From 885a617388e34903be3e185c834b707ad6d235ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=BD=C3=A1=C4=8Dek?= Date: Fri, 15 May 2026 21:45:06 +0200 Subject: [PATCH] Fix borg SSH URI and auto-init the remote repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The URI was wrong — BorgWarehouse uses a single shared SSH user (`borgwarehouse`) and routes by the repo id in the path, so the form is `ssh:///./` (not per-repo user with /./repos). Role now also trusts the borg server's SSH host key in root's known_hosts and runs `borg init --encryption=none` (idempotent — treats "already exists" as success) so first backups don't need manual prep. Co-Authored-By: Claude Opus 4.7 (1M context) --- roles/backup/tasks/borgcontroller.yml | 40 ++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/roles/backup/tasks/borgcontroller.yml b/roles/backup/tasks/borgcontroller.yml index 5a3a859..a08392e 100644 --- a/roles/backup/tasks/borgcontroller.yml +++ b/roles/backup/tasks/borgcontroller.yml @@ -87,4 +87,42 @@ - name: Build borg SSH URI ansible.builtin.set_fact: - borgcontroller_repo_uri: "ssh://{{ _bc_repo.repository }}@{{ _bc_config.json.borgSshHost.split('@')[1] }}/./repos" + borgcontroller_repo_uri: "ssh://{{ _bc_config.json.borgSshHost }}/./{{ _bc_repo.id }}" + _bc_borg_host: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[0] }}" + _bc_borg_port: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[1] | default('22') }}" + +- name: Ensure /root/.ssh exists + ansible.builtin.file: + path: /root/.ssh + state: directory + owner: root + group: root + mode: '0700' + +- name: Scan borg server SSH host key + ansible.builtin.command: ssh-keyscan -p {{ _bc_borg_port }} {{ _bc_borg_host }} + register: _bc_keyscan + changed_when: false + check_mode: false + +- name: Trust borg server SSH host key (root known_hosts) + ansible.builtin.lineinfile: + path: /root/.ssh/known_hosts + line: "{{ item }}" + create: true + owner: root + group: root + mode: '0600' + loop: "{{ _bc_keyscan.stdout_lines }}" + when: + - item | length > 0 + - not item.startswith('#') + +- name: Initialize borg repository (no-op if already initialized) + ansible.builtin.command: + cmd: borg init --encryption=none {{ borgcontroller_repo_uri }} + register: _borg_init + changed_when: _borg_init.rc == 0 + failed_when: + - _borg_init.rc != 0 + - "'already exists' not in (_borg_init.stderr | default(''))"