diff options
| author | Tharre <tharre3@gmail.com> | 2018-04-24 20:44:16 +0200 |
|---|---|---|
| committer | Tharre <tharre3@gmail.com> | 2018-05-09 03:21:51 +0200 |
| commit | c2e93c2370de9a0948b07e5768c7ac572d299c63 (patch) | |
| tree | 9c30e6b01b293651cc7d5ce316c844cc0b3e520a /roles/borgbackup/tasks/main.yml | |
| download | infrastructure-c2e93c2370de9a0948b07e5768c7ac572d299c63.tar.gz infrastructure-c2e93c2370de9a0948b07e5768c7ac572d299c63.tar.xz infrastructure-c2e93c2370de9a0948b07e5768c7ac572d299c63.zip | |
Initial commit
Diffstat (limited to 'roles/borgbackup/tasks/main.yml')
| -rw-r--r-- | roles/borgbackup/tasks/main.yml | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/roles/borgbackup/tasks/main.yml b/roles/borgbackup/tasks/main.yml new file mode 100644 index 0000000..085b99f --- /dev/null +++ b/roles/borgbackup/tasks/main.yml @@ -0,0 +1,70 @@ +--- + +- name: Ensure borgbackup is installed + package: + name: borgbackup + state: present + +- name: Add borg group + group: + name: "{{ borg_group }}" + state: present + +- name: Add borg user + user: + name: "{{ borg_user }}" + group: "{{ borg_group }}" + home: "{{ borg_dir }}" + shell: "{{ borg_shell }}" + groups: [] + state: present + +- name: Ensure borg user's home directory is present + file: + path: "{{ borg_dir }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" + mode: 0700 + state: directory + +- name: Ensure .ssh directory exists + file: + path: "{{ borg_dir }}/.ssh" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" + mode: 0700 + state: directory + +- name: Ensure pool exists + file: + path: "{{ borg_pool }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" + mode: 0700 + state: directory + +# Be aware this does not remove other keys as authorized_key is broken when used +# in exclusive mode with with_items +- name: Setup authorized_keys + authorized_key: + user: "{{ borg_user }}" + key: "{{ item.key }}" + key_options: 'command="cd {{ borg_pool }}/{{ item.host }};borg serve --restrict-to-path {{ borg_pool }}/{{ item.host }}",restrict' + with_items: "{{ borg_auth_users }}" + +- name: Ensure .ssh/authorized_keys exists + file: + path: "{{ borg_dir }}/.ssh/authorized_keys" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" + mode: 0600 + state: file + +- name: Ensure all the user pools exist + file: + path: "{{ borg_pool }}/{{ item.host }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" + mode: 0700 + state: directory + with_items: "{{ borg_auth_users }}" |