aboutsummaryrefslogtreecommitdiff
path: root/tasks
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tasks/client.yml89
-rw-r--r--tasks/common.yml25
-rw-r--r--tasks/main.yml10
-rw-r--r--tasks/server.yml26
4 files changed, 150 insertions, 0 deletions
diff --git a/tasks/client.yml b/tasks/client.yml
new file mode 100644
index 0000000..b4c4b22
--- /dev/null
+++ b/tasks/client.yml
@@ -0,0 +1,89 @@
+---
+- name: generate borg ssh key on client
+ openssh_keypair:
+ owner: root
+ mode: 0400
+ path: /root/.ssh/borg
+ type: ed25519
+ register: borg_ssh_key
+
+- name: reload ansible_local
+ setup: filter=ansible_local
+ when: borg_ssh_key.changed
+
+- name: Enforce borg authorized key on server
+ authorized_key:
+ user: borg
+ key: "{{ ansible_local.borg.pubkey }}"
+ key_options: 'command="cd /srv/borg/repos/{{ ansible_hostname }}; borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
+ delegate_to: "{{ borg_server }}"
+
+- name: create borg client repo directory on server
+ file:
+ path: "/srv/borg/repos/{{ ansible_hostname }}"
+ state: directory
+ owner: borg
+ mode: 0700
+ delegate_to: "{{ borg_server }}"
+
+- name: create borg client repo on server
+ command: "borg init --encryption=none /srv/borg/repos/{{ ansible_hostname }}"
+ become: yes
+ become_method: su
+ become_user: borg
+ delegate_to: "{{ borg_server }}"
+ args:
+ creates: "/srv/borg/repos/{{ ansible_hostname }}/config"
+
+- name: reload ansible_local
+ setup: filter=ansible_local
+ delegate_to: "{{ borg_server }}"
+ delegate_facts: True
+ when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
+
+- name: make the server known to the client
+ lineinfile:
+ line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
+ path: /root/.ssh/known_hosts
+ create: yes
+
+- name: make the repo directory on the client
+ file:
+ state: directory
+ path: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}"
+ owner: root
+ mode: 0700
+
+- name: make the repo known to the client
+ copy:
+ dest: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}/key-type"
+ content: "2"
+ owner: root
+ mode: 0600
+
+- name: deploy borg backup script
+ template:
+ dest: /usr/local/bin/adyxax_backup.sh
+ src: backup.sh.j2
+ owner: root
+ mode: 0500
+
+- name: activate borg cron on alpine
+ lineinfile:
+ line: '0 23 * * * /usr/local/bin/adyxax_backup.sh'
+ path: /etc/crontabs/root
+ when: ansible_os_family == 'Alpine'
+
+- name: activate borg cron on gentoo or redhat
+ file:
+ state: link
+ src: /usr/local/bin/adyxax_backup.sh
+ dest: /etc/cron.daily/backup
+ when: ansible_os_family == 'Gentoo' or ansible_os_family == 'RedHat'
+
+- name: activate borg cron on openbsd
+ lineinfile:
+ line: '0 23 * * * /usr/local/bin/adyxax_backup.sh'
+ path: /var/cron/tabs/root
+ when: ansible_os_family == 'OpenBSD'
+...
diff --git a/tasks/common.yml b/tasks/common.yml
new file mode 100644
index 0000000..057cd25
--- /dev/null
+++ b/tasks/common.yml
@@ -0,0 +1,25 @@
+---
+- name: set distro-specific server variables
+ include_vars: '{{ ansible_os_family }}.yml'
+
+- name: Check if borg is supported on distro
+ fail:
+ msg: "borg tasks are not supported on this operating system yet."
+ when: borg_packages is not defined
+
+- name: Ensure borg is installed
+ package:
+ name: "{{ borg_packages }}"
+
+- name: Push borg gathering fact on client
+ copy:
+ src: borg.fact
+ dest: /etc/ansible/facts.d/
+ mode: 0500
+ owner: root
+ register: borg_gathering_fact
+
+- name: reload ansible_local
+ setup: filter=ansible_local
+ when: borg_gathering_fact.changed
+...
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..e49b440
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- import_tasks: common.yml
+ when: (is_borg_server|default(false)) or borg_server is defined
+
+- import_tasks: server.yml
+ when: (is_borg_server|default(false))
+
+- import_tasks: client.yml
+ when: borg_server is defined
+...
diff --git a/tasks/server.yml b/tasks/server.yml
new file mode 100644
index 0000000..bd40dab
--- /dev/null
+++ b/tasks/server.yml
@@ -0,0 +1,26 @@
+---
+- name: Create borg group on server
+ group:
+ name: borg
+ system: yes
+
+- name: Create borg user on server
+ user:
+ name: borg
+ shell: /bin/sh
+ home: /srv/borg
+ createhome: yes
+ system: yes
+ password_lock: yes
+
+- name: Ensure borg directories exist on server
+ file:
+ state: directory
+ path: "{{ item }}"
+ owner: borg
+ mode: 0700
+ loop:
+ - /srv/borg
+ - /srv/borg/.ssh
+ - /srv/borg/repos
+...