fix: move cloud backup keys and scripts out of container volume paths

SSH keys moved to /etc/ssh/backup_keys/ (ssh_home_t) and backup scripts to /usr/local/bin/ (bin_t) to fix SELinux denials - container_file_t context blocked rsync from exec'ing ssh. Also fixes skudak key path mismatch (was truenas_skudak, key deployed as truenas_skudak-cloud). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-05 14:45:03 -05:00
parent d4b01468ba
commit f23fc62ada
3 changed files with 16 additions and 5 deletions
--- a/ansible/roles/podman/tasks/containers/home/cloud.yml
+++ b/ansible/roles/podman/tasks/containers/home/cloud.yml
@@ -88,8 +88,8 @@
  vars:
    backup_name: cloud
    data_path: "{{ cloud_path }}/data"
-    ssh_key_path: /root/.ssh/truenas_cloud
+    ssh_key_path: /etc/ssh/backup_keys/cloud
    ssh_key_content: "{{ cloud_backup_ssh_key }}"
    ssh_user: cloud
    remote_path: /mnt/glacier/nextcloud
-    script_path: "{{ cloud_path }}/backup.sh"
+    script_path: /usr/local/bin/cloud-backup.sh