fetch-borg-keys.yml 1.16 KB
Newer Older
1
2
3
4
5
---

- name: prepare local storage directory
  hosts: 127.0.0.1
  tasks:
Florian Pritz's avatar
Florian Pritz committed
6
      - file: path="{{playbook_dir}}/../../borg-keys/" state=directory
7
8

- name: fetch borg keys
9
  hosts: borg_clients
10
11
12
13
14
  tasks:
      - name: fetch borg key
        command: "/usr/local/bin/borg key export :: /dev/stdout"
        register: borg_key

15
16
17
18
      - name: fetch borg offsite key
        command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
        register: borg_offsite_key

19
      - name: save borg key
Florian Pritz's avatar
Florian Pritz committed
20
        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
21
22
        args:
            stdin: "{{borg_key.stdout}}"
Florian Pritz's avatar
Florian Pritz committed
23
            chdir: "{{playbook_dir}}/../.."
24
        delegate_to: localhost
25
26
27
28
29
30
31

      - name: save borg offsite key
        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
        args:
            stdin: "{{borg_offsite_key.stdout}}"
            chdir: "{{playbook_dir}}/../.."
        delegate_to: localhost