Derive public SSH key instead of hardcoding it

2023-02-11 19:21:06 +01:00 · 2023-02-11 19:21:06 +01:00 · 00f03ec5a8
parent 8069916aef
commit 00f03ec5a8
2 changed files with 12 additions and 6 deletions
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -53,7 +53,6 @@ services:
    domain: "rynkeby.skovgaard.tel"
    volume_folder: "{{ volume_root_folder }}/restic"
    repository: "/mnt/SpinningRust/data.coop-backup/restic"
    ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
    version: "1.6.0"
    disabled_in_vagrant: true
--- a/roles/docker/tasks/services/restic_backup.yml
+++ b/roles/docker/tasks/services/restic_backup.yml
@ -2,7 +2,7 @@
 ---
 - name: Create SSH directory
  file:
-    name: "{{ services.restic.volume_folder }}/ssh"
+    path: "{{ services.restic.volume_folder }}/ssh"
    owner: root
    group: root
    mode: '0700'
@ -16,13 +16,20 @@
    mode: '0600'
    content: "{{ restic_secrets.ssh_privkey }}"
- name: Copy public SSH key
+- name: Derive public SSH key
-  copy:
+  shell: >
-    dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
+    ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
      > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
  args:
    creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
 - name: Set file permissions on public SSH key
  file:
    path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
    owner: root
    group: root
    mode: '0644'
-    content: "{{ services.restic.ssh_pubkey }}"
+    state: touch
 - name: Setup restic backup
  docker_compose: