wzyboy · November 23, 2017 18:21
diff --git a/main.yaml b/main.yaml
 - name: Download Borg binary
  get_url:
    url: "{{ borg_url }}"
    checksum: "{{ borg_checksum }}"
    dest: "{{ borg_path }}"
    mode: 0755

 - name: Fix broken Python
  apt:
    name: python3-venv
  when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"

 - name: Create Borgmatic venv
  command: "python3 -m venv {{ borgmatic_dir }}"
  args:
    creates: "{{ borgmatic_dir }}/bin/pip"

 - name: Install Borgmatic into venv
  pip:
    name: borgmatic
    version: "{{ borgmatic_version }}"
    executable: "{{ borgmatic_dir }}/bin/pip"

 - name: Create Borgmatic config dir
  file:
    path: /etc/borgmatic
    state: directory

 - name: Create Borgmatic excludes file
  command: touch /etc/borgmatic/excludes
  args:
    creates: /etc/borgmatic/excludes
    warn: no

 - name: Render Borgmatic config
  template:
    src: borgmatic-config.yaml.j2
    dest: /etc/borgmatic/config.yaml
    mode: 0600

 - name: Render Borgmatic systemd units
  template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
  with_items:
    - borgmatic.service
    - borgmatic.timer

 - name: Enable Borgmatic systemd timer
  systemd:
    name: borgmatic.timer
    state: started
    enabled: yes
    daemon_reload: yes

 - import_tasks: pubkey.yaml
  when: borg_setup_pubkey
diff --git a/pubkey.yaml b/pubkey.yaml
 # The following tasks do essentially the same thing as the "authorized_key"
 # Ansible module for jailed SSH accounts of rsync.net
 #
 # A list of available commands is available at:
 # http://www.rsync.net/resources/howto/remote_commands.html

 - name: Generate local key if not exists
  user:
    name: root
    generate_ssh_key: yes

 - name: Add known hosts
  known_hosts:
    name: "{{ borg_host_addr }}"
    key: "{{ borg_host_key }}"
    hash_host: no

 - name: Get local key
  command: cat /root/.ssh/id_rsa.pub
  register: local_key
  changed_when: False

 - name: Print local key
  debug:
    var: local_key

 #- name: Get all installed keys
 #  raw: .ssh/authorized_keys
 #  args:
 #    executable: /bin/tail
 #  register: installed_keys
 #  become: no
 #  delegate_to: rsync.net

 - name: Get remote installed keys
  command: ssh {{ borg_host_user}}@{{ borg_host_addr }} tail -n100 .ssh/authorized_keys
  register: installed_keys
  delegate_to: localhost
  become: no
  changed_when: False

 - name: Print all installed keys
  debug:
    var: installed_keys

 - name: Key is installed
  set_fact:
    local_key_installed: True
  when: local_key.stdout in installed_keys.stdout_lines

 - name: Key is not installed
  set_fact:
    local_key_installed: False
  when: local_key.stdout not in installed_keys.stdout_lines

 - name: Install local key
  shell: echo {{ local_key.stdout }} | ssh {{ borg_host_user}}@{{ borg_host_addr }} 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
  delegate_to: localhost
  become: no
  when: not local_key_installed
	- name: Download Borg binary
	get_url:
	url: "{{ borg_url }}"
	checksum: "{{ borg_checksum }}"
	dest: "{{ borg_path }}"
	mode: 0755

	- name: Fix broken Python
	apt:
	name: python3-venv
	when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"

	- name: Create Borgmatic venv
	command: "python3 -m venv {{ borgmatic_dir }}"
	args:
	creates: "{{ borgmatic_dir }}/bin/pip"

	- name: Install Borgmatic into venv
	pip:
	name: borgmatic
	version: "{{ borgmatic_version }}"
	executable: "{{ borgmatic_dir }}/bin/pip"

	- name: Create Borgmatic config dir
	file:
	path: /etc/borgmatic
	state: directory

	- name: Create Borgmatic excludes file
	command: touch /etc/borgmatic/excludes
	args:
	creates: /etc/borgmatic/excludes
	warn: no

	- name: Render Borgmatic config
	template:
	src: borgmatic-config.yaml.j2
	dest: /etc/borgmatic/config.yaml
	mode: 0600

	- name: Render Borgmatic systemd units
	template:
	src: "{{ item }}.j2"
	dest: "/etc/systemd/system/{{ item }}"
	with_items:
	- borgmatic.service
	- borgmatic.timer

	- name: Enable Borgmatic systemd timer
	systemd:
	name: borgmatic.timer
	state: started
	enabled: yes
	daemon_reload: yes

	- import_tasks: pubkey.yaml
	when: borg_setup_pubkey
	# The following tasks do essentially the same thing as the "authorized_key"
	# Ansible module for jailed SSH accounts of rsync.net
	#
	# A list of available commands is available at:
	# http://www.rsync.net/resources/howto/remote_commands.html

	- name: Generate local key if not exists
	user:
	name: root
	generate_ssh_key: yes

	- name: Add known hosts
	known_hosts:
	name: "{{ borg_host_addr }}"
	key: "{{ borg_host_key }}"
	hash_host: no

	- name: Get local key
	command: cat /root/.ssh/id_rsa.pub
	register: local_key
	changed_when: False

	- name: Print local key
	debug:
	var: local_key

	#- name: Get all installed keys
	# raw: .ssh/authorized_keys
	# args:
	# executable: /bin/tail
	# register: installed_keys
	# become: no
	# delegate_to: rsync.net

	- name: Get remote installed keys
	command: ssh {{ borg_host_user}}@{{ borg_host_addr }} tail -n100 .ssh/authorized_keys
	register: installed_keys
	delegate_to: localhost
	become: no
	changed_when: False

	- name: Print all installed keys
	debug:
	var: installed_keys

	- name: Key is installed
	set_fact:
	local_key_installed: True
	when: local_key.stdout in installed_keys.stdout_lines

	- name: Key is not installed
	set_fact:
	local_key_installed: False
	when: local_key.stdout not in installed_keys.stdout_lines

	- name: Install local key
	shell: echo {{ local_key.stdout }} \| ssh {{ borg_host_user}}@{{ borg_host_addr }} 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
	delegate_to: localhost
	become: no
	when: not local_key_installed