This playbook installs Duplicity and GnuPG, writes a baseline backup script, and validates the CLI.
- name: Configure Duplicity backup host
hosts: duplicity
become: true
vars:
duplicity_source: /srv/data
duplicity_target: scp://backup@backup-host//srv/backups/{{ inventory_hostname }}
tasks:
- name: Install Duplicity and GnuPG
ansible.builtin.package:
name:
- duplicity
- gnupg
state: present
- name: Create configuration directory
ansible.builtin.file:
path: /etc/duplicity
state: directory
mode: "0750"
- name: Write environment file
ansible.builtin.copy:
dest: /etc/duplicity/duplicity.env
mode: "0600"
content: |
PASSPHRASE='change-me'
DUP_KEY='YOUR_GPG_KEY'
DUP_SOURCE='{{ duplicity_source }}'
DUP_TARGET='{{ duplicity_target }}'
- name: Write backup script
ansible.builtin.copy:
dest: /usr/local/bin/duplicity-backup.sh
mode: "0750"
content: |
#!/usr/bin/env bash
set -euo pipefail
. /etc/duplicity/duplicity.env
duplicity --encrypt-key "$DUP_KEY" "$DUP_SOURCE" "$DUP_TARGET"
- name: Validate duplicity binary
ansible.builtin.command: duplicity --version
register: duplicity_version
changed_when: false
- name: Show duplicity version
ansible.builtin.debug:
var: duplicity_version.stdout_lines