Add Roles for preparing the Backup Location and for the Environment Variables for Backups

roles/unhb_backup_location/ssh_pub_keys/id_ed25519_unhb2.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+PKk36CATvlCTByaTUjVUrYtZsTLZhqAUx/n2X/GnF root@neuromancer.unhb.de

roles/unhb_backup_location/ssh_pub_keys/id_ed25519_unhb4.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKJc4RQfDo6jzYZY2w9UUjsCFqPYHSRr7ClSRDVaijv root@server4

roles/unhb_backup_location/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+
+- name: "Ensure the groups for the backups users exists"
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - restic_unhb2
+    - restic_unhb4
+
+- name: "Ensure the backup users for restic exist"
+  ansible.builtin.user:
+    name: "{{ item }}"
+    groups: "{{ item }}"
+    append: yes
+  with_items:
+    - restic_unhb2
+    - restic_unhb4
+
+- name: "Set authorized keys for restic_unhb2"
+  ansible.posix.authorized_key:
+    user: "restic_unhb2"
+    state: present
+    key: "{{ lookup('file', '{{ keys_item }}') }}"  
+  with_fileglob:
+    - ../ssh_pub_keys/*.pub
+  loop_control:
+    loop_var: keys_item
+
+- name: "Set authorized keys for restic_unhb4"
+  ansible.posix.authorized_key:
+    user: "restic_unhb4"
+    state: present
+    key: "{{ lookup('file', '{{ keys_item }}') }}"  
+  with_fileglob:
+    - ../ssh_pub_keys/*.pub
+  loop_control:
+    loop_var: keys_item

roles/unhb_backup_location/templates/restic_db_passwords.env.j2

@@ -0,0 +1,6 @@
+MARIADB_ROOT_PASSWORD_NEXTCLOUD={{ unhb4_mariadb_containers['nextcloud'].password }}
+MARIADB_ROOT_PASSWORD_ETHERPAD={{ unhb4_mariadb_containers['etherpad'].password }}
+MARIADB_ROOT_PASSWORD_JVEREIN={{ unhb4_mariadb_containers['jverein'].password }}
+MARIADB_ROOT_PASSWORD_URLSHORTENER={{ unhb4_mariadb_containers['urlshortener'].password }}
+MARIADB_ROOT_PASSWORD_WIKI={{ unhb4_mariadb_containers['wiki'].password }}
+MARIADB_ROOT_PASSWORD_WORDPRESS={{ unhb4_mariadb_containers['wordpress'].password }}

roles/unhb_backup_scripts/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: "Template restic_db_passwords.env"
+  ansible.builtin.template:
+    src: "restic_db_passwords.env_{{ inventory_hostname }}.j2"
+    dest: /opt/scripts/restic/restic_db_passwords.env
+    owner: root
+    group: root
+    mode:  '0440'
+    force: true

roles/unhb_backup_scripts/templates/restic_db_passwords.env_unhb2.j2

@@ -0,0 +1,3 @@
+MARIADB_PASSWORD_PARTKEEPR={{ unhb2_mariadb_containers['partkeepr'].password }}
+MARIADB_PASSWORD_ENGELSYSTEM={{ unhb2_mariadb_containers['engelsystem'].password }}
+

roles/unhb_backup_scripts/templates/restic_db_passwords.env_unhb4.j2

@@ -0,0 +1,6 @@
+MARIADB_PASSWORD_NEXTCLOUD={{ unhb4_mariadb_containers['nextcloud'].password }}
+MARIADB_PASSWORD_ETHERPAD={{ unhb4_mariadb_containers['etherpad'].password }}
+MARIADB_PASSWORD_JVEREIN={{ unhb4_mariadb_containers['jverein'].password }}
+MARIADB_PASSWORD_URLSHORTENER={{ unhb4_mariadb_containers['urlshortener'].password }}
+MARIADB_PASSWORD_WIKI={{ unhb4_mariadb_containers['wiki'].password }}
+MARIADB_PASSWORD_WORDPRESS={{ unhb4_mariadb_containers['wordpress'].password }}

site.yml

@@ -10,6 +10,8 @@
     - apt_listchanges
     - basic_common_settings
     - firewalld
+    - unhb_backup_location
+    - unhb_backup_scripts
     
 - name: Set up roles on unhb4
   hosts: unhb2