home/hypervisors
Archived
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2023-12-26. You can view files and clone it, but cannot push or open issues or pull requests.
hypervisors/ansible/roles/backupng/tasks/main.yml

115 lines
3.2 KiB
YAML
Raw Normal View History

move to push backups
2023-04-25 20:02:00 +00:00
- name: Generate user key pair
openssh_keypair:
path: /etc/ssh/ssh_user_ed25519_key
type: ed25519
comment: "{{ ansible_fqdn }}"
register: user_key
- name: Check whether user certificate exists
stat:
path: /etc/ssh/ssh_user_ed25519_key-cert.pub
register: cert_stat
- name: Generate SSH user certificate
command:
cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@atlas.hyp '/root/ssh_ca/ssh_ca.sh user hyp_user \"{{ user_key.public_key }}\" {{ ansible_fqdn }} \"hypervisor\"'"
register: user_certificate
delegate_to: localhost
when: not cert_stat.stat.exists
- name: Place user certificate
copy:
dest: /etc/ssh/ssh_user_ed25519_key-cert.pub
content: "{{ user_certificate.stdout }}"
mode: 0644
when: not cert_stat.stat.exists
- name: Enable user certificate
copy:
src: "{{ role_path }}/files/ssh_user_certificate.conf"
dest: /etc/ssh/ssh_config.d/user_certificate.conf
- name: Install Borg
apt:
pkg:
- borgbackup
- borgmatic
- name: Copy Borgmatic script
template:
src: "{{ role_path }}/files/backup.yml"
dest: /root/backup.yml
- name: Copy start_vms.sh
copy:
src: "{{ role_path }}/files/start_vms.sh"
dest: /root/start_vms.sh
mode: preserve
- name: Copy stop_vms.sh
copy:
src: "{{ role_path }}/files/stop_vms.sh"
dest: /root/stop_vms.sh
mode: preserve
- name: Copy systemd backup unit
copy:
src: "{{ role_path }}/files/backup.service"
dest: /etc/systemd/system/backup.service
notify: systemd daemon reload
- name: Copy systemd backup timer
copy:
src: "{{ role_path }}/files/backup.timer"
dest: /etc/systemd/system/backup.timer
notify: systemd daemon reload
- name: Enable backup timer
systemd:
name: backup.timer
enabled: true
state: started
- name: Add SSH host CA known host
known_hosts:
key: '@cert-authority *.dmz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ'
name: '@cert-authority *.dmz'
path: /etc/ssh/ssh_known_hosts
- name: Add SSH host CA known host
known_hosts:
key: '@cert-authority *.hyp ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb Host Certficate Authority for HYP'
name: '@cert-authority *.hyp'
path: /etc/ssh/ssh_known_hosts
- name: Generate host key pair
openssh_keypair:
path: /etc/ssh/ssh_host_ed25519_key
type: ed25519
comment: "{{ ansible_host }}"
register: host_key
- name: Check whether host certificate exists
stat:
path: /etc/ssh/ssh_host_ed25519_key-cert.pub
register: cert_stat
- name: Generate SSH host certificate
command:
cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@atlas.hyp '/root/ssh_ca/ssh_ca.sh host hyp_host \"{{ host_key.public_key }}\" {{ ansible_host }}'"
register: host_certificate
delegate_to: localhost
when: not cert_stat.stat.exists
- name: Place host certificate
copy:
dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
content: "{{ host_certificate.stdout }}"
mode: 0644
when: not cert_stat.stat.exists
- name: Enable host certificate
copy:
dest: /etc/ssh/sshd_config.d/sshd_host_certificate.conf
content: "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub"
Reference in a new issue Copy permalink