78 lines
1.7 KiB
YAML
78 lines
1.7 KiB
YAML
---
|
|
|
|
- name: Install borgmatic
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: borgmatic
|
|
|
|
- name: Make sur /root/.ssh dir exists
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: ~/.ssh
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- name: Create SSH key for root
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ''
|
|
creates: /root/.ssh/id_ed25519
|
|
|
|
- name: Slurp SSH pubkey for root
|
|
become: true
|
|
ansible.builtin.slurp:
|
|
src: ~/.ssh/id_ed25519.pub
|
|
register: ssh_pubkey
|
|
|
|
- name: Authorize root pubkey on backup server
|
|
delegate_to: "{{ backup_server }}"
|
|
become: true
|
|
become_user: borg
|
|
ansible.builtin.lineinfile:
|
|
path: ~/.ssh/authorized_keys
|
|
line: "{{ ssh_pubkey.content | b64decode | trim }}"
|
|
create: true
|
|
mode: 0600
|
|
|
|
- name: Create /etc/borgmatic.d directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/borgmatic.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- name: Copy borgmatic config
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: borgmatic.d/config.yml.j2
|
|
dest: "/etc/borgmatic.d/{{ ansible_hostname }}.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Initialize borg repository
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: borgmatic init --encryption repokey
|
|
register: borgmatic_init
|
|
changed_when: borgmatic_init.stderr != ''
|
|
|
|
- name: Stop and disable borgmatic timer
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: borgmatic.timer
|
|
state: stopped
|
|
enabled: false
|
|
|
|
- name: Copy borgmatic cron
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: cron.d/borgmatic.j2
|
|
dest: /etc/cron.d/borgmatic
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|