Imports backup.yml from setup_linux.yml so the backup play is
reachable from the umbrella playbook via --tags backup. Also adds
a backup_hosts entry for portainer1-jim.im.lab (5GB, /data/compose).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Carry forward the local-account rename from the direct edit on
initial_setup.yml into the new canonical users list.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move the canonical user list to group_vars/all/users.yml so both
setup_linux.yml (renamed from initial_setup.yml) and the
initial_install users role consume the same source of truth.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
backup role now logs into borgcontroller and creates (or looks up) a
repository with alias=inventory_hostname, registering root's pubkey and
the requested storageSize. The resulting SSH URI is injected into the
borgmatic config so each host gets a remote-managed repo without manual
config.
backup_hosts entries gain a `storage_size_gb` field (stripped before
templating) and lose the manual `repositories` entry — the role fills it.
borgcontroller_{username,password} are expected from Semaphore secrets.
Also gitignores .claude/ local state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The role now ensures the systemd timer is running (so backups actually
fire on the schedule borgmatic ships by default) and generates an
ed25519 key for root that can be authorized on the remote borg server.
Also adds a testipaclient entry to backup_hosts.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Borgmatic backup role driven by per-host config in group_vars/all/backup.yml
- manage_ssh_keys role with add/remove paths; remove_ssh_key_playbook.yml uses it
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jakub
