Mirrors/ansible-role-borg-backup
1
0
Fork 0
mirror of https://github.com/borgbase/ansible-role-borgbackup.git synced 2025-05-24 01:17:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
173e16b2c4
ansible-role-borg-backup/tasks/02_create_key.yml
Frank Dornheim 8b67e74440 Role restructured: 
- if needed creation of a service user incl. creation of the ssh-key,
  - add the ssh key to authorized_keys,
  - auto init of the repos,
  - creation and start of systemd timer and services and
  - installation of the Docker helperscript.
2023-03-05 13:52:02 +01:00

70 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Create ssh-key for {{ borgbackup_user }} if neeeded
when:
- install_backup is not defined or install_backup
- backup_id_rsa is not defined or backup_id_rsa | length == 0
tags:
- install_backup
block:
- name: Ensire /home/{{ borgbackup_user }}/.ssh directory exist
ansible.builtin.file:
path: "/home/{{ borgbackup_user }}/.ssh/"
state: directory
mode: "0700"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
community.crypto.openssh_keypair:
path: "/home/{{ borgbackup_user }}/.ssh/id_rsa"
mode: "0600"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
- name: Set key (/home/{{ borgbackup_user }}/.ssh) permission
ansible.builtin.file:
path: "/home/{{ borgbackup_user }}/.ssh/id_rsa.pub"
mode: "0644"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
- name: Read ssh key
ansible.builtin.slurp:
src: "/home/{{ borgbackup_user }}/.ssh/id_rsa.pub"
register: backup_local_ssh_key
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: "{{ backup_repository | regex_search('(.*)@', '\\1') | first }}"
state: present
key: "{{ backup_local_ssh_key['content'] | b64decode }}"
# This is a bit tricky, the string backup_repository consists of three parts:
# "username"@"FQDN":"path/to/store/backup".
# With the regex we use the FQDN part to store the ssh-key on the target system.
delegate_to: "{{ backup_repository | regex_search('@(.*):', '\\1') | first }}"
- name: Install ssh cert and key
when:
- install_backup is not defined or install_backup
- backup_id_rsa is defined and backup_id_rsa | length > 0
- backup_id_rsa_pub is defined and backup_id_rsa_pub | length > 0
tags:
- install_backup
block:
- name: Copy existing id_rsa, not genereting one
ansible.builtin.copy:
content: "{{ backup_id_rsa }}"
dest: "/home/{{ borgbackup_user }}/.ssh/id_rsa"
mode: "0600"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
- name: Copy existing id_rsa.pub, not genereting one
ansible.builtin.copy:
content: "{{ backup_id_rsa_pub }}"
dest: "/home/{{ borgbackup_user }}/.ssh/id_rsa.pub"
mode: "0644"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
...
Reference in New Issue View Git Blame Copy Permalink