role_borgmatic/tasks/configuration.yml

70 lines
1.8 KiB
YAML

---
# tasks file for borgmatic
- name: Déployer la clef privée
ansible.builtin.copy:
content: "{{ borgmatic_keys.private }}"
dest: /etc/borgmatic/id_ed25519
owner: root
group: root
mode: u=rw,g=,o=
become: true
- name: Déployer la clef publique
ansible.builtin.copy:
content: "{{ borgmatic_keys.public }}"
dest: /etc/borgmatic/id_ed25519.pub
owner: root
group: root
mode: u=rw,g=r,o=r
become: true
- name: Déployer la configuration de SSH
ansible.builtin.blockinfile:
path: /root/.ssh/config
create: true
marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
block: |
{% for repository in borgmatic_repositories %}
Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
Compression yes
Protocol 2
PreferredAuthentications=publickey
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
IdentityFile /etc/borgmatic/id_ed25519
IdentitiesOnly yes
{% endfor %}
become: true
- name: Déployer la configuration
ansible.builtin.template:
src: config.yaml.j2
dest: /etc/borgmatic/config.yaml
owner: root
group: root
mode: u=rw,g=,o=
validate: borgmatic config validate --config %s
become: true
notify: Créer le dépôt
- name: Déployer le service
ansible.builtin.template:
src: borgmatic.service.j2
dest: /etc/systemd/system/borgmatic.service
owner: root
group: root
mode: u=rw,g=r,o=r
become: true
notify: Activer et démarrer le service
- name: Déployer le service et la planification
ansible.builtin.template:
src: borgmatic.timer.j2
dest: /etc/systemd/system/borgmatic.timer
owner: root
group: root
mode: u=rw,g=r,o=r
become: true
notify: Activer la planification