role_borgmatic/tasks/configuration.yml

---
# tasks file for borgmatic

- name: Créer la paire de clés
  community.crypto.openssh_keypair:
    path: /etc/borgmatic/id_ed25519 
    type: ed25519
  become: true

- name: Récupérer le contenu de la clé publique
  ansible.builtin.slurp:
    src: /etc/borgmatic/id_ed25519.pub
  become: true
  register: key

- name: Créer le dépôt
  ansible.builtin.file:
    path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
    state: directory
    owner: "{{ borgmatic_server.user }}"
    group: "{{ borgmatic_server.group }}"
    mode: u=rwX,g=rX,o=
  become: true
  delegate_to: "{{ borgmatic_server.host }}"

- name: Ajouter la clef publique
  ansible.posix.authorized_key:
    user: "{{ borgmatic_server.user }}"
    state: present
    key: "{{ key['content'] | b64decode }}"
    key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
  become: true
  delegate_to: "{{ borgmatic_server.host }}"

- name: Déployer la configuration de SSH
  ansible.builtin.blockinfile:
    path: /root/.ssh/config
    create: true
    marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
    block: |
      {% for repository in borgmatic_repositories %}
      Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
        Compression yes
        Protocol 2
        PreferredAuthentications=publickey 
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null
        IdentityFile /etc/borgmatic/id_ed25519
        IdentitiesOnly yes
      {% endfor %}
  become: true

- name: Déployer la configuration
  ansible.builtin.template:
    src: config.yaml.j2
    dest: /etc/borgmatic/config.yaml
    owner: root
    group: root
    mode: u=rw,g=,o=
    validate: borgmatic config validate --config %s
  become: true
  notify: Créer le dépôt

- name: Déployer le service
  ansible.builtin.template:
    src: borgmatic.service.j2
    dest: /etc/systemd/system/borgmatic.service
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: S'assurer que le service est désactivé

- name: Déployer le service et la planification
  ansible.builtin.template:
    src: borgmatic.timer.j2
    dest: /etc/systemd/system/borgmatic.timer
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Activer la planification
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00			`---`
			`# tasks file for borgmatic`

feat: Configure server 2024-06-17 14:55:26 +00:00			`- name: Créer la paire de clés`
			`community.crypto.openssh_keypair:`
			`path: /etc/borgmatic/id_ed25519`
			`type: ed25519`
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00			`become: true`

feat: Configure server 2024-06-17 14:55:26 +00:00			`- name: Récupérer le contenu de la clé publique`
			`ansible.builtin.slurp:`
			`src: /etc/borgmatic/id_ed25519.pub`
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00			`become: true`
feat: Configure server 2024-06-17 14:55:26 +00:00			`register: key`

			`- name: Créer le dépôt`
			`ansible.builtin.file:`
			`path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"`
			`state: directory`
			`owner: "{{ borgmatic_server.user }}"`
			`group: "{{ borgmatic_server.group }}"`
			`mode: u=rwX,g=rX,o=`
			`become: true`
			`delegate_to: "{{ borgmatic_server.host }}"`

			`- name: Ajouter la clef publique`
			`ansible.posix.authorized_key:`
			`user: "{{ borgmatic_server.user }}"`
			`state: present`
			`key: "{{ key['content'] \| b64decode }}"`
			`key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'`
			`become: true`
			`delegate_to: "{{ borgmatic_server.host }}"`
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00
[FIX] Configurer le client ssh 2023-05-26 15:20:21 +00:00			`- name: Déployer la configuration de SSH`
			`ansible.builtin.blockinfile:`
			`path: /root/.ssh/config`
			`create: true`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"`
			`block: \|`
			`{% for repository in borgmatic_repositories %}`
[EVO] Utiliser la nouvelle syntaxe 2023-07-28 07:03:59 +00:00			`Host {{ repository.path \| ansible.builtin.urlsplit('hostname') }}`
fix: Optimize SSH configuration 2023-12-19 15:36:21 +00:00			`Compression yes`
			`Protocol 2`
			`PreferredAuthentications=publickey`
			`StrictHostKeyChecking no`
			`UserKnownHostsFile /dev/null`
[FIX] Configurer le client ssh 2023-05-26 15:20:21 +00:00			`IdentityFile /etc/borgmatic/id_ed25519`
			`IdentitiesOnly yes`
			`{% endfor %}`
			`become: true`

[INFO] Création du rôle 2023-03-06 23:13:54 +00:00			`- name: Déployer la configuration`
			`ansible.builtin.template:`
			`src: config.yaml.j2`
			`dest: /etc/borgmatic/config.yaml`
			`owner: root`
			`group: root`
			`mode: u=rw,g=,o=`
feat: Go to pipx 2023-12-18 16:12:52 +00:00			`validate: borgmatic config validate --config %s`
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00			`become: true`
			`notify: Créer le dépôt`

			`- name: Déployer le service`
			`ansible.builtin.template:`
			`src: borgmatic.service.j2`
			`dest: /etc/systemd/system/borgmatic.service`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=r`
			`become: true`
feat: Allow to backup postgresql 2024-06-21 10:22:53 +00:00			`notify: S'assurer que le service est désactivé`
[INFO] Création du rôle 2023-03-06 23:13:54 +00:00
			`- name: Déployer le service et la planification`
			`ansible.builtin.template:`
			`src: borgmatic.timer.j2`
			`dest: /etc/systemd/system/borgmatic.timer`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=r`
			`become: true`
			`notify: Activer la planification`