fetch-borg-keys.yml 1.46 KB
Newer Older
1
2
3
4
5
---

- name: prepare local storage directory
  hosts: 127.0.0.1
  tasks:
6
      - name: create borg-keys directory
7
        file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
8
9

- name: fetch borg keys
10
  hosts: borg_clients
11
12
13
14
  tasks:
      - name: fetch borg key
        command: "/usr/local/bin/borg key export :: /dev/stdout"
        register: borg_key
15
        changed_when: "borg_key.rc == 0"
16

17
18
19
      - name: fetch borg offsite key
        command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
        register: borg_offsite_key
20
        changed_when: "borg_offsite_key.rc == 0"
21

22
      - name: save borg key
23
        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
24
        args:
25
26
            stdin: "{{ borg_key.stdout }}"
            chdir: "{{ playbook_dir }}/../.."
27
        delegate_to: localhost
28
29
        register: gpg_key
        changed_when: "gpg_key.rc == 0"
30
31

      - name: save borg offsite key
32
        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
33
        args:
34
35
            stdin: "{{ borg_offsite_key.stdout }}"
            chdir: "{{ playbook_dir }}/../.."
36
        delegate_to: localhost
37
38
        register: gpg_offsite_key
        changed_when: "gpg_offsite_key.rc == 0"