mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-07 03:14:16 +01:00
37 lines
1.4 KiB
YAML
37 lines
1.4 KiB
YAML
- name: Prepare local storage directory
|
|
hosts: localhost
|
|
tasks:
|
|
- name: Create borg-keys directory # noqa risky-file-permissions
|
|
file: path="{{ playbook_dir }}/../../borg-keys/" state=directory
|
|
|
|
- name: Fetch borg keys
|
|
hosts: borg_clients
|
|
tasks:
|
|
- name: Fetch borg key
|
|
command: "/usr/local/bin/borg key export :: /dev/stdout"
|
|
register: borg_key
|
|
changed_when: "borg_key.rc == 0"
|
|
|
|
- name: Fetch borg offsite key
|
|
command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
|
|
register: borg_offsite_key
|
|
changed_when: "borg_offsite_key.rc == 0"
|
|
|
|
- name: Save borg key
|
|
shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in vault_super_pgpkeys | flatten %}--recipient {{ userid }} {% endfor %}
|
|
args:
|
|
stdin: "{{ borg_key.stdout }}"
|
|
chdir: "{{ playbook_dir }}/../.."
|
|
delegate_to: localhost
|
|
register: gpg_key
|
|
changed_when: "gpg_key.rc == 0"
|
|
|
|
- name: Save borg offsite key
|
|
shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in vault_super_pgpkeys | flatten %}--recipient {{ userid }} {% endfor %}
|
|
args:
|
|
stdin: "{{ borg_offsite_key.stdout }}"
|
|
chdir: "{{ playbook_dir }}/../.."
|
|
delegate_to: localhost
|
|
register: gpg_offsite_key
|
|
changed_when: "gpg_offsite_key.rc == 0"
|