rilla
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rilla:17d9418708122091a9700196294a6ece2d94ad60
Branches Tags
rilla:main
..
compare: rilla:5a801da7b2b0850eff06dd8fe1b03bcabb9ba768
Branches Tags
rilla:main

No commits in common. "17d9418708122091a9700196294a6ece2d94ad60" and "5a801da7b2b0850eff06dd8fe1b03bcabb9ba768" have entirely different histories.
17d9418708 ... 5a801da7b2

5 changed files with 25 additions and 62 deletions
Show Stats Expand all files Collapse all files

34
host_files/btrbk/narwhal/btrbk.conf
View File

@ -1,34 +0,0 @@
transaction_log /var/log/btrbk.log
lockfile /run/lock/btrbk.lock
timestamp_format long
snapshot_create onchange
snapshot_preserve 24h 7d 0w 0m 0y
snapshot_preserve_min latest
target_preserve 0h 14d 6w 4m 1y
target_preserve_min latest
archive_preserve 0h 1d 1w 1m 1y
archive_preserve_min latest
incremental yes
ssh_identity /etc/btrbk/id_ed25519
ssh_user btrbk
backend btrfs-progs-doas
compat_remote busybox
volume /mnt/btr_pool
snapshot_dir btrbk_snapshots
target ssh://suricata/mnt/btr_backup/narwhal
subvolume backups
subvolume books
subvolume certs
subvolume data
subvolume docker_volumes
subvolume home
subvolume home-data
subvolume http
subvolume music
subvolume secrets
subvolume transmission
subvolume videos

24
host_files/btrbk/suricata/btrbk.conf
View File

@ -1,23 +1,9 @@
transaction_log /var/log/btrbk.log
lockfile /run/lock/btrbk.lock
timestamp_format long
snapshot_create onchange
timestamp_format long
snapshot_preserve_min 18h
snapshot_preserve 48h
snapshot_preserve 24h 7d 0w 0m 0y
snapshot_preserve_min latest
target_preserve 0h 14d 6w 4m 1y
target_preserve_min latest
archive_preserve 0h 1d 1w 1m 1y
archive_preserve_min latest
incremental yes
ssh_identity /etc/btrbk/id_ed25519
ssh_user btrbk
backend btrfs-progs-doas
compat_local busybox
transaction_log /var/log/btrbk.log
volume /mnt/btr_pool
snapshot_dir btrbk_snapshots
snapshot_dir btrbk_snapshots
subvolume home
subvolume rancher_config

22
roles/btrbk/tasks/main.yml
View File

@ -23,17 +23,30 @@
src: "host_files/btrbk/{{ ansible_hostname }}/btrbk.conf"
dest: /etc/btrbk/btrbk.conf
- name: copy btrbk ssh key
- name: make btrbk user ssh directory
file:
state: directory
path: /var/lib/btrbk/.ssh
owner: btrbk
- name: copy btrbk user ssh key
copy:
src: id_ed25519
dest: /etc/btrbk/id_ed25519
dest: /var/lib/btrbk/.ssh/id_ed25519
owner: btrbk
mode: '0400'
- name: copy btrbk user ssh public key
copy:
src: id_ed25519.pub
dest: /var/lib/btrbk/.ssh/id_ed25519.pub
owner: btrbk
mode: '0644'
- name: copy btrbk user ssh public key to authorized_keys
copy:
src: id_ed25519.pub
dest: /etc/ssh/authorized_keys/btrbk
dest: /var/lib/btrbk/.ssh/authorized_keys
owner: btrbk
mode: '0644'
@ -41,4 +54,7 @@
lbu:
include:
- /usr/local/bin/btrbk
- /var/lib/btrbk/.ssh/id_ed25519
- /var/lib/btrbk/.ssh/id_ed25519.pub
- /var/lib/btrbk/.ssh/authorized_keys
when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]

5
roles/sshd/tasks/main.yml
View File

@ -6,11 +6,6 @@
mode: '0644'
owner: root
- name: create authorized_keys directory
file:
state: directory
path: /etc/ssh/authorized_keys
- name: setup host ssh certificates
include_tasks: certs.yml

2
roles/sshd/templates/sshd_config.j2
View File

@ -38,7 +38,7 @@ PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none