[Borg] Server config

hosts

@@ -23,6 +23,9 @@
 # [test_vm]
 # re2o-test.adm.crans.org
 
+[backups]
+zephir.adm.crans.org
+
 [certbot]
 gitzly.adm.crans.org
 

plays/backup.yml

@@ -8,3 +8,8 @@
   roles:
     - borgbackup-client
 
+- hosts: backups
+  vars:
+    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+  roles:
+    - borgbackup-server

roles/borgbackup-server/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: Install borgbackup
+  apt:
+    update_cache: true
+    name:
+      - borgbackup
+    state: present
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Create borgbackup user
+  user:
+    create_home: yes
+    home: '/var/lib/borg/'
+    system: yes
+    state: present
+    update_password: always
+    name: borg
+
+- name: Ensures .ssh dir exists
+  file:
+    path: /var/lib/borg/.ssh
+    state: directory
+    mode: 0700
+    owner: borg
+
+- name: Deploy authorized_keys
+  template:
+    src: "authorized_keys.j2"
+    dest: "/var/lib/borg/.ssh/authorized_keys"
+    mode: 0600
+
+- name: Indicate role in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-borg
+    mode: 0755

roles/borgbackup-server/templates/authorized_keys.j2

@@ -0,0 +1,3 @@
+{{ ansible_header | comment }}
+
+command="borg serve --restrict-to-path {{ borg.path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ vault_borgbackup_ssh_pubkey }}

roles/borgbackup-server/templates/update-motd.d/05-service.j2

@@ -0,0 +1,3 @@
+#!/usr/bin/tail +14
+{{ ansible_header | comment }}
+> Borgbackup (Serveur) a été déployé sur cette machine. Les backups sont situés dans {{ borg.path }}.