From 8936aa243f70d8bcf4e332939676df70ec4cbbd4 Mon Sep 17 00:00:00 2001
From: alex <alex@limbox.ru>
Date: Sun, 22 Feb 2026 20:06:19 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?=
 =?UTF-8?q?=D1=8C=20ansible.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible.yml | 141 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100644 ansible.yml

diff --git a/ansible.yml b/ansible.yml
new file mode 100644
index 0000000..f58d72d
--- /dev/null
+++ b/ansible.yml
@@ -0,0 +1,141 @@
+---
+- hosts: all 
+  become: true
+  tasks:
+
+  - name: create user backup
+    user: 
+      name: backup-user
+      state: present
+      create_home: yes
+      shell: /bin/bash
+      append: yes
+
+  - name: update 
+    apt:
+      update_cache: yes 
+
+  - name: install borgbackup
+    apt:
+      name: borgbackup
+      state: present
+
+- hosts: client
+  become: true
+  tasks:
+
+  - name: сreate ssh dir
+    file:
+      path: "/home/backup-user/.ssh"
+      state: directory
+      owner: backup-user
+      group: backup-user
+      mode: '0700'
+
+  - name: generate ssh key
+    user:
+      name: backup-user
+      generate_ssh_key: yes
+      ssh_key_bits: 4096
+      ssh_key_type: ed25519
+      ssh_key_file: ~/.ssh/id_rsa
+      force: no
+
+  - name: save public key
+    fetch:
+      src: ~/.ssh/id_rsa.pub
+      dest: "{{ lookup('env', 'PWD') }}/"
+      flat: yes
+
+  - name: save ssh fingerprint
+    shell: ssh-keyscan -t rsa 192.168.80.30 >> ~/.ssh/known_hosts 2>/dev/null
+
+
+
+- hosts: backup-server
+  become: true
+  tasks:
+
+  - name: сreate dir mount for backup
+    file:
+      path: /var/hdd-backup
+      state: directory
+
+  - name: format hdd
+    filesystem:
+      fstype: ext4 
+      dev: /dev/sdc
+      force: no
+
+  - name: mount hdd backup-server
+    mount:
+      path: /var/hdd-backup
+      src: /dev/sdc
+      fstype: ext4
+      state: mounted 
+      opts: defaults
+
+  - name: сreate dir backup
+    file:
+      path: /var/hdd-backup/backup
+      state: directory
+
+  - name: chown backup dir
+    file:
+      path: /var/hdd-backup/backup
+      owner: backup-user
+      group: backup-user
+      mode: '0755'
+      state: directory
+      recurse: yes
+
+  - name: сreate ssh dir
+    file:
+      path: "/home/backup-user/.ssh"
+      state: directory
+      owner: backup-user
+      mode: '0700'
+
+  - name: add public key to backup-server
+    authorized_key:
+      user: backup-user
+      state: present
+      key: "{{ lookup('file', 'id_rsa.pub') }}"
+
+- hosts: client
+  become: true
+  tasks:
+
+  - name: generate pass
+    set_fact:
+      user_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"
+
+  - name: save pass
+    copy:
+      content: "{{ user_password }}"
+      dest: "./pass"
+    become: no 
+    delegate_to: localhost
+
+  - name: show pass
+    debug:
+      msg: "ВНИМАНИЕ!!! Сохраните сгенерированный пароль: {{ user_password }}"
+
+  - name: borg initialization
+    shell: borg init --encryption=repokey backup-user@192.168.80.30:/var/hdd-backup/backup
+    environment:
+      BORG_PASSPHRASE: "{{ user_password }}"
+
+  - name: create backup script
+    vars:
+      borg_pass: "{{ user_password }}"
+    template:
+      src: template_backup.sh
+      dest: /opt/backup.sh
+      mode: '0755'
+
+  - name: create cron
+    cron:
+      name: "Create backup /etc"
+      minute: "*/5"
+      job: "/opt/backup.sh"