From 17d54301f70f0e5217a3d769c265680c4a352182 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Thu, 1 Jan 2026 16:49:44 +0100
Subject: [PATCH] make it work on infra.opendoor.fr

---
 README.md              |  9 ++++-----
 defaults/main.yml      | 12 +++++++-----
 meta/main.yml          |  3 ++-
 tasks/cleanup.yml      |  6 ------
 tasks/cron.yml         | 22 ----------------------
 tasks/install.yml      | 28 +++++++++++++++++++++-------
 tasks/main.yml         |  1 -
 tasks/repo.yml         | 30 ++++++++++++++++++++++--------
 templates/borg.conf.jj |  5 +++--
 9 files changed, 59 insertions(+), 57 deletions(-)
 delete mode 100644 tasks/cleanup.yml

diff --git a/README.md b/README.md
index a42e956..fbd2ce8 100644
--- a/README.md
+++ b/README.md
@@ -16,12 +16,11 @@ Role Variables
 
 Defaults set in defaults/main.yml
 
-borg_dirs - list of directories to backup - default to /root and /etc
+borg_dirs - list of directories to backup - default to [ "/root", "/etc" ]
 borg_release - default to 1.1.4
-borg_key - encryption key - définie dans group_vars/all
-borg_server - default to vm2
-borg_account - default to backup
-borg_remote_dir - remote base directory for repos - default to /var/backups/borg
+borg_server - default to maison.opendoor.fr
+borg_account - default to backup_borg
+borg_remote_dir - remote base directory for repos - default to /media/Backups/
 borg_passphrase - no default, should be set on a per host basis
 borg_rotate - num of days of backup we keep - default 15
 borg_script_dir - defaults to /root/bin/borg/
diff --git a/defaults/main.yml b/defaults/main.yml
index 2de5745..1efc5f5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,11 @@
 ---
 # defaults file for borg_client
-borg_release: 1.1.4
-borg_dirs: "/etc /root"
-borg_server: vm2.hadoly.fr
-borg_remote_dir: /var/backups/borg
-borg_account: backup
+borg_release: 1.2.9
+borg_dirs:
+  - /etc
+  - /root
+borg_remote_dir: /media/Backups/
+borg_account: backup_borg
+borg_server: maison.opendoor.fr
 borg_rotate: 15
 borg_script_dir: /root/bin
\ No newline at end of file
diff --git a/meta/main.yml b/meta/main.yml
index 227ad9c..660ae5a 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -47,7 +47,8 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
+dependencies:
+  - { role: tco.changelog, myrole_name: ansible_borg_client }
   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
   # if you add dependencies to this list.
   
\ No newline at end of file
diff --git a/tasks/cleanup.yml b/tasks/cleanup.yml
deleted file mode 100644
index 8ed4991..0000000
--- a/tasks/cleanup.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: remove old cron entry
-  lineinfile:
-    path: /etc/crontab
-    regexp: '.*/root/bin/borg.sh.*'
-    state: absent
diff --git a/tasks/cron.yml b/tasks/cron.yml
index c718be6..88a5415 100644
--- a/tasks/cron.yml
+++ b/tasks/cron.yml
@@ -1,25 +1,3 @@
-- name: Deploy cronjob backup_temoin
-  vars:
-    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
-  cron:
-    name: backup_temoin
-    cron_file: backup_temoin
-    user: root
-    hour: "7"
-    minute: "{{ minutes }}"
-    job: "/bin/touch /root/temoinbackup"
-
-- name: Deploy cronjob backup_extract
-  vars:
-    minutes: "{{ 59 | random(seed=inventory_hostname) }}"
-  cron:
-    name: backup_extract
-    cron_file: backup_extract
-    user: root
-    hour: "8"
-    minute: "{{ minutes }}"
-    job: 'cd /tmp/ ; {{ borg_script_dir }}/borg.sh extract {{ ansible_hostname }}_$( date +\%Y\%m\%d) root/temoinbackup ; chmod 755 /tmp/root'
-
 - name: Deploy cronjob backup_tout_court
   vars:
     minutes: "{{ 59 | random(seed=inventory_hostname) }}"
diff --git a/tasks/install.yml b/tasks/install.yml
index cf24277..6607825 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,20 +1,32 @@
 ---
+- name: configure ssh
+  block:
+  - name: .ssh dir
+    ansible.builtin.file:
+      path: /root/.ssh
+      mode: 0700
+      state: directory
+  - name: .ssh/confi 
+    ansible.builtin.copy:
+      dest: /root/.ssh/config
+      content: |
+        Host *
+          Port 2222
+
 - name: get borg binary
   get_url:
     dest: /usr/bin/borg
     owner: root
-    group: backup
-    mode: "0750"
-    url: https://github.com/borgbackup/borg/releases/download/{{ borg_release }}/borg-linux64
+    mode: "0755"
+    url: https://github.com/borgbackup/borg/releases/download/{{ borg_release }}/borg-linuxnew64
 
 - name: ensure /root/bin exists
-  file:
+  ansible.builtin.file:
     path: "{{ borg_script_dir }}"
     state: directory
 
 - name: get borgbackup script
-  tags: wip
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ item.url }}"
     mode: "{{ item.mode }}"
     dest: "{{ borg_script_dir }}"
@@ -22,7 +34,9 @@
   - { url: "https://git.hadoly.fr/CS_CT/borg/raw/tag/1.0/borg.sh", mode: "0700" }
 
 - name: get borgbackup config
-  template:
+  vars:
+    borg_dirs_serialized: "{{ borg_dirs | join( ' ' ) }}"
+  ansible.builtin.template:
     src: borg.conf.jj
     dest: "{{ borg_script_dir }}/borg.conf"
     mode: 0600
diff --git a/tasks/main.yml b/tasks/main.yml
index 8788a5a..86024be 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 # tasks file for borg_client
-- include_tasks: cleanup.yml
 - include_tasks: install.yml
 - include_tasks: cron.yml
 - include_tasks: repo.yml
\ No newline at end of file
diff --git a/tasks/repo.yml b/tasks/repo.yml
index 8385189..6a8ec01 100644
--- a/tasks/repo.yml
+++ b/tasks/repo.yml
@@ -4,17 +4,17 @@
 # * configure authorized key for backup user
 - name: create root ssh private key
   openssh_keypair:
-    comment: "passwordless access to vm2, as backup user"
+    comment: "passwordless access to {{ borg_server }}, as backup user"
     path: /root/.ssh/id_rsa
     owner: root
     group: root
 
 - name: create repo
   file:
-    path: "/var/backups/borg/{{ ansible_hostname }}"
+    path: "{{ borg_remote_dir }}{{ inventory_hostname }}"
     state: directory
-    owner: backup
-    group: backup
+    owner: "{{ borg_account }}"
+    group:  "{{ borg_account }}"
   delegate_to: "{{ borg_server }}"
 
 - name: get public key
@@ -28,12 +28,26 @@
 # can't use authorized_key module here
 - name: install ssh key
   lineinfile:
-    path: /var/backups/.ssh/authorized_keys
-    line: 'command="borg serve --restrict-to-path /var/backups/borg/" {{ public_key }} from {{ ansible_hostname }}'
+    path: "{{ borg_remote_dir }}/.ssh/authorized_keys"
+    line: 'command="borg serve --restrict-to-path {{ borg_remote_dir }}" {{ public_key }} from {{ inventory_hostname }}'
     create: true
-    owner: backup
-    group: backup
+    owner: "{{ borg_account }}"
+    group: "{{ borg_account }}"
     mode: 0600
   delegate_to: "{{ borg_server }}"
 
+- name: check if repository is created
+  tags: wip
+  delegate_to: "{{ borg_server }}"
+  ansible.builtin.stat:
+    path: "{{ borg_remote_dir }}{{ inventory_hostname }}/config"
+  register: repo_content
+
+- name: create repository
+  tags: wip
+  when: repo_content.stat.isfile is not defined
+  ansible.builtin.command: "/usr/bin/borg init --encryption=keyfile {{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}{{ inventory_hostname }}"
+  environment:
+    BORG_PASSPHRASE: "{{ borg_passphrase }}"
+    
 
diff --git a/templates/borg.conf.jj b/templates/borg.conf.jj
index 72ea30b..80a0988 100644
--- a/templates/borg.conf.jj
+++ b/templates/borg.conf.jj
@@ -1,5 +1,6 @@
-REPOSITORY={{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}/{{ ansible_hostname }}
+REPOSITORY={{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}/{{ inventory_hostname }}
 export BORG_PASSPHRASE={{ borg_passphrase }}
 borg=/usr/bin/borg
 rotate={{ borg_rotate }}
-src="{{ borg_dirs }}"
+src="{{ borg_dirs_serialized }}"
+status_file=/run/zabbix/{{ inventory_hostname}}_borg.status