feat: Configure server
This commit is contained in:
parent
9d4a7bfb44
commit
2efe5128f2
@ -29,7 +29,7 @@ borgmatic_retention:
|
||||
weekly: 4
|
||||
|
||||
borgmatic_name: "{{ inventory_hostname }}_{now}"
|
||||
borgmatic_compression: none
|
||||
borgmatic_compression: lz4
|
||||
borgmatic_passphrase: ""
|
||||
|
||||
borgmatic_actions: {}
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
- name: Créer le dépôt
|
||||
ansible.builtin.command:
|
||||
cmd: sudo borgmatic init --encryption repokey
|
||||
cmd: borgmatic init --encryption repokey
|
||||
become: true
|
||||
loop: "{{ borgmatic_repositories }}"
|
||||
register: borg_init
|
||||
|
@ -1,23 +1,36 @@
|
||||
---
|
||||
# tasks file for borgmatic
|
||||
|
||||
- name: Déployer la clef privée
|
||||
ansible.builtin.copy:
|
||||
content: "{{ borgmatic_keys.private }}"
|
||||
dest: /etc/borgmatic/id_ed25519
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=,o=
|
||||
- name: Créer la paire de clés
|
||||
community.crypto.openssh_keypair:
|
||||
path: /etc/borgmatic/id_ed25519
|
||||
type: ed25519
|
||||
become: true
|
||||
|
||||
- name: Déployer la clef publique
|
||||
ansible.builtin.copy:
|
||||
content: "{{ borgmatic_keys.public }}"
|
||||
dest: /etc/borgmatic/id_ed25519.pub
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
- name: Récupérer le contenu de la clé publique
|
||||
ansible.builtin.slurp:
|
||||
src: /etc/borgmatic/id_ed25519.pub
|
||||
become: true
|
||||
register: key
|
||||
|
||||
- name: Créer le dépôt
|
||||
ansible.builtin.file:
|
||||
path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
|
||||
state: directory
|
||||
user: "{{ borgmatic_server.user }}"
|
||||
group: "{{ borgmatic_server.group }}"
|
||||
mode: u=rwX,g=rX,o=
|
||||
become: true
|
||||
delegate_to: "{{ borgmatic_server.host }}"
|
||||
|
||||
- name: Ajouter la clef publique
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ borgmatic_server.repo_path }}"
|
||||
state: present
|
||||
key: "{{ key['content'] | b64decode }}"
|
||||
key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
|
||||
become: true
|
||||
delegate_to: "{{ borgmatic_server.host }}"
|
||||
|
||||
- name: Déployer la configuration de SSH
|
||||
ansible.builtin.blockinfile:
|
||||
|
Loading…
Reference in New Issue
Block a user