---
# =============================================================================
# proxmox_config_backup.yml
# Backs up critical Proxmox configuration files from all nodes.
#
# Captures:
#   /etc/pve           — cluster config, VM configs, storage, users, certs
#   /etc/network       — network interfaces
#   /etc/hosts         — hostname resolution
#   /etc/hostname      — node name
#   /etc/apt/          — apt sources (so repos can be restored)
#
# NOTE: /etc/pve contains sensitive files (SSL keys, shadow.cfg, API tokens).
#       Local and SFTP destinations are supported. Git destination is a
#       TODO pending a secure encryption strategy for sensitive files.
#
# Usage:
#   # Backup all nodes (local)
#   ansible-playbook proxmox_config_backup.yml
#
#   # Backup to SFTP
#   ansible-playbook proxmox_config_backup.yml \
#     -e "backup_destination=sftp backup_sftp_host=backup.example.com backup_sftp_user=ansible"
#
#   # Backup a single node
#   ansible-playbook proxmox_config_backup.yml --limit pm-node-01
# =============================================================================

- name: "Proxmox | Config Backup"
  hosts: proxmox_cluster
  gather_facts: true
  serial: 1               # Back up one node at a time to avoid SFTP conflicts

  vars:
    backup_destination: local
    backup_local_dir: /var/backups/proxmox-config
    backup_local_keep: 10

  tasks:
    - name: "Backup | Run config backup for {{ inventory_hostname }}"
      ansible.builtin.include_role:
        name: proxmox_config_backup
      vars:
        current_node: "{{ inventory_hostname }}"

    - name: "Backup | All nodes complete"
      ansible.builtin.debug:
        msg: "✓ Config backup complete for all nodes in {{ client_name | default('cluster') }}."
      run_once: true