From c86c36880b1f9738610bad27f17655602aca184e Mon Sep 17 00:00:00 2001 From: Arthur BOUDREAULT Date: Tue, 19 Jul 2022 15:02:17 +0000 Subject: [PATCH] fix: improve borgbackup ssh keys handling docs: advise to use Ansible Vault fix: use gather_facts module in order to get facts for borg role --- roles/ynh_backup/README-FR.md | 2 +- roles/ynh_backup/README.md | 4 ++-- roles/ynh_backup/tasks/borgbackup.yml | 8 +++++++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/ynh_backup/README-FR.md b/roles/ynh_backup/README-FR.md index 8a1a146..3a383e8 100644 --- a/roles/ynh_backup/README-FR.md +++ b/roles/ynh_backup/README-FR.md @@ -68,7 +68,7 @@ ynh_ssh_borg_command: "ssh_command: ssh -p 7410 -o StrictHostKeychecking=no -i { - `borgmatic_config_name` : **Optionnel**, nom du fichier de configuration Borgmatic. - `borgmatic_cron_name` : **Optionnel**, nom du fichier de tâche cron. - `borg_retention_policy.keep_[hourly|daily|weekly|monthly]` : Permet de régler finement le nombre d'archives récentes que le dépôt doit garder. -- `borg_ssh_keys_src` : Chemin où se trouve le couple clé publique / privée SSH sur l'hôte Ansible. +- `borg_ssh_keys_src` : Chemin où se trouve le couple clé publique / privée SSH sur l'hôte Ansible. Pensez à utiliser [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) pour protéger vos clés SSH. - `borg_ssh_keys_dest` : Chemin où va être copié la paire de clés SSH sur le serveur YunoHost. - `ynh_ssh_borg_command`: **Optionnel**, commande SSH personnalisée lors de l'utilisation de Borg sur un dépôt distant. diff --git a/roles/ynh_backup/README.md b/roles/ynh_backup/README.md index 3a2786e..2c332bd 100644 --- a/roles/ynh_backup/README.md +++ b/roles/ynh_backup/README.md @@ -61,13 +61,13 @@ borg_ssh_keys_dest: "/home/debian/.ssh/ynh_ed25519" - `ynh_borg_backup_scheduled`: Enable / disable the backup feature with BorgBackup. - `ynh_borg_backup_remote_repo`: Enable / disable the backup functionality on a BorgBackup remote repository (tasks related to SSH keys setup). If you enable this feature, then you will need to use `borg_ssh_keys_src` and `borg_ssh_keys_dest` variables. -- `borg_source_directories`: List of source folders to backup. By default, this is the folder containing all YunoHost data (configuration, applications). +- `borg_source_directories`: List of source folders to back up. By default, this is the folder containing all YunoHost data (configuration, applications). - `borg_repository`: Full path to the Borg repository. Possibility to give a list of repositories to save data in several places. - `borg_encryption_passphrase` : **Mandatory**, password to use for the Borg repository encryption key. - `borgmatic_config_name`: **Optional**, name of the Borgmatic configuration file. - `borgmatic_cron_name`: **Optional**, name of the cron task file. - `borg_retention_policy.keep_[hourly|daily|weekly|monthly]`: Allows you to fine-tune the number of recent archives the repository should keep. -- `borg_ssh_keys_src`: Path to the SSH public/private key pair on the Ansible host. +- `borg_ssh_keys_src`: Path to the SSH public/private key pair on the Ansible host. Consider using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) to protect your SSH keys. - `borg_ssh_keys_dest`: Path where the SSH key pair will be copied to the YunoHost server. - `ynh_ssh_borg_command`: **Optional**, custom SSH command run when using Borg on a remote repository. diff --git a/roles/ynh_backup/tasks/borgbackup.yml b/roles/ynh_backup/tasks/borgbackup.yml index cae7b3d..9cb46ee 100644 --- a/roles/ynh_backup/tasks/borgbackup.yml +++ b/roles/ynh_backup/tasks/borgbackup.yml @@ -25,6 +25,12 @@ - backup - borg +- name: Gather facts for BorgBackup role + ansible.builtin.setup: + tags: + - borg + - backup + - name: run BorgBackup role ansible.builtin.import_role: name: m3nu.ansible_role_borgbackup @@ -56,7 +62,7 @@ - name: deploy ssh private key for BorgBackup ansible.builtin.copy: - src: "{{ borg_ssh_keys_src }}" + src: "{{ borg_ssh_keys_src }}.vault" dest: "{{ borg_ssh_keys_dest }}" owner: "root" group: "root"