duplicity_playbooks/tasks/start.yml

---
- name: Assert KEY variable is set
  ansible.builtin.assert:
    that:
      - KEY | length > 0
    msg: "KEY environment variable must be set"

- name: Assert SECRETS_ARCHIVE_PASSPHRASE variable is set
  ansible.builtin.assert:
    that:
      - lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0
    msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"

- name: Download secrets.tar.gz.enc
  ansible.builtin.get_url:
    url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
    dest: /root/secrets.tar.gz.enc

- name: Create /root/.ssh directory
  ansible.builtin.file:
    path: /root/.ssh
    state: directory
    mode: '0700'

- name: Extract from secrets.tar.gz.enc
  shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
  with_items:
    - name: secrets/docker-duplicity-stack/mail_credentials.json
      dir: /root
    - name: secrets/bootstrap/id_rsa
      dir: /root/.ssh
    - name: secrets/docker-duplicity-stack/nextcloud_password.sh
      dir: /root
    - name: secrets/bootstrap/openrc.sh
      dir: /root

- name: Change SSH private key permissions
  ansible.builtin.file:
    path: /root/.ssh/id_rsa
    mode: '0400'

- name: Set Nextcloud credentials
  ansible.builtin.include_tasks: "tasks/source_vars.yml"
  with_items:
    - NEXTCLOUD_USER
    - NEXTCLOUD_PASSWORD
  vars:
    shell_script: /root/nextcloud_password.sh

- name: Create /mnt/cloud directory if it does not exist
  ansible.builtin.file:
    path: /mnt/cloud
    state: directory
    mode: '0755'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Create /etc/davfs2 directory
  ansible.builtin.file:
    path: /etc/davfs2
    state: directory
    mode: '0755'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Copy using inline content
  ansible.builtin.copy:
    content: '/mnt/cloud {{  NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'
    dest: /etc/davfs2/secrets
    mode: '0600'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: mount /mnt/cloud
  ansible.posix.mount:
    path: /mnt/cloud
    src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"
    fstype: davfs
    opts: "uid={{ user }},gid={{ user }}"
    state: mounted
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Set OpenStack credentials
  ansible.builtin.include_tasks: "tasks/source_vars.yml"
  with_items:
    - OS_AUTH_URL
    - OS_IDENTITY_API_VERSION
    - OS_USER_DOMAIN_NAME
    - OS_PROJECT_DOMAIN_NAME
    - OS_TENANT_ID
    - OS_TENANT_NAME
    - OS_USERNAME
    - OS_PASSWORD
    - OS_REGION_NAME
  vars:
    shell_script: /root/openrc.sh

- name: Setup volume
  ansible.builtin.include_tasks: "tasks/setup_volume.yml"
  with_items:
    - name: tmp_duplicity_workdir
      size: 20
    - name: duplicity_cache
      size: 5

#cd $SCRIPTPATH
#source vars
#test -z $1 || SCRIPT="$1"
#USER=$(whoami)
#sudo chown root:root mail_credentials.json
#sudo chown $USER:$USER nextcloud_password.sh
#sudo chmod 400 nextcloud_password.sh mail_credentials.json

#- name: Tear down existing services
#  community.docker.docker_compose:
#    project_src: /root/docker-duplicity-stack
#    docker_host: tcp://127.0.0.1:2375
#    state: absent
#
Refactor 2023-10-14 22:04:39 +00:00			`---`
			`- name: Assert KEY variable is set`
			`ansible.builtin.assert:`
			`that:`
			`- KEY \| length > 0`
			`msg: "KEY environment variable must be set"`

			`- name: Assert SECRETS_ARCHIVE_PASSPHRASE variable is set`
			`ansible.builtin.assert:`
			`that:`
			`- lookup('env','SECRETS_ARCHIVE_PASSPHRASE') \| length > 0`
			`msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"`

			`- name: Download secrets.tar.gz.enc`
			`ansible.builtin.get_url:`
			`url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"`
			`dest: /root/secrets.tar.gz.enc`

			`- name: Create /root/.ssh directory`
			`ansible.builtin.file:`
			`path: /root/.ssh`
			`state: directory`
			`mode: '0700'`

			`- name: Extract from secrets.tar.gz.enc`
			`shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc \| tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"`
			`with_items:`
			`- name: secrets/docker-duplicity-stack/mail_credentials.json`
			`dir: /root`
			`- name: secrets/bootstrap/id_rsa`
			`dir: /root/.ssh`
			`- name: secrets/docker-duplicity-stack/nextcloud_password.sh`
			`dir: /root`
			`- name: secrets/bootstrap/openrc.sh`
			`dir: /root`

			`- name: Change SSH private key permissions`
			`ansible.builtin.file:`
			`path: /root/.ssh/id_rsa`
			`mode: '0400'`

			`- name: Set Nextcloud credentials`
			`ansible.builtin.include_tasks: "tasks/source_vars.yml"`
			`with_items:`
			`- NEXTCLOUD_USER`
			`- NEXTCLOUD_PASSWORD`
			`vars:`
			`shell_script: /root/nextcloud_password.sh`

			`- name: Create /mnt/cloud directory if it does not exist`
			`ansible.builtin.file:`
			`path: /mnt/cloud`
			`state: directory`
			`mode: '0755'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Create /etc/davfs2 directory`
			`ansible.builtin.file:`
			`path: /etc/davfs2`
			`state: directory`
			`mode: '0755'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Copy using inline content`
			`ansible.builtin.copy:`
			`content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'`
			`dest: /etc/davfs2/secrets`
			`mode: '0600'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: mount /mnt/cloud`
			`ansible.posix.mount:`
			`path: /mnt/cloud`
			`src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"`
			`fstype: davfs`
			`opts: "uid={{ user }},gid={{ user }}"`
			`state: mounted`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Set OpenStack credentials`
			`ansible.builtin.include_tasks: "tasks/source_vars.yml"`
			`with_items:`
			`- OS_AUTH_URL`
			`- OS_IDENTITY_API_VERSION`
			`- OS_USER_DOMAIN_NAME`
			`- OS_PROJECT_DOMAIN_NAME`
			`- OS_TENANT_ID`
			`- OS_TENANT_NAME`
			`- OS_USERNAME`
			`- OS_PASSWORD`
			`- OS_REGION_NAME`
			`vars:`
			`shell_script: /root/openrc.sh`

Refactor. 2023-10-14 22:35:07 +00:00			`- name: Setup volume`
			`ansible.builtin.include_tasks: "tasks/setup_volume.yml"`
			`with_items:`
			`- name: tmp_duplicity_workdir`
			`size: 20`
			`- name: duplicity_cache`
			`size: 5`
Refactor 2023-10-14 22:04:39 +00:00
			`#cd $SCRIPTPATH`
			`#source vars`
			`#test -z $1 \|\| SCRIPT="$1"`
			`#USER=$(whoami)`
			`#sudo chown root:root mail_credentials.json`
			`#sudo chown $USER:$USER nextcloud_password.sh`
			`#sudo chmod 400 nextcloud_password.sh mail_credentials.json`

			`#- name: Tear down existing services`
			`# community.docker.docker_compose:`
			`# project_src: /root/docker-duplicity-stack`
			`# docker_host: tcp://127.0.0.1:2375`
			`# state: absent`
			`#`