---
# Backs up a running Appwrite instance per the official backup guide:
# https://appwrite.io/docs/advanced/self-hosting/production/backups
#
# What is backed up:
#   - MariaDB: mysqldump (--single-transaction, consistent without downtime)
#   - Docker volumes: all data volumes (tar.gz, requires service stop)
#   - .env file
#
# Backup is written to: {{ appwrite_backup_root }}/YYYYMMDDTHHMMSS/
#
# Required vars (from inventory):
#   appwrite_dir         - e.g. /home/ptoal/appwrite
#
# Optional vars:
#   appwrite_backup_root - destination parent dir (default: /var/backups/appwrite)
#   appwrite_compose_project - compose project name (default: basename of appwrite_dir)

- name: Backup Appwrite
  hosts: appwrite
  gather_facts: true
  become: true

  vars:
    _compose_project: "{{ appwrite_compose_project | default(appwrite_dir | basename) }}"
    backup_root: "{{ appwrite_backup_root | default('/var/backups/appwrite') }}"
    backup_dir: "{{ backup_root }}/{{ ansible_date_time.iso8601_basic_short }}"
    # appwrite-mariadb volume excluded — covered by the mysqldump below.
    # appwrite-cache and appwrite-redis are transient but included for
    # completeness; they are safe to omit if backup size is a concern.
    appwrite_volumes:
      - appwrite-uploads
      - appwrite-functions
      - appwrite-builds
      - appwrite-sites
      - appwrite-certificates
      - appwrite-config
      - appwrite-cache
      - appwrite-redis

  tasks:
    - name: Create backup directory
      ansible.builtin.file:
        path: "{{ backup_dir }}"
        state: directory
        mode: '0700'

    - name: Dump MariaDB
      # --single-transaction gives a consistent InnoDB snapshot without locking.
      # Runs while the service is still up so docker compose exec is available.
      ansible.builtin.shell:
        cmd: >
          docker compose exec -T mariadb
          sh -c 'exec mysqldump --all-databases --add-drop-database
          --single-transaction --routines --triggers
          -uroot -p"$MYSQL_ROOT_PASSWORD"'
          > {{ backup_dir }}/mariadb-dump.sql
        chdir: "{{ appwrite_dir }}"
      changed_when: true

    - name: Stop, back up volumes, and restart
      block:
        - name: Stop Appwrite service
          ansible.builtin.systemd:
            name: appwrite
            state: stopped

        - name: Back up Docker volumes
          ansible.builtin.command:
            cmd: >
              docker run --rm
              -v {{ _compose_project }}_{{ item }}:/data
              -v {{ backup_dir }}:/backup
              ubuntu tar czf /backup/{{ item }}.tar.gz -C /data .
          loop: "{{ appwrite_volumes }}"
          changed_when: true

        - name: Back up .env
          ansible.builtin.copy:
            src: "{{ appwrite_dir }}/.env"
            dest: "{{ backup_dir }}/.env"
            remote_src: true
            mode: '0600'

      rescue:
        - name: Notify that backup failed
          ansible.builtin.debug:
            msg: "Backup failed — Appwrite will be restarted. Check {{ backup_dir }} for partial output."

      always:
        - name: Ensure Appwrite service is started
          ansible.builtin.systemd:
            name: appwrite
            state: started

    - name: Report backup location
      ansible.builtin.debug:
        msg: "Backup written to {{ backup_dir }}"