restic: fix missing backup server fingerprint

Signed-off-by: bic <bicno@autistici.org>
2021-03-31 18:29:28 +02:00 · 2021-03-31 18:29:28 +02:00 · fc734427e2
commit fc734427e2
parent a823468870
2 changed files with 9 additions and 0 deletions
--- a/roles/stable/restic/defaults/main.yml
+++ b/roles/stable/restic/defaults/main.yml
@ -33,5 +33,6 @@ restic_password: "{{lookup('community.general.passwordstore', '{{passwordstore_p
 restic_repository_name: "{{ansible_hostname | default('restic') }}"
 restic_ssh_private_key: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_private returnall=true')}}"
 restic_ssh_hostname: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_hostname')}}"
+restic_ssh_host_fingerprint: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_host_fingerprint')}}"
 restic_ssh_user: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_user')}}"
 restic_ssh_port: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/restic/ssh_port') | default(22)}}"
--- a/roles/stable/restic/tasks/main.yml
+++ b/roles/stable/restic/tasks/main.yml
@ -26,6 +26,14 @@
    mode: '0600'
  when: restic_ssh_private_key is defined and restic_ssh_enabled

+- name: Add backup server host fingerprint
+  become: yes
+  known_hosts:
+    name: '[{{ restic_ssh_hostname }}]:{{ restic_ssh_port }}'
+    key: '{{ restic_ssh_host_fingerprint }}'
+    path: '{{ restic_user_home }}/.ssh/known_hosts'
+    state: present
+
 - name: Add restic_env in home folder
  become: yes
  template: