From cab3d045c1e4405182284ff95015c7144563bf38 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Mon, 22 Feb 2021 21:55:29 +0100
Subject: Simplified and fixed borg role

---
 README                 |  7 ++++++-
 tasks/client.yml       | 45 ++++++++-------------------------------------
 templates/backup.sh.j2 |  4 ++--
 3 files changed, 16 insertions(+), 40 deletions(-)

diff --git a/README b/README
index 32b392d..2c5e078 100644
--- a/README
+++ b/README
@@ -6,12 +6,17 @@ There are several variables you can define to configure a machines response to t
   - command_to_pipe: an optional command to pipe the backup data from
   - pre_command: an optional command to run before a job
   - post_command: an optional command to run after a job
+  - exclude: an optional list of paths containing locations to exclude
 
 To be valid, a borg job entry needs to have exactly one of the path or command_to_pipe keys.
 
 Here are some job examples :
-- { name: etc, path: "/etc" }
+- { name: etc, path: "/etc", exclude: [ "/etc/firmware" ] }
 - { name: mysqldump, command_to_pipe: "/usr/bin/mysqldump -h {{ mysql_server }} -u{{ ansible_hostname }} -p{{ ansible_local.mysql_client.password }} --single-transaction --add-drop-database -B {{ ansible_hostname }}" }
 - { name: gitea, path: "/tmp/gitea.zip", pre_command: "echo '/usr/local/sbin/gitea -C /etc/gitea -c /etc/gitea/app.ini dump -f /tmp/gitea.zip' | su -l _gitea", post_command: "rm -f /tmp/gitea.zip" }
 
 There is an action plugin that parses the borg_server entries from all hosts and set a flag to True in adyxax['is_borg_server'] for any machine specified as a backup target
+
+Usefull commands:
+=================
+ansible all -i hosts -m shell -a "/usr/local/bin/adyxax_backup.sh"
diff --git a/tasks/client.yml b/tasks/client.yml
index 0ae0142..ef28c53 100644
--- a/tasks/client.yml
+++ b/tasks/client.yml
@@ -15,22 +15,18 @@
   authorized_key:
     user: borg
     key: "{{ ansible_local.borg.pubkey }}"
-    key_options: 'command="cd /srv/borg/repos/{{ ansible_hostname }}; borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
+    key_options: 'command="borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
   delegate_to: "{{ borg_server }}"
 
-- name: create borg client repo directory on server
-  file:
-    path: "/srv/borg/repos/{{ ansible_hostname }}"
-    state: directory
-    owner: borg
-    mode: 0700
-  delegate_to: "{{ borg_server }}"
+- name: make the server known to the client
+  lineinfile:
+    line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
+    path: /root/.ssh/known_hosts
+    create: yes
 
 - name: create borg client repo on server
-  shell: "echo \"borg init --encryption=none /srv/borg/repos/{{ ansible_hostname }}\" | su -l borg"
-  delegate_to: "{{ borg_server }}"
-  args:
-    creates: "/srv/borg/repos/{{ ansible_hostname }}/config"
+  shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}"
+  when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
 
 - name: reload ansible_local
   setup: filter=ansible_local
@@ -38,31 +34,6 @@
   delegate_facts: True
   when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
 
-- name: make the server known to the client
-  lineinfile:
-    line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
-    path: /root/.ssh/known_hosts
-    create: yes
-
-- name: make the repo directory on the client
-  file:
-    state: directory
-    path: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}"
-    owner: root
-    mode: 0700
-
-- name: make the repo known to the client
-  copy:
-    dest: "/root/.config/borg/security/{{ hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] }}/{{ item.dest }}"
-    content: "{{ item.content }}"
-    owner: root
-    mode: 0600
-  loop:
-    - { dest: key-type, content: "2" }
-    - { dest: location, content: "ssh://borg@{{ borg_server }}/srv/borg/repos/{{ ansible_hostname }}" }
-    - { dest: manifest-timestamp, content: "{{ ansible_date_time['iso8601_micro'] }}" }
-  changed_when: false
-
 - name: deploy borg backup script
   template:
     dest: /usr/local/bin/adyxax_backup.sh
diff --git a/templates/backup.sh.j2 b/templates/backup.sh.j2
index 9ac8f1d..b1abb79 100644
--- a/templates/backup.sh.j2
+++ b/templates/backup.sh.j2
@@ -13,9 +13,9 @@ export BORG_RSH="ssh -i /root/.ssh/borg"
 {{ job.pre_command }}
 {% endif %}
 {% if job.command_to_pipe is defined %}
-{{ job.command_to_pipe }} | borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path | default('-') }}
+{{ job.command_to_pipe }} | borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} -
 {% else %}
-borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path }}
+borg create {% for exclude in job.exclude|default([]) %} --exclude {{ exclude }}{% endfor %} borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path }}
 {% endif %}
 {% if job.post_command is defined %}
 {{ job.post_command }}
-- 
cgit v1.2.3