From 03600a8cc4905bf6f862c2724aa95d12c3d6e280 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Fri, 25 Feb 2022 16:42:59 +0200
Subject: [PATCH] Place borg host vaults under host_vars/localhost/

Kind of sensitive information that doesn't need to be available to all
hosts.
---
 docs/otp.md                                                     | 2 +-
 .../all => host_vars/localhost}/vault_hetzner_storagebox.yml    | 0
 .../all => host_vars/localhost}/vault_hetzner_webservice.yml    | 0
 {group_vars/all => host_vars/localhost}/vault_rsync.net.yml     | 0
 roles/borg_client/defaults/main.yml                             | 2 +-
 5 files changed, 2 insertions(+), 2 deletions(-)
 rename {group_vars/all => host_vars/localhost}/vault_hetzner_storagebox.yml (100%)
 rename {group_vars/all => host_vars/localhost}/vault_hetzner_webservice.yml (100%)
 rename {group_vars/all => host_vars/localhost}/vault_rsync.net.yml (100%)

diff --git a/docs/otp.md b/docs/otp.md
index d77a70d5b..0d9632d8f 100644
--- a/docs/otp.md
+++ b/docs/otp.md
@@ -56,7 +56,7 @@ Run
 
     pass otp insert -i rsync.net -a archlinux Rsync.net/archlinux-master-token -s
 
-When asked for a secret, provide the `2FA token seed` from `group_vars/all/vault_rsync.net.yml`.
+When asked for a secret, provide the `2FA token seed` from `host_vars/localhost/vault_rsync.net.yml`.
 You can then run
 
     pass otp code Rsync.net/archlinux-master-token
diff --git a/group_vars/all/vault_hetzner_storagebox.yml b/host_vars/localhost/vault_hetzner_storagebox.yml
similarity index 100%
rename from group_vars/all/vault_hetzner_storagebox.yml
rename to host_vars/localhost/vault_hetzner_storagebox.yml
diff --git a/group_vars/all/vault_hetzner_webservice.yml b/host_vars/localhost/vault_hetzner_webservice.yml
similarity index 100%
rename from group_vars/all/vault_hetzner_webservice.yml
rename to host_vars/localhost/vault_hetzner_webservice.yml
diff --git a/group_vars/all/vault_rsync.net.yml b/host_vars/localhost/vault_rsync.net.yml
similarity index 100%
rename from group_vars/all/vault_rsync.net.yml
rename to host_vars/localhost/vault_rsync.net.yml
diff --git a/roles/borg_client/defaults/main.yml b/roles/borg_client/defaults/main.yml
index b4b29e40f..d08c91f8d 100644
--- a/roles/borg_client/defaults/main.yml
+++ b/roles/borg_client/defaults/main.yml
@@ -4,7 +4,7 @@ backup_hosts:
     dir: "~/repo"
     suffix: ""
     borg_cmd: "borg"
-  - host: "ssh://{{ rsync_net_username }}@zh1905.rsync.net:22"
+  - host: "ssh://zh1905@zh1905.rsync.net:22"
     dir: "~/backup/{{ inventory_hostname }}"
     suffix: "-offsite"
     borg_cmd: "borg --remote-path=borg1"
-- 
GitLab