diff --git a/roles/mgrote_rsync/defaults/main.yml b/roles/mgrote_rsync/defaults/main.yml index 5ac90299..4ddc852b 100644 --- a/roles/mgrote_rsync/defaults/main.yml +++ b/roles/mgrote_rsync/defaults/main.yml @@ -1,8 +1,6 @@ --- ### when should rsync_mirror be run (every 5 minutes) rsync_mirror_timer: '*-*-* *:00/5' -rsync_mirror_user: rsync_mirror -rsync_mirror_user_group: rsync_mirror ### mgrote_rsync_mirror #rsync_mirror_syncoid_datasets_sync: @@ -10,3 +8,9 @@ rsync_mirror_user_group: rsync_mirror # source_dataset: hdd_data/tmp # destination_mount_check: hdd_data/tmp # zielpool # destination_dataset: backup/pve5/tmp + + + +------ +rsync_mirror_user_group: "{{ rsync_mirror_user }}" +rsync_mirror_user: rsync_mirror diff --git a/roles/mgrote_rsync/tasks/destination.yml b/roles/mgrote_rsync/tasks/destination.yml index 9915ead2..9beab14f 100644 --- a/roles/mgrote_rsync/tasks/destination.yml +++ b/roles/mgrote_rsync/tasks/destination.yml @@ -1,17 +1,5 @@ --- -- name: template ssh private key - become: true - ansible.builtin.template: - src: private_key.j2 - dest: "/etc/rsync_mirror/.ssh/id_rsync_mirror" - owner: "{{ rsync_mirror_user }}" - group: "{{ rsync_mirror_user_group }}" - mode: "0400" - no_log: true - when: - - rsync_mirror_syncoid_destination_host - -- name: template ssh public key +- name: Ensure SSH-Public-Key is templated ansible.posix.authorized_key: user: "{{ rsync_mirror_user }}" key: "{{ rsync_mirror_syncoid_ssh_pubkey }}" diff --git a/roles/mgrote_rsync/tasks/source.yml b/roles/mgrote_rsync/tasks/source.yml index a4af28d4..d141b0eb 100644 --- a/roles/mgrote_rsync/tasks/source.yml +++ b/roles/mgrote_rsync/tasks/source.yml @@ -18,16 +18,24 @@ - "/etc/rsync_mirror/" - "/etc/rsync_mirror/.ssh" -- name: template syncoid.sh +- name: Ensure SSH-Private-Key is templated become: true ansible.builtin.template: - src: "syncoid.sh.j2" - dest: /usr/bin/syncoid.sh + src: private_key.j2 + dest: "/etc/rsync_mirror/.ssh/id_rsync_mirror" + owner: "{{ rsync_mirror_user }}" + group: "{{ rsync_mirror_user_group }}" + mode: "0400" + no_log: true + +- name: Ensure rsync_mirror-Script is templated + become: true + ansible.builtin.template: + src: "rsync_mirror.sh.j2" + dest: "/usr/bin/rsync_mirror.sh" owner: root group: root - mode: "0755" - when: - - rsync_mirror_syncoid_destination_host + mode: "0750" - name: Ensure services are present become: true @@ -43,7 +51,6 @@ - rsync_mirror.service - rsync_mirror.timer - rsync_mirror_mail.service - when: ytdl_active - name: Ensure timer unit is enabled become: true @@ -54,7 +61,6 @@ state: started notify: - systemctl daemon-reload - when: ytdl_active - name: Ensure service units are enabled become: true @@ -66,4 +72,3 @@ - rsync_mirror.service - rsync_mirror.timer - rsync_mirror_mail.service - when: ytdl_active diff --git a/roles/mgrote_rsync/tasks/user.yml b/roles/mgrote_rsync/tasks/user.yml index 018eac6f..20258f57 100644 --- a/roles/mgrote_rsync/tasks/user.yml +++ b/roles/mgrote_rsync/tasks/user.yml @@ -1,22 +1,16 @@ --- -- name: ensure group exists +- name: Ensure group exists become: true ansible.builtin.group: name: "{{ rsync_mirror_user_group }}" state: present - when: - - rsync_mirror_user_group is defined - - rsync_mirror_user is defined -- name: ensure user exists +- name: Ensure user exists become: true ansible.builtin.user: name: "{{ rsync_mirror_user }}" group: "{{ rsync_mirror_user_group }}" - create_home: true - when: - - rsync_mirror_user_group is defined - - rsync_mirror_user is defined + create_home: false - name: Ensure user is added to sudoers become: true @@ -24,7 +18,5 @@ name: "users-sudo-{{ rsync_mirror_user }}" state: present user: "{{ rsync_mirror_user }}" - commands: ALL + commands: ALL # TODO einschränken? nopassword: true - when: - - rsync_mirror_syncoid_destination_host