From fbfa8c7204189c026a03e2ccce4bde4a0c72605e Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Apr 2019 13:19:24 +0200
Subject: [PATCH] [backup] Implement rsyncd

---
 backup.yml                                  |  7 +++
 group_vars/all/vault.yml                    | 63 +++++++++++----------
 roles/rsync-client/tasks/main.yml           | 32 +++++++++++
 roles/rsync-client/templates/rsyncd.conf.j2 | 44 ++++++++++++++
 4 files changed, 116 insertions(+), 30 deletions(-)
 create mode 100644 backup.yml
 create mode 100644 roles/rsync-client/tasks/main.yml
 create mode 100644 roles/rsync-client/templates/rsyncd.conf.j2

diff --git a/backup.yml b/backup.yml
new file mode 100644
index 00000000..1b991d86
--- /dev/null
+++ b/backup.yml
@@ -0,0 +1,7 @@
+---
+# Playbook to deploy backup client
+- hosts: all
+  vars:
+    backuppc_rsyncd_passwd: "{{ vault_backuppc_rsyncd_passwd }}"
+  roles:
+    - rsync-client
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 0e007106..a9c81389 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,31 +1,34 @@
 $ANSIBLE_VAULT;1.1;AES256
-31333537633064326436386262343965626135306366386437666635613839333364336366356535
-3862663966643462663662616166656366366266326539380a303932616262336461653832363163
-31393964376632623462333964666533333639393631393865343062393135653937663063616135
-3763666336383136300a636662616534323639623663303730653230323330343366616235393239
-37666335393532623732336135633331306136323766323866313138643830386461303839623234
-37623031346638323061346666396632663036643964666130633131393632306165646438633030
-62383064643963643539353039373131336333343230663863653433653466643734313566383566
-66653664303031626562366430623336613363343130373063313463386631616235316663613664
-63353836626231376230356237313036373934663563326131613866323932663464633133316565
-64376261313435306265336666326264663933333138346437343063313932626633306533303135
-64336531313864656234396232373437626132333932336337643562313730323865343433326138
-39376438363132396439656532616161376639363663636264646366646530663139666334343637
-66313161363661623636336165356139333966396138336465643264323261363236353631316562
-36343135393062336633626439666332653462343438656566323236616131653463333738396530
-61633439663661386635373437343564303231363862356439343839393037393961643866666130
-37646435373966373662666263333561326365333530373333373633653539643334323762393533
-63393537643138376465623230613530393235616566663534333033643430643263323464616133
-38626333306263313139396635323732646561366334313639366162656435393230333664646330
-33333137373538666136643363636366333730313033356561366564383563393837396266306264
-33383966663132376235333037653861353265346338396633376363393062633033653065343539
-36663561393365623336653036633039316235396134303137353565653365613831333364663961
-33336134666662336162386635393432346138313137386561373731393033323733663663373639
-32656636646361303833313835323032356633333861636533333061646461366632633037333863
-64353638613236363063363136393338646361303066333837356664333834336465343565633461
-30316164333133306166366534643962303766626663326366376234376138353837353263646437
-32643734343530643035393938643663633537323134316263666362333564303234316535383936
-39633237643061656230633837356230323263343265643162323536633432633936633330323830
-32663932313431353837356139306631376466633861313663376237336438366637333862366134
-61303136643536363535376262346639346361366161323934336230633861376433366138343937
-3366396137633132316239623437633131323765383239653031
+63636535353833663737346463323366633264356662383235363231613431363038646435343830
+3836363934663864356666366161353231343033353665610a636230343963386538336635376361
+38333931393362353463383939666230393361613466666236666532613161323839633838383132
+3638356236663536300a373833303062653534346161613634393661363638363963316463626539
+30393564633462363831623234313961656661646635303435316338336566623962353539656631
+35623465313036653832613565656161303633376531346337316436366435633461383733316530
+61333262353935323732646239366161346634616233613166306430386537346632333030626335
+34326239666461613530663466303239373466373631643962313731653136393361633963383566
+32363532323437333862623466373734663561383637326537323464383334303337323861333862
+63366631346461393732633038383438383039353763306365313666393730633836653965643537
+65373362303631646630366439633464356635616533366563633764356564333538373638363964
+31613230643138313738383661376363313739336463353838653162306336343534343464396330
+39353336633430373361356366323330393739303234383935616530326264393464336433363865
+39306666636137343764333466343063373263326239303139666362373332393934303235613366
+32373331333232376332613931333133363536313163366536633539306464616137666561313863
+35656430663461353464376335396465303634393835303935393062373366303664663838373734
+36623435636535393561323735366564306464646532323139616237656530353436356635373366
+61396464626432653731323138643462306432353932313263346561663336313066396162323230
+30623561393665336634353364376138666533666235316137353238383235313261303235663534
+64623963653633306339643866646638633465663433336239383264393463373739393235636337
+61313838666466373561363065636635623835623239316132623565613532333364313863363234
+63616465633966336164306566646265613563643631363038343231373861643737323533646432
+62316631333763393463353963383761356333326231616131353063653064306264623235616534
+34626266313737363161653039663832613336626465333566616266366536613532623935323933
+66396437326561663564633261646538613733623632336234656663633935376562346237373732
+32643764313966333130316137346566396636343836623266333231383336393564326663343530
+39333961333639346437623030313930333062646265363737613632333537636632396164613132
+36623039313663643962663963643231396235656536373835386264336161633738633863656132
+38386538336439316230646531653064366535616536643264316634616265346638666333633661
+65303531643133323464616661656134346337643135313833623763363466653965356664363332
+30316563613739363834306236363162623562343237303737333964353632653062343634643234
+61306336343832393866353136303837613766636335663033616437636531393363636261323566
+6562
diff --git a/roles/rsync-client/tasks/main.yml b/roles/rsync-client/tasks/main.yml
new file mode 100644
index 00000000..618be2e7
--- /dev/null
+++ b/roles/rsync-client/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: Install rsync
+  apt:
+    update_cache: true
+    name: rsync
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Enable rsync daemon
+  lineinfile:
+    path: /etc/default/rsync
+    regexp: '^RSYNC_ENABLE'
+    line: RSYNC_ENABLE=true
+
+- name: Configure rsyncd
+  template:
+    src: rsyncd.conf.j2
+    dest: /etc/rsyncd.conf
+    mode: 0644
+
+- name: Copy rsyncd secrets
+  copy:
+    content: "backupcrans:{{ backuppc_rsyncd_passwd }}"
+    dest: /etc/rsyncd.secrets
+    mode: 0600
+
+- name: Start rsync service
+  systemd:
+    name: rsync
+    enabled: true
+    state: started
diff --git a/roles/rsync-client/templates/rsyncd.conf.j2 b/roles/rsync-client/templates/rsyncd.conf.j2
new file mode 100644
index 00000000..a734c54e
--- /dev/null
+++ b/roles/rsync-client/templates/rsyncd.conf.j2
@@ -0,0 +1,44 @@
+# {{ ansible_managed }}
+
+# GLOBAL OPTIONS
+log file=/var/log/rsyncd
+# for pid file, dont' use /var/run/rsync.pid unless you're not going to run
+# rsync out of the init.d script. The /var/run/rsyncd.pid below is OK.
+pid file=/var/run/rsyncd.pid
+syslog facility=daemon
+
+uid = root
+gid = root
+use chroot = no
+read only = yes
+# On ne liste pas les modules
+list = no
+#max connections=2
+ignore errors = no
+ignore nonreadable = yes
+# ne loggue pas tous les fichiers
+transfer logging = no 
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
+# verifie les droits de /etc/rsyncd.secrets
+strict modes = yes
+# personne n'accede aux modules par defaut
+hosts deny = *
+
+# MODULE OPTIONS
+
+{# Liste des dossiers a sauvegarder par serveur, en plus de la racine. #}
+[var]
+path = /var
+auth users = backupcrans
+secrets file = /etc/rsyncd.secrets
+hosts allow = zephir.adm.crans.org 10.231.136.6
+
+[slash]
+path = /
+auth users = backupcrans
+secrets file = /etc/rsyncd.secrets
+hosts allow = zephir.adm.crans.org 10.231.136.6
+
+{# TODO: implÃ©menter le vrai systÃ¨me comme dans BCFG2 #}
+{# TODO: implÃ©menter le cas particulier de main-ftp-server, cpasswords-main et wiki #}
+
-- 
GitLab