From 338f4e2f0d3f7bacc816d19cccd303182da8e3d7 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 24 Jan 2025 11:41:49 +0000
Subject: [PATCH] rclone: Make role more modular

---
 roles/rclone/files/rclone-sync.sh     | 12 +++++--
 roles/rclone/meta/main.yml            |  1 -
 roles/rclone/tasks/main.yml           | 52 +++++++++++++++------------
 roles/rclone/templates/rclone.conf.j2 |  6 ++--
 4 files changed, 42 insertions(+), 29 deletions(-)

diff --git a/roles/rclone/files/rclone-sync.sh b/roles/rclone/files/rclone-sync.sh
index def667c..83ecfb2 100755
--- a/roles/rclone/files/rclone-sync.sh
+++ b/roles/rclone/files/rclone-sync.sh
@@ -3,13 +3,19 @@
 set -eu
 umask 027
 
-TARGET="/srv/backup"
-CONFIG="/etc/rclone/rclone.conf"
-LOGDIR="/var/log/rclone"
+SERVICE="$(whoami)"
+
+TARGET="/srv/${SERVICE}"
+CONFIG="/etc/rclone/${SERVICE}.conf"
+LOGDIR="/var/log/rclone/${SERVICE}"
 RCLONE="/usr/local/bin/rclone"
 
 timestamp="$(date +%Y%m%d%H%M%S)"
 
+if [ ! -f "$CONFIG" ]; then
+    echo "ERR: Config file '${CONFIG}' does not exist" 1>&2
+    exit 1
+fi
 if [ ! -d "$TARGET" ]; then
     echo "ERR: Destination directory '${TARGET}' does not exist" 1>&2
     exit 1
diff --git a/roles/rclone/meta/main.yml b/roles/rclone/meta/main.yml
index a6cb84e..61cc3ce 100644
--- a/roles/rclone/meta/main.yml
+++ b/roles/rclone/meta/main.yml
@@ -1,4 +1,3 @@
 ---
 dependencies:
-  - {role: backup_base}
   - {role: ssh_known_hosts}
diff --git a/roles/rclone/tasks/main.yml b/roles/rclone/tasks/main.yml
index 335d66e..455de9b 100644
--- a/roles/rclone/tasks/main.yml
+++ b/roles/rclone/tasks/main.yml
@@ -8,17 +8,17 @@
   ansible.builtin.file:
     path: /etc/rclone
     state: directory
-    mode: "0770"
+    mode: "0755"
     owner: root
-    group: backup
+    group: "{{ ansible_wheel }}"
 
 - name: Create host config
   ansible.builtin.template:
-    dest: /etc/rclone/rclone.conf
+    dest: "/etc/rclone/{{ rclone_service }}.conf"
     src: rclone.conf.j2
     mode: "0640"
     owner: root
-    group: backup
+    group: "{{ rclone_service }}"
 
 - name: Create ssh keys
   ansible.builtin.command:
@@ -27,45 +27,53 @@
       - -t
       - ed25519
       - -C
-      - "backup@{{ inventory_hostname }}"
+      - "{{ rclone_service }}@{{ inventory_hostname }}"
       - -N
       - ""
       - -f
-      - /etc/rclone/id_ed25519
-    creates: /etc/rclone/id_ed25519
+      - "/etc/rclone/ssh_{{ rclone_service }}_ed25519_key"
+    creates: "/etc/rclone/ssh_{{ rclone_service }}_ed25519_key"
 
 - name: Fix ssh key permissions
   ansible.builtin.file:
     path: "{{ item }}"
     owner: root
-    group: backup
+    group: "{{ rclone_service }}"
     mode: "0640"
   with_items:
-    - /etc/rclone/id_ed25519
-    - /etc/rclone/id_ed25519.pub
+    - "/etc/rclone/ssh_{{ rclone_service }}_ed25519_key"
+    - "/etc/rclone/ssh_{{ rclone_service }}_ed25519_key.pub"
 
 - name: Fetch ssh public key
   ansible.builtin.fetch:
-    src: /etc/rclone/id_ed25519.pub
-    dest: ../files/ssh/backup.pub
+    src: "/etc/rclone/ssh_{{ rclone_service }}_ed25519_key.pub"
+    dest: "../files/ssh/{{ rclone_service }}.pub"
     flat: true
 
-- name: Create log directory
+- name: Create base log directory
   ansible.builtin.file:
     path: /var/log/rclone
     state: directory
-    mode: "0750"
-    owner: backup
-    group: backup
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
 
-- name: Create backup directories
+- name: Create log directory
   ansible.builtin.file:
-    path: "/srv/backup/{{ item }}"
+    path: "/var/log/rclone/{{ rclone_service }}"
+    state: directory
+    mode: "0750"
+    owner: "{{ rclone_service }}"
+    group: "{{ rclone_service }}"
+
+- name: Create data directories
+  ansible.builtin.file:
+    path: "/srv/{{ rclone_service }}/{{ item }}"
     state: directory
     mode: "0770"
     owner: root
-    group: backup
-  with_items: "{{ groups['sftpbackup'] }}"
+    group: "{{ rclone_service }}"
+  with_items: "{{ groups[rclone_hostgroup | default(rclone_service)] }}"
 
 - name: Copy rclone sync script
   ansible.builtin.copy:
@@ -79,13 +87,13 @@
   ansible.builtin.cron:
     name: MAILTO
     env: true
-    user: backup
+    user: "{{ rclone_service }}"
     value: root
 
 - name: Add rclone sync cron job
   ansible.builtin.cron:
     name: rclone-sync
-    user: backup
+    user: "{{ rclone_service }}"
     hour: "3"
     minute: "00"
     job: /usr/local/bin/rclone-sync
diff --git a/roles/rclone/templates/rclone.conf.j2 b/roles/rclone/templates/rclone.conf.j2
index 99e1d3e..bc4f312 100644
--- a/roles/rclone/templates/rclone.conf.j2
+++ b/roles/rclone/templates/rclone.conf.j2
@@ -1,11 +1,11 @@
 # {{ ansible_managed }}
-{% for host in groups['sftpbackup'] %}
+{% for host in groups[rclone_hostgroup | default(rclone_service)] %}
 
 [{{ host.split('.')[0] }}]
 type = sftp
 host = {{ host }}
-user = backup
+user = {{ rclone_service }}
 shell_type = none
-key_file = /etc/rclone/id_ed25519
+key_file = /etc/rclone/ssh_{{ rclone_service }}_ed25519_key
 known_hosts_file = /etc/ssh/ssh_known_hosts
 {% endfor %}