From 6fbf9f40f88f51450cc2d2dbbc46ca5c70ffbad0 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Thu, 17 Nov 2022 09:48:45 +0100
Subject: borg

---
 ansible/roles/borg-rsyncnet/tasks/main.yml | 55 ++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 ansible/roles/borg-rsyncnet/tasks/main.yml

(limited to 'ansible/roles/borg-rsyncnet/tasks/main.yml')

diff --git a/ansible/roles/borg-rsyncnet/tasks/main.yml b/ansible/roles/borg-rsyncnet/tasks/main.yml
new file mode 100644
index 0000000..289ed53
--- /dev/null
+++ b/ansible/roles/borg-rsyncnet/tasks/main.yml
@@ -0,0 +1,55 @@
+- set_fact:
+    ssh: ssh -o SendEnv=BORG_PASSPHRASE {{ ansible_user }}@{{ inventory_hostname }}
+
+- name: get the authorized_keys from rsync.net
+  local_action: command {{ ssh }} cat .ssh/authorized_keys
+  register: authorized_keys
+  changed_when: false
+
+# - debug: var=authorized_keys.stdout
+
+- include_tasks: borg-init.yml
+  loop: "{{ borg_rsyncnet__clients | dict2items }}"
+  loop_control:
+    label: "{{ client.key }}"
+    loop_var: client
+  when: client.value.state | default("present") != "absent"
+
+- name: Remove all "borg:" lines from authorized keys
+  set_fact:
+    other_lines: |
+      {% for line in authorized_keys.stdout_lines %}
+      {% if line | regex_search('borg: ') is none %}
+      {{ line }}
+      {% endif %}
+      {% endfor %}
+
+# - debug: var=other_lines.stdout
+
+- name: Generate a new authorized_keys with other lines + generated list
+  set_fact:
+    authorized_keys: |
+      {% for line in other_lines | split("\n") -%}
+      {{ line.strip() }}
+      {% endfor %}
+      {% for client, config in borg_rsyncnet__clients.items() %}
+      {% set state=config.state | default('present') %}
+      {% if state == 'present' %}
+      {% set key=lookup('file', 'borg/' + client + '/ssh-key.pub') %}
+      {{ key }} # borg: {{ client }}, state={{state}}
+      {% else %}
+      # borg: {{ client }}, state={{state}}
+      {% endif %}
+      {% endfor %}
+# "
+#      restrict,command="{{ borg_rsyncnet___borg_remote_path }} serve --append-only{% for r in config.repos %} --restrict-to-repository {{ borg_rsyncnet__home }}/repos{{ client }}/{{ r }}{% endfor %}" {{ key }} # borg: {{ client }}, state={{state}}
+
+# - debug: var=other_lines
+# - debug: 
+#     msg: "{{ authorized_keys }}"
+
+- name: Deploy authorized_keys
+  local_action:
+    module: shell
+    cmd: "{{ ssh }} dd of=.ssh/authorized_keys"
+    stdin: "{{ authorized_keys }}"
-- 
cgit v1.2.3