Feat: borgmatic on boot works in molecule

roles/borgmatic/README.md

@@ -9,8 +9,8 @@ Role Variables
 
 Available variables are listed below, along with default values (see defaults/main.yml):
 
-    borg_source_directories
+    borg_source_directories # list of folder to backup
-    borg_repositories
+    borg_repository # list of repositories
 
 Dependencies
 ------------

roles/borgmatic/tasks/main.yml

@@ -48,7 +48,7 @@
     src: borgmatic.service.j2
     dest: "/lib/systemd/system/borgmatic_{{ borgmatic_name }}.service"
     mode: 644
-  notify: reload systemd
+  notify: "reload systemd"
 
 - name: copy systemd timer for executing borgmatic after boot
   template:
@@ -56,7 +56,12 @@
     dest: "/lib/systemd/system/borgmatic_{{ borgmatic_name }}.timer"
   notify: "reload systemd"
 
+- name: disable service
+  systemd:
+    name: "borgmatic_{{ borgmatic_name }}.service"
+    enabled: no
+
 - name: enable timer
   systemd:
-    name: "borgmatic_{{ borgmatic_name }}"
+    name: "borgmatic_{{ borgmatic_name }}.timer"
     enabled: yes

roles/borgmatic/templates/borgmatic.afterboot.timer.j2

@@ -1,5 +1,5 @@
 [Unit]
-Description=Run borgmatic {{ borgmatic_name }}backup
+Description=Run borgmatic {{ borgmatic_name }} backup
 
 [Timer]
 OnBootSec=2min

roles/borgmatic/templates/borgmatic.service.j2

@@ -1,56 +1,13 @@
 {{ ansible_managed | comment }}
 
 [Unit]
-Description=borgmatic backup
+Description=borgmatic {{ borgmatic_name }}backup
 Wants=network-online.target
 After=network-online.target
 
 [Service]
 Type=oneshot
 
-# Security settings for systemd running as root, optional but recommended to improve security. You
-# can disable individual settings if they cause problems for your use case. For more details, see
-# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-LockPersonality=true
-# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
-# But you can try setting it to "yes" for improved security if you don't use those features.
-MemoryDenyWriteExecute=no
-NoNewPrivileges=yes
-PrivateDevices=yes
-PrivateTmp=yes
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallErrorNumber=EPERM
-# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
-# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
-# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
-# leaves most of the filesystem read-only to borgmatic.
-ProtectSystem=full
-# ReadWritePaths=-/mnt/my_backup_drive
-# ReadOnlyPaths=-/var/lib/my_backup_source
-# This will mount a tmpfs on top of /root and pass through needed paths
-# ProtectHome=tmpfs
-# BindPaths=-/root/.cache/borg -/root/.cache/borg -/root/.borgmatic
-
-# May interfere with running external programs within borgmatic hooks.
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
-
-Restart=no
-# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
-# doesn't support this (pre-240 or so), you may have to remove this option.
-LogRateLimitIntervalSec=0
-
 # Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
 # dbus-user-session to be installed.
-ExecStartPre=/usr/bin/sleep 1m
+ExecStart=/usr/bin/systemd-inhibit --who="borgmatic {{ borgmatic_name }}" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic -c {{ borgmatic_config_file }} --verbosity -1 --syslog-verbosity 1
-ExecStart=/usr/bin/systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic -c {{ borgmatic_config_file }} --verbosity -1 --syslog-verbosity 1