[borg-auth] Restrict server ability to push/see a different backup repo

group_vars/backups.yml

@@ -0,0 +1,21 @@
+---
+glob_service_borg_auth:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/borg-auth.git
+    version: main
+  name: borg-auth
+  install_dir: /var/local/services/borg-auth
+  generated: false
+  cron:
+    frequency: "*/5 * * * *"
+  config:
+    ldap:
+      server: ldaps://172.16.10.100
+    filter: .adm.crans.org
+    ssh-key: "{{ vault.borg.ssh.pubkey }}"
+    root: "/backup/borg-server/"
+    manual:
+      - filter: 172.16.10.2
+        restrict: [ "/backup/borg-adh" ]
+      - filter: 172.16.10.31
+        restrict: [ "/backup/borg-server/zamok-mysql" ]

plays/backup.yml

@@ -5,3 +5,9 @@
     borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
   roles:
     - borgbackup-server
+
+- hosts: backups
+  vars:
+    service: "{{ glob_service_borg_auth | default({}) | combine(loc_service_borg_auth | default({})) }}"
+  roles:
+    - service