--- - hosts: all tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: yes - hosts: backup-server tasks: - name: Deploy SSH server keys copy: content: "{{ lookup('file', item.key) + '\n' }}" dest: "{{ item.value }}" owner: root group: root mode: 0600 with_dict: tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key notify: - Restart ssh - name: Set-up backup user groups group: name: "{{ item.name }}" with_items: "{{ backup_users }}" - name: Set-up backup users user: name: "{{ item.name }}" group: "{{ item.name }}" with_items: "{{ backup_users }}" - name: Set-up authorised keys authorized_key: user: "{{ item.name }}" key: "{{ item.key }}" with_items: "{{ backup_users }}" - name: Set-up port forwarding command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22" changed_when: False with_items: - 2222 - 3333 - name: Set-up directory for parameters-mandatory backups file: path: /duplicity state: directory owner: bak-parameters-mandatory group: bak-parameters-mandatory mode: 0700 handlers: - name: Restart ssh service: name: ssh state: restarted vars: backup_users: - name: bak-parameters-mandatory key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}" - name: backupuser key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - hosts: parameters-mandatory roles: - role: backup_client backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}" backup_server: 10.31.127.10 backup_server_host_ssh_public_keys: - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}" - hosts: parameters-optional roles: - role: backup_client backup_additional_encryption_keys: - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}" - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}" - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}" backup_client_username: backupuser backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" backup_server: 10.31.127.10 backup_server_destination: "/home/backupuser" backup_server_host_ssh_public_keys: - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" backup_server_port: 3333 backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" # Deploy a dummy pre-backup script for testing purposes. - hosts: parameters-mandatory,parameters-optional tasks: - name: Deploy pre-backup script copy: src: tests/data/10-test-pre-backup.sh dest: /etc/duply/main/pre.d/10-test-pre-backup.sh owner: root group: root mode: 0700