commit 5fd884c28c04f46a50858198764d6c143c4e6298
parent 06ebd39b6ebf5aae323e0a19a21b25dafeef90bc
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 25 Jan 2025 19:48:03 +0100
add playbook to setup spec to receive backups from pixel
Diffstat:
6 files changed, 90 insertions(+), 2 deletions(-)
diff --git a/playbooks/pixel-borg.yml b/playbooks/pixel-borg.yml
@@ -0,0 +1,5 @@
+---
+- name: Setup Borg repository on spec to receive backups from pixel
+ hosts: all
+ roles:
+ - pixel-borg
diff --git a/roles/borg-start/templates/root/bin/borg-backup.sh b/roles/borg-start/templates/root/bin/borg-backup.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-set -eu
export BORG_REPO='{{ BORG_REPO }}'
export BORG_PASSPHRASE='{{ BORG_PASSPHRASE }}'
diff --git a/roles/pixel-borg/files/home/borg/.ssh/authorized_keys b/roles/pixel-borg/files/home/borg/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMa6q4OspZa8fbV/1AIrfBMKHjezaBwlhuZi1ztnh/ab root@pixel
diff --git a/roles/pixel-borg/tasks/main.yml b/roles/pixel-borg/tasks/main.yml
@@ -0,0 +1,62 @@
+---
+- name: Install Borg package
+ apt:
+ name:
+ - borgbackup
+ state: latest
+ when: ansible_os_family == 'Debian'
+
+- name: Setup group for borg backups from spec
+ ansible.builtin.group:
+ name: borg
+ state: present
+ system: false
+
+- name: Setup user for borg backups from spec
+ ansible.builtin.user:
+ name: borg
+ group: borg
+ password: !
+ system: false
+ create_home: true
+ state: present
+
+- name: Ensure /home/borg/.ssh/ directory exists
+ file:
+ path: "/home/borg/.ssh/"
+ state: directory
+ owner: borg
+ group: borg
+ mode: 0755
+
+- name: Place SSH public key for access by pixel
+ ansible.builtin.template:
+ src: files/home/borg/.ssh/authorized_keys
+ dest: /home/borg/.ssh/authorized_keys
+ owner: borg
+ group: borg
+ mode: 0644
+
+- name: Initialize borg repository
+ ansible.builtin.shell:
+ cmd: borg init --encryption=repokey pixel-backup
+ chdir: /home/borg
+ environment:
+ BORG_PASSPHRASE: "{{ PIXEL_BORG_KEY }}"
+ become: yes
+ become_user: borg
+
+- name: Export borg repository key
+ ansible.builtin.shell:
+ cmd: borg key export pixel-backup/ > borg-repo.key
+ chdir: /home/borg
+ creates: /home/borg/borg-repo.key
+ environment:
+ BORG_PASSPHRASE: "{{ PIXEL_BORG_KEY }}"
+ become: yes
+ become_user: borg
+
+- name: Export borg-repo.key to caller
+ fetch:
+ src: /home/borg/borg-repo.key
+ dest: ../borg-repokey
diff --git a/setup-pixel-borg.sh b/setup-pixel-borg.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -eu
+
+if [ -z ${PIXEL_BORG_KEY:-} ]
+then
+ echo "You need to set the PIXEL_BORG_KEY in your environment before running this script (see admin-log/pixel/03-borg.txt)"
+ exit 1
+fi
+ansible-playbook --extra-vars PIXEL_BORG_KEY="$PIXEL_BORG_KEY" \
+ --inventory inventories/tops \
+ --user root \
+ playbooks/pixel-borg.yml
+mv borg-repokey/*/home/borg/borg-repo.key .
+rm -rf borg-repokey/
+echo "Make sure to back up the borg-repo.key to admin-log/pixel/borg-repo.key"
+exit 0
diff --git a/start-borg-backups.sh b/start-borg-backups.sh
@@ -8,6 +8,10 @@ then
exit 1
fi
-ansible-playbook --verbose --extra-vars BORG_PASSPHRASE="$BORG_PASSPHRASE" --inventory inventories/tops --user root playbooks/borg-start.yml
+ansible-playbook --verbose \
+ --extra-vars BORG_PASSPHRASE="$BORG_PASSPHRASE" \
+ --inventory inventories/tops \
+ --user root \
+ playbooks/borg-start.yml
exit 0
