Remove useless repository docker-duplicity-stack.

2023-10-22 17:44:05 +02:00 · 2023-10-22 17:44:05 +02:00 · 606f0f5315
commit 606f0f5315
parent e59988a4a1
3 changed files with 36 additions and 51 deletions
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -24,14 +24,37 @@
        state: directory
        mode: '0700'
    
+    - name: Extract required secrets from secrets.tar.gz.enc
+      shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
+      with_items:
+        - name: secrets/docker-duplicity-stack/mail_credentials.json
+          dir: /root/
+        - name: secrets/bootstrap/id_rsa
+          dir: /root/.ssh
+
+    - name: Change secret file permissions
+      ansible.builtin.file:
+        path: "{{ item }}"
+        mode: '0400'
+        owner: root
+        group: root
+      with_items:
+        - /root/mail_credentials.json
+        - /root/.ssh/id_rsa
+
+    - name: Copy ssh config
+      ansible.builtin.copy:
+        src: /root/duplicity_playbooks/files/config
+        dest: /root/.ssh/config
+        mode: '0640'
+        owner: root
+        group: root
+      when: copy_output is changed
+
+    - name: Send mail with new secrets
    - name: Extract from secrets.tar.gz.enc
      shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ WORKDIR }}/secrets.tar.gz.enc | tar -zxv -C {{ WORKDIR }}"

-    - name: Change SSH private key permissions
-      ansible.builtin.file:
-        path: /root/.ssh/id_rsa
-        mode: '0400'
-
    - name: Retrieve documentation
      ansible.builtin.get_url:
        url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','DOC_KEY') }}/download"
@ -57,6 +80,14 @@
      ansible.builtin.package:
        name: python2
        state: present
+      when: copy_output is changed
+
+    - name: Copy sendmail.py
+      ansible.builtin.copy:
+        src: /root/duplicity_playbooks/files/sendmail.py
+        dest: /root/sendmail.py
+        mode: '0770'
+      when: copy_output is changed

    - name: Send mail with new secrets
      ansible.builtin.command: "/root/sendmail.py -a {{ WORKDIR }}/secrets.tar.gz.enc {{ WORKDIR }}/mail /root/mail_credentials.json"
--- a/tasks/down.yml
+++ b/tasks/down.yml
@ -13,14 +13,6 @@
  delegate_to: 172.17.0.1
  become: true

- name: Remove docker-duplicity-stack directory
-  ansible.builtin.file:
-    path: "/home/{{ user }}/repository/docker-duplicity-stack"
-    state: absent
-  remote_user: "{{ user }}"
-  delegate_to: 172.17.0.1
-  become: true
-
 - name: unmount /mnt/cloud
  ansible.posix.mount:
    path: /mnt/cloud
--- a/tasks/start.yml
+++ b/tasks/start.yml
@ -22,8 +22,6 @@
 - name: Extract from secrets.tar.gz.enc
  shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
  with_items:
-    - name: secrets/docker-duplicity-stack/mail_credentials.json
-      dir: /root/
    - name: secrets/bootstrap/id_rsa
      dir: /root/.ssh
    - name: secrets/docker-duplicity-stack/nextcloud_password.sh
@ -36,36 +34,6 @@
    path: /root/.ssh/id_rsa
    mode: '0400'

- name: Remove docker-duplicity-stack directory
-  ansible.builtin.file:
-    path: "/home/{{ user }}/repository/docker-duplicity-stack"
-    state: absent
-  remote_user: "{{ user }}"
-  delegate_to: 172.17.0.1
-  become: true
-
- name: Clone docker-duplicity-stack repo
-  ansible.builtin.git:
-    repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity-stack.git'
-    dest: "/home/{{ user }}/repository/docker-duplicity-stack"
-    clone: yes
-    force: true
-  remote_user: "{{ user }}"
-  delegate_to: 172.17.0.1
-  become: true
-
- name: Copy files
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "/home/{{ user }}/repository/docker-duplicity-stack"
-    mode: '0400'
-  remote_user: "{{ user }}"
-  delegate_to: 172.17.0.1
-  become: true
-  with_items:
-    - /root/mail_credentials.json
-    - /root/.ssh/id_rsa
-
 - name: Set Nextcloud credentials
  ansible.builtin.include_tasks: "tasks/source_vars.yml"
  with_items:
@ -235,15 +203,9 @@
    output_logs: true
    detach: false
    network_mode: host
-    working_dir: "/home/{{ user }}/repository/docker-duplicity-stack"
    volumes:
      - /mnt/volumes:/mnt/volumes:z
      - /mnt/cloud:/mnt/cloud:z
-      - /home/{{ user }}/repository/docker-duplicity-stack/backup_scripts:/mnt/scripts:z
-      - /home/{{ user }}/repository/docker-duplicity-stack/sendmail.py:/root/sendmail.py:z
-      - /home/{{ user }}/repository/docker-duplicity-stack/mail_credentials.json:/root/mail_credentials.json:z
-      - /home/{{ user }}/repository/docker-duplicity-stack/id_rsa:/root/.ssh/id_rsa:Z
-      - /home/{{ user }}/repository/docker-duplicity-stack/config:/root/.ssh/config:Z
      - /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z
    env:
      OS_AUTH_URL: "{{ OS_AUTH_URL }}"