- name: Generate borg username for this host set_fact: borg_username: 'borg-{{ inventory_hostname.split(".", 1)[0] }}' when: borg_username is not defined - debug: var: borg_username - name: Install borg include_role: name: install-borg - name: Install backup script template: src: borg-backup.j2 dest: /usr/local/bin/borg-backup mode: 0755 - name: Install mount script template: src: borg-mount.j2 dest: /usr/local/bin/borg-mount mode: 0755 - name: Generate keypair for backups openssh_keypair: path: /root/.ssh/id_borg_backup_ed25519 type: ed25519 register: borg_keypair - name: Configure ssh for backup server blockinfile: path: /root/.ssh/config create: true block: | # {{ item }} backup server Host {{ item }} HostName {{ item }} IdentityFile /root/.ssh/id_borg_backup_ed25519 User {{ borg_username }} mode: 0600 marker: '# {mark} ANSIBLE MANAGED BLOCK borg-backup {{ item }}' with_inventory_hostnames: borg-backup-server - name: Generate borg_user info tuple set_fact: borg_user: '{{ [ borg_username, borg_keypair["public_key"] ] }}' - name: Accept hostkey of backup server known_hosts: state: present key: '{{ item }} ssh-ed25519 {{ hostvars[item]["ansible_ssh_host_key_ed25519_public"] }}' name: '{{ item }}' with_inventory_hostnames: borg-backup-server - name: Set cron flag to enable error reports cron: name: BORG_UNDER_CRON env: yes job: '1' - name: Install backup cron job cron: name: "Run borg backup to {{ item }}" job: "/usr/local/bin/borg-backup {{ item }} 2>> /var/log/borg-backup-{{ item }}.log" user: root # This should space out the backups so they run in a round-robbin # evenly through the day to each of the different backup servers hour: '{{ ((5 + ((24 / ansible_loop.length) * ansible_loop.index0 )) % 24) | int}}' minute: '{{ 59|random(seed=inventory_hostname) }}' with_inventory_hostnames: borg-backup-server loop_control: extended: yes - name: Install logrotate rules include_role: name: logrotate vars: logrotate_file_name: '/var/log/borg-backup-{{ item }}.log' with_inventory_hostnames: borg-backup-server