Another big round of refactoring and cleaning...

2025-08-29 15:06:26 +02:00 · 2025-07-11 17:55:26 +02:00
parent aa61bf2a44
commit 168c5c0da6
323 changed files with 761 additions and 811 deletions
--- a/roles/sys-bkp-provider-user/tasks/main.yml
+++ b/roles/sys-bkp-provider-user/tasks/main.yml
@@ -0,0 +1,47 @@
+- name: create backup user
+  user:
+    name: backup
+    create_home: yes
+  when: run_once_backups_provider_user is not defined
+
+- name: create .ssh directory
+  file:
+    path: /home/backup/.ssh
+    state: directory
+    owner: backup
+    group: backup
+    mode: '0700'
+  when: run_once_backups_provider_user is not defined
+
+- name: create /home/backup/.ssh/authorized_keys
+  template:
+    src: "authorized_keys.j2"
+    dest: /home/backup/.ssh/authorized_keys
+    owner: backup
+    group: backup
+    mode: '0644'
+  when: run_once_backups_provider_user is not defined
+
+- name: create /home/backup/ssh-wrapper.sh
+  copy:
+    src: "ssh-wrapper.sh"
+    dest: /home/backup/ssh-wrapper.sh
+    owner: backup
+    group: backup
+    mode: '0700'
+  when: run_once_backups_provider_user is not defined
+
+- name: grant backup sudo rights
+  copy:
+    src: "backup"
+    dest: /etc/sudoers.d/backup
+    mode: '0644'
+    owner: root
+    group: root
+  notify: sshd restart
+  when: run_once_backups_provider_user is not defined
+  
+- name: run the backups_provider_user tasks once
+  set_fact:
+    run_once_backups_provider_user: true
+  when: run_once_backups_provider_user is not defined