Use borg user to receive backups on vostok instead of root

ac0478d3 · Sven-Hendrik Haase · e746a6b0 · ac0478d3 · ac0478d3
Commit ac0478d3 authored 8 years ago by Sven-Hendrik Haase
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -8,4 +8,4 @@
    - tools
    - sshd
    - ssh_keys
-    - { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
+    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/orion" }
--- a/roles/borg-server/tasks/main.yml
+++ b/roles/borg-server/tasks/main.yml
@@ -3,8 +3,14 @@
 - name: install borg
  pacman: name=borg state=present

+- name: create borg user
+  user: home="{{ backup_dir }}" name=borg
+
+- name: create borg user home
+  file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=700
+
 - name: create the root backup directory at {{ backup_dir }}
-  file: path="{{ backup_dir }}/{{ item }}" state=directory owner=root group=root mode=700
+  file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=700
  with_items: "{{ backup_clients }}"

 - name: fetch ssh keys
@@ -15,7 +21,7 @@

 - name: allow certain clients to connect
  authorized_key:
-    user=root
+    user=borg
    key="{{ item.stdout }}"
    manage_dir=yes
    key_options="command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"