diff --git a/defaults/main.yml b/defaults/main.yml index 94169b0..76c74bf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,7 +29,7 @@ borgmatic_retention: weekly: 4 borgmatic_name: "{{ inventory_hostname }}_{now}" -borgmatic_compression: none +borgmatic_compression: lz4 borgmatic_passphrase: "" borgmatic_actions: {} diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 503adee..efd5426 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -1,23 +1,36 @@ --- # tasks file for borgmatic -- name: Déployer la clef privée - ansible.builtin.copy: - content: "{{ borgmatic_keys.private }}" - dest: /etc/borgmatic/id_ed25519 - owner: root - group: root - mode: u=rw,g=,o= +- name: Créer la paire de clés + community.crypto.openssh_keypair: + path: /etc/borgmatic/id_ed25519 + type: ed25519 become: true -- name: Déployer la clef publique - ansible.builtin.copy: - content: "{{ borgmatic_keys.public }}" - dest: /etc/borgmatic/id_ed25519.pub - owner: root - group: root - mode: u=rw,g=r,o=r +- name: Récupérer le contenu de la clé publique + ansible.builtin.slurp: + src: /etc/borgmatic/id_ed25519.pub become: true + register: key + +- name: Créer le dépôt + ansible.builtin.file: + path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}" + state: directory + user: "{{ borgmatic_server.user }}" + group: "{{ borgmatic_server.group }}" + mode: u=rwX,g=rX,o= + become: true + delegate_to: "{{ borgmatic_server.host }}" + +- name: Ajouter la clef publique + ansible.posix.authorized_key: + user: "{{ borgmatic_server.repo_path }}" + state: present + key: "{{ key['content'] | b64decode }}" + key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict' + become: true + delegate_to: "{{ borgmatic_server.host }}" - name: Déployer la configuration de SSH ansible.builtin.blockinfile: