Enable configuration of borg user

README.md

@@ -70,6 +70,9 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
 - `borg_ssh_key_file_path`: SSH-key to be used. Default `~/.ssh/{{ borg_ssh_key_name }}`
 - `borg_ssh_key_type`: The algorithm used to generate the SSH private key. Choose: `rsa`, `dsa`, `rsa1`, `ecdsa`, `ed25519`. Default: `ed25519`
 - `borg_ssh_command`: Command to use instead of just "ssh". This can be used to specify SSH options.
+- `borg_user`: Name of the User to create Backups. Defeaults to `root`.
+- `borg_group`: Name of the Group to create Backups. Defaults to `root`.
+- `borg_user_ssh_config_path`: Path of you SSH config file. Defaults to `/root/.ssh/config`.
 
 #### Borgbase Variables
 - `borgbase_api_key`: API key to interact with borgbase.com`
@@ -87,9 +90,6 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
 - `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
 - `borgmatic_version`: Force a specific borgmatic version to be installed
 
-#### Misc Variables
-- `ssh_config_path`: Path of you SSH config file. Defaults to `/root/.ssh/config`.
-
 ## Credits
 
 This role is based on [Ansible Role: BorgBackup Client](https://github.com/borgbase/ansible-role-borgbackup).

defaults/main.yml

@@ -4,9 +4,9 @@ borg_exclude_patterns: []
 borg_one_file_system: true
 borg_exclude_from: []
 borg_encryption_passcommand: false
-borg_key_export_path: "/root/borg_keys"
+borg_key_export_path: "{{ borg_user }}/borg_keys"
 borg_lock_wait_time: 5
-borg_ssh_key_file_path: "/root/.ssh/{{ borg_ssh_key_name }}"
+borg_ssh_key_file_path: "{{ borg_user }}/.ssh/{{ borg_ssh_key_name }}"
 borg_ssh_key_name: borgbackup
 borg_ssh_key_type: "ed25519"
 borg_ssh_command: false
@@ -18,6 +18,9 @@ borg_retention_policy:
   keep_daily: 7
   keep_weekly: 4
   keep_monthly: 6
+borg_user: root
+borg_group: root
+borg_user_ssh_config_path: "{{ borg_user }}/.ssh/config"
 
 borgmatic_timer_cron_name: "borgmatic"
 borgmatic_timer_hour: "{{ range(0, 5) | random(seed=inventory_hostname) }}"
@@ -42,5 +45,3 @@ borgmatic_check_last: 3
 borgmatic_store_atime: true
 borgmatic_store_ctime: true
 borgmatic_relocated_repo_access_is_ok: false
-
-ssh_config_path: /root/.ssh/config

tasks/borg.yml

@@ -15,6 +15,7 @@
     name: "{{ borgmatic_timer_cron_name }}"
     hour: "{{ borgmatic_timer_hour }}"
     minute: "{{ borgmatic_timer_minute }}"
+    user: "{{ borg_user }}"
     cron_file: "{{ borgmatic_timer_cron_name }}"
     job: "borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }} >/dev/null"
 

tasks/ssh.yml

@@ -1,18 +1,30 @@
 ---
+- name: "SSH | Ensure directory exist"
+  ansible.builtin.file:
+    path: "{{ borg_user }}/.ssh/"
+    state: directory
+    mode: "0700"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
+
 - name: "SSH | Generate an OpenSSH keypair"
   community.crypto.openssh_keypair:
     path: "{{ borg_ssh_key_file_path }}"
     type: "{{ borg_ssh_key_type }}"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
 
 - name: "SSH | Ensure configuration file is present"
   ansible.builtin.file:
-    path: "{{ ssh_config_path }}"
+    path: "{{ borg_user_ssh_config_path }}"
     state: touch
     mode: "644"
+    owner: "{{ borg_user }}"
+    group: "{{ borg_group }}"
 
 - name: "SSH | Insert borgbase configuration"
   ansible.builtin.blockinfile:
-    path: "{{ ssh_config_path }}"
+    path: "{{ borg_user_ssh_config_path }}"
     marker: "### {mark} ANSIBLE MANAGED BLOCK"
     block: |
       Host *.repo.borgbase.com