diff --git a/ansible/skund.yml b/ansible/skund.yml
index fd7d52eaa6d479ec172abbc5d68e232edaf2f0a3..af77cbd759842951bc3f167aa8feeedeaec64d13 100644
--- a/ansible/skund.yml
+++ b/ansible/skund.yml
@@ -9,6 +9,8 @@
# Samba (local nets only)
ip saddr 192.168.0.0/21 tcp dport { 139, 445 } accept
ip saddr 192.168.0.0/21 tcp dport { 137, 138 } accept
+ backup_users:
+ - name: skund
tasks:
- fail:
@@ -111,3 +113,53 @@
public: true
writeable: true
+ - name: "Obtain root's SSH public key"
+ user:
+ name: root
+ generate_ssh_key: true
+ ssh_key_type: ed25519
+ register: root_user
+
+ - name: "Backups"
+ block:
+ - name: "Backup group"
+ group:
+ name: 'backup-remote'
+ system: true
+
+ - name: "Backup users"
+ user:
+ name: 'backup-{{item.name}}'
+ system: true
+ create_home: true
+ move_home: true
+ home: '/backup/{{item.name}}'
+ group: 'backup-remote'
+ shell: /bin/bash
+ loop: "{{backup_users}}"
+
+
+ - name: "Backup script"
+ copy:
+ src: "../backup-tar/backup.sh"
+ dest: "/usr/sbin/backup-tar"
+ mode: "u=rx,g=,o="
+
+ - name: "Backup config"
+ copy:
+ content: |
+ TARGET=backup-skund@127.0.0.1
+ SOURCES="/home/xstill/sync /home/xstill/recepty /home/xstill/_config /home/xstill/notes /data/xstill/repo-t14"
+ dest: "/backup/skund/backup-tar.config"
+
+ - name: "Authorized key for backup-skund"
+ ansible.posix.authorized_key:
+ key: "{{root_user.ssh_public_key}}"
+ user: "backup-skund"
+
+ - name: "Cron monitoring setup – jobs"
+ cron:
+ user: "root"
+ name: "backup-tar"
+ special_time: "daily"
+ job: "/usr/sbin/backup-tar /backup/skund/backup-tar.config"