[borg-auth] Restrict server ability to push/see a different backup repo

2023-01-25 11:53:39 +01:00 · 2023-01-25 11:53:39 +01:00 · fba8fe6bb8
parent 3ff5c91d44
commit fba8fe6bb8
2 changed files with 27 additions and 0 deletions
--- a/group_vars/backups.yml
+++ b/group_vars/backups.yml
@ -0,0 +1,21 @@
+---
+glob_service_borg_auth:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/borg-auth.git
+    version: main
+  name: borg-auth
+  install_dir: /var/local/services/borg-auth
+  generated: false
+  cron:
+    frequency: "*/5 * * * *"
+  config:
+    ldap:
+      server: ldaps://172.16.10.100
+    filter: .adm.crans.org
+    ssh-key: "{{ vault.borg.ssh.pubkey }}"
+    root: "/backup/borg-server/"
+    manual:
+      - filter: 172.16.10.2
+        restrict: [ "/backup/borg-adh" ]
+      - filter: 172.16.10.31
+        restrict: [ "/backup/borg-server/zamok-mysql" ]
--- a/plays/backup.yml
+++ b/plays/backup.yml
@ -5,3 +5,9 @@
    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
  roles:
    - borgbackup-server
+
+- hosts: backups
+  vars:
+    service: "{{ glob_service_borg_auth | default({}) | combine(loc_service_borg_auth | default({})) }}"
+  roles:
+    - service