infrastructure/playbooks/fetch-borg-keys.yml

---

- name: prepare local storage directory
  hosts: 127.0.0.1
  tasks:
      - file: path="{{playbook_dir}}/../borg-keys/" state=directory

- name: fetch borg keys
  hosts: borg-clients
  tasks:
      - name: fetch borg key
        command: "/usr/local/bin/borg key export :: /dev/stdout"
        register: borg_key

      - name: save borg key
        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
        args:
            stdin: "{{borg_key.stdout}}"
            chdir: "{{playbook_dir}}/.."
        delegate_to: localhost
Add playbook to fetch borg crypto keys Signed-off-by: Florian Pritz <bluewind@xinu.at> 2018-01-02 16:38:43 +01:00			`---`

			`- name: prepare local storage directory`
			`hosts: 127.0.0.1`
			`tasks:`
			`- file: path="{{playbook_dir}}/../borg-keys/" state=directory`

			`- name: fetch borg keys`
			`hosts: borg-clients`
			`tasks:`
			`- name: fetch borg key`
			`command: "/usr/local/bin/borg key export :: /dev/stdout"`
			`register: borg_key`

			`- name: save borg key`
playbooks/fetch-borg-keys.yml: Encrypt keys with GPG Signed-off-by: Florian Pritz <bluewind@xinu.at> 2018-01-10 21:02:25 +01:00			`shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}`
			`args:`
			`stdin: "{{borg_key.stdout}}"`
			`chdir: "{{playbook_dir}}/.."`
			`delegate_to: localhost`