duplicity_playbooks/tasks/start.yml

---
- name: Assert environment variable is not empty
  ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"
  with_items: "{{ PLAYBOOK_REQUIRED_ENV_VARS }}"

- name: Download secrets.tar.gz.enc
  ansible.builtin.get_url:
    url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"
    dest: /root/secrets.tar.gz.enc

# python3-swiftclient is a requirement of duplicity
- name: Install package requirements
  ansible.builtin.package:
    name:
      - git
      - python3-swiftclient
      - openssh-client
    state: present

- name: Create /root/.ssh directory
  ansible.builtin.file:
    path: /root/.ssh
    state: directory
    mode: '0700'

- name: Copy SSH config
  ansible.builtin.copy:
    src: config
    dest: "/root/.ssh"
    mode: '0644'

- name: Extract from secrets.tar.gz.enc
  shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
  with_items:
    - name: secrets/docker-duplicity-stack/mail_credentials.json
      dir: /root/
    - name: secrets/bootstrap/id_rsa
      dir: /root/.ssh
    - name: secrets/docker-duplicity-stack/nextcloud_password.sh
      dir: /root
    - name: secrets/bootstrap/openrc.sh
      dir: /root

- name: Change secret files permissions
  ansible.builtin.file:
    path: "{{ item }}"
    mode: '0400'
  with_items:
    - /root/mail_credentials.json
    - /root/.ssh/id_rsa

- name: Set Nextcloud credentials
  ansible.builtin.include_tasks: "tasks/source_vars.yml"
  with_items:
    - NEXTCLOUD_USER
    - NEXTCLOUD_PASSWORD
  vars:
    shell_script: /root/nextcloud_password.sh

- name: Create /mnt/cloud directory if it does not exist
  ansible.builtin.file:
    path: /mnt/cloud
    state: directory
    mode: '0755'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Create /etc/davfs2 directory
  ansible.builtin.file:
    path: /etc/davfs2
    state: directory
    mode: '0755'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Copy using inline content
  ansible.builtin.copy:
    content: '/mnt/cloud {{  NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'
    dest: /etc/davfs2/secrets
    mode: '0600'
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: mount /mnt/cloud
  ansible.posix.mount:
    path: /mnt/cloud
    src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"
    fstype: davfs
    opts: "uid={{ user }},gid={{ user }}"
    state: mounted
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Set OpenStack credentials
  ansible.builtin.include_tasks: "tasks/source_vars.yml"
  with_items:
    - OS_AUTH_URL
    - OS_IDENTITY_API_VERSION
    - OS_USER_DOMAIN_NAME
    - OS_PROJECT_DOMAIN_NAME
    - OS_TENANT_ID
    - OS_TENANT_NAME
    - OS_USERNAME
    - OS_PASSWORD
    - OS_REGION_NAME
  vars:
    shell_script: /root/openrc.sh

- name: Setup volume
  ansible.builtin.include_tasks: "tasks/setup_volume.yml"
  with_items:
    - name: tmp_duplicity_workdir
      size: 20
    - name: duplicity_cache
      size: 5

- name: Install jsondiff from pip
  ansible.builtin.pip:
    name: jsondiff
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true

- name: Create backup directory
  ansible.builtin.file:
    path: "{{ WORKDIR }}/backup"
    state: directory
Refactor 2023-10-14 22:04:39 +00:00			`---`
Simplify code. 2023-10-22 08:32:14 +00:00			`- name: Assert environment variable is not empty`
			`ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"`
			`with_items: "{{ PLAYBOOK_REQUIRED_ENV_VARS }}"`
Refactor 2023-10-14 22:04:39 +00:00
			`- name: Download secrets.tar.gz.enc`
			`ansible.builtin.get_url:`
Simplify code. 2023-10-22 08:32:14 +00:00			`url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"`
Refactor 2023-10-14 22:04:39 +00:00			`dest: /root/secrets.tar.gz.enc`

Fix syntax error and refactor. 2023-10-22 14:00:58 +00:00			`# python3-swiftclient is a requirement of duplicity`
			`- name: Install package requirements`
Refactor. 2023-10-16 20:22:20 +00:00			`ansible.builtin.package:`
Fix syntax error and refactor. 2023-10-22 14:00:58 +00:00			`name:`
			`- git`
			`- python3-swiftclient`
			`- openssh-client`
Refactor. 2023-10-16 20:22:20 +00:00			`state: present`

Refactor 2023-10-14 22:04:39 +00:00			`- name: Create /root/.ssh directory`
			`ansible.builtin.file:`
			`path: /root/.ssh`
			`state: directory`
			`mode: '0700'`

Refactor to use only one container and playbook. 2023-10-22 13:46:17 +00:00			`- name: Copy SSH config`
			`ansible.builtin.copy:`
			`src: config`
			`dest: "/root/.ssh"`
			`mode: '0644'`

Refactor 2023-10-14 22:04:39 +00:00			`- name: Extract from secrets.tar.gz.enc`
			`shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc \| tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"`
			`with_items:`
			`- name: secrets/docker-duplicity-stack/mail_credentials.json`
Refactor. 2023-10-16 20:22:20 +00:00			`dir: /root/`
Refactor 2023-10-14 22:04:39 +00:00			`- name: secrets/bootstrap/id_rsa`
			`dir: /root/.ssh`
			`- name: secrets/docker-duplicity-stack/nextcloud_password.sh`
			`dir: /root`
			`- name: secrets/bootstrap/openrc.sh`
			`dir: /root`

Refactor to use only one container and playbook. 2023-10-22 13:46:17 +00:00			`- name: Change secret files permissions`
Refactor 2023-10-14 22:04:39 +00:00			`ansible.builtin.file:`
Refactor to use only one container and playbook. 2023-10-22 13:46:17 +00:00			`path: "{{ item }}"`
Refactor 2023-10-14 22:04:39 +00:00			`mode: '0400'`
Refactor. 2023-10-16 20:22:20 +00:00			`with_items:`
			`- /root/mail_credentials.json`
			`- /root/.ssh/id_rsa`

Refactor 2023-10-14 22:04:39 +00:00			`- name: Set Nextcloud credentials`
			`ansible.builtin.include_tasks: "tasks/source_vars.yml"`
			`with_items:`
			`- NEXTCLOUD_USER`
			`- NEXTCLOUD_PASSWORD`
			`vars:`
			`shell_script: /root/nextcloud_password.sh`

			`- name: Create /mnt/cloud directory if it does not exist`
			`ansible.builtin.file:`
			`path: /mnt/cloud`
			`state: directory`
			`mode: '0755'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Create /etc/davfs2 directory`
			`ansible.builtin.file:`
			`path: /etc/davfs2`
			`state: directory`
			`mode: '0755'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Copy using inline content`
			`ansible.builtin.copy:`
			`content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'`
			`dest: /etc/davfs2/secrets`
			`mode: '0600'`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: mount /mnt/cloud`
			`ansible.posix.mount:`
			`path: /mnt/cloud`
			`src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"`
			`fstype: davfs`
			`opts: "uid={{ user }},gid={{ user }}"`
			`state: mounted`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

			`- name: Set OpenStack credentials`
			`ansible.builtin.include_tasks: "tasks/source_vars.yml"`
			`with_items:`
			`- OS_AUTH_URL`
			`- OS_IDENTITY_API_VERSION`
			`- OS_USER_DOMAIN_NAME`
			`- OS_PROJECT_DOMAIN_NAME`
			`- OS_TENANT_ID`
			`- OS_TENANT_NAME`
			`- OS_USERNAME`
			`- OS_PASSWORD`
			`- OS_REGION_NAME`
			`vars:`
			`shell_script: /root/openrc.sh`

Refactor. 2023-10-14 22:35:07 +00:00			`- name: Setup volume`
			`ansible.builtin.include_tasks: "tasks/setup_volume.yml"`
			`with_items:`
			`- name: tmp_duplicity_workdir`
			`size: 20`
			`- name: duplicity_cache`
			`size: 5`
Refactor 2023-10-14 22:04:39 +00:00
Refactor. 2023-10-16 20:22:20 +00:00			`- name: Install jsondiff from pip`
			`ansible.builtin.pip:`
			`name: jsondiff`
			`remote_user: "{{ user }}"`
			`delegate_to: 172.17.0.1`
			`become: true`

Fix syntax error and refactor. 2023-10-22 14:00:58 +00:00			`- name: Create backup directory`
			`ansible.builtin.file:`
			`path: "{{ WORKDIR }}/backup"`
			`state: directory`