Skip to content

Instantly share code, notes, and snippets.

@wzyboy
Last active Nov 23, 2017
Embed
What would you like to do?
- name: Download Borg binary
get_url:
url: "{{ borg_url }}"
checksum: "{{ borg_checksum }}"
dest: "{{ borg_path }}"
mode: 0755
- name: Fix broken Python
apt:
name: python3-venv
when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"
- name: Create Borgmatic venv
command: "python3 -m venv {{ borgmatic_dir }}"
args:
creates: "{{ borgmatic_dir }}/bin/pip"
- name: Install Borgmatic into venv
pip:
name: borgmatic
version: "{{ borgmatic_version }}"
executable: "{{ borgmatic_dir }}/bin/pip"
- name: Create Borgmatic config dir
file:
path: /etc/borgmatic
state: directory
- name: Create Borgmatic excludes file
command: touch /etc/borgmatic/excludes
args:
creates: /etc/borgmatic/excludes
warn: no
- name: Render Borgmatic config
template:
src: borgmatic-config.yaml.j2
dest: /etc/borgmatic/config.yaml
mode: 0600
- name: Render Borgmatic systemd units
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
with_items:
- borgmatic.service
- borgmatic.timer
- name: Enable Borgmatic systemd timer
systemd:
name: borgmatic.timer
state: started
enabled: yes
daemon_reload: yes
- import_tasks: pubkey.yaml
when: borg_setup_pubkey
# The following tasks do essentially the same thing as the "authorized_key"
# Ansible module for jailed SSH accounts of rsync.net
#
# A list of available commands is available at:
# http://www.rsync.net/resources/howto/remote_commands.html
- name: Generate local key if not exists
user:
name: root
generate_ssh_key: yes
- name: Add known hosts
known_hosts:
name: "{{ borg_host_addr }}"
key: "{{ borg_host_key }}"
hash_host: no
- name: Get local key
command: cat /root/.ssh/id_rsa.pub
register: local_key
changed_when: False
- name: Print local key
debug:
var: local_key
#- name: Get all installed keys
# raw: .ssh/authorized_keys
# args:
# executable: /bin/tail
# register: installed_keys
# become: no
# delegate_to: rsync.net
- name: Get remote installed keys
command: ssh {{ borg_host_user}}@{{ borg_host_addr }} tail -n100 .ssh/authorized_keys
register: installed_keys
delegate_to: localhost
become: no
changed_when: False
- name: Print all installed keys
debug:
var: installed_keys
- name: Key is installed
set_fact:
local_key_installed: True
when: local_key.stdout in installed_keys.stdout_lines
- name: Key is not installed
set_fact:
local_key_installed: False
when: local_key.stdout not in installed_keys.stdout_lines
- name: Install local key
shell: echo {{ local_key.stdout }} | ssh {{ borg_host_user}}@{{ borg_host_addr }} 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
delegate_to: localhost
become: no
when: not local_key_installed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment