btrbk role

deploy.yml

@@ -75,6 +75,7 @@
     users:
       - rilla
       - ansible
+      - btrbk
       - builder
       - gopass
       - woodpecker
@@ -110,6 +111,14 @@
   roles:
     - wifi
 
+- name: btrbk
+  hosts:
+    - narwhal
+    - suricata
+  become: true
+  roles:
+    - btrbk
+
 - name: caladan-specific things
   hosts: caladan
   become: true

roles/btrbk/tasks/alpine.yml

@@ -0,0 +1,7 @@
+---
+- name: install packages
+  apk:
+    name:
+      - btrbk
+      - coreutils  # needed by btrbk
+      - btrfs-progs

roles/btrbk/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: install packages
+  apt:
+    name:
+      - btrbk
+      - btrfs-progs

roles/btrbk/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: alpine setup
+  include_tasks: alpine.yml
+  when: ansible_distribution == "Alpine"
+
+- name: debian/ubuntu setup
+  include_tasks: debian.yml
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
+- name: copy btrbk config
+  copy:
+    src: "host_files/btrbk/{{ ansible_hostname }}/btrbk.conf"
+    dest: /etc/btrbk/btrbk.conf

roles/cryptoraid/tasks/alpine.yml

@@ -2,8 +2,6 @@
 - name: install packages
   apk:
     name:
-      - btrbk
-      - coreutils  # needed by btrbk
       - btrfs-progs
       - cryptsetup
       - gnupg

roles/users/tasks/btrbk.yml

@@ -0,0 +1,32 @@
+---
+- name: create group 'btrbk'
+  group:
+    name: btrbk
+    gid: 505
+
+- name: create user 'btrbk'
+  user:
+    name: btrbk
+    uid: 505
+    group: btrbk
+    home: /var/lib/btrbk
+    password: "*"  # disabled password but can be accessed with SSH
+    groups:
+      - wheel
+    append: true
+
+- name: make sure btrbk owns its home
+  file:
+    state: directory
+    path: /var/lib/btrbk
+    owner: brtrbk
+    group: brtrbk
+    mode: '2755'
+
+- name: commit btrbk's home to lbu
+  lbu:
+    include:
+      - /var/lib/btrbk
+    exclude:
+      - /var/lib/btrbk/.ash_history
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]