--- - name: Assert extra-vars are set ansible.builtin.assert: that: - item | length > 0 msg: "{{ item }} environment variable must be set" with_items: - KEY - DOC_KEY - DUPLICITY_PASSPHRASE - SCRIPT - name: Assert SECRETS_ARCHIVE_PASSPHRASE environment variable is set ansible.builtin.assert: that: - lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0 msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set" - name: Download secrets.tar.gz.enc ansible.builtin.get_url: url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc" dest: /root/secrets.tar.gz.enc - name: Install openssh-client ansible.builtin.package: name: openssh-client state: present - name: Create /root/.ssh directory ansible.builtin.file: path: /root/.ssh state: directory mode: '0700' - name: Extract from secrets.tar.gz.enc shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}" with_items: - name: secrets/docker-duplicity-stack/mail_credentials.json dir: /root/ - name: secrets/bootstrap/id_rsa dir: /root/.ssh - name: secrets/docker-duplicity-stack/nextcloud_password.sh dir: /root - name: secrets/bootstrap/openrc.sh dir: /root - name: Change SSH private key permissions ansible.builtin.file: path: /root/.ssh/id_rsa mode: '0400' - name: Remove docker-duplicity-stack directory ansible.builtin.file: path: "/home/{{ user }}/repository/docker-duplicity-stack" state: absent remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Clone docker-duplicity-stack repo ansible.builtin.git: repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity-stack.git' dest: "/home/{{ user }}/repository/docker-duplicity-stack" clone: yes force: true remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Copy files ansible.builtin.copy: src: "{{ item }}" dest: "/home/{{ user }}/repository/docker-duplicity-stack" mode: '0400' remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true with_items: - /root/mail_credentials.json - /root/.ssh/id_rsa - name: Set Nextcloud credentials ansible.builtin.include_tasks: "tasks/source_vars.yml" with_items: - NEXTCLOUD_USER - NEXTCLOUD_PASSWORD vars: shell_script: /root/nextcloud_password.sh - name: Create /mnt/cloud directory if it does not exist ansible.builtin.file: path: /mnt/cloud state: directory mode: '0755' remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Create /etc/davfs2 directory ansible.builtin.file: path: /etc/davfs2 state: directory mode: '0755' remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Copy using inline content ansible.builtin.copy: content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}' dest: /etc/davfs2/secrets mode: '0600' remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: mount /mnt/cloud ansible.posix.mount: path: /mnt/cloud src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/" fstype: davfs opts: "uid={{ user }},gid={{ user }}" state: mounted remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Set OpenStack credentials ansible.builtin.include_tasks: "tasks/source_vars.yml" with_items: - OS_AUTH_URL - OS_IDENTITY_API_VERSION - OS_USER_DOMAIN_NAME - OS_PROJECT_DOMAIN_NAME - OS_TENANT_ID - OS_TENANT_NAME - OS_USERNAME - OS_PASSWORD - OS_REGION_NAME vars: shell_script: /root/openrc.sh - name: Setup volume ansible.builtin.include_tasks: "tasks/setup_volume.yml" with_items: - name: tmp_duplicity_workdir size: 20 - name: duplicity_cache size: 5 - name: Install git ansible.builtin.package: name: git state: present - name: Get docker-duplicity repo's last commit ansible.builtin.git: repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git' clone: no update: no version: dev register: git - name: Set fact tag set_fact: tag: "{{ git.after[0:10] }}" - name: Search for image community.docker.docker_image: name: duplicity tag: "{{ tag }}" source: local docker_host: tcp://127.0.0.1:2375 register: local_duplicity_image failed_when: false - name: Create image build directory ansible.builtin.file: path: "/home/{{ user }}/build_docker-duplicity" state: directory when: - local_duplicity_image.msg is defined - '"Cannot find the image" in local_duplicity_image.msg' remote_user: "{{ user }}" delegate_to: 172.17.0.1 - name: Clone docker-duplicity repo ansible.builtin.git: repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git' dest: "/home/{{ user }}/build_docker-duplicity" clone: yes version: dev when: - local_duplicity_image.msg is defined - '"Cannot find the image" in local_duplicity_image.msg' remote_user: "{{ user }}" delegate_to: 172.17.0.1 - name: Build duplicity image community.docker.docker_image: name: duplicity tag: "{{ tag }}" build: path: "/home/{{ user }}/build_docker-duplicity" source: build when: - local_duplicity_image.msg is defined - '"Cannot find the image" in local_duplicity_image.msg' remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Remove image build directory ansible.builtin.file: path: "/home/{{ user }}/build_docker-duplicity" state: absent when: - local_duplicity_image.msg is defined - '"Cannot find the image" in local_duplicity_image.msg' remote_user: "{{ user }}" delegate_to: 172.17.0.1 - name: Install jsondiff from pip ansible.builtin.pip: name: jsondiff remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true - name: Clone duplicity_playbooks repo ansible.builtin.git: repo: 'https://{{ GIT_SERVER }}/yohan/duplicity_playbooks.git' dest: "/home/{{ user }}/repository/duplicity_playbooks_temp" clone: yes version: dev force: true remote_user: "{{ user }}" delegate_to: 172.17.0.1 - name: Start duplicity container community.docker.docker_container: name: duplicity image: "duplicity:{{ tag }}" entrypoint: - "ansible-playbook" - "/root/duplicity_playbooks/gen_bootstrap.yml" output_logs: true detach: false network_mode: host working_dir: "/home/{{ user }}/repository/docker-duplicity-stack" volumes: - /mnt/volumes:/mnt/volumes:z - /mnt/cloud:/mnt/cloud:z - /home/{{ user }}/repository/docker-duplicity-stack/backup_scripts:/mnt/scripts:z - /home/{{ user }}/repository/docker-duplicity-stack/sendmail.py:/root/sendmail.py:z - /home/{{ user }}/repository/docker-duplicity-stack/mail_credentials.json:/root/mail_credentials.json:z - /home/{{ user }}/repository/docker-duplicity-stack/id_rsa:/root/.ssh/id_rsa:Z - /home/{{ user }}/repository/docker-duplicity-stack/config:/root/.ssh/config:Z - /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z env: OS_AUTH_URL: "{{ OS_AUTH_URL }}" OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}" OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}" OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}" OS_TENANT_ID: "{{ OS_TENANT_ID }}" OS_TENANT_NAME: "{{ OS_TENANT_NAME }}" OS_USERNAME: "{{ OS_USERNAME }}" OS_PASSWORD: "{{ OS_PASSWORD }}" OS_REGION_NAME: "{{ OS_SWIFT_REGION_NAME }}" KEY: "{{ KEY }}" DOC_KEY: "{{ DOC_KEY }}" SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env','SECRETS_ARCHIVE_PASSPHRASE') }}" DUPLICITY_PASSPHRASE: "{{ DUPLICITY_PASSPHRASE }}" remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true register: container_output - debug: msg: "{{ container_output.container.Output.split('\n') }}" # docker_compose collection version will not work on Centos 7 #- name: Start duplicity stack # community.docker.docker_compose: # project_src: /home/{{ user }}/repository/docker-duplicity-stack # state: present # remote_user: "{{ user }}" # delegate_to: 172.17.0.1 # become: true