME }}/backups/boot_cmdline_txt"
-    remote_src: yes
-    backup: yes
+    backup: true
 
 - name: disable debug port & logo
   become: true
@@ -43,6 +30,7 @@
     path: /boot/cmdline.txt
     regexp: "console=serial0,115200"
     replace: "loglevel=3 logo.nologo"
+    backup: true
 
 - name: disable hciuart service
   become: true