From f084bd976cf942a43df7bbc77c63e21bf1045970 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Tue, 5 Jul 2022 21:15:26 +0200
Subject: Fixed authorized_keys configuration drift, and change repo directory
 from hostname to fqdn

---
 tasks/client.yml      | 25 +++----------------------
 tasks/client_init.yml | 12 ++++++++++++
 tasks/main.yml        |  3 +++
 tasks/server.yml      |  7 +++++++
 4 files changed, 25 insertions(+), 22 deletions(-)
 create mode 100644 tasks/client_init.yml

(limited to 'tasks')

diff --git a/tasks/client.yml b/tasks/client.yml
index ef28c53..073cea0 100644
--- a/tasks/client.yml
+++ b/tasks/client.yml
@@ -1,23 +1,4 @@
 ---
-- name: generate borg ssh key on client
-  openssh_keypair:
-    owner: root
-    mode: 0400
-    path: /root/.ssh/borg
-    type: ed25519
-  register: borg_ssh_key
-
-- name: reload ansible_local
-  setup: filter=ansible_local
-  when: borg_ssh_key.changed
-
-- name: Enforce borg authorized key on server
-  authorized_key:
-    user: borg
-    key: "{{ ansible_local.borg.pubkey }}"
-    key_options: 'command="borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict'
-  delegate_to: "{{ borg_server }}"
-
 - name: make the server known to the client
   lineinfile:
     line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}"
@@ -25,14 +6,14 @@
     create: yes
 
 - name: create borg client repo on server
-  shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}"
-  when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
+  shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }}"
+  when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined
 
 - name: reload ansible_local
   setup: filter=ansible_local
   delegate_to: "{{ borg_server }}"
   delegate_facts: True
-  when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined
+  when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined
 
 - name: deploy borg backup script
   template:
diff --git a/tasks/client_init.yml b/tasks/client_init.yml
new file mode 100644
index 0000000..251bee4
--- /dev/null
+++ b/tasks/client_init.yml
@@ -0,0 +1,12 @@
+---
+- name: generate borg ssh key on client
+  openssh_keypair:
+    owner: root
+    mode: 0400
+    path: /root/.ssh/borg
+    type: ed25519
+  register: borg_ssh_key
+
+- name: reload ansible_local
+  setup: filter=ansible_local
+  #when: borg_ssh_key.changed
diff --git a/tasks/main.yml b/tasks/main.yml
index 8832443..2606ecf 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+- import_tasks: client_init.yml
+  when: borg_server is defined
+
 - action: borg_validate
 
 - action: borg_init
diff --git a/tasks/server.yml b/tasks/server.yml
index 78754a2..ce731f6 100644
--- a/tasks/server.yml
+++ b/tasks/server.yml
@@ -24,4 +24,11 @@
     - /srv/borg
     - /srv/borg/.ssh
     - /srv/borg/repos
+
+- name: deploy borg authorized_keys
+  template:
+    dest: /srv/borg/.ssh/authorized_keys
+    src: authorized_keys
+    owner: borg
+    mode: 0400
 ...
-- 
cgit v1.2.3