diff options
Diffstat (limited to 'playbooks/roles')
| -rw-r--r-- | playbooks/roles/borg/tasks/main.yml | 28 | ||||
| -rw-r--r-- | playbooks/roles/borg/templates/borg_ssh_key.j2 | 1 | ||||
| -rw-r--r-- | playbooks/roles/wireguard-mesh/tasks/main.yml | 3 | ||||
| -rw-r--r-- | playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 | 11 |
4 files changed, 40 insertions, 3 deletions
diff --git a/playbooks/roles/borg/tasks/main.yml b/playbooks/roles/borg/tasks/main.yml new file mode 100644 index 0000000..fd3be99 --- /dev/null +++ b/playbooks/roles/borg/tasks/main.yml @@ -0,0 +1,28 @@ +- name: copy key + template: + src: ../templates/borg_ssh_key.j2 + dest: /root/borg_ssh_key + owner: root + group: root + mode: 0600 + +- name: push borg + import_role: + name: borgbase.ansible_role_borgbackup + vars: + borg_encryption_passphrase: "{{ borg_password }}" + borg_repository: "{{ borg_repo }}" + borg_user: "{{ borg_my_user }}" + borg_group: "{{ borg_my_group }}" + borgmatic_timer: cron + borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}" + borg_source_directories: + "{{ base_files + (extra_files[inventory_hostname] | default([])) }}" + borg_retention_policy: + keep_hourly: 3 + keep_daily: 7 + keep_weekly: 4 + keep_monthly: 6 + borgmatic_hooks: + after_backup: + - "curl -d '{{ inventory_hostname }}' {{ backup_topic }}" diff --git a/playbooks/roles/borg/templates/borg_ssh_key.j2 b/playbooks/roles/borg/templates/borg_ssh_key.j2 new file mode 100644 index 0000000..70d4cc9 --- /dev/null +++ b/playbooks/roles/borg/templates/borg_ssh_key.j2 @@ -0,0 +1 @@ +{{ borg_secret_key | b64decode }} diff --git a/playbooks/roles/wireguard-mesh/tasks/main.yml b/playbooks/roles/wireguard-mesh/tasks/main.yml index 9f9419f..34d46bc 100644 --- a/playbooks/roles/wireguard-mesh/tasks/main.yml +++ b/playbooks/roles/wireguard-mesh/tasks/main.yml @@ -8,8 +8,9 @@ state: present - name: Get node ips from dns records - ansible.builtin.shell: "dig +short {{ item }} | tail -n1" + command: "dig +short {{ item }}" register: wireguard_node_ip + delegate_to: localhost with_items: "{{ groups['wireguard-mesh'] }}" - name: Massage node ips diff --git a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 index aa15d23..634b20a 100644 --- a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 +++ b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 @@ -1,8 +1,11 @@ [Interface] Address={{ wireguard_node_ips[inventory_hostname] }}/32 -SaveConfig=true ListenPort={{ wireguard_listen_port }} PrivateKey={{ wireguard_private_key.stdout }} +SaveConfig=true +{% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %} +PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh +{% endif %} {% for peer in groups['wireguard-mesh'] %} {% if peer != inventory_hostname %} @@ -10,8 +13,12 @@ PrivateKey={{ wireguard_private_key.stdout }} [Peer] PublicKey={{ hostvars[peer].wireguard_public_key.stdout }} PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }} +{% if wireguard_node_ips[peer] == '10.212.0.1' %} +AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16 +{% else %} AllowedIPs={{ wireguard_node_ips[peer] }}/32 -Endpoint={{ peer | replace('.int.', '.pub.') }}:{{ wireguard_listen_port }} +{% endif %} +Endpoint={{ peer | replace('.int.', '.') }}:{{ wireguard_listen_port }} {% endif %} {% endfor %} |