From 6fbf9f40f88f51450cc2d2dbbc46ca5c70ffbad0 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 17 Nov 2022 09:48:45 +0100 Subject: borg --- ansible/roles/borg-rsyncnet/defaults/main.yml | 5 ++ ansible/roles/borg-rsyncnet/tasks/borg-init.yml | 67 +++++++++++++++++++++++++ ansible/roles/borg-rsyncnet/tasks/main.yml | 55 ++++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 ansible/roles/borg-rsyncnet/defaults/main.yml create mode 100644 ansible/roles/borg-rsyncnet/tasks/borg-init.yml create mode 100644 ansible/roles/borg-rsyncnet/tasks/main.yml (limited to 'ansible/roles/borg-rsyncnet') diff --git a/ansible/roles/borg-rsyncnet/defaults/main.yml b/ansible/roles/borg-rsyncnet/defaults/main.yml new file mode 100644 index 0000000..7c8ffd9 --- /dev/null +++ b/ansible/roles/borg-rsyncnet/defaults/main.yml @@ -0,0 +1,5 @@ +borg_rsyncnet__user: zh2569 +borg_rsyncnet__host: zh2569.rsync.net +borg_rsyncnet__home: borg + +borg_rsyncnet__repos: diff --git a/ansible/roles/borg-rsyncnet/tasks/borg-init.yml b/ansible/roles/borg-rsyncnet/tasks/borg-init.yml new file mode 100644 index 0000000..9b6980d --- /dev/null +++ b/ansible/roles/borg-rsyncnet/tasks/borg-init.yml @@ -0,0 +1,67 @@ +# - debug: var=client.value + +- with_items: "{{ client.value.repos }}" + assert: + that: + - "item in borg__passphrases[client.key]" + fail_msg: "{{ item }} is missing from borg-secrets.yml" + success_msg: "" + +- set_fact: + ssh_key: "{{ client.value.ssh_key_path if client.value.ssh_key_path is defined else default_file_path }}" + vars: + default_file_path: "files/borg/{{ client.key }}/ssh-key" +# - debug: var=ssh_key + +- name: mkdir client dir + loop: "{{ client.value.repos | dict2items }}" + local_action: command ssh {{ ansible_user }}@{{ inventory_hostname }} mkdir -p "{{ borg_rsyncnet__home }}/{{ client.key }}" + +- name: ls client dir + local_action: command {{ ssh }} mkdir -p "{{ borg_rsyncnet__home }}/{{ client.key }}"; ls "{{ borg_rsyncnet__home }}/{{ client.key }}" + register: dirs + changed_when: False +# - debug: var=dirs + +# This doesn't work as the ssh command doesn't allow sending +# environment variables and borg the passphrase to be sent via env +# variables. +# - name: borg init +# loop: "{{ client.value.repos | dict2items }}" +# loop_control: +# label: "{{ item.key }}" +# local_action: command {{ ssh }} /usr/local/bin/borg1/borg1 init --encryption repokey "{{ path }}" +# environment: +# BORG_PASSPHRASE: "{{ borg__passphrases[client.key][item.key] }}" +# when: item.key not in dirs.stdout_lines +# vars: +# remote: "{{ ansible_user }}@{{ inventory_hostname }}" +# path: "{{ borg_rsyncnet__home }}/{{ client.key }}/{{ item.key }}" + +- name: borg init + loop: "{{ client.value.repos | dict2items }}" + loop_control: + label: "{{ item.key }}" + local_action: command borg init --encryption repokey "{{ remote }}:{{ path }}" + environment: + BORG_PASSPHRASE: "{{ borg__passphrases[client.key][item.key] }}" + when: item.key not in dirs.stdout_lines + vars: + remote: "{{ ansible_user }}@{{ inventory_hostname }}" + path: "{{ borg_rsyncnet__home }}/{{ client.key }}/{{ item.key }}" + +- local_action: + module: stat + path: "{{ ssh_key }}" + register: ssh_key_stat + +- local_action: + module: file + path: "{{ (playbook_dir + '/' + ssh_key) | dirname }}" + state: directory + become: no + +- name: Generating SSH key + local_action: command ssh-keygen -t ed25519 -N "" -f "{{ ssh_key }}" -C "borg@{{ client.key }}" + when: not ssh_key_stat.stat.exists + become: no diff --git a/ansible/roles/borg-rsyncnet/tasks/main.yml b/ansible/roles/borg-rsyncnet/tasks/main.yml new file mode 100644 index 0000000..289ed53 --- /dev/null +++ b/ansible/roles/borg-rsyncnet/tasks/main.yml @@ -0,0 +1,55 @@ +- set_fact: + ssh: ssh -o SendEnv=BORG_PASSPHRASE {{ ansible_user }}@{{ inventory_hostname }} + +- name: get the authorized_keys from rsync.net + local_action: command {{ ssh }} cat .ssh/authorized_keys + register: authorized_keys + changed_when: false + +# - debug: var=authorized_keys.stdout + +- include_tasks: borg-init.yml + loop: "{{ borg_rsyncnet__clients | dict2items }}" + loop_control: + label: "{{ client.key }}" + loop_var: client + when: client.value.state | default("present") != "absent" + +- name: Remove all "borg:" lines from authorized keys + set_fact: + other_lines: | + {% for line in authorized_keys.stdout_lines %} + {% if line | regex_search('borg: ') is none %} + {{ line }} + {% endif %} + {% endfor %} + +# - debug: var=other_lines.stdout + +- name: Generate a new authorized_keys with other lines + generated list + set_fact: + authorized_keys: | + {% for line in other_lines | split("\n") -%} + {{ line.strip() }} + {% endfor %} + {% for client, config in borg_rsyncnet__clients.items() %} + {% set state=config.state | default('present') %} + {% if state == 'present' %} + {% set key=lookup('file', 'borg/' + client + '/ssh-key.pub') %} + {{ key }} # borg: {{ client }}, state={{state}} + {% else %} + # borg: {{ client }}, state={{state}} + {% endif %} + {% endfor %} +# " +# restrict,command="{{ borg_rsyncnet___borg_remote_path }} serve --append-only{% for r in config.repos %} --restrict-to-repository {{ borg_rsyncnet__home }}/repos{{ client }}/{{ r }}{% endfor %}" {{ key }} # borg: {{ client }}, state={{state}} + +# - debug: var=other_lines +# - debug: +# msg: "{{ authorized_keys }}" + +- name: Deploy authorized_keys + local_action: + module: shell + cmd: "{{ ssh }} dd of=.ssh/authorized_keys" + stdin: "{{ authorized_keys }}" -- cgit v1.2.3