bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: move cloud backup keys and scripts out of container volume paths

Browse Source 
SSH keys moved to /etc/ssh/backup_keys/ (ssh_home_t) and backup scripts
to /usr/local/bin/ (bin_t) to fix SELinux denials - container_file_t
context blocked rsync from exec'ing ssh. Also fixes skudak key path
mismatch (was truenas_skudak, key deployed as truenas_skudak-cloud).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Bastian de Byl
2026-03-05 14:45:03 -05:00
parent d4b01468ba
commit f23fc62ada
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/podman/tasks/containers/skudak/cloud.yml
View File

@@ -135,8 +135,8 @@
vars:
backup_name: skudak-cloud
data_path: "{{ cloud_skudak_path }}/data"
ssh_key_path: /root/.ssh/truenas_skudak
ssh_key_path: /etc/ssh/backup_keys/skudak-cloud
ssh_key_content: "{{ cloud_skudak_backup_ssh_key }}"
ssh_user: skucloud
remote_path: /mnt/glacier/skudakcloud
script_path: "{{ cloud_skudak_path }}/backup.sh"
script_path: /usr/local/bin/skudak-cloud-backup.sh