fetch user certificate for backup server
This commit is contained in:
parent
180445348e
commit
3c41b72c9b
6 changed files with 61 additions and 6 deletions
|
@ -1,5 +1,6 @@
|
||||||
borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
|
borg_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max"
|
||||||
dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
|
dataserver_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D root@lewis"
|
||||||
|
user_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRBrKmIKP5BFhLSdntatIgSC0R/D9EEZlak5Yt0DfUe root@lewis"
|
||||||
kingston1tb_mount_point: "/mnt/kingston1TB"
|
kingston1tb_mount_point: "/mnt/kingston1TB"
|
||||||
kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"
|
kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"
|
||||||
backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
|
backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
name: borgbackup
|
name: borgbackup
|
||||||
- name: Add Borg public key
|
- name: Add Borg public key
|
||||||
authorized_key:
|
authorized_key:
|
||||||
key: "ssh-ed25519 {{ borg_public_key }} root@max"
|
key: "{{ borg_public_key }}"
|
||||||
user: "{{ ansible_user_id }}"
|
user: "{{ ansible_user_id }}"
|
||||||
- name: Create Borg repository
|
- name: Create Borg repository
|
||||||
command:
|
command:
|
||||||
|
|
1
roles/system/files/ssh.conf
Normal file
1
roles/system/files/ssh.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
|
25
roles/system/files/ssh_user_ed25519_key
Normal file
25
roles/system/files/ssh_user_ed25519_key
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
35346438336463383831313235653538373964643631303961373865643332623636383161333934
|
||||||
|
3531363564313239623935343032376535333962336336350a666439303639363735626562323530
|
||||||
|
39613366343331643331663434303531613230373934376537646665633630356462333932613537
|
||||||
|
3465383636323934300a343264636565623166646266313764643262343532376336333763363662
|
||||||
|
30623133303436373936323534366335663439626633313138366565303037323034613164646663
|
||||||
|
31366366346561623039633035373638636464626237353566376666643039626334633863626565
|
||||||
|
66356538326464363465623035396534663033646336393265326339346363376666396565346130
|
||||||
|
66313634373931323738613863653066313034373361646530666561633463626536633963613236
|
||||||
|
31616561316366633865383336363832663066343666356437616332376565326630316538663236
|
||||||
|
65383234643439633737336639306232383862366230316262353639313833393138643464393734
|
||||||
|
61313463323961623264386334666462623039663138326434643339633165393533386665393839
|
||||||
|
34643762643864316331343562366139343432313332356232386139663564323338633139363930
|
||||||
|
61346139346430643966346363393331616264396133613362393066363039303164623730356536
|
||||||
|
35313138613536626665393239663532663061636433316232393839323732393635316634376464
|
||||||
|
39313439656131643436393830356662383537353730373132346639366636613830616562613164
|
||||||
|
65623333663763653364616638663833333732356238303130626161653139646563633433353865
|
||||||
|
64346235616331363338303265396437623264353066646439643264646665343962373237376131
|
||||||
|
30326564623264336365653666616331616138356235323961323134373265646434643065666661
|
||||||
|
63616534333631323132663532623135393632333236613162623932316261316165616331396261
|
||||||
|
66383862303763313032653565323934303366313765326330303032353937386434656134336433
|
||||||
|
30616531323762343539666331336132313530316637393564643530303135366263633531393334
|
||||||
|
30346632383139333263326265356133316435636663613130626566333730623739653936366138
|
||||||
|
33663165616336363361323631643331346238333635623135623364663234366666393034663132
|
||||||
|
64616234633735636164
|
|
@ -4,12 +4,41 @@
|
||||||
user: "{{ ansible_user_id }}"
|
user: "{{ ansible_user_id }}"
|
||||||
loop: "{{ admin_public_keys }}"
|
loop: "{{ admin_public_keys }}"
|
||||||
- name: Copy host public key
|
- name: Copy host public key
|
||||||
template:
|
copy:
|
||||||
src: "{{ role_path }}/templates/ssh_host_ed25519_key.pub.j2"
|
|
||||||
dest: "/etc/ssh/ssh_host_ed25519_key.pub"
|
dest: "/etc/ssh/ssh_host_ed25519_key.pub"
|
||||||
|
content: "{{ dataserver_public_key }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
- name: Copy host private key
|
- name: Copy host private key
|
||||||
copy:
|
copy:
|
||||||
src: "{{ role_path }}/files/ssh_host_ed25519_key"
|
src: "{{ role_path }}/files/ssh_host_ed25519_key"
|
||||||
dest: "/etc/ssh/ssh_host_ed25519_key"
|
dest: "/etc/ssh/ssh_host_ed25519_key"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
- name: Copy user public key
|
||||||
|
copy:
|
||||||
|
dest: "/etc/ssh/ssh_user_ed25519_key.pub"
|
||||||
|
content: "{{ user_public_key }}"
|
||||||
|
mode: 0644
|
||||||
|
- name: Copy user private key
|
||||||
|
copy:
|
||||||
|
src: "{{ role_path }}/files/ssh_user_ed25519_key"
|
||||||
|
dest: "/etc/ssh/ssh_user_ed25519_key"
|
||||||
|
mode: 0600
|
||||||
|
- name: Copy ssh config
|
||||||
|
copy:
|
||||||
|
src: "{{ role_path }}/files/ssh.conf"
|
||||||
|
dest: "/etc/ssh/ssh_config.d/custom.conf"
|
||||||
|
- name: Check certificate existance
|
||||||
|
stat:
|
||||||
|
path: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
|
||||||
|
register: cert_stat
|
||||||
|
- name: Generate user certificate
|
||||||
|
command:
|
||||||
|
cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'"
|
||||||
|
register: cert
|
||||||
|
delegate_to: localhost
|
||||||
|
when: not cert_stat.stat.exists
|
||||||
|
- name: Place user certificate
|
||||||
|
copy:
|
||||||
|
dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
|
||||||
|
content: "{{ cert.stdout }}"
|
||||||
|
when: not cert_stat.stat.exists
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-ed25519 {{ dataserver_public_key }} root@lewis
|
|
Reference in a new issue