142 lines
2.8 KiB
YAML
142 lines
2.8 KiB
YAML
---
|
||
- hosts: all
|
||
become: true
|
||
tasks:
|
||
|
||
- name: create user backup
|
||
user:
|
||
name: backup-user
|
||
state: present
|
||
create_home: yes
|
||
shell: /bin/bash
|
||
append: yes
|
||
|
||
- name: update
|
||
apt:
|
||
update_cache: yes
|
||
|
||
- name: install borgbackup
|
||
apt:
|
||
name: borgbackup
|
||
state: present
|
||
|
||
- hosts: client
|
||
become: true
|
||
tasks:
|
||
|
||
- name: сreate ssh dir
|
||
file:
|
||
path: "/home/backup-user/.ssh"
|
||
state: directory
|
||
owner: backup-user
|
||
group: backup-user
|
||
mode: '0700'
|
||
|
||
- name: generate ssh key
|
||
user:
|
||
name: backup-user
|
||
generate_ssh_key: yes
|
||
ssh_key_bits: 4096
|
||
ssh_key_type: ed25519
|
||
ssh_key_file: ~/.ssh/id_rsa
|
||
force: no
|
||
|
||
- name: save public key
|
||
fetch:
|
||
src: ~/.ssh/id_rsa.pub
|
||
dest: "{{ lookup('env', 'PWD') }}/"
|
||
flat: yes
|
||
|
||
- name: save ssh fingerprint
|
||
shell: ssh-keyscan -t rsa 192.168.80.30 >> ~/.ssh/known_hosts 2>/dev/null
|
||
|
||
|
||
|
||
- hosts: backup-server
|
||
become: true
|
||
tasks:
|
||
|
||
- name: сreate dir mount for backup
|
||
file:
|
||
path: /var/hdd-backup
|
||
state: directory
|
||
|
||
- name: format hdd
|
||
filesystem:
|
||
fstype: ext4
|
||
dev: /dev/sdc
|
||
force: no
|
||
|
||
- name: mount hdd backup-server
|
||
mount:
|
||
path: /var/hdd-backup
|
||
src: /dev/sdc
|
||
fstype: ext4
|
||
state: mounted
|
||
opts: defaults
|
||
|
||
- name: сreate dir backup
|
||
file:
|
||
path: /var/hdd-backup/backup
|
||
state: directory
|
||
|
||
- name: chown backup dir
|
||
file:
|
||
path: /var/hdd-backup/backup
|
||
owner: backup-user
|
||
group: backup-user
|
||
mode: '0755'
|
||
state: directory
|
||
recurse: yes
|
||
|
||
- name: сreate ssh dir
|
||
file:
|
||
path: "/home/backup-user/.ssh"
|
||
state: directory
|
||
owner: backup-user
|
||
mode: '0700'
|
||
|
||
- name: add public key to backup-server
|
||
authorized_key:
|
||
user: backup-user
|
||
state: present
|
||
key: "{{ lookup('file', 'id_rsa.pub') }}"
|
||
|
||
- hosts: client
|
||
become: true
|
||
tasks:
|
||
|
||
- name: generate pass
|
||
set_fact:
|
||
user_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"
|
||
|
||
- name: save pass
|
||
copy:
|
||
content: "{{ user_password }}"
|
||
dest: "./pass"
|
||
become: no
|
||
delegate_to: localhost
|
||
|
||
- name: show pass
|
||
debug:
|
||
msg: "ВНИМАНИЕ!!! Сохраните сгенерированный пароль: {{ user_password }}"
|
||
|
||
- name: borg initialization
|
||
shell: borg init --encryption=repokey backup-user@192.168.80.30:/var/hdd-backup/backup
|
||
environment:
|
||
BORG_PASSPHRASE: "{{ user_password }}"
|
||
|
||
- name: create backup script
|
||
vars:
|
||
borg_pass: "{{ user_password }}"
|
||
template:
|
||
src: template_backup.sh
|
||
dest: /opt/backup.sh
|
||
mode: '0755'
|
||
|
||
- name: create cron
|
||
cron:
|
||
name: "Create backup /etc"
|
||
minute: "*/5"
|
||
job: "/opt/backup.sh"
|