Derive public SSH key instead of hardcoding it

This commit is contained in:
Sam A. 2023-02-11 19:21:06 +01:00
parent 8069916aef
commit 00f03ec5a8
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
2 changed files with 12 additions and 6 deletions

View file

@ -53,7 +53,6 @@ services:
domain: "rynkeby.skovgaard.tel"
volume_folder: "{{ volume_root_folder }}/restic"
repository: "/mnt/SpinningRust/data.coop-backup/restic"
ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
version: "1.6.0"
disabled_in_vagrant: true

View file

@ -2,7 +2,7 @@
---
- name: Create SSH directory
file:
name: "{{ services.restic.volume_folder }}/ssh"
path: "{{ services.restic.volume_folder }}/ssh"
owner: root
group: root
mode: '0700'
@ -16,13 +16,20 @@
mode: '0600'
content: "{{ restic_secrets.ssh_privkey }}"
- name: Copy public SSH key
copy:
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
- name: Derive public SSH key
shell: >
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
args:
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
- name: Set file permissions on public SSH key
file:
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
owner: root
group: root
mode: '0644'
content: "{{ services.restic.ssh_pubkey }}"
state: touch
- name: Setup restic backup
docker_compose: