Initialize backup setup with a role

Based from my NixOS module for the borg backups. Apparently, borgmatic
can run all configured setups from certain locations with one command.
It should be easy to add the remaining backups too.

Now, encrypting the sensitive configurations is another problem (or I
just don't include them in the Git worktree).

roles/system/external_backup/files/borgmatic.yml

@@ -0,0 +1,38 @@
+location:
+    source_directories:
+        - /home/*/library
+        - /home/*/Pictures
+        - /home/*/Music
+        - /home/*/Videos
+
+    repositories:
+        - /mnt/external-storage/backups
+
+    bsd_flags: true
+
+    exclude_patterns:
+        - '*.pyc'
+        - '*.tmp'
+        - '/home/*/library/projects/software/**/node_modules'
+        - '/home/*/library/projects/software/*/target'
+
+    exclude_if_present:
+        - .nobackup
+
+storage:
+    compression: zstd,9
+    archive_name_format: '{hostname}-{user}-{now:%F-%H-%M-%S-%z}'
+    relocated_repo_access_is_ok: true
+
+retention:
+    keep_within: 1d
+    keep_hourly: 8
+    keep_daily: 30
+    keep_weekly: 4
+    keep_monthly: 6
+    keep_yearly: 3
+    prefix: "{hostname}-{user}"
+
+hooks:
+  before_backup:
+    - findmnt /mnt/external-storage > /dev/null || exit 75

roles/system/external_backup/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: system/borg

roles/system/external_backup/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Configure external storage device
+  ansible.posix.mount:
+    state: mounted
+    path: /mnt/external-storage
+    src: UUID=665A391C5A38EB07
+    fstype: ntfs
+    opts: nofail,noauto,user,x-systemd.automount,x-systemd.device-timeout=2,x-systemd.idle-timeout=2
+
+- name: Add the borgmatic configuration
+  copy:
+    src: "{{ role_path }}/files/borgmatic.yml"
+    dest: /etc/borgmatic.d/external-storage.yaml
+    setype: etc_t