--- # - name: Install required software on servers # become: true # ansible.builtin.package: # name: "{{ item }}" # state: present # with_items: # - duplicity # - sshfs # - python3-packaging # - acl - name: Create backup user on servers become: true ansible.builtin.user: name: "{{ duplicity_server_user }}" generate_ssh_key: true ssh_key_type: ed25519 - name: Fetch server keys to local system become: true become_user: "{{ duplicity_server_user }}" ansible.builtin.slurp: src: ~/.ssh/id_ed25519.pub register: duplicity_server_key changed_when: false # - name: "Deploy server ssh keys to clients" # when: # - duplicity_client # - hostvars[item].duplicity_server is defined and hostvars[item].duplicity_server # become: true # ansible.posix.authorized_key: # user: "{{ duplicity_client_user }}" # state: "present" # key: "{{ lookup('file', 'buffer/{{item}}-id_ed25519.pub') }}" # loop: "{{ groups['duplicity'] }}" # - name: "Fetch sshd fingerprints from clients" # when: duplicity_client # ansible.builtin.fetch: # src: "/etc/ssh/ssh_host_ecdsa_key.pub" # dest: "buffer/{{ ansible_host }}-ssh_host_ecdsa_key.pub" # flat: true # changed_when: false # - name: "Register client host keys in server" # when: # - duplicity_server # - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client # become: true # become_user: "{{ duplicity_server_user }}" # ansible.builtin.known_hosts: # name: "{{ item }}" # key: "{{ item }} {{ lookup('file', 'buffer/{{item}}-ssh_host_ecdsa_key.pub') }}" # loop: "{{ groups['duplicity'] }}" # - name: "Test ssh connection from server to client" # when: # - duplicity_server # - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client # become: true # become_user: "{{ duplicity_server_user }}" # ansible.builtin.command: "ssh -o 'BatchMode yes' {{ duplicity_client_user }}@{{ item }} 'echo success'" # changed_when: false # loop: "{{ groups['duplicity'] }}" # - name: "Set default ACLs on backup data" # when: duplicity_client # become: true # ansible.posix.acl: # path: "{{ item }}" # entity: "{{ duplicity_client_user }}" # etype: "user" # permissions: r-X # default: true # state: present # recursive: true # loop: "{{ duplicity_client_backup_paths }}" # - name: "Set read ACLs on existing backup data" # when: duplicity_client # become: true # ansible.posix.acl: # path: "{{ item }}" # entity: "{{ duplicity_client_user }}" # etype: "user" # permissions: r-X # state: present # recursive: true # loop: "{{ duplicity_client_backup_paths }}" # - name: "Ensure gnupg config dir" # when: duplicity_server # become: true # become_user: "{{ duplicity_server_user }}" # ansible.builtin.command: # cmd: "gpg --list-keys" # creates: "/home/{{ duplicity_server_user }}/.gnupg" # - name: "Install encryption key for backups" # when: duplicity_server # become: true # gpg_key: # fpr: "C05AD49B790BAC8E3B573B697B25171F921B9E57" # keyserver: "hkps://keys.openpgp.org" # trust: "5" # homedir: "/home/{{ duplicity_server_user }}/.gnupg" # - name: "Create backup script path" # when: duplicity_server # become: true # ansible.builtin.file: # path: "{{ duplicity_server_scriptdir }}" # state: "directory" # owner: "{{ duplicity_server_user }}" # group: "{{ duplicity_server_user }}" # mode: "u=rwx,g=rx,o=rx" # - name: "Create backup scripts for clients" # when: # - duplicity_server # - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client # become: true # become_user: "{{ duplicity_server_user }}" # ansible.builtin.template: # src: "backup-script.j2" # dest: "{{ duplicity_server_scriptdir }}/backup-{{ item }}.sh" # mode: "u=rwx,g=rx,o=rx" # loop: "{{ groups['duplicity'] }}" # - name: "Register cronjob for clients" # when: # - duplicity_server # - hostvars[item].duplicity_client is defined and hostvars[item].duplicity_client # become: true # ansible.builtin.cron: # name: "backup-{{ item }}" # user: "{{ duplicity_server_user }}" # job: "{{ duplicity_server_scriptdir }}/backup-{{ item }}.sh" # minute: "{{ hostvars[item].duplicity_client_backup_minute }}" # hour: "{{ hostvars[item].duplicity_client_backup_hour }}" # loop: "{{ groups['duplicity'] }}"