Matthias Johnson
db70b4ba06
- Add storage_box role: generates SSH key pair, creates Hetzner Storage Box with known password, installs public key via install-ssh-key, writes storagebox.yml to stack config. Idempotent: skips key install if SSH key auth already works. - Add deploy.yml: one-shot playbook chaining provision → dns → storage_box → bootstrap → site for fresh deployments - Fix .envrc HCLOUD_TOKEN extraction stripping surrounding quotes from vault YAML values - Add restic_storagebox_password to vault template and setup.sh prompt - Add sshpass to README prerequisites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
908 B
YAML
25 lines
908 B
YAML
---
|
|
# Configure a Hetzner Storage Box for restic backups.
|
|
# Run once before the first restic deployment (enable_restic: true).
|
|
#
|
|
# Prerequisites:
|
|
# - restic_storagebox_id set in config.yml
|
|
# - hetzner_robot_user / hetzner_robot_password set in vault.yml
|
|
#
|
|
# What it does:
|
|
# 1. Generates an SSH key pair in LINDERHOF_DIR (skips if already present)
|
|
# 2. Fetches storage box details from Robot API (derives restic_user / restic_host)
|
|
# 3. Enables SSH access on the storage box
|
|
# 4. Uploads the public key (replaces any existing key with the same label)
|
|
# 5. Writes LINDERHOF_DIR/group_vars/all/storagebox.yml — loaded automatically
|
|
# by Ansible on subsequent runs, no manual config edits required
|
|
|
|
- name: Configure Hetzner Storage Box for restic backups
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: false
|
|
become: false
|
|
|
|
roles:
|
|
- role: storage_box
|
|
tags: storage_box
|