role_borgmatic/tasks/configuration.yml

83 lines
2.4 KiB
YAML

---
# tasks file for borgmatic
- name: Créer la paire de clés
community.crypto.openssh_keypair:
path: /etc/borgmatic/id_ed25519
type: ed25519
become: true
- name: Récupérer le contenu de la clé publique
ansible.builtin.slurp:
src: /etc/borgmatic/id_ed25519.pub
become: true
register: key
- name: Créer le dépôt
ansible.builtin.file:
path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
state: directory
owner: "{{ borgmatic_server.user }}"
group: "{{ borgmatic_server.group }}"
mode: u=rwX,g=rX,o=
become: true
delegate_to: "{{ borgmatic_server.host }}"
- name: Ajouter la clef publique
ansible.posix.authorized_key:
user: "{{ borgmatic_server.user }}"
state: present
key: "{{ key['content'] | b64decode }}"
key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
become: true
delegate_to: "{{ borgmatic_server.host }}"
- name: Déployer la configuration de SSH
ansible.builtin.blockinfile:
path: /root/.ssh/config
create: true
marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
block: |
{% for repository in borgmatic_repositories %}
Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
Compression yes
Protocol 2
PreferredAuthentications=publickey
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
IdentityFile /etc/borgmatic/id_ed25519
IdentitiesOnly yes
{% endfor %}
become: true
- name: Déployer la configuration
ansible.builtin.template:
src: config.yaml.j2
dest: /etc/borgmatic/config.yaml
owner: root
group: root
mode: u=rw,g=,o=
validate: borgmatic config validate --config %s
become: true
notify: Créer le dépôt
- name: Déployer le service
ansible.builtin.template:
src: borgmatic.service.j2
dest: /etc/systemd/system/borgmatic.service
owner: root
group: root
mode: u=rw,g=r,o=r
become: true
notify: S'assurer que le service est désactivé
- name: Déployer le service et la planification
ansible.builtin.template:
src: borgmatic.timer.j2
dest: /etc/systemd/system/borgmatic.timer
owner: root
group: root
mode: u=rw,g=r,o=r
become: true
notify: Activer la planification