add data server

Makefile

@@ -31,4 +31,7 @@ kms:
 borg:
 	ansible-playbook playbooks/borg.yml -i inventory/hosts.yml --ask-vault-pass
 
+dataserver:
+	ansible-playbook playbooks/dataserver.yml -i inventory/hosts.yml
+
 .PHONY: run

inventory/group_vars/all.yml

@@ -0,0 +1,2 @@
+borg_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max"
+backup_location: "/root/homeserver_backup"

inventory/hosts.yml

@@ -1,7 +1,12 @@
 all:
   children:
-    homeservers:
+    homeserver:
       hosts:
         max:
           ansible_user: root
           ansible_host: max.lan
+    dataserver:
+      hosts:
+        lewis:
+          ansible_user: root
+          ansible_host: lewis.lan

playbooks/all.yml

@@ -1,5 +1,5 @@
-- name: Setup everything
-  hosts: homeservers
+- name: Setup homeserver
+  hosts: homeserver
   roles:
     - ssh
     - borg
@@ -10,3 +10,7 @@
     - forgejo
     - radicale
     - mastodon
+- name: Setup dataserver
+  hosts: dataserver
+  roles:
+    - dataserver

playbooks/borg.yml

@@ -1,4 +1,4 @@
 - name: Install borg
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - borg

playbooks/dataserver.yml

@@ -0,0 +1,4 @@
+- name: Install dataserver
+  hosts: dataserver
+  roles:
+    - dataserver

playbooks/firewall.yml

@@ -1,4 +1,4 @@
 - name: Configure firewall
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - firewall

playbooks/forgejo.yml

@@ -1,4 +1,4 @@
 - name: Install forgejo
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - forgejo

playbooks/kms.yml

@@ -1,4 +1,4 @@
 - name: Install kms stateless server
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - kms

playbooks/mastodon.yml

@@ -1,4 +1,4 @@
 - name: Install Mastodon
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - mastodon

playbooks/nsd.yml

@@ -1,4 +1,4 @@
 - name: Install nsd
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - nsd

playbooks/pizzeria.yml

@@ -1,4 +1,4 @@
 - name: Install pizzeria static website
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - pizzeria

playbooks/radicale.yml

@@ -1,4 +1,4 @@
 - name: Install Radicale
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - radicale

playbooks/ssh.yml

@@ -1,4 +1,4 @@
 - name: Configure SSH
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - ssh

playbooks/syncthing.yml

@@ -1,4 +1,4 @@
 - name: Install syncthing
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - syncthing

playbooks/traefik.yml

@@ -1,4 +1,4 @@
 - name: Install traefik
-  hosts: homeservers
+  hosts: homeserver
   roles:
     - traefik

roles/borg/files/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max

roles/borg/tasks/main.yml

@@ -11,11 +11,6 @@
   template:
     src: "{{ role_path }}/templates/backup.yml.j2"
     dest: "{{ service_dir }}/backup.yml"
-- name: Copy public key
-  copy:
-    src: "{{ role_path }}/files/id_ed25519.pub"
-    dest: "{{ service_dir }}/id_ed25519.pub"
-    mode: 0644
 - name: Copy private key
   copy:
     src: "{{ role_path }}/files/id_ed25519"

roles/borg/templates/backup.yml.j2

@@ -2,7 +2,7 @@ location:
     source_directories:
         - {{ base_data_dir }}
     repositories:
-        - ssh://root@lewis.lan/root/homeserver_backup
+        - ssh://root@lewis.lan/{{ backup_location }}
 retention:
     keep_daily: 7
     keep_weekly: 4

roles/dataserver/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: APT upgrade
+  apt:
+    autoremove: true
+    upgrade: yes
+    state: latest
+    update_cache: yes
+    cache_valid_time: 86400 # One day
+- name: Install borg
+  apt:
+    name: borgbackup
+- name: Add Borg public key
+  authorized_key:
+    key: "{{ borg_public_key }}"
+    user: "{{ ansible_user_id }}"
+- name: Create Borg repository
+  command:
+    cmd: "borg init -e none {{ backup_location }}"
+    creates: "{{ backup_location }}"