From ac0478d3decf99e5b18307c9003f9713ed42f59e Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Sat, 28 May 2016 19:06:00 +0200
Subject: [PATCH] Use borg user to receive backups on vostok instead of root

---
 playbooks/orion.yml              |  2 +-
 roles/borg-server/tasks/main.yml | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/playbooks/orion.yml b/playbooks/orion.yml
index d10f745e5..c8618d600 100644
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -8,4 +8,4 @@
     - tools
     - sshd
     - ssh_keys
-    - { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
+    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/orion" }
diff --git a/roles/borg-server/tasks/main.yml b/roles/borg-server/tasks/main.yml
index a889dc688..9735333ce 100644
--- a/roles/borg-server/tasks/main.yml
+++ b/roles/borg-server/tasks/main.yml
@@ -3,8 +3,14 @@
 - name: install borg
   pacman: name=borg state=present
 
+- name: create borg user
+  user: home="{{ backup_dir }}" name=borg
+
+- name: create borg user home
+  file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=700
+
 - name: create the root backup directory at {{ backup_dir }}
-  file: path="{{ backup_dir }}/{{ item }}" state=directory owner=root group=root mode=700
+  file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=700
   with_items: "{{ backup_clients }}"
 
 - name: fetch ssh keys
@@ -15,7 +21,7 @@
 
 - name: allow certain clients to connect
   authorized_key:
-    user=root
+    user=borg
     key="{{ item.stdout }}"
     manage_dir=yes
     key_options="command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
-- 
GitLab