diff --git a/roles/backup_server/tasks/main.yml b/roles/backup_server/tasks/main.yml index a77ff31150051e0956d88b102289b85ab4d88c42..1f1f95ee23075309473e2ac450c9811e8cddb2d7 100644 --- a/roles/backup_server/tasks/main.yml +++ b/roles/backup_server/tasks/main.yml @@ -1,14 +1,14 @@ --- - name: Install backup software - apt: + ansible.builtin.apt: name: - duplicity - duply state: present - name: Create directory for storing backups - file: + ansible.builtin.file: path: "/srv/backups" state: directory owner: root @@ -16,14 +16,14 @@ mode: "0751" - name: Create backup client groups - group: + ansible.builtin.group: name: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" gid: "{{ item.uid | default(omit) }}" system: true with_items: "{{ backup_clients }}" - name: Create backup client users - user: + ansible.builtin.user: name: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" groups: "backup" @@ -35,7 +35,7 @@ with_items: "{{ backup_clients }}" - name: Create home directories for backup client users - file: + ansible.builtin.file: path: "/srv/backups/{{ item.server }}" state: directory owner: root @@ -44,7 +44,7 @@ with_items: "{{ backup_clients }}" - name: Create duplicity directories for backup client users - file: + ansible.builtin.file: path: "/srv/backups/{{ item.server }}/duplicity" state: directory owner: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" @@ -53,7 +53,7 @@ with_items: "{{ backup_clients }}" - name: Create SSH directory for backup client users - file: + ansible.builtin.file: path: "/srv/backups/{{ item.server }}/.ssh" state: directory owner: root @@ -62,7 +62,7 @@ with_items: "{{ backup_clients }}" - name: Populate authorized keys for backup client users - authorized_key: + ansible.posix.authorized_key: user: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" key: "{{ item.public_key }}" manage_dir: false @@ -70,7 +70,7 @@ with_items: "{{ backup_clients }}" - name: Set-up authorized_keys file permissions for backup client users - file: + ansible.builtin.file: path: "/srv/backups/{{ item.server }}/.ssh/authorized_keys" state: file owner: root @@ -79,7 +79,7 @@ with_items: "{{ backup_clients }}" - name: Deny the backup group login via regular SSH - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/ssh/sshd_config" state: present line: "DenyGroups backup" @@ -87,7 +87,7 @@ - Restart SSH - name: Set-up directory for the backup OpenSSH server instance - file: + ansible.builtin.file: path: "/etc/ssh-backup/" state: directory owner: root @@ -95,7 +95,7 @@ mode: "0700" - name: Deploy configuration file for the backup OpenSSH server instance service - copy: + ansible.builtin.copy: src: "ssh-backup.default" dest: "/etc/default/ssh-backup" owner: root @@ -105,7 +105,7 @@ - Restart backup SSH server - name: Deploy configuration file for the backup OpenSSH server instance - copy: + ansible.builtin.copy: src: "backup-sshd_config" dest: "/etc/ssh-backup/sshd_config" owner: root @@ -115,7 +115,7 @@ - Restart backup SSH server - name: Deploy the private keys for backup OpenSSH server instance - template: + ansible.builtin.template: src: "ssh_host_key.j2" dest: "/etc/ssh-backup/ssh_host_{{ item.key }}_key" owner: root @@ -127,7 +127,7 @@ no_log: true - name: Deploy backup OpenSSH server systemd service file - copy: + ansible.builtin.copy: src: "ssh-backup.service" dest: "/etc/systemd/system/ssh-backup.service" owner: root @@ -138,13 +138,13 @@ - Restart backup SSH server - name: Start and enable OpenSSH backup service - service: + ansible.builtin.service: name: "ssh-backup" state: started enabled: true - name: Deploy firewall configuration for backup server - template: + ansible.builtin.template: src: "ferm_backup.conf.j2" dest: "/etc/ferm/conf.d/40-backup.conf" owner: root @@ -154,7 +154,7 @@ - Restart ferm - name: Explicitly run all handlers - include_tasks: ../handlers/main.yml + ansible.builtin.include_tasks: ../handlers/main.yml when: "run_handlers | default(False) | bool()" tags: - handlers