add support to create a remote sftp user

2021-06-12 19:04:29 +02:00 · 2021-06-12 19:04:29 +02:00 · de9e0004f6
commit de9e0004f6
parent 90f6b0a360
3 changed files with 86 additions and 2 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -15,6 +15,7 @@
  when: backup_executor
  block:
  - name: generate ssh key
+    register: backup_ssh_key_task
    community.crypto.openssh_keypair:
      path: /etc/backup-client/id_ed25519
      type: ed25519
@ -98,6 +99,60 @@
      group: root
      mode: 0700

+- name: create a remote sftp user if enabled
+  when:
+    - backups.remote_sftp_user.enabled
+    - backup_executor
+  delegate_to: "{{ backups.remote_sftp_user.host }}"
+  block:
+    - name: "create user {{ backups.remote_sftp_user.name }}"
+      user:
+        name: "{{ backups.remote_sftp_user.name }}"
+        createhome: yes
+        shell: /sbin/nologin
+        system: false
+        group: "{{ backups.remote_sftp_user.group }}"
+        groups: "{{backups.remote_sftp_user.groups }}"
+    - name: add ssh key to user
+      when: not ansible_check_mode
+      ansible.posix.authorized_key:
+        user: "{{ backups.remote_sftp_user.name }}"
+        state: present
+        key: '{{ backup_ssh_key_task.public_key }}'
+    - name: create chroot folder
+      file:
+        path: "{{ backups.remote_sftp_user.chroot_basepath }}"
+        owner: root
+        group: root
+        mode: 0755
+        state: directory
+    - name: create bind mount point in chroot folder
+      file:
+        path: "{{ backups.remote_sftp_user.chroot_basepath }}/backups"
+        owner: "{{ backups.remote_sftp_user.name }}"
+        group: "{{ backups.remote_sftp_user.group }}"
+        mode: 0700
+        state: directory
+    - name: create storage folder
+      when: backups.remote_sftp_user.create_storage_folder
+      file:
+        path: "{{ backups.remote_sftp_user.storage_path }}"
+        owner: "{{ backups.remote_sftp_user.name }}"
+        group: "{{ backups.remote_sftp_user.group }}"
+        mode: 0700
+        state: directory
+    - name: "setup bindmount"
+      loop:
+        - mounted
+        - present
+      mount:
+        path: "{{ backups.remote_sftp_user.chroot_basepath }}/backups"
+        src: "{{ backups.remote_sftp_user.storage_path }}"
+        opts: "rw,bind,noauto,x-systemd.automount"
+        fstype: auto
+        passno: "0"
+        state: "{{ item }}"
+
 - name: handle common restic based setup tasks
  when: backup_backend == 'restic'
  block: