jakub
4275f2e8fe
The role now ensures the systemd timer is running (so backups actually fire on the schedule borgmatic ships by default) and generates an ed25519 key for root that can be authorized on the remote borg server. Also adds a testipaclient entry to backup_hosts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
---
|
|
- name: Skip hosts without backup config
|
|
ansible.builtin.debug:
|
|
msg: "No entry in backup_hosts for {{ inventory_hostname }}; skipping backup role."
|
|
when: inventory_hostname not in (backup_hosts | default({}))
|
|
|
|
- name: Configure borgmatic
|
|
when: inventory_hostname in (backup_hosts | default({}))
|
|
block:
|
|
|
|
- name: Install borgmatic
|
|
ansible.builtin.package:
|
|
name: borgmatic
|
|
state: present
|
|
|
|
- name: Ensure /etc/borgmatic exists
|
|
ansible.builtin.file:
|
|
path: /etc/borgmatic
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0750'
|
|
|
|
- name: Deploy borgmatic config
|
|
ansible.builtin.template:
|
|
src: borgmatic.yaml.j2
|
|
dest: /etc/borgmatic/config.yaml
|
|
owner: root
|
|
group: root
|
|
mode: '0640'
|
|
|
|
- name: Ensure root has an SSH key for the borg server
|
|
ansible.builtin.user:
|
|
name: root
|
|
generate_ssh_key: true
|
|
ssh_key_type: ed25519
|
|
ssh_key_file: .ssh/id_ed25519
|
|
ssh_key_comment: "borgmatic@{{ inventory_hostname }}"
|
|
register: root_ssh
|
|
|
|
- name: Show root's SSH public key (add this to the borg server's authorized_keys)
|
|
ansible.builtin.debug:
|
|
msg: "{{ root_ssh.ssh_public_key }}"
|
|
|
|
- name: Enable and start borgmatic timer
|
|
ansible.builtin.systemd:
|
|
name: borgmatic.timer
|
|
enabled: true
|
|
state: started
|