diff --git a/defaults/main.yml b/defaults/main.yml index a70319c..cedf50a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,8 @@ --- borgbackup_required: True +borgbackup_ssh_key: "~/.ssh/id_borg_rsa" + borgbackup_version: "1.0.11" borgbackup_checksum: "sha256:fbdc0e0d6d05a0935551f2f408f370236a76b7a30d3bb90a31c3628fe3611359" borgbackup_download_url: "https://github.com/borgbackup/borg/releases/download/{{ borgbackup_version }}/borg-linux64" @@ -30,4 +32,4 @@ borgbackup_cron_minute: "{{ 59|random }}" borgbackup_appendonly: False borgbackup_management_station: '' borgbackup_management_user: '' -borgbackup_management_sshkey: '' +borgbackup_management_ssh_pubkey: '' diff --git a/tasks/borg-client.yml b/tasks/borg-client.yml index e525521..79f7420 100644 --- a/tasks/borg-client.yml +++ b/tasks/borg-client.yml @@ -1,9 +1,9 @@ --- - name: client | generate ssh key for this machine - shell: if [ -f ~/.ssh/id_rsa ]; then rm -f ~/.ssh/id_rsa; fi && ssh-keygen -q -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" creates=~/.ssh/id_rsa.pub + shell: if [ -f {{ borgbackup_ssh_key }} ]; then rm -f {{ borgbackup_ssh_key }}; fi && ssh-keygen -q -t rsa -b 4096 -f {{ borgbackup_ssh_key }} -N "" creates="{{ borgbackup_ssh_key }}.pub" - name: client | fetch ssh-key - shell: cat /root/.ssh/id_rsa.pub + shell: "cat {{ borgbackup_ssh_key }}.pub" register: sshkey changed_when: False @@ -14,12 +14,18 @@ line: 'export BORG_PASSPHRASE="{{ borgbackup_passphrase }}"' create: "yes" -- name: client | template sshconfig for backup-hosts (no strict key checking) - template: - src: "ssh.config.j2" - dest: "/root/.ssh/config" - owner: "root" - group: "root" +- name: client | disable strict key checking for backup servers + blockinfile: + dest: /root/.ssh/config + create: yes + marker: "### {mark} ANSIBLE MANAGED BLOCK {{ item.fqdn }} ###" + content: | + Host {{ item.fqdn }} + StrictHostKeyChecking no + {% if item.port is defined %} + Port {{ item.port }} + {% endif %} + with_items: "{{ borgbackup_servers }}" - name: client | put sshpubkey on the normal backupserver authorized_key: diff --git a/tasks/borg-server.yml b/tasks/borg-server.yml index 45e47f6..de53c4f 100644 --- a/tasks/borg-server.yml +++ b/tasks/borg-server.yml @@ -1,16 +1,4 @@ --- -- name: server | install borg backup - get_url: - dest: "/usr/local/bin/borg" - checksum: "{{ borgbackup_checksum }}" - owner: "root" - group: "root" - mode: "0755" - url: "{{ borgbackup_download_url }}" - delegate_to: "{{ item.fqdn }}" - with_items: "{{ borgbackup_servers }}" - when: item.type == 'normal' - - name: server | create user user: name: "{{ item.user }}" @@ -28,4 +16,5 @@ owner: "{{ item.user }}" group: "{{ item.user }}" mode: "0770" + delegate_to: "{{ item.fqdn }}" with_items: "{{ borgbackup_servers }}" diff --git a/tasks/management.yml b/tasks/management.yml index f27a43e..7f280a0 100644 --- a/tasks/management.yml +++ b/tasks/management.yml @@ -10,7 +10,7 @@ - name: management | put management sshpubkey on the normal backupserver authorized_key: user: "{{ item.user }}" - key: "{{ borgbackup_management_sshkey }}" + key: "{{ borgbackup_management_ssh_pubkey }}" delegate_to: "{{ item.fqdn }}" when: item.type == 'normal' with_items: "{{ borgbackup_servers }}" @@ -28,7 +28,7 @@ - name: management | modify local rsync.net authorized_keys authorized_key: user: "{{ ansible_user_id }}" - key: "{{ borgbackup_management_sshkey }}" + key: "{{ borgbackup_management_ssh_pubkey }}" path: "/tmp/rsync.net-{{ item.fqdn }}-authkeys" manage_dir: no delegate_to: localhost diff --git a/templates/ssh.config.j2 b/templates/ssh.config.j2 deleted file mode 100644 index 0b80232..0000000 --- a/templates/ssh.config.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# backup hosts -{% for b in borgbackup_servers %} -Host {{ b.fqdn }} - StrictHostKeyChecking no - {% if b.port is defined %} - Port {{ b.port }} - {% endif %} -{% endfor %}