Cyber/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Complete rsync.net account migration

Browse source 
New username; separate and longer account manager + storage passwords.

Also, have to use --remote-path=borg1 when interacting with rsync.net.
This commit is contained in:
Evangelos Foutras 2021-11-06 11:20:48 +02:00
parent 2db513cc43
commit 69994e900a
No known key found for this signature in database
GPG key ID: 51E8B148A9999C34
15 changed files with 56 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/backups.md
View file

@ -12,7 +12,7 @@ The URL format for the primary one is
while for the offsite one it's while for the offsite one it's
ssh://<rsync_net_username>@prio.ch-s012.rsync.net:22/~/backup/<hostname> ssh://<rsync_net_username>@zh1905.rsync.net:22/~/backup/<hostname>
In the examples below, we'll just abbreviate the full address as `<backup_address>`. In the examples below, we'll just abbreviate the full address as `<backup_address>`.
If you want to use one of the examples below, you'll have to fill in the If you want to use one of the examples below, you'll have to fill in the

11
docs/ssh-hostkeys.txt
View file

@ -174,6 +174,17 @@
256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519) 256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519)
3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA) 3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA)
# mailman3.archlinux.org
1024 SHA256:uYhlq19YzcZ8PEModMv2Y65xsiq1H+mjdwZ8PtbPET8 root@archlinux-packer (DSA)
256 SHA256:85YiWFreKiw2Pv/XaKTqs0J0VInFtyVahpDRx2O9/B4 root@archlinux-packer (ECDSA)
256 SHA256:b0mcOvNMzGrekDDtx83ZB1p5kN0meFek7zz1LbkfeHM root@archlinux-packer (ED25519)
3072 SHA256:5hC4XSzA+/CgpL6cLYt0UbHB4aUs/o0IPxSScZwoi4A root@archlinux-packer (RSA)
1024 MD5:3b:20:ad:1e:65:d8:3a:2e:09:69:62:46:e6:d9:6a:3e root@archlinux-packer (DSA)
256 MD5:8d:ee:10:9b:05:56:b3:c7:4a:de:00:ad:95:c1:95:fa root@archlinux-packer (ECDSA)
256 MD5:25:a8:b9:3c:fe:74:e7:7f:39:03:8e:23:dc:20:eb:bf root@archlinux-packer (ED25519)
3072 MD5:20:a0:74:13:bd:97:59:11:75:a4:67:28:92:c3:40:35 root@archlinux-packer (RSA)
# man.archlinux.org # man.archlinux.org
1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA) 1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA)
256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA) 256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA)

11
docs/ssh-known_hosts.txt
View file

@ -78,6 +78,11 @@ mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzd
mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H
mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU= mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU=
# mailman3.archlinux.org
mailman3.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFIHctq5/hKXaU//Jkzifp71ePIzcxdlxE5SZz1e7AcNp0Cci9W8A8NPtP6DMUvv4ezdKp+A/Czcy49tQolI30s=
mailman3.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0FZBrH2DQQoGn85t+2PN8t8FmUst9PsEsmGekfFAc+
mailman3.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqZnMXg8rPkeKh3w9U/rNMc9NXjLu5K7Azfs0o/rIm3Hm2thLJH4i6hVGpSIfCw77WzoW0kotAEMkX3WaO/MXqp7qWiEv5Xy/Y9p2YNYdCdkhDdDhmuHSlYT+acnSHVPSjdN3SaaxXoN1/GAb5jlRMItZncind3gU0G6Kpls6N9tHsbjNqOG9Yv6hAlYfyVn4Q20H1ABLCJSUgWNOXq5DrqOLddblajbg4gQ8u6tYSpKDkPyEA8vmOueoTcwzB7k+aZRJmR9CVh5tsYc6QyBlljkFY8xhwLxVRMAe7dPND7LsTbfO20zVlZ94rPkTN46lb9ekrVwlzLlFd0nnJ2iWFiBU9HKelsxj5r8OorZfRkpXa8QVW04smQxycgHutEmsDGob5OFYkAPrdbuE0vA8KOk02D8NWhFHcG2nR/zMohNEJQsoTIHx7xeagFrC4Xgn7M+nhCVIIpbAOkRFjHAr4j2fGHjLzxV3EPkLN08aIcK53uHZTo2YSHL+JoU936o8=
# man.archlinux.org # man.archlinux.org
man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA= man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA=
man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2 man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2
@ -168,11 +173,9 @@ wiki.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzd
wiki.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILFxxvRi7khrt6mUQGiXX35O1MBrrDeEmvaAnWo9ql/7 wiki.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILFxxvRi7khrt6mUQGiXX35O1MBrrDeEmvaAnWo9ql/7
wiki.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZQmj2D2B66bBHzze7+LEITju0rmtJT2rYsV/1GGpEPg6q6GAkUnIgRpyYxRn+UKRO9akDFXLv7W02h86cfbxOjeHufGMy/Y7NCPl2OSP9VauavJ3c3v/n80nmntU/Ji/U/p/roP0z+/OPgdWymFm0n33cl+XhmNOUumYQ7Y3z7EzrvCFZo2gt1EYChXb5Pd32rkd9tiwr3O0/M7TEiUxODzoD1dum+TJafUttC20V/4Sj8HztPx2BzhRugXfeEDbVlYvMXMMYgxbbhXLZyuE/dCaYpRvuekouAob7voIRSUaNqFXBLcGgo0udRI0mnKLgTb5bMprrRZ1zXIBU77H3gWyfHqe2I20arhXivtsHLEOZi0hc2/ni15WqkNS8G23n/+hJ+H16bjVb6t+8opErY4mL8T+F6OkxmNo8d0ztwUdxHEa+fvNPQ8UO6W4CN6kNVB9JE4f8j9FeHQq8rtlzo0wjUof4D7PhDn2WYA1l9RDiuRUxlGS4waStmttM3dE= wiki.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZQmj2D2B66bBHzze7+LEITju0rmtJT2rYsV/1GGpEPg6q6GAkUnIgRpyYxRn+UKRO9akDFXLv7W02h86cfbxOjeHufGMy/Y7NCPl2OSP9VauavJ3c3v/n80nmntU/Ji/U/p/roP0z+/OPgdWymFm0n33cl+XhmNOUumYQ7Y3z7EzrvCFZo2gt1EYChXb5Pd32rkd9tiwr3O0/M7TEiUxODzoD1dum+TJafUttC20V/4Sj8HztPx2BzhRugXfeEDbVlYvMXMMYgxbbhXLZyuE/dCaYpRvuekouAob7voIRSUaNqFXBLcGgo0udRI0mnKLgTb5bMprrRZ1zXIBU77H3gWyfHqe2I20arhXivtsHLEOZi0hc2/ni15WqkNS8G23n/+hJ+H16bjVb6t+8opErY4mL8T+F6OkxmNo8d0ztwUdxHEa+fvNPQ8UO6W4CN6kNVB9JE4f8j9FeHQq8rtlzo0wjUof4D7PhDn2WYA1l9RDiuRUxlGS4waStmttM3dE=
# prio.ch-s012.rsync.net # zh1905.rsync.net
prio.ch-s012.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5lfML3qjBiDXi4yh3xPoXPHqIOeLNp66P3Unrl+8g3 zh1905.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
# u236610.your-storagebox.de # u236610.your-storagebox.de
[u236610.your-storagebox.de]:23,[2a01:4f8:b16:3000::68]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs [u236610.your-storagebox.de]:23,[2a01:4f8:b16:3000::68]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs

21
group_vars/all/vault_rsync.net.yml
View file

@ -1,10 +1,13 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35646362653234383130323436333666656264303737633935336264313539353030376261313636 61636661646538643333653838373262333039643437666165333332663337373733363135333639
3339346461323430653162643938303562666664386235660a333561373038373839653430643666 6233383866323934306362373036363836623432353363380a393039626130633562646165636635
35633566393330346136646664343065663039386135363461646136303435313430333561313833 63616463616233313135336430343961656333613530633161313365613434306361316564666535
3630313034303638640a646364373062326464653937313430393332643335633166666663376630 3361353438326434330a613361633764393833383364303664646535346462386437333437393263
65383530363163303064336235633831353666323536376636616530363539346261333435326635 34633734313762376564386364636131313233376165626533396332303665323131616339383432
38663061643961633536633165646534613933383336393463393233323339306139653462653566 61306439363730356337363266646662333437376133636434313365373839636263326264343439
33653632633733633432393538356461663963366638653937636237616564326365336464343665 39626433376462623532663632336234646339623237366133623230613430356435323030326138
35313237333636646538353665393437373536383161623833653638356133356131376165653238 34643861396563346230626332313835616337346536373463393432316430656464396534393233
3332 34656634386337356565333634346664323339643466313337333030623939616364626433353834
38383739646433633666633936393234633038376535366137346363383830396266316164313765
34633839343734383533393165613234383635633062356166633038396635336332363832363063
63626666656332646438

3
host_vars/prio.ch-s012.rsync.net
View file

@ -1,3 +0,0 @@
---
ansible_ssh_user: "{{ rsync_net_username }}"
known_host: "prio.ch-s012.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5lfML3qjBiDXi4yh3xPoXPHqIOeLNp66P3Unrl+8g3"

3
host_vars/zh1905.rsync.net Normal file
View file

@ -0,0 +1,3 @@
---
ansible_ssh_user: "{{ rsync_net_username }}"
known_host: "zh1905.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"

4
hosts
View file

@ -3,7 +3,7 @@ secure-runner1.archlinux.org
gemini.archlinux.org gemini.archlinux.org
[rsync_net] [rsync_net]
prio.ch-s012.rsync.net zh1905.rsync.net
[hetzner_storageboxes] [hetzner_storageboxes]
u236610.your-storagebox.de u236610.your-storagebox.de
@ -47,7 +47,7 @@ md.archlinux.org
lists.archlinux.org lists.archlinux.org
[borg_hosts] [borg_hosts]
prio.ch-s012.rsync.net zh1905.rsync.net
u236610.your-storagebox.de u236610.your-storagebox.de
[public_html] [public_html]

10
misc/borg.sh
View file

@ -3,13 +3,19 @@
set -eu set -eu
shopt -s extglob shopt -s extglob
OFFSITE_HOST=ch-s012.rsync.net OFFSITE_HOST=rsync.net
ROOT_DIR=$(dirname "${0}")/.. ROOT_DIR=$(dirname "${0}")/..
decrypted_gpg=$(mktemp arch-infrastructure-borg-XXXXXXXXX) decrypted_gpg=$(mktemp arch-infrastructure-borg-XXXXXXXXX)
trap "rm -f \"${decrypted_gpg}\"" EXIT trap "rm -f \"${decrypted_gpg}\"" EXIT
[[ "$*" =~ $OFFSITE_HOST ]] && is_offsite=true || is_offsite=false [[ "$*" =~ $OFFSITE_HOST ]] && is_offsite=true || is_offsite=false
# Use borg1 as the borg executable on offsite
remote_path=borg
if $is_offsite; then
remote_path=borg1
fi
# Find matching key # Find matching key
matching_key="" matching_key=""
for gpgkey in "$ROOT_DIR"/borg-keys/!(*-offsite.gpg); do for gpgkey in "$ROOT_DIR"/borg-keys/!(*-offsite.gpg); do
@ -28,6 +34,6 @@ if [[ -z "$matching_key" ]]; then
fi fi
gpg --batch --yes --decrypt -aq --output "$decrypted_gpg" "$ROOT_DIR/borg-keys/$matching_key.gpg" gpg --batch --yes --decrypt -aq --output "$decrypted_gpg" "$ROOT_DIR/borg-keys/$matching_key.gpg"
BORG_KEY_FILE="$decrypted_gpg" borg "$@" BORG_KEY_FILE="$decrypted_gpg" borg --remote-path=$remote_path "$@"
rm "$decrypted_gpg" rm "$decrypted_gpg"

2
playbooks/rsync.net.yml
View file

@ -1,7 +1,7 @@
--- ---
- name: setup rsync.net account - name: setup rsync.net account
hosts: prio.ch-s012.rsync.net hosts: zh1905.rsync.net
gather_facts: false gather_facts: false
roles: roles:
- { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] } - { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

4
playbooks/tasks/sync-ssh-hostkeys.yml
View file

@ -34,12 +34,12 @@
- name: manually append rsync.net host keys - name: manually append rsync.net host keys
lineinfile: lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}" line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n{% endfor %}"
delegate_to: localhost delegate_to: localhost
- name: manually append Hetzner Storageboxes host keys - name: manually append Hetzner Storageboxes host keys
lineinfile: lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}" line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n{% endfor %}"
delegate_to: localhost delegate_to: localhost
- name: upload known_hosts to all nodes - name: upload known_hosts to all nodes

4
roles/borg_client/defaults/main.yml
View file

@ -3,6 +3,8 @@ backup_hosts:
- host: "ssh://u236610.your-storagebox.de:23" - host: "ssh://u236610.your-storagebox.de:23"
dir: "~/repo" dir: "~/repo"
suffix: "" suffix: ""
- host: "ssh://{{ rsync_net_username }}@prio.ch-s012.rsync.net:22" borg_cmd: "borg"
- host: "ssh://{{ rsync_net_username }}@zh1905.rsync.net:22"
dir: "~/backup/{{ inventory_hostname }}" dir: "~/backup/{{ inventory_hostname }}"
suffix: "-offsite" suffix: "-offsite"
borg_cmd: "borg --remote-path=borg1"

4
roles/borg_client/tasks/main.yml
View file

@ -3,7 +3,7 @@
pacman: name=borg state=present pacman: name=borg state=present
- name: check if borg repository already exists - name: check if borg repository already exists
command: borg list {{ item['host'] }}/{{ item['dir'] }} command: "{{ item['borg_cmd'] }} list {{ item['host'] }}/{{ item['dir'] }}"
environment: environment:
BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes" BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes"
register: borg_list register: borg_list
@ -12,7 +12,7 @@
changed_when: borg_list.stdout | length > 0 changed_when: borg_list.stdout | length > 0
- name: init borg repository - name: init borg repository
command: borg init -e keyfile {{ item['host'] }}/{{ item['dir'] }} command: "{{ item['borg_cmd'] }} init -e keyfile {{ item['host'] }}/{{ item['dir'] }}"
when: borg_list is failed when: borg_list is failed
environment: environment:
BORG_PASSPHRASE: "" BORG_PASSPHRASE: ""

4
roles/borg_client/templates/borg-backup.sh.j2
View file

@ -74,7 +74,7 @@ else
backup_mountdir="$src" backup_mountdir="$src"
fi fi
borg create -v --stats -C zstd \ {{ item['borg_cmd'] }} create -v --stats -C zstd \
-e /proc \ -e /proc \
-e /sys \ -e /sys \
-e /dev \ -e /dev \
@ -94,4 +94,4 @@ borg create -v --stats -C zstd \
-e "$backup_mountdir/var/lib/archbuilddest" \ -e "$backup_mountdir/var/lib/archbuilddest" \
-e "$backup_mountdir/var/lib/docker" \ -e "$backup_mountdir/var/lib/docker" \
{{ item['host'] }}/{{ item['dir'] }}::$(date "+%Y%m%d-%H%M%S") "$backup_mountdir" {{ item['host'] }}/{{ item['dir'] }}::$(date "+%Y%m%d-%H%M%S") "$backup_mountdir"
borg prune -v {{ item['host'] }}/{{ item['dir'] }} --keep-daily=7 --keep-weekly=4 --keep-monthly=6 {{ item['borg_cmd'] }} prune -v {{ item['host'] }}/{{ item['dir'] }} --keep-daily=7 --keep-weekly=4 --keep-monthly=6

2
roles/borg_client/templates/borg.j2
View file

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
BORG_REPO="{{ item['host'] }}/{{ item['dir'] }}" exec /usr/bin/borg "$@" BORG_REPO="{{ item['host'] }}/{{ item['dir'] }}" exec /usr/bin/{{ item['borg_cmd'] }} "$@"

2
roles/rsync_net/templates/authorized_keys.j2
View file

@ -13,5 +13,5 @@
# Client machines keys # Client machines keys
{% for client_key in client_ssh_keys.results %} {% for client_key in client_ssh_keys.results %}
command="borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }} command="borg1 serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }}
{% endfor %} {% endfor %}