Use Fedder's TrueNAS for Restic backups #153
|
|
@ -53,7 +53,6 @@ services:
|
|||
domain: "rynkeby.skovgaard.tel"
|
||||
volume_folder: "{{ volume_root_folder }}/restic"
|
||||
repository: "/mnt/SpinningRust/data.coop-backup/restic"
|
||||
ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
|
||||
version: "1.6.0"
|
||||
disabled_in_vagrant: true
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
---
|
||||
- name: Create SSH directory
|
||||
file:
|
||||
name: "{{ services.restic.volume_folder }}/ssh"
|
||||
path: "{{ services.restic.volume_folder }}/ssh"
|
||||
owner: root
|
||||
|
samsapti marked this conversation as resolved
|
||||
group: root
|
||||
mode: '0700'
|
||||
|
|
@ -16,13 +16,20 @@
|
|||
mode: '0600'
|
||||
content: "{{ restic_secrets.ssh_privkey }}"
|
||||
|
||||
- name: Copy public SSH key
|
||||
copy:
|
||||
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||
- name: Derive public SSH key
|
||||
shell: >
|
||||
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
||||
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
||||
args:
|
||||
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||
|
||||
- name: Set file permissions on public SSH key
|
||||
file:
|
||||
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: "{{ services.restic.ssh_pubkey }}"
|
||||
state: touch
|
||||
|
||||
- name: Setup restic backup
|
||||
docker_compose:
|
||||
|
|
|
|||
Loading…
Reference in a new issue
It's probably correct seeing what most containers do, but we could confirm it's running as root.
It's also possible with this location, since
mode: '0700'denies read permission for everyone else.