40 lines
972 B
YAML
40 lines
972 B
YAML
---
|
|
# Here we mostly work on {{ borg_server }} to:
|
|
# * create repository
|
|
# * configure authorized key for backup user
|
|
- name: create root ssh private key
|
|
openssh_keypair:
|
|
comment: "passwordless access to vm2, as backup user"
|
|
path: /root/.ssh/id_rsa
|
|
owner: root
|
|
group: root
|
|
|
|
- name: create repo
|
|
file:
|
|
path: "/var/backups/borg/{{ ansible_hostname }}"
|
|
state: directory
|
|
owner: backup
|
|
group: backup
|
|
delegate_to: "{{ borg_server }}"
|
|
|
|
- name: get public key
|
|
command: "cat /root/.ssh/id_rsa.pub"
|
|
register: pubkey
|
|
|
|
- name: set pubkey as variable
|
|
set_fact:
|
|
public_key: "{{ pubkey.stdout }}"
|
|
|
|
# can't use authorized_key module here
|
|
- name: install ssh key
|
|
lineinfile:
|
|
path: /var/backups/.ssh/authorized_keys
|
|
line: 'command="borg serve --restrict-to-path /var/backups/borg/" {{ public_key }} from {{ ansible_hostname }}'
|
|
create: true
|
|
owner: backup
|
|
group: backup
|
|
mode: 0600
|
|
delegate_to: "{{ borg_server }}"
|
|
|
|
|