--- - name: client | generate ssh key for this machine user: name: "{{ borgbackup_client_user }}" generate_ssh_key: true ssh_key_bits: 2048 ssh_key_file: "{{ borgbackup_ssh_key }}" ssh_key_type: rsa - name: client | fetch ssh-key shell: "cat {{ borgbackup_ssh_key }}.pub" register: sshkey changed_when: false - name: client | write passphrase lineinfile: dest: "~{{ borgbackup_client_user }}/.borg.passphrase" state: "present" line: 'export BORG_PASSPHRASE="{{ borgbackup_passphrase }}"' create: true - name: client | disable strict key checking for backup servers blockinfile: dest: "~{{ borgbackup_client_user }}/.ssh/config" create: true marker: "### {mark} ANSIBLE MANAGED BLOCK {{ item.fqdn }} ###" content: | Host {{ item.fqdn }} StrictHostKeyChecking no IdentityFile {{ borgbackup_ssh_key }} {% if item.port is defined %} Port {{ item.port }} {% endif %} with_items: "{{ borgbackup_servers }}" - name: client | put non management sshpubkey on the normal backupserver authorized_key: user: "{{ item.user }}" key: "{{ sshkey.stdout }}" key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve {% if borgbackup_appendonly %}--append-only {% endif %}--restrict-to-path {{ item.home }}/{{ item.pool }}/{{ inventory_hostname }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc' delegate_to: "{{ item.fqdn }}" when: inventory_hostname != borgbackup_management_station with_items: "{{ borgbackup_servers }}" - name: client | put management sshpubkey on backupservers, no appendonly nor path restriction authorized_key: user: "{{ item.user }}" key: "{{ sshkey.stdout }}" key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve ",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc' delegate_to: "{{ item.fqdn }}" when: inventory_hostname == borgbackup_management_station with_items: "{{ borgbackup_servers }}" - name: client | put wrapper script template: src: "borg-backup.sh.j2" dest: "/usr/local/bin/borg-backup" owner: "{{ borgbackup_owner }}" group: "{{ borgbackup_group }}" mode: "0744" - name: client | create backup-directory on backup server shell: /usr/local/bin/borg-backup init become_user: "{{ borgbackup_client_user }}" register: backup_init changed_when: "'Remember your passphrase' in backup_init.stderr" - name: client | create backup cronjob cron: cron_file: "borg-backup" user: "{{ borgbackup_client_user }}" name: "borg-backup" minute: "{{ borgbackup_cron_minute }}" hour: "{{ borgbackup_cron_hour }}" day: "{{ borgbackup_cron_day }}" job: "/usr/local/bin/borg-backup backup" - name: client | create log directory file: path: "/var/log/borgbackup" state: "directory" owner: "root" group: "root" mode: "0755"