diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2018-09-08 18:50:09 +0200 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-09-08 18:50:09 +0200 |
| commit | 4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0 (patch) | |
| tree | 2283c968c58e3ea61f3abf58c10e08662087a140 /ansible | |
| parent | c1fe8d9551e337031e5a5d62224779b389872ea3 (diff) | |
| download | infra-4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0.tar.gz infra-4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0.tar.bz2 infra-4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0.tar.xz infra-4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0.zip | |
o Borg wip.
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/borg-clients.yml | 8 | ||||
| -rw-r--r-- | ansible/borg-server.yml | 16 | ||||
| -rw-r--r-- | ansible/group_vars/all/borg_ssh_keys.yml | 93 | ||||
| -rw-r--r-- | ansible/host_vars/birgitte/borg.yml | 4 | ||||
| -rw-r--r-- | ansible/inventory | 2 | ||||
| -rwxr-xr-x | ansible/make-ssh-keys | 24 | ||||
| -rw-r--r-- | ansible/roles/borg-client/tasks/main.yml | 8 | ||||
| -rw-r--r-- | ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup | 5 | ||||
| -rw-r--r-- | ansible/roles/borg-server/tasks/main.yml | 23 |
9 files changed, 183 insertions, 0 deletions
diff --git a/ansible/borg-clients.yml b/ansible/borg-clients.yml new file mode 100644 index 0000000..7731505 --- /dev/null +++ b/ansible/borg-clients.yml @@ -0,0 +1,8 @@ +--- +- hosts: + - birgitte + tasks: + - name: borg-client + import_role: name=borg-client + tags: borg-client + become: true diff --git a/ansible/borg-server.yml b/ansible/borg-server.yml new file mode 100644 index 0000000..e30f01f --- /dev/null +++ b/ansible/borg-server.yml @@ -0,0 +1,16 @@ +--- +- hosts: + - birgitte + tasks: + - name: packages + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - borgbackup + - name: borg-server + import_role: name=borg-server + tags: borg-server + become: true + become_user: borg diff --git a/ansible/group_vars/all/borg_ssh_keys.yml b/ansible/group_vars/all/borg_ssh_keys.yml new file mode 100644 index 0000000..c3e3092 --- /dev/null +++ b/ansible/group_vars/all/borg_ssh_keys.yml @@ -0,0 +1,93 @@ +$ANSIBLE_VAULT;1.1;AES256 +39306531386635336332626362313532303832666335376533636664313930346261323266373233 +3561303938616135366161643036666235633632646332630a623535333663313635616564386436 +62383566623631366339613234613963323231393262623530383564653563646535346663306336 +3231353665346537310a316361336433373834363762643232333264316363636462666636393966 +31336430653266366362383539323731643764646561316463633665666561383534336565336535 +37386262366132336135343137306332356533393139666630316665653166353936346566626637 +65646363623332623636343963353035363162396565653435653663393338346331643563373036 +38626466306334363138323637303631646133353836623631373932656165636432323336373137 +37373231396132653130643237366235303337336237303335333535613834623033643031376662 +65336363633031643337306634346338356437656461373838373937333465663036653932333666 +66626237613466326239646364366163303633326333636262623534343130626538666562626661 +36643932373030333066326264366630333236633036386462623536616536356463386431326334 +35643132623331363132636537363538616539633564316438353635303330616432616464333930 +39363536343331666630653739646662636261313039396461636164366266383963336463616636 +35376366643663323461623737343866643266346162646234616662326561613962623434366264 +63653737633662343133386233343138653161303135376130643038646536323666383762393436 +39653463313866313535636630393938313266646632636436613366613562663962633165663136 +30643733663331396266323135666561323039353739383330343532303339376333653463616133 +33313837353138626430643833663137643333356666646466666461666137343434383264346332 +37636537623630616136666137663965643863343263663437303031363061653139646363373761 +38366237646430623931663661383439373932353934303732393862613963393932366237343664 +62356264323433626662303236613535333534396162646337636165653766633431323135346565 +38633932333335316264383831316239653035386134343739323761323634666530353734306663 +62373138613134613336333362616664393864376430656265346334303062323434303862306230 +33373332396264616663643563396362663434613435353732343063363035393632646237643765 +35376131623666663435653963356134346431306662326434303239303532363833363334666539 +63633430376565643964323562663164636466323665396430306662396364323633636333336566 +30343936333238343136616331363837646261306265313539396666356235616337386163636238 +61666535326139643036363261666635353233616132366662663035356338316430343962626664 +37323933303362353163313964623534393631393564613134363463343039623761383531326362 +62633336306464623639636666626233393562633135353630343937653631613262333662353666 +34333263343561303939303265313630396434386465313131393433333235653866343139303933 +33636462613365353936353435643137653037313831633337613736626663653934396431343265 +35303665353033616339303934666563353739303537356534333061356466653965376130363936 +63643037376163336164366436646263373438363866373161376362646365646331626139366138 +65363034643861306330366464653133653935616137303033366233306235656462343362613731 +65626634363339616231646266333162373733333730633166663164616661613463626638613561 +36363636333534616635636639346462656366373137383035376565306366343535623236626161 +63663762323662373031336262303039303366643830346463333563383738323832333935303735 +66646236353731323833633063343465336331656561333765343361623861376332636435663434 +38643436313030653136336535663263323464366466616631373163323461643635336333323261 +33303539373033316663313064356262633864373131386463313235353931326262373635346533 +64393066353965333931633465633637353537353062353031396464386464366664666138653462 +31633138356661363366383536353139316438353134653931343238356631366563383136616635 +33666536323865313235346434346563656135316662613836313262613533623539633035663563 +30366461663962616366396336383730306637396238313931363765633335346130373638326231 +61646136313132336133366561613865356139626132643764633462333338343334323534353062 +32373664336135383332646166333039366139383962663939353639616333373430653065366263 +62653565306435653230313236396639353164373435386535303965366333643766643730383261 +66396233383734656338346362316366626435383130383539376636343735643036643339356666 +31356361663431656666343965613632663136326162303162363936656339316635333962396238 +61313430383334393863383131616532376133386263336531396336303561363964623063323262 +37373131343762643632636432633739323165333338646462663732643133393061393735646462 +32663539393730333230303862343536333238303064656636393536333136653766616135353634 +38646262653234356533646232666331366465346265616239373433663066653431306331373937 +32373433656237343837383664366335373966343362643432633332663637396232323330393834 +34616539616462366236613930383933383435356537613032323839616130616137613661643233 +35316165396438396661356562336664613931613034646164316663396633663466336566633266 +65613535303866663362373130303463363332623763396464313437393937626264313833373836 +39666434643135303238316165343532613731643461306633653866306333366533346232623661 +66653238323066613834393939653562386333386438383961366635303162373461323333383663 +61393236323035643935393732393264393032343330363165363733613331653033653939323130 +31306435666539613934373161643136353162633434383734393261393566666265623232393939 +36316439336438613164393239336262376364313364363239366363363735333464313166333337 +36653861663865363165643932353563373666353030646361666166633361323938383563623834 +64343763323438326236343439346661623032616537363465386431643833393634316565646639 +64336531643031343638623630623736656330306138303961636332303735633938306165663435 +33393432653430656336613065323831336365623661616532303734383963643637363431613134 +61373331316363316261626430643833393837646563626535343839353631383561383638333530 +39343837306432653262336139653930626162303431393233316135346239363538643062643531 +65613432636534626665613634346166323666356665653534336564303632613164316666306162 +61396237376438653665653763353237613861626434346138623737343239393738633838303638 +63636437346535663436623963373565306636353466663661383838643665366333646362613736 +62376362363830653730643530373264316331636430613165346234643762353161366431346664 +61366263623661333066373038663739353861376537393763636664663739333332656137303461 +31326461653431646533656539356533396561663065643033613431303334393266316337623063 +61386564323066646365616435303966306634323163663065386131623034316232323064656435 +34353030633938303534346562363163643266613235386138333565616364663737623930336562 +66386532366638333864643866623666333030336461323836346464306664636433643131383466 +34303162383931646534333337373438323534666339386136663262353537366166353034653631 +33313365363264616536623166393163636161376338393935373761626135346232353464363864 +39323065656436383663613035313236356636613038643030386139346265313439336164633566 +37303961613066613530363834613532316266353832396331653762373937623263653937353739 +36643233353338313965323132633766303765366336353335396339353836373163393765616464 +63623965326661653836336633366430663236306237383934376634626539323163303037323561 +33653332353833633334333332306637366332663562653133353437323735666565636634356236 +66363130376230343361643265656233386636613831356262383733623533303331643832663265 +64303839386639633731303962623661313939623239343830666535636133653138333635343065 +30366539633430333132656564376563613762396333323932346665393163666234653538393939 +62646138613630333064346631356166626636653936363165646236613935313165643733613633 +61313736326137376134333362626337376465376635353131366130613862373335303731666131 +30346266366236393736 diff --git a/ansible/host_vars/birgitte/borg.yml b/ansible/host_vars/birgitte/borg.yml new file mode 100644 index 0000000..d3ba2fe --- /dev/null +++ b/ansible/host_vars/birgitte/borg.yml @@ -0,0 +1,4 @@ +borg_basedir: /disk1/borg +borg_clients: + conflatorio: + state: present diff --git a/ansible/inventory b/ansible/inventory index 721d827..3cd3e57 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -4,6 +4,8 @@ all: ansible_host: knot.trygvis.io numquam: ansible_host: numquam.trygvis.io + birgitte: + ansible_host: vs.trygvis.io children: via_knot: hosts: diff --git a/ansible/make-ssh-keys b/ansible/make-ssh-keys new file mode 100755 index 0000000..fbf2b7a --- /dev/null +++ b/ansible/make-ssh-keys @@ -0,0 +1,24 @@ +#!/bin/bash + +set -euo pipefail + +hosts=(conflatorio birgitte arius) + +rm -rf keys +mkdir keys + +out=/dev/stderr +out=keys/keys.yml + +echo borg_ssh_keys: >> $out +for host in ${hosts[@]} +do + ssh-keygen -q -t ed25519 -N "" -C "borg/$host" -f keys/$host + echo " $host:" >> $out + echo " public: $(<keys/$host.pub)" >> $out + echo " private: |" >> $out + sed "s/^/ /" keys/$host >> $out +done + +ansible-vault encrypt --output group_vars/all/borg_ssh_keys.yml keys/keys.yml +rm -rf keys diff --git a/ansible/roles/borg-client/tasks/main.yml b/ansible/roles/borg-client/tasks/main.yml new file mode 100644 index 0000000..79a9406 --- /dev/null +++ b/ansible/roles/borg-client/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: packages + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - borgbackup diff --git a/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup new file mode 100644 index 0000000..7f3e218 --- /dev/null +++ b/ansible/roles/borg-client/templates/bin/trygvis-borg-run-backup @@ -0,0 +1,5 @@ +#!/bin/bash + +set -euo pipefail + +/usr/bin/borg diff --git a/ansible/roles/borg-server/tasks/main.yml b/ansible/roles/borg-server/tasks/main.yml new file mode 100644 index 0000000..9ef5635 --- /dev/null +++ b/ansible/roles/borg-server/tasks/main.yml @@ -0,0 +1,23 @@ +- name: authorized_keys + with_dict: "{{ borg_clients }}" + authorized_key: + user: borg + manage_dir: False + state: "{{ item.value.state }}" + key: "{{ borg_ssh_keys[item.key].public }}" + path: "{{ borg_basedir }}/.ssh/authorized_keys2" + key_options: "command=\"cd {{ borg_basedir }}/repos; borg serve --append-only --restrict-to-path {{ borg_basedir }}/repos/{{ item.key }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc" + +- name: mkdir repos + file: + path: "{{ borg_basedir }}/repos" + state: directory + mode: u=rwx,go= + owner: borg + group: borg + +#- name: mkdir repos/{{ item.key }} +# with_dict: "{{ borg_clients }}" +# file: +# path: "{{ borg_basedir }}/repos" +# state: directory |