From c2e93c2370de9a0948b07e5768c7ac572d299c63 Mon Sep 17 00:00:00 2001
From: Tharre <tharre3@gmail.com>
Date: Tue, 24 Apr 2018 20:44:16 +0200
Subject: Initial commit

---
 roles/borgbackup/defaults/main.yml |  8 +++++
 roles/borgbackup/tasks/main.yml    | 70 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 roles/borgbackup/defaults/main.yml
 create mode 100644 roles/borgbackup/tasks/main.yml

(limited to 'roles/borgbackup')

diff --git a/roles/borgbackup/defaults/main.yml b/roles/borgbackup/defaults/main.yml
new file mode 100644
index 0000000..b322028
--- /dev/null
+++ b/roles/borgbackup/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+borg_user: "borg"
+borg_group: "borg"
+borg_dir: "/srv/borgbackup"
+borg_shell: "/bin/bash"
+borg_pool: "{{ borg_dir }}/repos"
+borg_auth_users: []
diff --git a/roles/borgbackup/tasks/main.yml b/roles/borgbackup/tasks/main.yml
new file mode 100644
index 0000000..085b99f
--- /dev/null
+++ b/roles/borgbackup/tasks/main.yml
@@ -0,0 +1,70 @@
+---
+
+- name: Ensure borgbackup is installed
+  package:
+    name: borgbackup
+    state: present
+
+- name: Add borg group
+  group:
+    name: "{{ borg_group }}"
+    state: present
+
+- name: Add borg user
+  user:
+    name: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    home: "{{ borg_dir }}"
+    shell: "{{ borg_shell }}"
+    groups: []
+    state: present
+
+- name: Ensure borg user's home directory is present
+  file:
+    path: "{{ borg_dir }}"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    mode: 0700
+    state: directory
+
+- name: Ensure .ssh directory exists
+  file:
+    path: "{{ borg_dir }}/.ssh"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    mode: 0700
+    state: directory
+
+- name: Ensure pool exists
+  file:
+    path: "{{ borg_pool }}"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    mode: 0700
+    state: directory
+
+# Be aware this does not remove other keys as authorized_key is broken when used
+# in exclusive mode with with_items
+- name: Setup authorized_keys
+  authorized_key:
+    user: "{{ borg_user }}"
+    key: "{{ item.key }}"
+    key_options: 'command="cd {{ borg_pool }}/{{ item.host }};borg serve --restrict-to-path {{ borg_pool }}/{{ item.host }}",restrict'
+  with_items: "{{ borg_auth_users }}"
+
+- name: Ensure .ssh/authorized_keys exists
+  file:
+    path: "{{ borg_dir }}/.ssh/authorized_keys"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    mode: 0600
+    state: file
+
+- name: Ensure all the user pools exist
+  file:
+    path: "{{ borg_pool }}/{{ item.host }}"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+    mode: 0700
+    state: directory
+  with_items: "{{ borg_auth_users }}"
-- 
cgit v1.2.3-70-g09d2