I'm working on an restic and SSH-based backup solution implemented via Ansible. Omitting the details, it uses sftp:backups-{{ restic_backup_name }}:{{ inventory_hostname }}
as the repository URL, which means that I need to add the following stanza to .ssh/config
to the backup user on the sending server:
Host backup-{{ restic_backup_name }}
HostName {{ restic_backup_host }}
User restic-backup
IdentityFile /etc/restic/{{ restic_backup_name }}.key
As you can see, there's no problem generating the stanza from a template, but in the (probably rare, but I'm trying to account for edge cases) case where a .ssh/config
already exists I don't want to overwrite the existing file, just add this stanza to it.
(Skipping this step if it exists already would be nice, but that's optional for now)
While working on this question I realized that the blockinfile will do what I want:
- name: Create SSH config block
blockinfile:
path: /root/.ssh/config
block: |
Host backup-{{ restic_backup_name }}
HostName {{ restic_backup_host }}
User restic-backup
IdentityFile /etc/restic/{{ restic_backup_name }}.key
backup: yes
validate: /usr/sbin/sshd -T -f %s
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments