feat(sys-ctl-cln-faild-bkps): migrate role to cleanback CLI (systemd oneshot) and derive workers from Ansible facts

- install via pkgmgr (CLEANUP_FAILED_BACKUPS_PKG=cleanback)
- run: cleanback --all --dirval-cmd dirval --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --timeout {{ CLEANBACK_TIMEOUT_SECONDS }} --yes
- remove obsolete systemctl template and path set_fact logic
- keep task variable names intact; no defaults for runtime knobs
- update README to reflect new behavior

Conversation: https://chatgpt.com/share/68c309bf-8818-800f-84d9-c4aa74a4544c

roles/sys-ctl-cln-faild-bkps/README.md

@@ -1,24 +1,13 @@
-# Docker Volume Backup Cleanup Role
+# Cleanup Failed Backups
 
-## Description
+This role installs and runs the **cleanback** CLI to validate and delete **failed Docker backups** under `/Backups/*/backup-docker-to-local`.  
+Validation is performed via `dirval`; failures can be removed automatically in a non-interactive service execution.
 
-This role cleans up failed Docker backups by pulling a [Git repository](https://github.com/kevinveenbirkenbach/cleanup-failed-docker-backups) that contains cleanup scripts and configuring a systemd service to execute them. It ensures that failed or incomplete backups are removed to free up disk space and maintain a healthy backup environment.
-
-## Overview
-
-Optimized for backup maintenance, this role:
-- Clones the sys-ctl-cln-faild-bkps repository.
-- Configures a systemd service to run the cleanup script.
-- Integrates with the [sys-timer](../sys-timer/README.md) role to schedule periodic cleanup.
-- Works in conjunction with the sys-svc-directory-validator role for additional verification.
-
-## Purpose
-
-The primary purpose of this role is to remove failed Docker backups automatically, thereby freeing disk space and preventing backup storage from becoming cluttered with incomplete data.
-
-## Features
-
-- **Repository Cloning:** Retrieves the latest cleanup scripts from a Git repository.
-- **Service Configuration:** Sets up a systemd service to run the cleanup tasks.
-- **Timer Integration:** Schedules periodic cleanup through a systemd timer.
-- **Dependency Integration:** Works with sys-svc-directory-validator to enhance backup integrity.
+## Behavior
+- Installs `cleanback` via `pkgmgr`.
+- Runs `cleanback` (`main.py`) as a **systemd oneshot** service.
+- Executes `--all` with `--yes` so failing directories are deleted automatically.
+- **No defaults** for runtime knobs:
+  - `CLEANBACK_TIMEOUT_SECONDS` (required)
+  - `SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS` (required)
+- **Workers** (`CLEANUP_FAILED_BACKUPS_WORKERS`) are **derived from Ansible facts only** (no arbitrary defaults). Facts **must** be gathered.

roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml

@@ -2,30 +2,23 @@
   include_role:
     name: '{{ item }}'
   loop:
-  - sys-ctl-alm-compose
-  - sys-lock
-  - sys-svc-directory-validator
-  - sys-daemon
+    - sys-ctl-alm-compose
+    - sys-lock
+    - sys-svc-directory-validator
+    - sys-daemon
 
-- name: "pkgmgr install"
+- name: "pkgmgr install '{{ CLN_FAILED_DOCKER_BACKUPS_PKG }}'"
   include_role:
     name: pkgmgr-install
   vars:
-    package_name: "{{ CLN_FAILED_DOCKER_BACKUPS_PKG }}"
-
-- name: "Retrieve {{ CLN_FAILED_DOCKER_BACKUPS_PKG }} path from pkgmgr"
-  command: "pkgmgr path {{ CLN_FAILED_DOCKER_BACKUPS_PKG }}"
-  register: pkgmgr_output
-  changed_when: false
-
-- name: Set fact for BACKUP_CLEANUP_SCRIPT
-  set_fact:
-    BACKUP_CLEANUP_SCRIPT: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}"
-  changed_when: false
+    package_name: "{{ CLEANUP_FAILED_BACKUPS_PKG }}"
 
 - include_role:
     name: sys-service
   vars:
-    system_service_timer_enabled:  true
-    system_service_on_calendar: "{{SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS}}"
-    system_service_copy_files: false
+    system_service_timer_enabled:       true
+    system_service_on_calendar:         "{{ SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS }}"
+    system_service_copy_files:          false
+    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_tpl_exec_start:      '/bin/sh -c "{{ CLEANUP_FAILED_BACKUPS_PKG }} --all --dirval-cmd dirval --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --timeout {{ CLEANBACK_TIMEOUT_SECONDS }} --yes"'
+    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(" ") }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"'

roles/sys-ctl-cln-faild-bkps/templates/systemctl.service.j2

@@ -1,8 +0,0 @@
-[Unit]
-Description=Cleaning up failed docker volume backups
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"
-ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{ BACKUP_CLEANUP_SCRIPT | quote }}'

roles/sys-ctl-cln-faild-bkps/vars/main.yml

@@ -1,2 +1,4 @@
 system_service_id:              sys-ctl-cln-faild-bkps
-CLN_FAILED_DOCKER_BACKUPS_PKG:  cleanup-failed-docker-backups
+
+CLEANUP_FAILED_BACKUPS_PKG:     cleanback
+CLEANUP_FAILED_BACKUPS_WORKERS: "{{ ansible_facts.processor_vcpus if ASYNC_ENABLED else 1 }}"