Add borgmatic
This commit is contained in:
uumas
55
roles/borgmatic/tasks/main.yaml
Normal file
55
roles/borgmatic/tasks/main.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
---
|
||||
- name: Ensure host distribution is supported
|
||||
ansible.builtin.import_role:
|
||||
name: compatcheck
|
||||
vars:
|
||||
compatcheck_supported_distributions:
|
||||
- name: debian
|
||||
version_min: 11
|
||||
- name: ubuntu
|
||||
version_min: 22
|
||||
|
||||
- name: Install borgmatic
|
||||
ansible.builtin.apt:
|
||||
name: borgmatic
|
||||
|
||||
- name: Disable borgmatic global timer
|
||||
ansible.builtin.systemd_service:
|
||||
name: borgmatic.timer
|
||||
state: stopped
|
||||
enabled: false
|
||||
|
||||
- name: Add systemd drop-in service for borgmatic
|
||||
ansible.builtin.template:
|
||||
src: borgmatic@.service.j2
|
||||
dest: /etc/systemd/system/borgmatic@.service
|
||||
mode: "0644"
|
||||
|
||||
- name: Create borgmatic configurations directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/borgmatic.d
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Generate ssh key for borg
|
||||
community.crypto.openssh_keypair:
|
||||
type: ed25519
|
||||
path: "{{ ansible_user_dir }}/.ssh/id_ed25519_borg"
|
||||
comment: "{{ ansible_user_id }}@{{ ansible_fqdn }} borg"
|
||||
register: _borgmatic_key
|
||||
|
||||
- name: Setup backup targets
|
||||
ansible.builtin.include_tasks:
|
||||
file: target.yaml
|
||||
apply:
|
||||
delegate_to: "{{ target.host }}"
|
||||
become: false
|
||||
loop: "{{ borgmatic_targets }}"
|
||||
loop_control:
|
||||
loop_var: target
|
||||
|
||||
- name: Add borg target ssh host keys to known hosts
|
||||
ansible.builtin.known_hosts:
|
||||
name: "{{ item }}"
|
||||
key: "{{ item }} ssh-ed25519 {{ hostvars[item].ansible_ssh_host_key_ed25519_public }}"
|
||||
loop: "{{ borgmatic_targets | map(attribute='host') }}"
|
||||
26
roles/borgmatic/tasks/target.yaml
Normal file
26
roles/borgmatic/tasks/target.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: Gather facts
|
||||
ansible.builtin.setup:
|
||||
delegate_facts: true
|
||||
|
||||
- name: Add ssh key to authorized_keys
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ hostvars[target.host].ansible_user_id }}"
|
||||
key: >-
|
||||
{{
|
||||
_borgmatic_key.public_key + ' ' + _borgmatic_key.comment
|
||||
if not (ansible_check_mode and _borgmatic_key.changed)
|
||||
else 'ssh-ed25519 AAAA'
|
||||
}}
|
||||
key_options: >-
|
||||
command="borg
|
||||
serve{% for directory in target.directories %}
|
||||
--restrict-to-path
|
||||
{{ hostvars[target.host].ansible_user_dir }}/{{ directory }}/{{ ansible_fqdn }}{%- endfor -%}",restrict
|
||||
|
||||
- name: Create backup directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ hostvars[target.host].ansible_user_dir }}/{{ item }}/{{ ansible_fqdn }}"
|
||||
state: directory
|
||||
mode: "0700"
|
||||
loop: "{{ target.directories }}"
|
||||
Reference in New Issue
Block a user