Add base

defaults/main.yml

@@ -1,2 +1,12 @@
 ---
 # defaults file for ${REPO_NAME_TITLE}
+
+borg_version: false
+user: backup
+group: backup
+home: /home/backup
+pool: "{{ home }}/repos"
+auth_users:
+  []
+  # - host: johndoe.clnt.local
+  #   key: "{{ lookup('file', '/path/to/keys/johndoe.clnt.local.pub') }}"

tasks/configure.yml

@@ -0,0 +1,62 @@
+---
+- name: Create Group
+  ansible.builtin.group:
+    name: "{{ group }}"
+    state: present
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ user }}"
+    shell: /bin/bash
+    home: "{{ home }}"
+    createhome: true
+    group: "{{ group }}"
+    state: present
+
+- name: Ensure home dir is present
+  ansible.builtin.file:
+    path: "{{ home }}"
+    owner: "{{ user }}"
+    group: "{{ group }}"
+    mode: 0700
+    state: directory
+
+- name: Ensure ssh dir is present
+  ansible.builtin.file:
+    path: "{{ home }}/.ssh"
+    owner: "{{ user }}"
+    group: "{{ group }}"
+    mode: 0700
+    state: directory
+
+- name: Ensure pool dir is present
+  ansible.builtin.file:
+    path: "{{ pool }}"
+    owner: "{{ user }}"
+    group: "{{ group }}"
+    mode: 0700
+    state: directory
+
+- name: Create autorized key entry
+  ansible.posix.authorized_key:
+    user: "{{ user }}"
+    key: "{{ item.key }}"
+    key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
+  with_items: "{{ auth_users }}"
+
+- name: Ensure permission on authorized_keys file
+  ansible.builtin.file:
+    path: "{{ home }}/.ssh/authorized_keys"
+    owner: "{{ user }}"
+    group: "{{ group }}"
+    mode: 0600
+    state: file
+
+- name: Ensure host pool dir is present
+  ansible.builtin.file:
+    path: "{{ pool }}/{{ item.host }}"
+    owner: "{{ user }}"
+    group: "{{ group }}"
+    mode: 0700
+    state: directory
+  with_items: "{{ auth_users }}"

tasks/main.yml

@@ -1,2 +1,5 @@
 ---
 # tasks file for Ansible-Borg-Server-Role
+- name: Install Borg
+  ansible.builtin.include_tasks:
+    file: preflight.yml

tasks/preflight.yml

@@ -0,0 +1,13 @@
+---
+- name: Install dependent Python Packages
+  ansible.builtin.pip:
+    name: "{{ borg_dependent_python_packages }}"
+    virtualenv: /opt/borgmatic
+  when: borg_dependent_python_packages is defined
+
+- name: Install main Python Packages
+  ansible.builtin.pip:
+    name: "{{ item.name }}"
+    version: "{{ item.version | default(omit, true) }}"
+  when: borg_python_packages is defined
+  loop: "{{ borg_python_packages }}"

vars/main.yml

@@ -1,2 +1,10 @@
 ---
 # vars file for Ansible-Borg-Server-Role
+
+borg_dependent_python_packages:
+  - cython
+  - pkgconfig
+
+borg_python_packages:
+  - name: borgbackup
+    version: "{{ borg_version }}"