Matthias Johnson
db70b4ba06
- Add storage_box role: generates SSH key pair, creates Hetzner Storage Box with known password, installs public key via install-ssh-key, writes storagebox.yml to stack config. Idempotent: skips key install if SSH key auth already works. - Add deploy.yml: one-shot playbook chaining provision → dns → storage_box → bootstrap → site for fresh deployments - Fix .envrc HCLOUD_TOKEN extraction stripping surrounding quotes from vault YAML values - Add restic_storagebox_password to vault template and setup.sh prompt - Add sshpass to README prerequisites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
30 lines
995 B
YAML
30 lines
995 B
YAML
---
|
|
- name: Deploy Restic SSH key
|
|
ansible.builtin.copy:
|
|
src: "{{ restic_local_key_path }}"
|
|
dest: "{{ restic_ssh_key }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
- name: Ensure restic repo directory exists on Storage Box
|
|
ansible.builtin.shell: |
|
|
ssh -i {{ restic_ssh_key }} -o BatchMode=yes -o StrictHostKeyChecking=no -p {{ restic_ssh_port }} {{ restic_user }}@{{ restic_host }} \
|
|
"mkdir -p {{ restic_remote_path }} && chmod 700 {{ restic_remote_path }}" < /dev/null
|
|
changed_when: false
|
|
|
|
- name: Write the ssh config for the root user
|
|
# TODO: this replaces roots config and should be much smarter, safe for me currently
|
|
template:
|
|
src: restic-ssh-config.j2
|
|
dest: /root/.ssh/config
|
|
mode: "0644"
|
|
|
|
- name: Initialize restic repo on Storage Box (if needed)
|
|
ansible.builtin.shell: |
|
|
source /etc/restic/restic.env
|
|
restic snapshots > /dev/null 2>&1 || restic init
|
|
touch /etc/restic/.initialized
|
|
args:
|
|
creates: /etc/restic/.initialized
|
|
|