feat: Configure server

This commit is contained in:
pulsar89.5 2024-06-17 16:55:26 +02:00
parent 9d4a7bfb44
commit 914fbcf364
3 changed files with 29 additions and 16 deletions

View File

@ -29,7 +29,7 @@ borgmatic_retention:
weekly: 4 weekly: 4
borgmatic_name: "{{ inventory_hostname }}_{now}" borgmatic_name: "{{ inventory_hostname }}_{now}"
borgmatic_compression: none borgmatic_compression: lz4
borgmatic_passphrase: "" borgmatic_passphrase: ""
borgmatic_actions: {} borgmatic_actions: {}

View File

@ -3,7 +3,7 @@
- name: Créer le dépôt - name: Créer le dépôt
ansible.builtin.command: ansible.builtin.command:
cmd: sudo borgmatic init --encryption repokey cmd: borgmatic init --encryption repokey
become: true become: true
loop: "{{ borgmatic_repositories }}" loop: "{{ borgmatic_repositories }}"
register: borg_init register: borg_init

View File

@ -1,23 +1,36 @@
--- ---
# tasks file for borgmatic # tasks file for borgmatic
- name: Déployer la clef privée - name: Créer la paire de clés
ansible.builtin.copy: community.crypto.openssh_keypair:
content: "{{ borgmatic_keys.private }}" path: /etc/borgmatic/id_ed25519
dest: /etc/borgmatic/id_ed25519 type: ed25519
owner: root
group: root
mode: u=rw,g=,o=
become: true become: true
- name: Déployer la clef publique - name: Récupérer le contenu de la clé publique
ansible.builtin.copy: ansible.builtin.slurp:
content: "{{ borgmatic_keys.public }}" src: /etc/borgmatic/id_ed25519.pub
dest: /etc/borgmatic/id_ed25519.pub
owner: root
group: root
mode: u=rw,g=r,o=r
become: true become: true
register: key
- name: Créer le dépôt
ansible.builtin.file:
path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
state: directory
owner: "{{ borgmatic_server.user }}"
group: "{{ borgmatic_server.group }}"
mode: u=rwX,g=rX,o=
become: true
delegate_to: "{{ borgmatic_server.host }}"
- name: Ajouter la clef publique
ansible.posix.authorized_key:
user: "{{ borgmatic_server.user }}"
state: present
key: "{{ key['content'] | b64decode }}"
key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
become: true
delegate_to: "{{ borgmatic_server.host }}"
- name: Déployer la configuration de SSH - name: Déployer la configuration de SSH
ansible.builtin.blockinfile: ansible.builtin.blockinfile: