54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
---
|
|
# Here we mostly work on {{ borg_server }} to:
|
|
# * create repository
|
|
# * configure authorized key for backup user
|
|
- name: create root ssh private key
|
|
openssh_keypair:
|
|
comment: "passwordless access to {{ borg_server }}, as backup user"
|
|
path: /root/.ssh/id_rsa
|
|
owner: root
|
|
group: root
|
|
|
|
- name: create repo
|
|
file:
|
|
path: "{{ borg_remote_dir }}{{ inventory_hostname }}"
|
|
state: directory
|
|
owner: "{{ borg_account }}"
|
|
group: "{{ borg_account }}"
|
|
delegate_to: "{{ borg_server }}"
|
|
|
|
- name: get public key
|
|
command: "cat /root/.ssh/id_rsa.pub"
|
|
register: pubkey
|
|
|
|
- name: set pubkey as variable
|
|
set_fact:
|
|
public_key: "{{ pubkey.stdout }}"
|
|
|
|
# can't use authorized_key module here
|
|
- name: install ssh key
|
|
lineinfile:
|
|
path: "{{ borg_remote_dir }}/.ssh/authorized_keys"
|
|
line: 'command="borg serve --restrict-to-path {{ borg_remote_dir }}" {{ public_key }} from {{ inventory_hostname }}'
|
|
create: true
|
|
owner: "{{ borg_account }}"
|
|
group: "{{ borg_account }}"
|
|
mode: 0600
|
|
delegate_to: "{{ borg_server }}"
|
|
|
|
- name: check if repository is created
|
|
tags: wip
|
|
delegate_to: "{{ borg_server }}"
|
|
ansible.builtin.stat:
|
|
path: "{{ borg_remote_dir }}{{ inventory_hostname }}/config"
|
|
register: repo_content
|
|
|
|
- name: create repository
|
|
tags: wip
|
|
when: repo_content.stat.isfile is not defined
|
|
ansible.builtin.command: "/usr/bin/borg init --encryption=keyfile {{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}{{ inventory_hostname }}"
|
|
environment:
|
|
BORG_PASSPHRASE: "{{ borg_passphrase }}"
|
|
|
|
|