lewis/roles/system/tasks/main.yml

- name: Install sshfs
  apt:
    name: sshfs
- name: Add admins' authorized keys
  authorized_key:
    key: "{{ item }}"
    user: "{{ ansible_user_id }}"
  loop: "{{ admin_public_keys }}"
- name: Copy host public key
  copy:
    dest: "/etc/ssh/ssh_host_ed25519_key.pub"
    content: "{{ dataserver_public_key }}"
    mode: 0644
- name: Copy host private key
  copy:
    src: "{{ role_path }}/files/ssh_host_ed25519_key"
    dest: "/etc/ssh/ssh_host_ed25519_key"
    mode: 0600
- name: Copy user public key
  copy:
    dest: "/etc/ssh/ssh_user_ed25519_key.pub"
    content: "{{ user_public_key }}"
    mode: 0644
- name: Copy user private key
  copy:
    src: "{{ role_path }}/files/ssh_user_ed25519_key"
    dest: "/etc/ssh/ssh_user_ed25519_key"
    mode: 0600
- name: Copy ssh config
  copy:
    src: "{{ role_path }}/files/ssh.conf"
    dest: "/etc/ssh/ssh_config.d/custom.conf"
- name: Check certificate existance
  stat:
    path: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
  register: cert_stat
- name: Generate user certificate
  command:
    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.lan \"backup\"'"
  register: cert
  delegate_to: localhost
  when: not cert_stat.stat.exists
- name: Place user certificate
  copy:
    dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
    content: "{{ cert.stdout }}"
    mode: 0600
  when: not cert_stat.stat.exists
- name: Create point mount for atlas data
  file:
    path: /mnt/atlas
    state: directory
- name: Mount atlas data
  mount:
    src: "backup-share@atlas.lan:"
    path: "/mnt/atlas"
    state: mounted
    fstype: fuse.sshfs
    opts: "x-systemd.automount,_netdev,idmap=user,allow_other,reconnect,ro,ServerAliveInterval=15,ServerAliveCountMax=3"