diff options
Diffstat (limited to 'ansible/roles/borg-target')
-rw-r--r-- | ansible/roles/borg-target/defaults/main.yml | 6 | ||||
-rw-r--r-- | ansible/roles/borg-target/tasks/borg-init.yml | 47 | ||||
-rw-r--r-- | ansible/roles/borg-target/tasks/main.yml | 62 |
3 files changed, 115 insertions, 0 deletions
diff --git a/ansible/roles/borg-target/defaults/main.yml b/ansible/roles/borg-target/defaults/main.yml new file mode 100644 index 0000000..734434a --- /dev/null +++ b/ansible/roles/borg-target/defaults/main.yml @@ -0,0 +1,6 @@ +borg_target__user: borg +borg_target__group: borg +borg_target__shell: /bin/bash +borg_target__home: /opt/borg + +borg_target__repos: diff --git a/ansible/roles/borg-target/tasks/borg-init.yml b/ansible/roles/borg-target/tasks/borg-init.yml new file mode 100644 index 0000000..21b86d6 --- /dev/null +++ b/ansible/roles/borg-target/tasks/borg-init.yml @@ -0,0 +1,47 @@ +- with_items: "{{ client.value.repos }}" + assert: + that: + - "item in borg_target__passphrases[client.key]" + fail_msg: "{{ item }} is missing from borg-secrets.yml" + success_msg: "" + +- set_fact: + ssh_key: "{{ client.value.ssh_key_path if client.value.ssh_key_path is defined else ('files/borg/' + client.key + '/ssh-key') }}" +- debug: var=ssh_key + +- with_items: "{{ client.value.repos }}" + name: mkdir client dir + file: + path: "{{ path | dirname }}" + state: directory + owner: "{{ borg_target__user }}" + group: "{{ borg_target__group }}" + vars: + path: "{{ borg_target__home }}/repos/{{ client.key }}/{{ item }}" + +- with_items: "{{ client.value.repos }}" + name: borg init + become_user: "{{ borg_target__user }}" + command: "borg init --encryption repokey {{ path }}" + args: + creates: "{{ path }}" + environment: + BORG_PASSPHRASE: "{{ borg_target__passphrases[client.key][item] }}" + vars: + path: "{{ borg_target__home }}/repos/{{ client.key }}/{{ item }}" + +- local_action: + module: stat + path: "{{ ssh_key }}" + register: ssh_key_stat + +- local_action: + module: file + path: "{{ (playbook_dir + '/' + ssh_key) | dirname }}" + state: directory + become: no + +- name: Generating SSH key + local_action: command ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "borg@{{ client.key }}" + when: not ssh_key_stat.stat.exists + become: no diff --git a/ansible/roles/borg-target/tasks/main.yml b/ansible/roles/borg-target/tasks/main.yml new file mode 100644 index 0000000..c3b8693 --- /dev/null +++ b/ansible/roles/borg-target/tasks/main.yml @@ -0,0 +1,62 @@ +- name: Install packages + tags: packages + apt: + name: + - borgbackup + install_recommends: no + +- name: Create unix group + become: yes + group: + name: "{{ borg_target__group }}" + system: yes + +- name: Create unix user + become: yes + user: + name: "{{ borg_target__user }}" + group: "{{ borg_target__group }}" + shell: "{{ borg_target__shell }}" + home: "{{ borg_target__home }}" + system: yes + +- name: mkdir repos + file: + path: "{{ borg_target__home }}/repos" + state: directory + mode: u=rwx,go= + owner: "{{ borg_target__user }}" + group: "{{ borg_target__group }}" + +- with_dict: "{{ borg_target__clients }}" + file: + path: "{{ borg_target__home }}/repos/{{ item.key }}" + state: directory + +- include_tasks: borg-init.yml + with_dict: "{{ borg_target__clients }}" + loop_control: + loop_var: client + +- file: + path: "{{ borg_target__home }}/.ssh" + state: directory + mode: u=rx,go= + owner: "{{ borg_target__user }}" + group: "{{ borg_target__group }}" + +- name: authorized_keys + tags: xxx + copy: + dest: "{{ borg_target__home }}/.ssh/authorized_keys" + content: | + tilde={{ '~borg' | expanduser }} + {% for client, config in borg_target__clients.items() %} + {% set state=config.state | default('present') %} + # Client: {{ client }}, state={{state}} + {% if state == 'present' %} + {% set key=lookup('file', 'borg/' + client + '/ssh-key.pub') %} + command="cd {{ borg_target__home }}/repos && borg serve --append-only{% for r in config.repos %} --restrict-to-repository {{ client }}/{{ r }}{% endfor %}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc {{ key }} + {% endif %} + {% endfor %} +# " |