--- - name: Login to borg controller ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/auth/login" method: POST body_format: json body: username: "{{ borgcontroller_username }}" password: "{{ borgcontroller_password }}" status_code: 200 delegate_to: localhost become: false register: _bc_login no_log: true - name: Get borg server SSH endpoint ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/config" method: GET headers: Cookie: "{{ _bc_login.cookies_string }}" delegate_to: localhost become: false register: _bc_config - name: List repositories ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/repositories" method: GET headers: Cookie: "{{ _bc_login.cookies_string }}" delegate_to: localhost become: false register: _bc_repos - name: Find existing repository for this host ansible.builtin.set_fact: _bc_existing: >- {{ _bc_repos.json | selectattr('alias', 'eq', inventory_hostname) | list }} - name: Create repository if missing ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/repositories" method: POST body_format: json body: alias: "{{ inventory_hostname }}" sshPublicKey: "{{ root_ssh.ssh_public_key }}" storageSize: "{{ backup_hosts[inventory_hostname].storage_size_gb | int }}" headers: Cookie: "{{ _bc_login.cookies_string }}" status_code: [200, 201] delegate_to: localhost become: false when: _bc_existing | length == 0 - name: Update repository SSH key if root's key changed ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/repositories/{{ _bc_existing[0].id }}" method: PATCH body_format: json body: sshPublicKey: "{{ root_ssh.ssh_public_key }}" headers: Cookie: "{{ _bc_login.cookies_string }}" status_code: 200 delegate_to: localhost become: false when: - _bc_existing | length > 0 - _bc_existing[0].sshPublicKey != root_ssh.ssh_public_key - name: Re-list repositories after possible create/update ansible.builtin.uri: url: "{{ borgcontroller_url }}/api/repositories" method: GET headers: Cookie: "{{ _bc_login.cookies_string }}" delegate_to: localhost become: false register: _bc_repos_after - name: Resolve repository for this host ansible.builtin.set_fact: _bc_repo: >- {{ (_bc_repos_after.json | selectattr('alias', 'eq', inventory_hostname) | list)[0] }} - name: Build borg SSH URI ansible.builtin.set_fact: borgcontroller_repo_uri: "ssh://{{ _bc_config.json.borgSshHost }}/./{{ _bc_repo.id }}" _bc_borg_host: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[0] }}" _bc_borg_port: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[1] | default('22') }}" - name: Ensure /root/.ssh exists ansible.builtin.file: path: /root/.ssh state: directory owner: root group: root mode: '0700' - name: Scan borg server SSH host key ansible.builtin.command: ssh-keyscan -p {{ _bc_borg_port }} {{ _bc_borg_host }} register: _bc_keyscan changed_when: false check_mode: false - name: Trust borg server SSH host key (root known_hosts) ansible.builtin.lineinfile: path: /root/.ssh/known_hosts line: "{{ item }}" create: true owner: root group: root mode: '0600' loop: "{{ _bc_keyscan.stdout_lines }}" when: - item | length > 0 - not item.startswith('#') - name: Initialize borg repository (no-op if already initialized) ansible.builtin.command: cmd: borg init --encryption=repokey-blake2 {{ borgcontroller_repo_uri }} environment: BORG_PASSPHRASE: "{{ borg_passphrase }}" register: _borg_init changed_when: _borg_init.rc == 0 failed_when: - _borg_init.rc != 0 - "'already exists' not in (_borg_init.stderr | default(''))" no_log: true