Initial version of duplicity collection

2023-07-26 20:58:07 +02:00 · 2023-07-26 20:58:07 +02:00 · 77b2e50b24
commit 77b2e50b24
17 changed files with 517 additions and 0 deletions
--- a/roles/duplicity-server/defaults/main.yml
+++ b/roles/duplicity-server/defaults/main.yml
@ -0,0 +1,2 @@
+---
+# defaults file for duplicity-server
--- a/roles/duplicity-server/handlers/main.yml
+++ b/roles/duplicity-server/handlers/main.yml
@ -0,0 +1,2 @@
+---
+# handlers file for duplicity-server
--- a/roles/duplicity-server/tasks/main.yml
+++ b/roles/duplicity-server/tasks/main.yml
@ -0,0 +1,144 @@
+---
+# - name: Install required software on servers
+#   become: true
+#   ansible.builtin.package:
+#     name: "{{ item }}"
+#     state: present
+#   with_items:
+#     - duplicity
+#     - sshfs
+#     - python3-packaging
+#     - acl
+
+- name: Create backup user on servers
+  become: true
+  ansible.builtin.user:
+    name: "{{ duplicity_server_user }}"
+    generate_ssh_key: true
+    ssh_key_type: ed25519
+
+- name: Fetch server keys to local system
+  become: true
+  become_user: "{{ duplicity_server_user }}"
+  ansible.builtin.slurp:
+    src: ~/.ssh/id_ed25519.pub
+  register: duplicity_server_key
+  changed_when: false
+
+# - name: "Deploy server ssh keys to clients"
+#   when:
+#     - duplicity_client
+#     - hostvars[item].duplicity_server is defined and hostvars[item].duplicity_server
+#   become: true
+#   ansible.posix.authorized_key:
+#     user: "{{ duplicity_client_user }}"
+#     state: "present"
+#     key: "{{ lookup('file', 'buffer/{{item}}-id_ed25519.pub') }}"
+#   loop: "{{ groups['duplicity'] }}"
+
+# - name: "Fetch sshd fingerprints from clients"
+#   when: duplicity_client
+#   ansible.builtin.fetch:
+#     src: "/etc/ssh/ssh_host_ecdsa_key.pub"
+#     dest: "buffer/{{ ansible_host }}-ssh_host_ecdsa_key.pub"
+#     flat: true
+#   changed_when: false
+
+# - name: "Register client host keys in server"
+#   when:
+#     - duplicity_server
+#     - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client
+#   become: true
+#   become_user: "{{ duplicity_server_user }}"
+#   ansible.builtin.known_hosts:
+#     name: "{{ item }}"
+#     key: "{{ item }} {{ lookup('file', 'buffer/{{item}}-ssh_host_ecdsa_key.pub') }}"
+#   loop: "{{ groups['duplicity'] }}"
+
+# - name: "Test ssh connection from server to client"
+#   when:
+#     - duplicity_server
+#     - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client
+#   become: true
+#   become_user: "{{ duplicity_server_user }}"
+#   ansible.builtin.command: "ssh -o 'BatchMode yes' {{ duplicity_client_user }}@{{ item }} 'echo success'"
+#   changed_when: false
+#   loop: "{{ groups['duplicity'] }}"
+
+# - name: "Set default ACLs on backup data"
+#   when: duplicity_client
+#   become: true
+#   ansible.posix.acl:
+#     path: "{{ item }}"
+#     entity: "{{ duplicity_client_user }}"
+#     etype: "user"
+#     permissions: r-X
+#     default: true
+#     state: present
+#     recursive: true
+#   loop: "{{ duplicity_client_backup_paths }}"
+
+# - name: "Set read ACLs on existing backup data"
+#   when: duplicity_client
+#   become: true
+#   ansible.posix.acl:
+#     path: "{{ item }}"
+#     entity: "{{ duplicity_client_user }}"
+#     etype: "user"
+#     permissions: r-X
+#     state: present
+#     recursive: true
+#   loop: "{{ duplicity_client_backup_paths }}"
+
+# - name: "Ensure gnupg config dir"
+#   when: duplicity_server
+#   become: true
+#   become_user: "{{ duplicity_server_user }}"
+#   ansible.builtin.command:
+#     cmd: "gpg --list-keys"
+#     creates: "/home/{{ duplicity_server_user }}/.gnupg"
+
+
+# - name: "Install encryption key for backups"
+#   when: duplicity_server
+#   become: true
+#   gpg_key:
+#     fpr: "C05AD49B790BAC8E3B573B697B25171F921B9E57"
+#     keyserver: "hkps://keys.openpgp.org"
+#     trust: "5"
+#     homedir: "/home/{{ duplicity_server_user }}/.gnupg"
+
+# - name: "Create backup script path"
+#   when: duplicity_server
+#   become: true
+#   ansible.builtin.file:
+#     path: "{{ duplicity_server_scriptdir }}"
+#     state: "directory"
+#     owner: "{{ duplicity_server_user }}"
+#     group: "{{ duplicity_server_user }}"
+#     mode: "u=rwx,g=rx,o=rx"
+
+# - name: "Create backup scripts for clients"
+#   when:
+#     - duplicity_server
+#     - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client
+#   become: true
+#   become_user: "{{ duplicity_server_user }}"
+#   ansible.builtin.template:
+#     src: "backup-script.j2"
+#     dest: "{{ duplicity_server_scriptdir }}/backup-{{ item }}.sh"
+#     mode: "u=rwx,g=rx,o=rx"
+#   loop: "{{ groups['duplicity'] }}"
+
+# - name: "Register cronjob for clients"
+#   when:
+#     - duplicity_server
+#     - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client
+#   become: true
+#   ansible.builtin.cron:
+#     name: "backup-{{ item }}"
+#     user: "{{ duplicity_server_user }}"
+#     job: "{{ duplicity_server_scriptdir }}/backup-{{ item }}.sh"
+#     minute: "{{ hostvars[item].duplicity_client_backup_minute }}"
+#     hour: "{{ hostvars[item].duplicity_client_backup_hour }}"
+#   loop: "{{ groups['duplicity'] }}"
--- a/roles/duplicity-server/tests/inventory
+++ b/roles/duplicity-server/tests/inventory
@ -0,0 +1,2 @@
+localhost
+
--- a/roles/duplicity-server/tests/test.yml
+++ b/roles/duplicity-server/tests/test.yml
@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - duplicity-server
--- a/roles/duplicity-server/vars/main.yml
+++ b/roles/duplicity-server/vars/main.yml
@ -0,0 +1,2 @@
+---
+# vars file for duplicity-server