foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rclone: Add ssh key generation and run as backup

Browse source
This commit is contained in:
Timo Makinen 2024-04-07 17:21:41 +00:00
parent 5dc08701b2
commit 0a724359dc
2 changed files with 39 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

49
roles/rclone/tasks/main.yml
View file

@ -8,25 +8,55 @@
ansible.builtin.file: ansible.builtin.file:
path: /etc/rclone path: /etc/rclone
state: directory state: directory
mode: "0755" mode: "0750"
owner: root owner: root
group: "{{ ansible_wheel }}" group: backup
- name: Create host config - name: Create host config
ansible.builtin.template: ansible.builtin.template:
dest: /etc/rclone/rclone.conf dest: /etc/rclone/rclone.conf
src: rclone.conf.j2 src: rclone.conf.j2
mode: "0644" mode: "0640"
owner: root owner: root
group: "{{ ansible_wheel }}" group: backup
- name: Create ssh keys
ansible.builtin.command:
argv:
- ssh-keygen
- -t
- ed25519
- -C
- "backup@{{ inventory_hostname }}"
- -N
- ""
- -f
- /etc/rclone/id_ed25519
creates: /etc/rclone/id_ed25519
- name: Fix ssh key permissions
ansible.builtin.file:
path: "{{ item }}"
owner: root
group: backup
mode: "0640"
with_items:
- /etc/rclone/id_ed25519
- /etc/rclone/id_ed25519.pub
- name: Fetch ssh public key
ansible.builtin.fetch:
src: /etc/rclone/id_ed25519.pub
dest: ../files/ssh/backup.pub
flat: true
- name: Create log directory - name: Create log directory
ansible.builtin.file: ansible.builtin.file:
path: /var/log/rclone path: /var/log/rclone
state: directory state: directory
mode: "0750" mode: "0750"
owner: "{{ local_user | default('root') }}" owner: backup
group: "{{ local_user | default(ansible_wheel) }}" group: backup
- name: Copy rclone sync script - name: Copy rclone sync script
ansible.builtin.copy: ansible.builtin.copy:
@ -40,16 +70,13 @@
ansible.builtin.cron: ansible.builtin.cron:
name: MAILTO name: MAILTO
env: true env: true
user: "{{ local_user }}" user: backup
value: root value: root
when:
- local_user is defined
- local_user != "root"
- name: Add rclone sync cron job - name: Add rclone sync cron job
ansible.builtin.cron: ansible.builtin.cron:
name: rclone-sync name: rclone-sync
user: "{{ local_user | default('root') }}" user: backup
hour: "3" hour: "3"
minute: "{{ 60 | random(seed=inventory_hostname) }}" minute: "{{ 60 | random(seed=inventory_hostname) }}"
job: /usr/local/bin/rclone-sync job: /usr/local/bin/rclone-sync

2
roles/rclone/templates/rclone.conf.j2
View file

@ -5,6 +5,6 @@
type = sftp type = sftp
host = {{ host }} host = {{ host }}
user = {{ remote_user }} user = {{ remote_user }}
key_file = {{ private_key | default('~/.ssh/id_ed25519') }} key_file = /etc/rclone/id_ed25519
known_hosts_file = /etc/ssh/ssh_known_hosts known_hosts_file = /etc/ssh/ssh_known_hosts
{% endfor %} {% endfor %}