Last active
November 23, 2017 18:21
-
-
Save wzyboy/c02837a1692f43bea62027320d739bdd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Download Borg binary | |
| get_url: | |
| url: "{{ borg_url }}" | |
| checksum: "{{ borg_checksum }}" | |
| dest: "{{ borg_path }}" | |
| mode: 0755 | |
| - name: Fix broken Python | |
| apt: | |
| name: python3-venv | |
| when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian" | |
| - name: Create Borgmatic venv | |
| command: "python3 -m venv {{ borgmatic_dir }}" | |
| args: | |
| creates: "{{ borgmatic_dir }}/bin/pip" | |
| - name: Install Borgmatic into venv | |
| pip: | |
| name: borgmatic | |
| version: "{{ borgmatic_version }}" | |
| executable: "{{ borgmatic_dir }}/bin/pip" | |
| - name: Create Borgmatic config dir | |
| file: | |
| path: /etc/borgmatic | |
| state: directory | |
| - name: Create Borgmatic excludes file | |
| command: touch /etc/borgmatic/excludes | |
| args: | |
| creates: /etc/borgmatic/excludes | |
| warn: no | |
| - name: Render Borgmatic config | |
| template: | |
| src: borgmatic-config.yaml.j2 | |
| dest: /etc/borgmatic/config.yaml | |
| mode: 0600 | |
| - name: Render Borgmatic systemd units | |
| template: | |
| src: "{{ item }}.j2" | |
| dest: "/etc/systemd/system/{{ item }}" | |
| with_items: | |
| - borgmatic.service | |
| - borgmatic.timer | |
| - name: Enable Borgmatic systemd timer | |
| systemd: | |
| name: borgmatic.timer | |
| state: started | |
| enabled: yes | |
| daemon_reload: yes | |
| - import_tasks: pubkey.yaml | |
| when: borg_setup_pubkey |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The following tasks do essentially the same thing as the "authorized_key" | |
| # Ansible module for jailed SSH accounts of rsync.net | |
| # | |
| # A list of available commands is available at: | |
| # http://www.rsync.net/resources/howto/remote_commands.html | |
| - name: Generate local key if not exists | |
| user: | |
| name: root | |
| generate_ssh_key: yes | |
| - name: Add known hosts | |
| known_hosts: | |
| name: "{{ borg_host_addr }}" | |
| key: "{{ borg_host_key }}" | |
| hash_host: no | |
| - name: Get local key | |
| command: cat /root/.ssh/id_rsa.pub | |
| register: local_key | |
| changed_when: False | |
| - name: Print local key | |
| debug: | |
| var: local_key | |
| #- name: Get all installed keys | |
| # raw: .ssh/authorized_keys | |
| # args: | |
| # executable: /bin/tail | |
| # register: installed_keys | |
| # become: no | |
| # delegate_to: rsync.net | |
| - name: Get remote installed keys | |
| command: ssh {{ borg_host_user}}@{{ borg_host_addr }} tail -n100 .ssh/authorized_keys | |
| register: installed_keys | |
| delegate_to: localhost | |
| become: no | |
| changed_when: False | |
| - name: Print all installed keys | |
| debug: | |
| var: installed_keys | |
| - name: Key is installed | |
| set_fact: | |
| local_key_installed: True | |
| when: local_key.stdout in installed_keys.stdout_lines | |
| - name: Key is not installed | |
| set_fact: | |
| local_key_installed: False | |
| when: local_key.stdout not in installed_keys.stdout_lines | |
| - name: Install local key | |
| shell: echo {{ local_key.stdout }} | ssh {{ borg_host_user}}@{{ borg_host_addr }} 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' | |
| delegate_to: localhost | |
| become: no | |
| when: not local_key_installed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment