first duplicity and back working

wescale · Jul 9, 2024 · 536f209 · 536f209
1 parent 5546068
commit 536f209
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/roles/vault/tasks/__snapshot.yml b/roles/vault/tasks/__snapshot.yml
@@ -11,6 +11,17 @@
   shell:
     cmd: >-
       source {{ __hs_vault_snapshot_home_dir }}/.bash_profile &&
-      vault operator raft snapshot save vault.{{ ansible_date_time.iso8601_basic_short }}.snapshot
+      vault operator raft snapshot save
+      {{ __hs_vault_snapshot_home_dir }}/snapshots/vault.{{ ansible_date_time.iso8601_basic_short }}.snapshot
     executable: /usr/bin/bash
+    chdir: "{{ __hs_vault_snapshot_home_dir }}/snapshots"
+
+- name: "Create archive"
+  shell:
+    cmd: >-
+      duplicity backup {{ __hs_vault_snapshot_home_dir }}/snapshots
+      file://{{ __hs_vault_snapshot_home_dir }}
+    executable: /usr/bin/bash
+  environment:
+    PASSPHRASE: "{{ hs_vault_snapshot_passphrase }}"
 
diff --git a/roles/vault/tasks/tf_addons/_snapshot.yml b/roles/vault/tasks/tf_addons/_snapshot.yml
@@ -19,6 +19,14 @@
     group: vault
     mode: 0700
 
+- name: "Create vault snapshot directory"
+  file:
+    path: "{{ __hs_vault_snapshot_home_dir }}/snapshots"
+    state: directory
+    owner: vault-snapshot
+    group: vault
+    mode: 0700
+
 - name: "Authorize snapshot user keys"
   ansible.posix.authorized_key:
     user: vault-snapshot
@@ -83,7 +91,11 @@
       ---
       {{
         {
-          'hs_vault_snapshot_token': tf_result.outputs.snapshot_token.value
+          'hs_vault_snapshot_token': tf_result.outputs.snapshot_token.value,
+          'hs_vault_snapshot_passphrase': (
+            hs_vault_snapshot_passphrase
+            | default(lookup('password', '/dev/null length=64 chars=ascii_letters,digits'))
+          )
         } | to_nice_yaml(indent=2)
       }}
     mode: 0600