ansible/roles/docker/tasks/services/restic.yml

# vim: ft=yaml.ansible
---
- name: Create SSH directory
  file:
    path: "{{ services.restic.volume_folder }}/ssh"
    owner: root
    group: root
    mode: '0755'
    state: directory

- name: Copy private SSH key
  copy:
    dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
    owner: root
    group: root
    mode: '0600'
    content: "{{ restic_secrets.ssh_privkey }}"

- name: Derive public SSH key
  shell: >-
    ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
      > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
  args:
    creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"

- name: Set file permissions on public SSH key
  file:
    path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
    owner: root
    group: root
    mode: '0644'
    state: touch

- name: Create SSH config
  template:
    src: restic/ssh.config.j2
    dest: "{{ services.restic.volume_folder }}/ssh/config"
    owner: root
    group: root
    mode: '0600'

- name: Create SSH known_hosts file
  template:
    src: restic/ssh.known_hosts.j2
    dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
    owner: root
    group: root
    mode: '0600'

- name: Upload Compose file for Restic
  template:
    src: compose-files/restic.yml.j2
    dest: "{{ services.restic.volume_folder }}/docker-compose.yml"

- name: Deploy Restic
  docker_compose:
    project_src: "{{ services.restic.volume_folder }}"
    pull: true
    state: present
Move compose files into templates and upload them to the host 2023-09-30 14:25:06 +00:00			`# vim: ft=yaml.ansible`
			`---`
			`- name: Create SSH directory`
			`file:`
			`path: "{{ services.restic.volume_folder }}/ssh"`
			`owner: root`
			`group: root`
			`mode: '0755'`
			`state: directory`

			`- name: Copy private SSH key`
			`copy:`
			`dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"`
			`owner: root`
			`group: root`
			`mode: '0600'`
			`content: "{{ restic_secrets.ssh_privkey }}"`

			`- name: Derive public SSH key`
			`shell: >-`
			`ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y`
			`> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub`
			`args:`
			`creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"`

			`- name: Set file permissions on public SSH key`
			`file:`
			`path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`state: touch`

			`- name: Create SSH config`
			`template:`
			`src: restic/ssh.config.j2`
			`dest: "{{ services.restic.volume_folder }}/ssh/config"`
			`owner: root`
			`group: root`
			`mode: '0600'`

			`- name: Create SSH known_hosts file`
			`template:`
			`src: restic/ssh.known_hosts.j2`
			`dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"`
			`owner: root`
			`group: root`
			`mode: '0600'`

			`- name: Upload Compose file for Restic`
			`template:`
			`src: compose-files/restic.yml.j2`
			`dest: "{{ services.restic.volume_folder }}/docker-compose.yml"`

			`- name: Deploy Restic`
			`docker_compose:`
			`project_src: "{{ services.restic.volume_folder }}"`
			`pull: true`
			`state: present`