the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Move baldur and valkyrie var directory

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-07-22 23:51:34 +02:00
parent b384410eb0
commit 33e80ca13e
9 changed files with 10 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -126,7 +126,7 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
1. Create a VM on `yggdrasil` and install the same OS that is running on `yggdrasil`.
- Install the OS on a zvol on `rpool`.
- Prepare a zvol on `hpool` of size that's larger than what `yggdrasil` estimates for
`rpool/var/lib/yggdrasil/data` and mount at `/var/lib/baldur/data`.
`rpool/var/lib/yggdrasil/data` and mount at `/var/lib/the-nine-worlds/data`.
- Create non-root user `wojtek` with `sudo` privileges.
2. Configure SSH to use `yggdrasil` as a jump server.
3. Service testing can then be done directly from the VM. To achieve that `/etc/hosts` needs to be
@ -143,10 +143,10 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d restore
```
3. Once restore has completed, `chown -R <user>:<user>` all the restored directories in
`/var/lib/<hostname>/data`. Restic restores the UID information of the host from which the backup
was performed which may not match that of the new target machine. Note that permissions and
ownership are restored as a second step once all the content is restored. Therefore, the files
will list `root` as owner during the restoration.
`/var/lib/the-nine-worlds/data`. Restic restores the UID information of the host from which the
backup was performed which may not match that of the new target machine. Note that permissions
and ownership are restored as a second step once all the content is restored. Therefore, the
files will list `root` as owner during the restoration.
4. Start all the pod services with:
```sh
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_start.yml

2
inventory/group_vars/asgard/vars.yml
View File

@ -2,7 +2,7 @@
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_root_directory: "/var/lib/{{ system_var_hostname }}"
system_var_root_directory: "/var/lib/the-nine-worlds"
system_var_home_directory: "{{ system_var_root_directory }}/home"
system_var_data_directory: "{{ system_var_root_directory }}/data"
system_var_containers_directory: "{{ system_var_root_directory }}/containers"

5
inventory/host_vars/baldur/vars.yml
View File

@ -4,11 +4,6 @@
# --------------------------------------------------------------------------------------------------
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_hostname: "baldur"
# --------------------------------------------------------------------------------------------------
# vpn
# --------------------------------------------------------------------------------------------------

2
inventory/host_vars/yggdrasil/vars.yml
View File

@ -39,7 +39,7 @@ system_base_unattended_upgrades_blacklist:
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_hostname: "yggdrasil"
system_var_root_directory: "/var/lib/yggdrasil"
system_var_root_dataset: "rpool{{ system_var_root_directory }}"
system_var_home_dataset: "rpool{{ system_var_home_directory }}"

1
playbooks/roles/services/deploy/www/tasks/main.yml
View File

@ -56,6 +56,7 @@
git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
dest: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu"
recursive: true
ignore_errors: true
register: services_deploy_www_webiste_git
- name: "generate static page using hugo"

4
playbooks/roles/services/setup/system/meta/main.yml
View File

@ -1,4 +0,0 @@
---
dependencies:
- role: "system/base/nftables"
- role: "vpn/bridge"

2
playbooks/roles/services/setup/user/tasks/include/user.yml
View File

@ -10,7 +10,7 @@
- name: "{{ services_service_name }} : setup : set default shell"
ansible.builtin.user:
name: "{{ services_service_user_name }}"
shell: "{{ services_setup_user_shell[services_service_name] | default('/usr/sbin/nologin') }}"
shell: "/usr/sbin/nologin"
- block:

3
playbooks/roles/services/setup/user/vars/main.yml
View File

@ -1,3 +0,0 @@
---
services_setup_user_shell:
rproxy: "/usr/bin/rbash"

2
roles

@ -1 +1 @@
Subproject commit 9acf33085d86371353916589d1ee6bf5602067e4
Subproject commit 2d94cd14ee9ea5b002012d2c2020fb70585114ed