wip

bundles/backup-server/metadata.py

@@ -10,5 +10,16 @@ defaults = {
 @metadata_reactor.provides(
     'users/backup-receiver/authorized_keys'
 )
-def backup_authorized_keys():
-    return
+def backup_authorized_keys(metadata):
+    return {
+        'users': {
+            'backup-receiver': {
+                'authorized_keys': [
+                    other_node.metadata.get('users/backup/pubkey')
+                        for other_node in repo.nodes
+                        if other_node.has_bundle('backup')
+                        and other_node.metadata.get('backup/server') == node.name
+                ],
+            },
+        },
+    }

bundles/backup/metadata.py

@@ -8,4 +8,7 @@ defaults = {
         'server': None,
         'paths': [],
     },
+    'users': {
+        'backup': {},
+    },
 }

bundles/users/metadata.py

@@ -30,10 +30,7 @@ def user(metadata):
         if not 'shell' in config:
             users[name]['shell'] = '/bin/bash'
             
-        if not 'password_hash' in config:
-            users[name]['password_hash'] = 'x' if node.use_shadow_passwords else '*'
-
-        if not 'privkey' in users[name]:
+        if not 'privkey' in users[name] and not 'pubkey' in users[name]:
             privkey, pubkey = repo.libs.ssh.generate_ad25519_key_pair(
                 b64decode(str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32)))
             )

groups/all.py

@@ -5,7 +5,7 @@
     ],
     'metadata': {
         'backup': {
-            'server': 'backups.sublimity.de',
+            'server': 'home.backups',
         },
         'dns': {},
         'users': {

groups/applications/backup-server.py

@@ -0,0 +1,6 @@
+{
+    'bundles': [
+        'backup-server',
+        'zfs',
+    ],
+}

nodes/home.backups.py

@@ -2,6 +2,7 @@
     'hostname': '10.0.0.5',
     'groups': [
         'debian-10',
+        'backup-server',
     ],
     'bundles': [
         'zfs',