All code paths and connectivity tested

tasosalvas · May 9, 2024 · 5b94d86 · 5b94d86
1 parent 6dbc0ba
commit 5b94d86
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 22 deletions.
diff --git a/ansible/roles/borgbackup/defaults/main.yml b/ansible/roles/borgbackup/defaults/main.yml
@@ -527,15 +527,11 @@ borgbackup__control_user_accounts:
                           else False }}'
     ssh_key_comment: '{{ borgbackup__control_user }}'
     ssh_key_type: 'ed25519'
-    state: '{{ "present"
-               if ("debops_service_borgbackup_controller" in group_names or
-                   "debops_service_borgbackup_controlled" in group_names)
-               else "ignore" }}'
     resources:
 
       - path: '.ssh/config'
         content: |
-          # {{ ansible_managed }}
+          # Borg controller config
 
           # We only want to use the Ansible managed /etc/ssh/ssh_known_hosts file.
           CheckHostIP no
@@ -585,19 +581,13 @@ borgbackup__controlled_sudo:
     comment: 'Allow the {{ borgbackup__control_user }} user to trigger backups'
     raw: |
       {{ borgbackup__control_user }} ALL = (ALL) NOPASSWD: /bin/systemctl start borgmatic
-    state: '{{ "present"
-               if ("debops_service_borgbackup_controlled" in group_names
-                   and ansible_service_mgr == "systemd")
-               else "ignore" }}'
+    state: '{{ "present" if ansible_service_mgr == "systemd" else "ignore" }}'
 
   - name: '{{ borgbackup__control_user }}-borgmatic-direct'
     comment: 'Allow the {{ borgbackup__control_user }} user to trigger backups'
     raw: |
       {{ borgbackup__control_user }} ALL = (ALL) NOPASSWD: {{ borgbackup__borgmatic_binary }}
-    state: '{{ "present"
-               if ("debops_service_borgbackup_controlled" in group_names
-                   and ansible_service_mgr != "systemd")
-               else "ignore" }}'
+    state: '{{ "present" if ansible_service_mgr != "systemd" else "ignore" }}'
 
                                                                    # ]]]
                                                                    # ]]]

diff --git a/ansible/roles/borgbackup/tasks/client.yml b/ansible/roles/borgbackup/tasks/client.yml
@@ -96,7 +96,7 @@
 - name: Fetch backup of /root/.config/borg to the Ansible controller
   ansible.builtin.fetch:
     src: '/root/.config/borg_config_{{ inventory_hostname }}.tar'
-    dest: '{{ borgbackup__secret_base_path + "/clients/" + inventory_hostname }}'
+    dest: '{{ borgbackup__secret_base_path + "/clients/" + inventory_hostname + "/" }}'
     flat: True
   tags: [ 'role::borgbackup:config' ]
 

diff --git a/ansible/roles/borgbackup/tasks/controlled.yml b/ansible/roles/borgbackup/tasks/controlled.yml
@@ -10,16 +10,16 @@
     users__dependent_accounts: '{{ borgbackup__control_user_accounts }}'
   tags: [ 'role::borgbackup:control' ]
 
-- name: Enable SSH access to the controlled client for its controller
+- name: Enable access to the controlled client for its controller
   ansible.builtin.import_role:
-    - name: authorized_keys
+    name: authorized_keys
   vars:
     authorized_keys__dependent_identities: '{{ borgbackup__controlled_authorized_keys }}'
   tags: [ 'role::borgbackup:ssh' ]
 
 - name: Enable limited sudo access on the controlled client
   ansible.builtin.import_role:
-    - name: sudo
+    name: sudo
   vars:
-    sudo__dependent_sudoers: '{{ borgbackup__controlled_sudoers }}'
+    sudo__dependent_sudoers: '{{ borgbackup__controlled_sudo }}'
   tags: [ 'role::borgbackup:ssh' ]
diff --git a/ansible/roles/borgbackup/templates/borgbackup__server__authorized_keys.yml.j2 b/ansible/roles/borgbackup/templates/borgbackup__server__authorized_keys.yml.j2
@@ -22,4 +22,4 @@
 {%   for extra in item.authorized_keys_extra | d({}) | dict2items %}
   {{ extra.key }}: {{ extra.value }}
 {%   endfor %}
-{% endfor %}
+{% endfor %}
diff --git a/ansible/roles/borgbackup/templates/borgbackup__service__systemd.j2 b/ansible/roles/borgbackup/templates/borgbackup__service__systemd.j2
@@ -62,7 +62,6 @@ CapabilityBoundingSet={{ borgbackup__service_capabilities }}
 ProtectSystem=full
 
 {% endif %}
-
 # Lower CPU and I/O priority.
 Nice=19
 CPUSchedulingPolicy=batch
@@ -90,4 +89,4 @@ ExecStartPre=
     else "-2"
 %}
 {% set borgmatic_cmd = borgbackup__borgmatic_binary + " --verbosity " + borgmatic_verbosity + " --syslog-verbosity 1" %}
-ExecStart=systemd-inhibit --who="borgmatic" --what="sleep:shutdown" --why="Prevent interrupting scheduled backup" {{ borgmatic_cmd }}
+ExecStart=systemd-inhibit --who="borgmatic" --what="sleep:shutdown" --why="Prevent interrupting scheduled backup" {{ borgmatic_cmd }}
diff --git a/ansible/roles/borgbackup/templates/usr/local/bin/borg_controller.j2 b/ansible/roles/borgbackup/templates/usr/local/bin/borg_controller.j2
@@ -3,11 +3,12 @@
  # SPDX-License-Identifier: GPL-3.0-only
  #}
 #!/bin/bash
+# borg_controller script generated by debops.borgbackup
 # {{ ansible_managed }}
 
 set -o nounset -o pipefail -o errexit
 
-{% for host in borgbackup__controller_clients | d([]) %}
+{% for host in borgbackup__controlled_clients | d([]) %}
 {%   if host in hostvars %}
 {# Note: only explicitly set variables (not role defaults) are available as hostvars #}
 {%     set host_user = hostvars[host].borgbackup__control_user | d(borgbackup__control_user) %}