From cf23a37aa02dc49b8339b10ffd39ce09bbfa39d0 Mon Sep 17 00:00:00 2001
From: Thomas Kleinendorst <thomas@kleinendorst.info>
Date: Tue, 14 Jan 2025 17:03:28 +0100
Subject: [PATCH] Add dependencies of backup script

---
 roles/backups/tasks/main.yml         | 24 ++++++++++++++++++++----
 roles/backups/templates/ssh_config   |  5 +++++
 roles/backups/vars/main/defaults.yml |  1 +
 roles/backups/vars/main/vault.yml    | 27 +++++++++++++++++----------
 4 files changed, 43 insertions(+), 14 deletions(-)
 create mode 100644 roles/backups/templates/ssh_config

diff --git a/roles/backups/tasks/main.yml b/roles/backups/tasks/main.yml
index e7106e9..94084bc 100644
--- a/roles/backups/tasks/main.yml
+++ b/roles/backups/tasks/main.yml
@@ -1,12 +1,28 @@
 ---
-- name: Copy over script
+# From within the script we're pushing backups to a specialised service (BorgBackup), This step ensure that an SSH key is present to use
+# for verification on that service. Currently it has to be manually read out and entered in the service. This step has to be repeated
+# when freshly applying this setup.
+- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
   become: true
-  ansible.builtin.copy:
-    src: backup_script.sh
-    dest: "{{ backups_script_path }}"
+  community.crypto.openssh_keypair:
+    path: "{{ backup_script_ssh_key_location }}"
+# Needed for the task after this apparently...
+- name: Install SSH config file
+  become: true
+  ansible.builtin.template:
+    src: ssh_config
+    dest: /root/.ssh/config
     owner: root
     group: root
     mode: '0700'
+# - name: Copy over script
+#   become: true
+#   ansible.builtin.copy:
+#     src: backup_script.sh
+#     dest: "{{ backups_script_path }}"
+#     owner: root
+#     group: root
+#     mode: '0700'
 - name: Ensure directory for configuration file exists
   become: true
   ansible.builtin.file:
diff --git a/roles/backups/templates/ssh_config b/roles/backups/templates/ssh_config
new file mode 100644
index 0000000..8a8252e
--- /dev/null
+++ b/roles/backups/templates/ssh_config
@@ -0,0 +1,5 @@
+Host {{ borg_base.remote_host }}
+    HostName {{ borg_base.remote_host }}
+    User {{ borg_base.remote_user }}
+    IdentityFile {{ backup_script_ssh_key_location }}
+    StrictHostKeyChecking accept-new
diff --git a/roles/backups/vars/main/defaults.yml b/roles/backups/vars/main/defaults.yml
index e032d70..320628f 100644
--- a/roles/backups/vars/main/defaults.yml
+++ b/roles/backups/vars/main/defaults.yml
@@ -1,3 +1,4 @@
 ---
+backup_script_ssh_key_location: /root/.ssh/id_ssh_rsa
 backups_script_path: /usr/local/bin/backup_script.sh
 backups_configuration_path: /etc/borg_backup_script/backup_configuration.yaml
diff --git a/roles/backups/vars/main/vault.yml b/roles/backups/vars/main/vault.yml
index 16b7cc2..cffe045 100644
--- a/roles/backups/vars/main/vault.yml
+++ b/roles/backups/vars/main/vault.yml
@@ -1,11 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
-37316361316463376662353834626533623465383237343034393765616538313262303031383832
-3833623665663331383131373264366564376539386631320a363861643632663233326564616665
-39393161363661373764353534393865663264653861303033373034323836656137303162653631
-3764393530646366330a306338346531663932343531326361613238366434396433623838366334
-33636530656466623735346661373130613461616532626430346132303261366133343034336535
-64386365303937343637643366356133646434366566373532393431383864663635623164656262
-34613562396136616531383461656331383436363461626136396139303263653431626233633438
-36623332376436316236373737613632323630306331316264633432303265343931303034363333
-65353631316264356530383938636662366637616430336566363063653866333366666131313036
-3935303838363737303862613161656664666463643137336135
+36663737323462306164663362663633363838633165303464666233333364323330613933326237
+3565663233613037336633313537346534333432633036360a353064366464333164393161653038
+30633966613031363932633736333337653464373866333836353032356431393866303836343166
+6464333031323639660a306631363234383366643435366536323861356434393566643633643839
+35313064653536393366366536386331663062663132313331353238653933356234333338343436
+32616565323636633239346366323934303766353936653336353063373663623932353532386532
+32633736323866313133363438373639396663333737363536353731353236303333626364386632
+64363336356566653130303765396232646231333436366434353634316631313365373561383636
+38386636623265643762613065376362653964653935306338653763306137323165346332623264
+33636164613562636164363065623564363965626235643238363630666639363866663631643530
+65613938663131396630303565646335623764353830356536376465346339363034316666306134
+31353731316430663136613061386566613832626234656337343065363331636239326365343762
+33663965626538643937323832663638613766323331623133376632666131353936346238386437
+61306135386131653466633331313165626162306639323633383133643761633466373234353134
+39323237666334323232623230643734363765376163333762643962356365343364383939333132
+63363961383934643935323264326133313135336638323833336539393136306435663134333930
+32343762623636323637383530366434326537313431636131343533613733613063