83 lines
2.4 KiB
YAML
83 lines
2.4 KiB
YAML
---
|
|
# tasks file for borgmatic
|
|
|
|
- name: Créer la paire de clés
|
|
community.crypto.openssh_keypair:
|
|
path: /etc/borgmatic/id_ed25519
|
|
type: ed25519
|
|
become: true
|
|
|
|
- name: Récupérer le contenu de la clé publique
|
|
ansible.builtin.slurp:
|
|
src: /etc/borgmatic/id_ed25519.pub
|
|
become: true
|
|
register: key
|
|
|
|
- name: Créer le dépôt
|
|
ansible.builtin.file:
|
|
path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
|
|
state: directory
|
|
owner: "{{ borgmatic_server.user }}"
|
|
group: "{{ borgmatic_server.group }}"
|
|
mode: u=rwX,g=rX,o=
|
|
become: true
|
|
delegate_to: "{{ borgmatic_server.host }}"
|
|
|
|
- name: Ajouter la clef publique
|
|
ansible.posix.authorized_key:
|
|
user: "{{ borgmatic_server.user }}"
|
|
state: present
|
|
key: "{{ key['content'] | b64decode }}"
|
|
key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
|
|
become: true
|
|
delegate_to: "{{ borgmatic_server.host }}"
|
|
|
|
- name: Déployer la configuration de SSH
|
|
ansible.builtin.blockinfile:
|
|
path: /root/.ssh/config
|
|
create: true
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
|
|
block: |
|
|
{% for repository in borgmatic_repositories %}
|
|
Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
|
|
Compression yes
|
|
Protocol 2
|
|
PreferredAuthentications=publickey
|
|
StrictHostKeyChecking no
|
|
UserKnownHostsFile /dev/null
|
|
IdentityFile /etc/borgmatic/id_ed25519
|
|
IdentitiesOnly yes
|
|
{% endfor %}
|
|
become: true
|
|
|
|
- name: Déployer la configuration
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: /etc/borgmatic/config.yaml
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=,o=
|
|
validate: borgmatic config validate --config %s
|
|
become: true
|
|
notify: Créer le dépôt
|
|
|
|
- name: Déployer le service
|
|
ansible.builtin.template:
|
|
src: borgmatic.service.j2
|
|
dest: /etc/systemd/system/borgmatic.service
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
become: true
|
|
notify: S'assurer que le service est désactivé
|
|
|
|
- name: Déployer le service et la planification
|
|
ansible.builtin.template:
|
|
src: borgmatic.timer.j2
|
|
dest: /etc/systemd/system/borgmatic.timer
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
become: true
|
|
notify: Activer la planification
|