jakub 54e111338d Encrypt borg repos with repokey-blake2 + shared passphrase ...

borg_passphrase is required (Semaphore secret, same across hosts).
The role writes it to /etc/borgmatic/passphrase (0600 root) and
configures borgmatic to use BORG_PASSCOMMAND=cat /etc/borgmatic/passphrase,
and runs `borg init --encryption=repokey-blake2` with BORG_PASSPHRASE in
the env. no_log on the tasks that touch the passphrase.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 21:58:14 +02:00

group_vars/all

Auto-register borg repo on the controller per host

2026-05-15 21:37:10 +02:00

initial_install

Update initial_install/roles/freeipa_client/tasks/main.yml

2026-04-24 20:44:46 +00:00

roles

Encrypt borg repos with repokey-blake2 + shared passphrase

2026-05-15 21:58:14 +02:00

.gitignore

Auto-register borg repo on the controller per host

2026-05-15 21:37:10 +02:00

backup.yml

Add backup role and manage_ssh_keys role

2026-05-15 18:38:11 +02:00

homarr.yml

Add homarr.yml

2026-01-09 18:23:56 +00:00

initial_setup.yml

Update initial_setup.yml

2026-03-23 17:09:47 +00:00

inv_linuxes

Update inv_linuxes

2026-05-06 14:40:39 +00:00

inv_mikrotiks

Update inv_mikrotiks

2026-02-14 00:01:21 +00:00

mikrotikbackup_clean.yml

Update mikrotikbackup_clean.yml

2026-03-25 10:50:50 +00:00

mikrotikbackup.yml

Update mikrotikbackup.yml

2026-02-13 14:38:51 +00:00

remove_ssh_key_playbook.yml

Add backup role and manage_ssh_keys role

2026-05-15 18:38:11 +02:00

requirements.yml

Add requirements.yml

2026-02-13 22:47:42 +00:00

test_sms.yml

Update test_sms.yml

2026-04-13 16:50:08 +00:00

update.yml

Update update.yml

2026-03-11 16:35:49 +00:00

users-ssh.yml

Update users-ssh.yml

2026-02-20 14:10:11 +00:00

S

Description

No description provided

1.6 MiB

Languages

Jinja 100%