diff --git a/group_vars/asgard/vars.yml b/group_vars/asgard/vars.yml index 98decb9..b635567 100644 --- a/group_vars/asgard/vars.yml +++ b/group_vars/asgard/vars.yml @@ -1,3 +1,9 @@ +# -------------------------------------------------------------------------------------------------- +# system:base +# -------------------------------------------------------------------------------------------------- +system_base_additional_tcp_ports: "{{ + services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}" + # -------------------------------------------------------------------------------------------------- # vpn:wireguard # -------------------------------------------------------------------------------------------------- @@ -13,6 +19,9 @@ vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}" vpn_bridge_address: "{{ vpn_bridge_prefix }}.1" vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255" vpn_bridge_netmask: "255.255.255.0" +vpn_bridge_dnat: "{{ services_host_services | dict2items | + community.general.json_query('[?@.value.tcp]. + {address: value.address, ports: value.tcp}') }}" # -------------------------------------------------------------------------------------------------- # services @@ -52,6 +61,11 @@ services: smtp_name: "{{ vault_services.notes.smtp_name }}" smtp_password: "{{ vault_services.notes.smtp_password }}" +# -------------------------------------------------------------------------------------------------- +# services:user_setup +# -------------------------------------------------------------------------------------------------- +services_bridge_gateway: "{{ vpn_bridge_address }}" + scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}" scw_access_key: "{{ vault_scw_access_key }}" scw_secret_key: "{{ vault_scw_secret_key }}" diff --git a/host_vars/heimdall/vars.yml b/host_vars/heimdall/vars.yml index 41a9598..98a52ea 100644 --- a/host_vars/heimdall/vars.yml +++ b/host_vars/heimdall/vars.yml @@ -7,7 +7,7 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" # system:base # -------------------------------------------------------------------------------------------------- system_base_udp_ports: - - 12768 + - "{{ vpn_wireguard_port }}" # -------------------------------------------------------------------------------------------------- # vpn:wireguard diff --git a/host_vars/valkyrie/vars.yml b/host_vars/valkyrie/vars.yml index 6bbaf77..a4c99f7 100644 --- a/host_vars/valkyrie/vars.yml +++ b/host_vars/valkyrie/vars.yml @@ -8,11 +8,8 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" # -------------------------------------------------------------------------------------------------- system_base_additional_ssh_users: - "pod-rproxy" -system_base_additional_tcp_ports: - - 80 - - 443 system_base_udp_ports: - - 51820 + - "{{ vpn_wireguard_port }}" # -------------------------------------------------------------------------------------------------- # vpn @@ -30,10 +27,11 @@ vpn_wireguard_clients: subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24" # -------------------------------------------------------------------------------------------------- -# vpn:bridge +# services # -------------------------------------------------------------------------------------------------- -vpn_bridge_dnat: - - address: "{{ vpn_bridge_prefix }}.2" - ports: - - 80 - - 443 +services_host_services: + rproxy: + address: "{{ vpn_bridge_prefix }}.2" + tcp: [80, 443] + www: + address: "{{ vpn_bridge_prefix }}.3" diff --git a/host_vars/yggdrasil/vars.yml b/host_vars/yggdrasil/vars.yml index 531571b..fe2abc7 100644 --- a/host_vars/yggdrasil/vars.yml +++ b/host_vars/yggdrasil/vars.yml @@ -16,14 +16,6 @@ system_zfs_zpools_load_key: # -------------------------------------------------------------------------------------------------- system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" -# -------------------------------------------------------------------------------------------------- -# system:base -# -------------------------------------------------------------------------------------------------- -system_base_additional_tcp_ports: - - 80 - - 443 - - 2770 - # -------------------------------------------------------------------------------------------------- # vpn # -------------------------------------------------------------------------------------------------- @@ -40,13 +32,18 @@ vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}" vpn_wireguard_routing_table: 66 # -------------------------------------------------------------------------------------------------- -# vpn:bridge +# services # -------------------------------------------------------------------------------------------------- -vpn_bridge_dnat: - - address: "{{ vpn_bridge_prefix }}.2" - ports: - - 80 - - 443 - - address: "{{ vpn_bridge_prefix }}.5" - ports: - - 2770 +services_host_services: + lrproxy: + address: "{{ vpn_bridge_prefix }}.2" + tcp: [80, 443] + database: + address: "{{ vpn_bridge_prefix }}.3" + cloud: + address: "{{ vpn_bridge_prefix }}.4" + git: + address: "{{ vpn_bridge_prefix }}.5" + tcp: [2770] + notes: + address: "{{ vpn_bridge_prefix }}.6" diff --git a/plays/services/files/system_setup/nameserver/.gitignore b/plays/services/files/setup_system/nameserver/.gitignore similarity index 100% rename from plays/services/files/system_setup/nameserver/.gitignore rename to plays/services/files/setup_system/nameserver/.gitignore diff --git a/plays/services/main.yml b/plays/services/main.yml index a264d8f..5502e02 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -1,4 +1,45 @@ --- -- ansible.builtin.import_playbook: "system.yml" -- ansible.builtin.import_playbook: "valkyrie.yml" -- ansible.builtin.import_playbook: "yggdrasil.yml" +- name: "services : zfs" + hosts: "zfs" + tasks: + - name: "datasets_system" + ansible.builtin.include_role: + name: "datasets_system" + apply: + tags: "services:datasets_system" + tags: "always" + + - name: "datasets_user" + ansible.builtin.include_role: + name: "datasets_user" + apply: + tags: + - "services:datasets_user" + - "services:datasets_user:{{ services_service_name }}" + - "services:{{ services_service_name }}" + - "services:{{ services_service_name }}:datasets_user" + loop: "{{ services_host_services | dict2items | map(attribute='key') }}" + loop_control: + loop_var: "services_service_name" + tags: "always" + +- name: "services : asgard" + hosts: "asgard" + tasks: + - ansible.builtin.import_role: + name: "setup_system" + tags: "services:setup_system" + + - name: "setup_user" + ansible.builtin.include_role: + name: "setup_user" + apply: + tags: + - "services:setup_user" + - "services:setup_user:{{ services_service_name }}" + - "services:{{ services_service_name }}" + - "services:{{ services_service_name }}:setup_user" + loop: "{{ services_host_services | dict2items | map(attribute='key') }}" + loop_control: + loop_var: "services_service_name" + tags: "always" diff --git a/plays/services/roles/system_datasets/meta/argument_specs.yml b/plays/services/roles/datasets_system/meta/argument_specs.yml similarity index 100% rename from plays/services/roles/system_datasets/meta/argument_specs.yml rename to plays/services/roles/datasets_system/meta/argument_specs.yml diff --git a/plays/services/roles/system_datasets/tasks/main.yml b/plays/services/roles/datasets_system/tasks/main.yml similarity index 87% rename from plays/services/roles/system_datasets/tasks/main.yml rename to plays/services/roles/datasets_system/tasks/main.yml index 8b71bb6..ff76d72 100644 --- a/plays/services/roles/system_datasets/tasks/main.yml +++ b/plays/services/roles/datasets_system/tasks/main.yml @@ -23,24 +23,24 @@ community.general.filesystem: dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" fstype: "ext4" - register: services_system_datasets_zvol_format + register: services_datasets_system_zvol_format - block: - name: "get containers zvol uuid" ansible.builtin.command: >- blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers - register: services_system_datasets_zvol_uuid + register: services_datasets_system_zvol_uuid - name: "system : add fstab entry and mount containers zvol" ansible.posix.mount: path: "/var/lib/{{ ansible_hostname }}/containers" - src: "UUID={{ services_system_datasets_zvol_uuid.stdout }}" + src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}" fstype: "ext4" state: "mounted" when: - services_system_datasets_zvol_format.changed + services_datasets_system_zvol_format.changed - name: "create data root dataset" community.general.zfs: diff --git a/plays/services/roles/user_datasets/meta/argument_specs.yml b/plays/services/roles/datasets_user/meta/argument_specs.yml similarity index 64% rename from plays/services/roles/user_datasets/meta/argument_specs.yml rename to plays/services/roles/datasets_user/meta/argument_specs.yml index d1a7b7b..f50c4e7 100644 --- a/plays/services/roles/user_datasets/meta/argument_specs.yml +++ b/plays/services/roles/datasets_user/meta/argument_specs.yml @@ -7,7 +7,3 @@ argument_specs: services_service_name: type: "str" required: true - services_service_volumes: - type: "dict" - elem: "dict" - required: true diff --git a/plays/services/roles/user_datasets/tasks/main.yml b/plays/services/roles/datasets_user/tasks/main.yml similarity index 76% rename from plays/services/roles/user_datasets/tasks/main.yml rename to plays/services/roles/datasets_user/tasks/main.yml index a2da5f3..fb4d1bb 100644 --- a/plays/services/roles/user_datasets/tasks/main.yml +++ b/plays/services/roles/datasets_user/tasks/main.yml @@ -1,13 +1,13 @@ - name: "{{ services_service_name }} : set variables" ansible.builtin.import_role: name: "include" - tasks_from: "vars" + vars_from: "user" - name: "{{ services_service_name }} : create home dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" state: "present" - register: services_user_datasets_zfs_home + register: services_datasets_user_zfs_home - name: "{{ services_service_name }} : populate home dataset with skeleton" ansible.builtin.copy: @@ -15,7 +15,7 @@ dest: "{{ services_service_user_home }}" remote_src: true when: - services_user_datasets_zfs_home.changed + services_datasets_user_zfs_home.changed - name: "{{ services_service_name }} : create data dataset" community.general.zfs: @@ -24,9 +24,14 @@ extra_zfs_properties: canmount: "off" +- name: "{{ services_service_name }} : include volume list" + ansible.builtin.import_role: + name: "include" + vars_from: "volumes" + - name: "{{ services_service_name }} : create volume datasets" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}" state: "present" extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}" - loop: "{{ services_service_volumes | dict2items }}" + loop: "{{ services_volumes[services_service_name] | dict2items }}" diff --git a/plays/services/roles/include/tasks/vars.yml b/plays/services/roles/include/tasks/vars.yml deleted file mode 100644 index 7d2ab69..0000000 --- a/plays/services/roles/include/tasks/vars.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: "vars : {{ services_service_name }} : set user name variable" - set_fact: - services_service_user_name: "pod-{{ services_service_name }}" - -- name: "vars : {{ services_service_name }} : set user home variable" - set_fact: - services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" diff --git a/plays/services/roles/include/vars/user.yml b/plays/services/roles/include/vars/user.yml new file mode 100644 index 0000000..45675bc --- /dev/null +++ b/plays/services/roles/include/vars/user.yml @@ -0,0 +1,2 @@ +services_service_user_name: "pod-{{ services_service_name }}" +services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" diff --git a/plays/services/roles/include/vars/volumes.yml b/plays/services/roles/include/vars/volumes.yml new file mode 100644 index 0000000..8f4e3d1 --- /dev/null +++ b/plays/services/roles/include/vars/volumes.yml @@ -0,0 +1,21 @@ +services_volumes: + rproxy: + etc-letsencrypt: + www: {} + lrproxy: + etc-letsencrypt: + database: + wal: + extra_zfs_properties: + recordsize: "8K" + data: + extra_zfs_properties: + recordsize: "8K" + logbias: "throughput" + cloud: + nextcloud: + data: + git: + data: + notes: + data: diff --git a/plays/services/roles/system_setup/files/auto_update/pod-service-auto-update b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update similarity index 100% rename from plays/services/roles/system_setup/files/auto_update/pod-service-auto-update rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update diff --git a/plays/services/roles/system_setup/files/auto_update/pod-service-auto-update.service b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.service similarity index 100% rename from plays/services/roles/system_setup/files/auto_update/pod-service-auto-update.service rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.service diff --git a/plays/services/roles/system_setup/files/auto_update/pod-service-auto-update.timer b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.timer similarity index 100% rename from plays/services/roles/system_setup/files/auto_update/pod-service-auto-update.timer rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.timer diff --git a/plays/services/roles/system_setup/files/auto_update/podman-image-prune.service b/plays/services/roles/setup_system/files/auto_update/podman-image-prune.service similarity index 100% rename from plays/services/roles/system_setup/files/auto_update/podman-image-prune.service rename to plays/services/roles/setup_system/files/auto_update/podman-image-prune.service diff --git a/plays/services/roles/system_setup/files/veth/connect-pod-service@.service b/plays/services/roles/setup_system/files/veth/connect-pod-service@.service similarity index 100% rename from plays/services/roles/system_setup/files/veth/connect-pod-service@.service rename to plays/services/roles/setup_system/files/veth/connect-pod-service@.service diff --git a/plays/services/roles/system_setup/meta/argument_spec.yml b/plays/services/roles/setup_system/meta/argument_spec.yml similarity index 100% rename from plays/services/roles/system_setup/meta/argument_spec.yml rename to plays/services/roles/setup_system/meta/argument_spec.yml diff --git a/plays/services/roles/system_setup/tasks/include/auto_update.yml b/plays/services/roles/setup_system/tasks/include/auto_update.yml similarity index 72% rename from plays/services/roles/system_setup/tasks/include/auto_update.yml rename to plays/services/roles/setup_system/tasks/include/auto_update.yml index 2ddab7c..05102e5 100644 --- a/plays/services/roles/system_setup/tasks/include/auto_update.yml +++ b/plays/services/roles/setup_system/tasks/include/auto_update.yml @@ -9,21 +9,21 @@ src: "./auto_update/pod-service-auto-update.service" dest: "/etc/systemd/user/pod-service-auto-update.service" mode: 0644 - register: services_system_pod_service_auto_update_service_file + register: services_setup_system_pod_service_auto_update_service_file - name: "auto_update : pod-service update timer" ansible.builtin.copy: src: "./auto_update/pod-service-auto-update.timer" dest: "/etc/systemd/user/pod-service-auto-update.timer" mode: 0644 - register: services_system_pod_service_auto_update_timer_file + register: services_setup_system_pod_service_auto_update_timer_file - name: "auto_update : image prune service" ansible.builtin.copy: src: "./auto_update/podman-image-prune.service" dest: "/etc/systemd/user/podman-image-prune.service" mode: 0644 - register: services_system_podman_image_prune_service_file + register: services_setup_system_podman_image_prune_service_file # Include instead of import as otherwise the when clause is always applied which triggers errors if # the above tasks haven't executed. @@ -32,6 +32,6 @@ name: "include" tasks_from: "daemon_reload" when: - services_system_pod_service_auto_update_service_file.changed or - services_system_pod_service_auto_update_timer_file.changed or - services_system_podman_image_prune_service_file.changed + services_setup_system_pod_service_auto_update_service_file.changed or + services_setup_system_pod_service_auto_update_timer_file.changed or + services_setup_system_podman_image_prune_service_file.changed diff --git a/plays/services/roles/system_setup/tasks/include/directories.yml b/plays/services/roles/setup_system/tasks/include/directories.yml similarity index 100% rename from plays/services/roles/system_setup/tasks/include/directories.yml rename to plays/services/roles/setup_system/tasks/include/directories.yml diff --git a/plays/services/roles/system_setup/tasks/include/nameserver.yml b/plays/services/roles/setup_system/tasks/include/nameserver.yml similarity index 77% rename from plays/services/roles/system_setup/tasks/include/nameserver.yml rename to plays/services/roles/setup_system/tasks/include/nameserver.yml index 7fc5088..8babcd4 100644 --- a/plays/services/roles/system_setup/tasks/include/nameserver.yml +++ b/plays/services/roles/setup_system/tasks/include/nameserver.yml @@ -1,14 +1,14 @@ - name: "nameserver : fetch valkyrie's resolv.conf" ansible.builtin.fetch: src: "/etc/resolv.conf" - dest: "./files/system_setup/nameserver/" + dest: "./files/setup_system/nameserver/" flat: true when: ansible_hostname == "valkyrie" - name: "nameserver : copy valkyrie's resolv.conf to other hosts" ansible.builtin.copy: - src: "../../../files/system_setup/nameserver/resolv.conf" + src: "../../../files/setup_system/nameserver/resolv.conf" dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" when: ansible_hostname != "valkyrie" diff --git a/plays/services/roles/system_setup/tasks/include/podman.yml b/plays/services/roles/setup_system/tasks/include/podman.yml similarity index 59% rename from plays/services/roles/system_setup/tasks/include/podman.yml rename to plays/services/roles/setup_system/tasks/include/podman.yml index f60384d..a4eb58a 100644 --- a/plays/services/roles/system_setup/tasks/include/podman.yml +++ b/plays/services/roles/setup_system/tasks/include/podman.yml @@ -1,9 +1,9 @@ - name: "podman : install podman" ansible.builtin.apt: name: "podman" - register: services_system_setup_podman_install + register: services_setup_system_podman_install - name: "podman : reboot host" ansible.builtin.reboot: when: - services_system_setup_podman_install.changed + services_setup_system_podman_install.changed diff --git a/plays/services/roles/system_setup/tasks/include/veth.yml b/plays/services/roles/setup_system/tasks/include/veth.yml similarity index 66% rename from plays/services/roles/system_setup/tasks/include/veth.yml rename to plays/services/roles/setup_system/tasks/include/veth.yml index ef68758..078ddd8 100644 --- a/plays/services/roles/system_setup/tasks/include/veth.yml +++ b/plays/services/roles/setup_system/tasks/include/veth.yml @@ -3,18 +3,18 @@ src: "./veth/connect-pod-service@.service" dest: "/etc/systemd/system/connect-pod-service@.service" mode: 0644 - register: services_system_setup_connect_pod_service_service_file + register: services_setup_system_connect_pod_service_service_file - name: "veth : configure connect-pod-service path trigger" ansible.builtin.template: src: "./veth/connect-pod-service@.path.j2" dest: "/etc/systemd/system/connect-pod-service@.path" mode: 0644 - register: services_system_setup_connect_pod_service_path_file + register: services_setup_system_connect_pod_service_path_file - name: "veth : systemd daemon reload" ansible.builtin.systemd: daemon_reload: true when: - services_system_setup_connect_pod_service_service_file.changed or - services_system_setup_connect_pod_service_path_file.changed + services_setup_system_connect_pod_service_service_file.changed or + services_setup_system_connect_pod_service_path_file.changed diff --git a/plays/services/roles/setup_system/tasks/main.yml b/plays/services/roles/setup_system/tasks/main.yml new file mode 100644 index 0000000..8d1332a --- /dev/null +++ b/plays/services/roles/setup_system/tasks/main.yml @@ -0,0 +1,19 @@ +- name: "play:services : role:setup_system : tasks:podman" + ansible.builtin.import_tasks: "include/podman.yml" + tags: "services:setup_system:podman" + +- name: "play:services : role:setup_system : tasks:directories" + ansible.builtin.import_tasks: "include/directories.yml" + tags: "services:setup_system:directories" + +- name: "play:services : role:setup_system : tasks:nameserver" + ansible.builtin.import_tasks: "include/nameserver.yml" + tags: "services:setup_system:nameserver" + +- name: "play:services : role:setup_system : tasks:veth" + ansible.builtin.import_tasks: "include/veth.yml" + tags: "services:setup_system:veth" + +- name: "play:services : role:setup_system : tasks:auto_update" + ansible.builtin.import_tasks: "include/auto_update.yml" + tags: "services:setup_system:auto_update" diff --git a/plays/services/roles/system_setup/templates/veth/connect-pod-service@.path.j2 b/plays/services/roles/setup_system/templates/veth/connect-pod-service@.path.j2 similarity index 100% rename from plays/services/roles/system_setup/templates/veth/connect-pod-service@.path.j2 rename to plays/services/roles/setup_system/templates/veth/connect-pod-service@.path.j2 diff --git a/plays/services/roles/user_setup/meta/argument_spec.yml b/plays/services/roles/setup_user/meta/argument_spec.yml similarity index 100% rename from plays/services/roles/user_setup/meta/argument_spec.yml rename to plays/services/roles/setup_user/meta/argument_spec.yml diff --git a/plays/services/roles/user_setup/tasks/include/auto_update.yml b/plays/services/roles/setup_user/tasks/include/auto_update.yml similarity index 100% rename from plays/services/roles/user_setup/tasks/include/auto_update.yml rename to plays/services/roles/setup_user/tasks/include/auto_update.yml diff --git a/plays/services/roles/user_setup/tasks/include/directories.yml b/plays/services/roles/setup_user/tasks/include/directories.yml similarity index 83% rename from plays/services/roles/user_setup/tasks/include/directories.yml rename to plays/services/roles/setup_user/tasks/include/directories.yml index 7c4a2a6..3470ceb 100644 --- a/plays/services/roles/user_setup/tasks/include/directories.yml +++ b/plays/services/roles/setup_user/tasks/include/directories.yml @@ -14,9 +14,14 @@ group: "{{ services_service_user_name }}" mode: 0755 +- name: "{{ services_service_name }} : directories : include volume list" + ansible.builtin.import_role: + name: "include" + vars_from: "volumes" + - name: "{{ services_service_name }} : directories : create volume directories" ansible.builtin.include_tasks: "directories/volumes.yml" - loop: "{{ services_service_volumes | dict2items }}" + loop: "{{ services_volumes[services_service_name] | dict2items }}" loop_control: loop_var: "services_service_volume" diff --git a/plays/services/roles/user_setup/tasks/include/directories/volumes.yml b/plays/services/roles/setup_user/tasks/include/directories/volumes.yml similarity index 91% rename from plays/services/roles/user_setup/tasks/include/directories/volumes.yml rename to plays/services/roles/setup_user/tasks/include/directories/volumes.yml index d8b37ae..8d7f022 100644 --- a/plays/services/roles/user_setup/tasks/include/directories/volumes.yml +++ b/plays/services/roles/setup_user/tasks/include/directories/volumes.yml @@ -9,7 +9,7 @@ - name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists" ansible.builtin.stat: path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" - register: services_user_setup_volume_mount + register: services_setup_user_volume_mount - name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount" ansible.builtin.file: @@ -19,4 +19,4 @@ group: "{{ services_service_user_name }}" mode: 0755 when: - not services_user_setup_volume_mount.stat.exists + not services_setup_user_volume_mount.stat.exists diff --git a/plays/services/roles/user_setup/tasks/include/podman.yml b/plays/services/roles/setup_user/tasks/include/podman.yml similarity index 86% rename from plays/services/roles/user_setup/tasks/include/podman.yml rename to plays/services/roles/setup_user/tasks/include/podman.yml index cf00f9b..cb08579 100644 --- a/plays/services/roles/user_setup/tasks/include/podman.yml +++ b/plays/services/roles/setup_user/tasks/include/podman.yml @@ -11,11 +11,11 @@ src: "./podman/storage.conf.j2" dest: "{{ services_service_user_home }}/.config/containers/storage.conf" mode: 0644 - register: services_user_setup_containers_storage + register: services_setup_user_containers_storage - name: "{{ services_service_name }} : podman : reset podman" ansible.builtin.shell: "cd $HOME; yes | podman system reset" when: - services_user_setup_containers_storage.changed + services_setup_user_containers_storage.changed become_user: "{{ services_service_user_name }}" diff --git a/plays/services/roles/user_setup/tasks/include/user.yml b/plays/services/roles/setup_user/tasks/include/user.yml similarity index 94% rename from plays/services/roles/user_setup/tasks/include/user.yml rename to plays/services/roles/setup_user/tasks/include/user.yml index d7551d4..7820a58 100644 --- a/plays/services/roles/user_setup/tasks/include/user.yml +++ b/plays/services/roles/setup_user/tasks/include/user.yml @@ -9,7 +9,7 @@ - name: "{{ services_service_name }} : setup : set default shell" ansible.builtin.user: name: "{{ services_service_user_name }}" - shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}" + shell: "{{ services_setup_user_shell[services_service_name] | default('/usr/sbin/nologin') }}" - block: diff --git a/plays/services/roles/user_setup/tasks/include/veth.yml b/plays/services/roles/setup_user/tasks/include/veth.yml similarity index 89% rename from plays/services/roles/user_setup/tasks/include/veth.yml rename to plays/services/roles/setup_user/tasks/include/veth.yml index 3ce55e4..d1943c6 100644 --- a/plays/services/roles/user_setup/tasks/include/veth.yml +++ b/plays/services/roles/setup_user/tasks/include/veth.yml @@ -14,7 +14,7 @@ fi' vars: services_service_iface_name: "veth-{{ services_service_name }}" - services_service_iface_address: "{{ services_addresses[services_service_name] }}" + services_service_iface_address: "{{ services_host_services[services_service_name].address }}" - name: "{{ services_service_name }} : veth : enable the path trigger" ansible.builtin.systemd: diff --git a/plays/services/roles/setup_user/tasks/main.yml b/plays/services/roles/setup_user/tasks/main.yml new file mode 100644 index 0000000..b6f88a2 --- /dev/null +++ b/plays/services/roles/setup_user/tasks/main.yml @@ -0,0 +1,55 @@ +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars" + ansible.builtin.import_role: + name: "include" + vars_from: "user" + tags: + - "services:setup_user:user" + - "services:setup_user:{{ services_service_name }}:user" + - "services:{{ services_service_name }}:setup_user:user" + - "services:setup_user:directories" + - "services:setup_user:{{ services_service_name }}:directories" + - "services:{{ services_service_name }}:setup_user:directories" + - "services:setup_user:podman" + - "services:setup_user:{{ services_service_name }}:podman" + - "services:{{ services_service_name }}:setup_user:podman" + - "services:setup_user:auto_update" + - "services:setup_user:{{ services_service_name }}:auto_update" + - "services:{{ services_service_name }}:setup_user:auto_update" + - "services:setup_user:veth" + - "services:setup_user:{{ services_service_name }}:veth" + - "services:{{ services_service_name }}:setup_user:veth" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user" + ansible.builtin.import_tasks: "include/user.yml" + tags: + - "services:setup_user:user" + - "services:setup_user:{{ services_service_name }}:user" + - "services:{{ services_service_name }}:setup_user:user" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories" + ansible.builtin.import_tasks: "include/directories.yml" + tags: + - "services:setup_user:directories" + - "services:setup_user:{{ services_service_name }}:directories" + - "services:{{ services_service_name }}:setup_user:directories" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman" + ansible.builtin.import_tasks: "include/podman.yml" + tags: + - "services:setup_user:podman" + - "services:setup_user:{{ services_service_name }}:podman" + - "services:{{ services_service_name }}:setup_user:podman" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update" + ansible.builtin.import_tasks: "include/auto_update.yml" + tags: + - "services:setup_user:auto_update" + - "services:setup_user:{{ services_service_name }}:auto_update" + - "services:{{ services_service_name }}:setup_user:auto_update" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth" + ansible.builtin.import_tasks: "include/veth.yml" + tags: + - "services:setup_user:veth" + - "services:setup_user:{{ services_service_name }}:veth" + - "services:{{ services_service_name }}:setup_user:veth" diff --git a/plays/services/roles/user_setup/templates/podman/storage.conf.j2 b/plays/services/roles/setup_user/templates/podman/storage.conf.j2 similarity index 100% rename from plays/services/roles/user_setup/templates/podman/storage.conf.j2 rename to plays/services/roles/setup_user/templates/podman/storage.conf.j2 diff --git a/plays/services/roles/user_setup/templates/veth/interface.j2 b/plays/services/roles/setup_user/templates/veth/interface.j2 similarity index 100% rename from plays/services/roles/user_setup/templates/veth/interface.j2 rename to plays/services/roles/setup_user/templates/veth/interface.j2 diff --git a/plays/services/roles/setup_user/vars/main.yml b/plays/services/roles/setup_user/vars/main.yml new file mode 100644 index 0000000..9e41d31 --- /dev/null +++ b/plays/services/roles/setup_user/vars/main.yml @@ -0,0 +1,2 @@ +services_setup_user_shell: + rproxy: "/usr/bin/rbash" diff --git a/plays/services/roles/system_setup/tasks/main.yml b/plays/services/roles/system_setup/tasks/main.yml deleted file mode 100644 index 2bd4fbb..0000000 --- a/plays/services/roles/system_setup/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: "play:services : role:system_setup : tasks:podman" - ansible.builtin.import_tasks: "include/podman.yml" - tags: "services:system_setup:podman" - -- name: "play:services : role:system_setup : tasks:directories" - ansible.builtin.import_tasks: "include/directories.yml" - tags: "services:system_setup:directories" - -- name: "play:services : role:system_setup : tasks:nameserver" - ansible.builtin.import_tasks: "include/nameserver.yml" - tags: "services:system_setup:nameserver" - -- name: "play:services : role:system_setup : tasks:veth" - ansible.builtin.import_tasks: "include/veth.yml" - tags: "services:system_setup:veth" - -- name: "play:services : role:system_setup : tasks:auto_update" - ansible.builtin.import_tasks: "include/auto_update.yml" - tags: "services:system_setup:auto_update" diff --git a/plays/services/roles/user_setup/tasks/main.yml b/plays/services/roles/user_setup/tasks/main.yml deleted file mode 100644 index 9e724cc..0000000 --- a/plays/services/roles/user_setup/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:vars" - ansible.builtin.import_role: - name: "include" - tasks_from: "vars" - tags: - - "services:user_setup:user" - - "services:user_setup:{{ services_service_name }}:user" - - "services:{{ services_service_name }}:user_setup:user" - - "services:user_setup:directories" - - "services:user_setup:{{ services_service_name }}:directories" - - "services:{{ services_service_name }}:user_setup:directories" - - "services:user_setup:podman" - - "services:user_setup:{{ services_service_name }}:podman" - - "services:{{ services_service_name }}:user_setup:podman" - - "services:user_setup:auto_update" - - "services:user_setup:{{ services_service_name }}:auto_update" - - "services:{{ services_service_name }}:user_setup:auto_update" - - "services:user_setup:veth" - - "services:user_setup:{{ services_service_name }}:veth" - - "services:{{ services_service_name }}:user_setup:veth" - -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:user" - ansible.builtin.import_tasks: "include/user.yml" - tags: - - "services:user_setup:user" - - "services:user_setup:{{ services_service_name }}:user" - - "services:{{ services_service_name }}:user_setup:user" - -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:directories" - ansible.builtin.import_tasks: "include/directories.yml" - tags: - - "services:user_setup:directories" - - "services:user_setup:{{ services_service_name }}:directories" - - "services:{{ services_service_name }}:user_setup:directories" - -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:podman" - ansible.builtin.import_tasks: "include/podman.yml" - tags: - - "services:user_setup:podman" - - "services:user_setup:{{ services_service_name }}:podman" - - "services:{{ services_service_name }}:user_setup:podman" - -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:auto_update" - ansible.builtin.import_tasks: "include/auto_update.yml" - tags: - - "services:user_setup:auto_update" - - "services:user_setup:{{ services_service_name }}:auto_update" - - "services:{{ services_service_name }}:user_setup:auto_update" - -- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:veth" - ansible.builtin.import_tasks: "include/veth.yml" - tags: - - "services:user_setup:veth" - - "services:user_setup:{{ services_service_name }}:veth" - - "services:{{ services_service_name }}:user_setup:veth" diff --git a/plays/services/system.yml b/plays/services/system.yml deleted file mode 100644 index ef92308..0000000 --- a/plays/services/system.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: "services : system : asgard" - hosts: "asgard" - tasks: - - name: "system_datasets" - ansible.builtin.include_role: - name: "system_datasets" - apply: - tags: "services:system_datasets" - when: - "'zfs' in group_names" - tags: "always" - - - ansible.builtin.import_role: - name: "system_setup" - tags: "services:system_setup" - - - name: "set service bridge addresses" - ansible.builtin.set_fact: - services_bridge_gateway: "{{ vpn_bridge_prefix }}.1" - services_addresses: - rproxy: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.2" - www: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.3" - lrproxy: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.2" - database: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.3" - cloud: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.4" - git: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.5" - notes: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.6" - tags: "always" diff --git a/plays/services/valkyrie.yml b/plays/services/valkyrie.yml deleted file mode 100644 index c49a0e4..0000000 --- a/plays/services/valkyrie.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: "services : valkyrie" - hosts: "valkyrie" - tasks: - - name: "set service volumes" - ansible.builtin.set_fact: - services_valkyrie_volumes: - rproxy: - etc-letsencrypt: - www: {} - tags: "always" - - - name: "user_setup" - ansible.builtin.include_role: - name: "user_setup" - apply: - tags: - - "services:user_setup" - - "services:user_setup:{{ services_service_name }}" - - "services:{{ services_service_name }}" - - "services:{{ services_service_name }}:user_setup" - vars: - services_service_name: "rproxy" - services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}" - services_service_user_shell: "/usr/bin/rbash" - tags: "always" - - - name: "user_setup" - ansible.builtin.include_role: - name: "user_setup" - apply: - tags: - - "services:user_setup" - - "services:user_setup:{{ services_service_name }}" - - "services:{{ services_service_name }}" - - "services:{{ services_service_name }}:user_setup" - vars: - services_service_name: "www" - services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}" - tags: "always" diff --git a/plays/services/yggdrasil.yml b/plays/services/yggdrasil.yml deleted file mode 100644 index 8d5438f..0000000 --- a/plays/services/yggdrasil.yml +++ /dev/null @@ -1,62 +0,0 @@ -- name: "services : yggdrasil" - hosts: "yggdrasil" - tasks: - - name: "set service volumes" - ansible.builtin.set_fact: - services_yggdrasil_services: - - "lrproxy" - - "database" - - "cloud" - - "git" - - "notes" - services_yggdrasil_volumes: - lrproxy: - etc-letsencrypt: - database: - wal: - extra_zfs_properties: - recordsize: "8K" - data: - extra_zfs_properties: - recordsize: "8K" - logbias: "throughput" - cloud: - nextcloud: - data: - git: - data: - notes: - data: - tags: "always" - - - name: "user_datasets" - ansible.builtin.include_role: - name: "user_datasets" - apply: - tags: - - "services:user_datasets" - - "services:user_datasets:{{ services_service_name }}" - - "services:{{ services_service_name }}" - - "services:{{ services_service_name }}:user_datasets" - vars: - services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}" - loop: "{{ services_yggdrasil_services }}" - loop_control: - loop_var: "services_service_name" - tags: "always" - - - name: "user_setup" - ansible.builtin.include_role: - name: "user_setup" - apply: - tags: - - "services:user_setup" - - "services:user_setup:{{ services_service_name }}" - - "services:{{ services_service_name }}" - - "services:{{ services_service_name }}:user_setup" - vars: - services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}" - loop: "{{ services_yggdrasil_services }}" - loop_control: - loop_var: "services_service_name" - tags: "always"