Matthias Johnson
db70b4ba06
- Add storage_box role: generates SSH key pair, creates Hetzner Storage Box with known password, installs public key via install-ssh-key, writes storagebox.yml to stack config. Idempotent: skips key install if SSH key auth already works. - Add deploy.yml: one-shot playbook chaining provision → dns → storage_box → bootstrap → site for fresh deployments - Fix .envrc HCLOUD_TOKEN extraction stripping surrounding quotes from vault YAML values - Add restic_storagebox_password to vault template and setup.sh prompt - Add sshpass to README prerequisites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
20 lines
756 B
YAML
20 lines
756 B
YAML
---
|
|
# Storage box name used to identify (or create) the box
|
|
restic_storagebox_name: "{{ server_name }}-backup"
|
|
|
|
# Set these only when creating a new storage box from scratch.
|
|
# Leave unset if the box already exists (identified by restic_storagebox_name above).
|
|
# restic_storagebox_type: bx11
|
|
# restic_storagebox_location: fsn1
|
|
|
|
# SSH port for Hetzner Storage Boxes
|
|
restic_ssh_port: 23
|
|
|
|
# Path where the private key is stored on the Ansible controller (per-stack)
|
|
restic_local_key_path: "{{ lookup('env', 'LINDERHOF_DIR') }}/restic_backup"
|
|
|
|
# Path on the target server where the private key will be deployed
|
|
restic_ssh_key: /root/.ssh/restic_backup
|
|
|
|
# Remote path on the storage box for this server's backups
|
|
restic_remote_path: "backups/{{ server_name }}"
|