Auto-register borg repo on the controller per host

backup role now logs into borgcontroller and creates (or looks up) a repository with alias=inventory_hostname, registering root's pubkey and the requested storageSize. The resulting SSH URI is injected into the borgmatic config so each host gets a remote-managed repo without manual config. backup_hosts entries gain a `storage_size_gb` field (stripped before templating) and lose the manual `repositories` entry — the role fills it. borgcontroller_{username,password} are expected from Semaphore secrets. Also gitignores .claude/ local state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 21:37:10 +02:00
parent 4275f2e8fe
commit 0a97f00356
5 changed files with 131 additions and 19 deletions
@@ -21,14 +21,6 @@
        group: root
        mode: '0750'

-    - name: Deploy borgmatic config
-      ansible.builtin.template:
-        src: borgmatic.yaml.j2
-        dest: /etc/borgmatic/config.yaml
-        owner: root
-        group: root
-        mode: '0640'
-
    - name: Ensure root has an SSH key for the borg server
      ansible.builtin.user:
        name: root
@@ -38,9 +30,33 @@
        ssh_key_comment: "borgmatic@{{ inventory_hostname }}"
      register: root_ssh

-    - name: Show root's SSH public key (add this to the borg server's authorized_keys)
-      ansible.builtin.debug:
-        msg: "{{ root_ssh.ssh_public_key }}"
+    - name: Register / look up repository on borg controller
+      ansible.builtin.include_tasks: borgcontroller.yml
+      when:
+        - borgcontroller_username is defined
+        - borgcontroller_password is defined
+
+    - name: Build borgmatic config (strip controller-only keys, inject repository)
+      ansible.builtin.set_fact:
+        _borgmatic_config: >-
+          {{
+            (backup_hosts[inventory_hostname]
+             | dict2items
+             | rejectattr('key', 'in', ['storage_size_gb'])
+             | items2dict)
+            | combine(
+                {'repositories': [{'path': borgcontroller_repo_uri, 'label': inventory_hostname}]}
+                if borgcontroller_repo_uri is defined else {}
+              )
+          }}
+
+    - name: Deploy borgmatic config
+      ansible.builtin.template:
+        src: borgmatic.yaml.j2
+        dest: /etc/borgmatic/config.yaml
+        owner: root
+        group: root
+        mode: '0640'

    - name: Enable and start borgmatic timer
      ansible.builtin.systemd: