aboutsummaryrefslogtreecommitdiff
path: root/tasks
diff options
context:
space:
mode:
authorJulien Dessaux2022-07-05 21:15:26 +0200
committerJulien Dessaux2022-07-05 21:54:40 +0200
commitf084bd976cf942a43df7bbc77c63e21bf1045970 (patch)
tree097b2d2a82b60489c2d22c32e4e7802342d1e82e /tasks
parentAllow hyphens in borg job name (diff)
downloadborg-ansible-role-f084bd976cf942a43df7bbc77c63e21bf1045970.tar.gz
borg-ansible-role-f084bd976cf942a43df7bbc77c63e21bf1045970.tar.bz2
borg-ansible-role-f084bd976cf942a43df7bbc77c63e21bf1045970.zip
Fixed authorized_keys configuration drift, and change repo directory from hostname to fqdn
Diffstat (limited to 'tasks')
-rw-r--r--tasks/client.yml25
-rw-r--r--tasks/client_init.yml12
-rw-r--r--tasks/main.yml3
-rw-r--r--tasks/server.yml7
4 files changed, 25 insertions, 22 deletions
diff --git a/tasks/client.yml b/tasks/client.yml
index ef28c53..073cea0 100644
--- a/tasks/client.yml
+++ b/tasks/client.yml
@@ -1,23 +1,4 @@
---
-- name: generate borg ssh key on client
- openssh_keypair:
- owner: root
- mode: 0400
- path: /root/.ssh/borg
- type: ed25519
- register: borg_ssh_key
-
-- name: reload ansible_local
- setup: filter=ansible_local
- when: borg_ssh_key.changed
-
-- name: Enforce borg authorized key on server
- authorized_key:
- user: borg
- key: "{{ ansible_local.borg.pubkey }}"
- key_options: 'command="borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
- delegate_to: "{{ borg_server }}"
-
- name: make the server known to the client
lineinfile:
line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
@@ -25,14 +6,14 @@
create: yes
- name: create borg client repo on server
- shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}"
- when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
+ shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }}"
+ when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined
- name: reload ansible_local
setup: filter=ansible_local
delegate_to: "{{ borg_server }}"
delegate_facts: True
- when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
+ when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined
- name: deploy borg backup script
template:
diff --git a/tasks/client_init.yml b/tasks/client_init.yml
new file mode 100644
index 0000000..251bee4
--- /dev/null
+++ b/tasks/client_init.yml
@@ -0,0 +1,12 @@
+---
+- name: generate borg ssh key on client
+ openssh_keypair:
+ owner: root
+ mode: 0400
+ path: /root/.ssh/borg
+ type: ed25519
+ register: borg_ssh_key
+
+- name: reload ansible_local
+ setup: filter=ansible_local
+ #when: borg_ssh_key.changed
diff --git a/tasks/main.yml b/tasks/main.yml
index 8832443..2606ecf 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,7 @@
---
+- import_tasks: client_init.yml
+ when: borg_server is defined
+
- action: borg_validate
- action: borg_init
diff --git a/tasks/server.yml b/tasks/server.yml
index 78754a2..ce731f6 100644
--- a/tasks/server.yml
+++ b/tasks/server.yml
@@ -24,4 +24,11 @@
- /srv/borg
- /srv/borg/.ssh
- /srv/borg/repos
+
+- name: deploy borg authorized_keys
+ template:
+ dest: /srv/borg/.ssh/authorized_keys
+ src: authorized_keys
+ owner: borg
+ mode: 0400
...