aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/borg-target/tasks
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-05-15 13:58:42 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2019-08-08 09:03:00 +0200
commit030305fc22b16851935de4dc52f912c550bdbd09 (patch)
tree3153888a7d1b63468194f0e8334ffbf4ef63dbea /ansible/roles/borg-target/tasks
parent4bd33c6a46f57f8a830042795cfaa68ef91963a9 (diff)
downloadinfra-030305fc22b16851935de4dc52f912c550bdbd09.tar.gz
infra-030305fc22b16851935de4dc52f912c550bdbd09.tar.bz2
infra-030305fc22b16851935de4dc52f912c550bdbd09.tar.xz
infra-030305fc22b16851935de4dc52f912c550bdbd09.zip
o New borg.
Diffstat (limited to 'ansible/roles/borg-target/tasks')
-rw-r--r--ansible/roles/borg-target/tasks/borg-init.yml47
-rw-r--r--ansible/roles/borg-target/tasks/main.yml62
2 files changed, 109 insertions, 0 deletions
diff --git a/ansible/roles/borg-target/tasks/borg-init.yml b/ansible/roles/borg-target/tasks/borg-init.yml
new file mode 100644
index 0000000..21b86d6
--- /dev/null
+++ b/ansible/roles/borg-target/tasks/borg-init.yml
@@ -0,0 +1,47 @@
+- with_items: "{{ client.value.repos }}"
+ assert:
+ that:
+ - "item in borg_target__passphrases[client.key]"
+ fail_msg: "{{ item }} is missing from borg-secrets.yml"
+ success_msg: ""
+
+- set_fact:
+ ssh_key: "{{ client.value.ssh_key_path if client.value.ssh_key_path is defined else ('files/borg/' + client.key + '/ssh-key') }}"
+- debug: var=ssh_key
+
+- with_items: "{{ client.value.repos }}"
+ name: mkdir client dir
+ file:
+ path: "{{ path | dirname }}"
+ state: directory
+ owner: "{{ borg_target__user }}"
+ group: "{{ borg_target__group }}"
+ vars:
+ path: "{{ borg_target__home }}/repos/{{ client.key }}/{{ item }}"
+
+- with_items: "{{ client.value.repos }}"
+ name: borg init
+ become_user: "{{ borg_target__user }}"
+ command: "borg init --encryption repokey {{ path }}"
+ args:
+ creates: "{{ path }}"
+ environment:
+ BORG_PASSPHRASE: "{{ borg_target__passphrases[client.key][item] }}"
+ vars:
+ path: "{{ borg_target__home }}/repos/{{ client.key }}/{{ item }}"
+
+- local_action:
+ module: stat
+ path: "{{ ssh_key }}"
+ register: ssh_key_stat
+
+- local_action:
+ module: file
+ path: "{{ (playbook_dir + '/' + ssh_key) | dirname }}"
+ state: directory
+ become: no
+
+- name: Generating SSH key
+ local_action: command ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "borg@{{ client.key }}"
+ when: not ssh_key_stat.stat.exists
+ become: no
diff --git a/ansible/roles/borg-target/tasks/main.yml b/ansible/roles/borg-target/tasks/main.yml
new file mode 100644
index 0000000..c3b8693
--- /dev/null
+++ b/ansible/roles/borg-target/tasks/main.yml
@@ -0,0 +1,62 @@
+- name: Install packages
+ tags: packages
+ apt:
+ name:
+ - borgbackup
+ install_recommends: no
+
+- name: Create unix group
+ become: yes
+ group:
+ name: "{{ borg_target__group }}"
+ system: yes
+
+- name: Create unix user
+ become: yes
+ user:
+ name: "{{ borg_target__user }}"
+ group: "{{ borg_target__group }}"
+ shell: "{{ borg_target__shell }}"
+ home: "{{ borg_target__home }}"
+ system: yes
+
+- name: mkdir repos
+ file:
+ path: "{{ borg_target__home }}/repos"
+ state: directory
+ mode: u=rwx,go=
+ owner: "{{ borg_target__user }}"
+ group: "{{ borg_target__group }}"
+
+- with_dict: "{{ borg_target__clients }}"
+ file:
+ path: "{{ borg_target__home }}/repos/{{ item.key }}"
+ state: directory
+
+- include_tasks: borg-init.yml
+ with_dict: "{{ borg_target__clients }}"
+ loop_control:
+ loop_var: client
+
+- file:
+ path: "{{ borg_target__home }}/.ssh"
+ state: directory
+ mode: u=rx,go=
+ owner: "{{ borg_target__user }}"
+ group: "{{ borg_target__group }}"
+
+- name: authorized_keys
+ tags: xxx
+ copy:
+ dest: "{{ borg_target__home }}/.ssh/authorized_keys"
+ content: |
+ tilde={{ '~borg' | expanduser }}
+ {% for client, config in borg_target__clients.items() %}
+ {% set state=config.state | default('present') %}
+ # Client: {{ client }}, state={{state}}
+ {% if state == 'present' %}
+ {% set key=lookup('file', 'borg/' + client + '/ssh-key.pub') %}
+ command="cd {{ borg_target__home }}/repos && borg serve --append-only{% for r in config.repos %} --restrict-to-repository {{ client }}/{{ r }}{% endfor %}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc {{ key }}
+ {% endif %}
+ {% endfor %}
+# "