Another re-arrangement of services play
This commit is contained in:
parent
d547729275
commit
5d1877bfec
@ -1,3 +1,9 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_additional_tcp_ports: "{{
|
||||||
|
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn:wireguard
|
# vpn:wireguard
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
@ -13,6 +19,9 @@ vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
|
|||||||
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
|
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
|
||||||
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
|
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
|
||||||
vpn_bridge_netmask: "255.255.255.0"
|
vpn_bridge_netmask: "255.255.255.0"
|
||||||
|
vpn_bridge_dnat: "{{ services_host_services | dict2items |
|
||||||
|
community.general.json_query('[?@.value.tcp].
|
||||||
|
{address: value.address, ports: value.tcp}') }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# services
|
# services
|
||||||
@ -52,6 +61,11 @@ services:
|
|||||||
smtp_name: "{{ vault_services.notes.smtp_name }}"
|
smtp_name: "{{ vault_services.notes.smtp_name }}"
|
||||||
smtp_password: "{{ vault_services.notes.smtp_password }}"
|
smtp_password: "{{ vault_services.notes.smtp_password }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# services:user_setup
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
services_bridge_gateway: "{{ vpn_bridge_address }}"
|
||||||
|
|
||||||
scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}"
|
scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}"
|
||||||
scw_access_key: "{{ vault_scw_access_key }}"
|
scw_access_key: "{{ vault_scw_access_key }}"
|
||||||
scw_secret_key: "{{ vault_scw_secret_key }}"
|
scw_secret_key: "{{ vault_scw_secret_key }}"
|
||||||
|
@ -7,7 +7,7 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
|||||||
# system:base
|
# system:base
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_base_udp_ports:
|
system_base_udp_ports:
|
||||||
- 12768
|
- "{{ vpn_wireguard_port }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn:wireguard
|
# vpn:wireguard
|
||||||
|
@ -8,11 +8,8 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_base_additional_ssh_users:
|
system_base_additional_ssh_users:
|
||||||
- "pod-rproxy"
|
- "pod-rproxy"
|
||||||
system_base_additional_tcp_ports:
|
|
||||||
- 80
|
|
||||||
- 443
|
|
||||||
system_base_udp_ports:
|
system_base_udp_ports:
|
||||||
- 51820
|
- "{{ vpn_wireguard_port }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn
|
# vpn
|
||||||
@ -30,10 +27,11 @@ vpn_wireguard_clients:
|
|||||||
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
|
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn:bridge
|
# services
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
vpn_bridge_dnat:
|
services_host_services:
|
||||||
- address: "{{ vpn_bridge_prefix }}.2"
|
rproxy:
|
||||||
ports:
|
address: "{{ vpn_bridge_prefix }}.2"
|
||||||
- 80
|
tcp: [80, 443]
|
||||||
- 443
|
www:
|
||||||
|
address: "{{ vpn_bridge_prefix }}.3"
|
||||||
|
@ -16,14 +16,6 @@ system_zfs_zpools_load_key:
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
|
||||||
# system:base
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
|
||||||
system_base_additional_tcp_ports:
|
|
||||||
- 80
|
|
||||||
- 443
|
|
||||||
- 2770
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn
|
# vpn
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
@ -40,13 +32,18 @@ vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
|
|||||||
vpn_wireguard_routing_table: 66
|
vpn_wireguard_routing_table: 66
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn:bridge
|
# services
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
vpn_bridge_dnat:
|
services_host_services:
|
||||||
- address: "{{ vpn_bridge_prefix }}.2"
|
lrproxy:
|
||||||
ports:
|
address: "{{ vpn_bridge_prefix }}.2"
|
||||||
- 80
|
tcp: [80, 443]
|
||||||
- 443
|
database:
|
||||||
- address: "{{ vpn_bridge_prefix }}.5"
|
address: "{{ vpn_bridge_prefix }}.3"
|
||||||
ports:
|
cloud:
|
||||||
- 2770
|
address: "{{ vpn_bridge_prefix }}.4"
|
||||||
|
git:
|
||||||
|
address: "{{ vpn_bridge_prefix }}.5"
|
||||||
|
tcp: [2770]
|
||||||
|
notes:
|
||||||
|
address: "{{ vpn_bridge_prefix }}.6"
|
||||||
|
@ -1,4 +1,45 @@
|
|||||||
---
|
---
|
||||||
- ansible.builtin.import_playbook: "system.yml"
|
- name: "services : zfs"
|
||||||
- ansible.builtin.import_playbook: "valkyrie.yml"
|
hosts: "zfs"
|
||||||
- ansible.builtin.import_playbook: "yggdrasil.yml"
|
tasks:
|
||||||
|
- name: "datasets_system"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "datasets_system"
|
||||||
|
apply:
|
||||||
|
tags: "services:datasets_system"
|
||||||
|
tags: "always"
|
||||||
|
|
||||||
|
- name: "datasets_user"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "datasets_user"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- "services:datasets_user"
|
||||||
|
- "services:datasets_user:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}:datasets_user"
|
||||||
|
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: "services_service_name"
|
||||||
|
tags: "always"
|
||||||
|
|
||||||
|
- name: "services : asgard"
|
||||||
|
hosts: "asgard"
|
||||||
|
tasks:
|
||||||
|
- ansible.builtin.import_role:
|
||||||
|
name: "setup_system"
|
||||||
|
tags: "services:setup_system"
|
||||||
|
|
||||||
|
- name: "setup_user"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "setup_user"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- "services:setup_user"
|
||||||
|
- "services:setup_user:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}:setup_user"
|
||||||
|
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: "services_service_name"
|
||||||
|
tags: "always"
|
||||||
|
@ -23,24 +23,24 @@
|
|||||||
community.general.filesystem:
|
community.general.filesystem:
|
||||||
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||||
fstype: "ext4"
|
fstype: "ext4"
|
||||||
register: services_system_datasets_zvol_format
|
register: services_datasets_system_zvol_format
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: "get containers zvol uuid"
|
- name: "get containers zvol uuid"
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
||||||
register: services_system_datasets_zvol_uuid
|
register: services_datasets_system_zvol_uuid
|
||||||
|
|
||||||
- name: "system : add fstab entry and mount containers zvol"
|
- name: "system : add fstab entry and mount containers zvol"
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: "/var/lib/{{ ansible_hostname }}/containers"
|
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||||
src: "UUID={{ services_system_datasets_zvol_uuid.stdout }}"
|
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
|
||||||
fstype: "ext4"
|
fstype: "ext4"
|
||||||
state: "mounted"
|
state: "mounted"
|
||||||
|
|
||||||
when:
|
when:
|
||||||
services_system_datasets_zvol_format.changed
|
services_datasets_system_zvol_format.changed
|
||||||
|
|
||||||
- name: "create data root dataset"
|
- name: "create data root dataset"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
@ -7,7 +7,3 @@ argument_specs:
|
|||||||
services_service_name:
|
services_service_name:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
services_service_volumes:
|
|
||||||
type: "dict"
|
|
||||||
elem: "dict"
|
|
||||||
required: true
|
|
@ -1,13 +1,13 @@
|
|||||||
- name: "{{ services_service_name }} : set variables"
|
- name: "{{ services_service_name }} : set variables"
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.import_role:
|
||||||
name: "include"
|
name: "include"
|
||||||
tasks_from: "vars"
|
vars_from: "user"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : create home dataset"
|
- name: "{{ services_service_name }} : create home dataset"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
register: services_user_datasets_zfs_home
|
register: services_datasets_user_zfs_home
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : populate home dataset with skeleton"
|
- name: "{{ services_service_name }} : populate home dataset with skeleton"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
@ -15,7 +15,7 @@
|
|||||||
dest: "{{ services_service_user_home }}"
|
dest: "{{ services_service_user_home }}"
|
||||||
remote_src: true
|
remote_src: true
|
||||||
when:
|
when:
|
||||||
services_user_datasets_zfs_home.changed
|
services_datasets_user_zfs_home.changed
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : create data dataset"
|
- name: "{{ services_service_name }} : create data dataset"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
@ -24,9 +24,14 @@
|
|||||||
extra_zfs_properties:
|
extra_zfs_properties:
|
||||||
canmount: "off"
|
canmount: "off"
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : include volume list"
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: "include"
|
||||||
|
vars_from: "volumes"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : create volume datasets"
|
- name: "{{ services_service_name }} : create volume datasets"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
|
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
|
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
|
||||||
loop: "{{ services_service_volumes | dict2items }}"
|
loop: "{{ services_volumes[services_service_name] | dict2items }}"
|
@ -1,7 +0,0 @@
|
|||||||
- name: "vars : {{ services_service_name }} : set user name variable"
|
|
||||||
set_fact:
|
|
||||||
services_service_user_name: "pod-{{ services_service_name }}"
|
|
||||||
|
|
||||||
- name: "vars : {{ services_service_name }} : set user home variable"
|
|
||||||
set_fact:
|
|
||||||
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
|
2
plays/services/roles/include/vars/user.yml
Normal file
2
plays/services/roles/include/vars/user.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
services_service_user_name: "pod-{{ services_service_name }}"
|
||||||
|
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
21
plays/services/roles/include/vars/volumes.yml
Normal file
21
plays/services/roles/include/vars/volumes.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
services_volumes:
|
||||||
|
rproxy:
|
||||||
|
etc-letsencrypt:
|
||||||
|
www: {}
|
||||||
|
lrproxy:
|
||||||
|
etc-letsencrypt:
|
||||||
|
database:
|
||||||
|
wal:
|
||||||
|
extra_zfs_properties:
|
||||||
|
recordsize: "8K"
|
||||||
|
data:
|
||||||
|
extra_zfs_properties:
|
||||||
|
recordsize: "8K"
|
||||||
|
logbias: "throughput"
|
||||||
|
cloud:
|
||||||
|
nextcloud:
|
||||||
|
data:
|
||||||
|
git:
|
||||||
|
data:
|
||||||
|
notes:
|
||||||
|
data:
|
@ -9,21 +9,21 @@
|
|||||||
src: "./auto_update/pod-service-auto-update.service"
|
src: "./auto_update/pod-service-auto-update.service"
|
||||||
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_system_pod_service_auto_update_service_file
|
register: services_setup_system_pod_service_auto_update_service_file
|
||||||
|
|
||||||
- name: "auto_update : pod-service update timer"
|
- name: "auto_update : pod-service update timer"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./auto_update/pod-service-auto-update.timer"
|
src: "./auto_update/pod-service-auto-update.timer"
|
||||||
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_system_pod_service_auto_update_timer_file
|
register: services_setup_system_pod_service_auto_update_timer_file
|
||||||
|
|
||||||
- name: "auto_update : image prune service"
|
- name: "auto_update : image prune service"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./auto_update/podman-image-prune.service"
|
src: "./auto_update/podman-image-prune.service"
|
||||||
dest: "/etc/systemd/user/podman-image-prune.service"
|
dest: "/etc/systemd/user/podman-image-prune.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_system_podman_image_prune_service_file
|
register: services_setup_system_podman_image_prune_service_file
|
||||||
|
|
||||||
# Include instead of import as otherwise the when clause is always applied which triggers errors if
|
# Include instead of import as otherwise the when clause is always applied which triggers errors if
|
||||||
# the above tasks haven't executed.
|
# the above tasks haven't executed.
|
||||||
@ -32,6 +32,6 @@
|
|||||||
name: "include"
|
name: "include"
|
||||||
tasks_from: "daemon_reload"
|
tasks_from: "daemon_reload"
|
||||||
when:
|
when:
|
||||||
services_system_pod_service_auto_update_service_file.changed or
|
services_setup_system_pod_service_auto_update_service_file.changed or
|
||||||
services_system_pod_service_auto_update_timer_file.changed or
|
services_setup_system_pod_service_auto_update_timer_file.changed or
|
||||||
services_system_podman_image_prune_service_file.changed
|
services_setup_system_podman_image_prune_service_file.changed
|
@ -1,14 +1,14 @@
|
|||||||
- name: "nameserver : fetch valkyrie's resolv.conf"
|
- name: "nameserver : fetch valkyrie's resolv.conf"
|
||||||
ansible.builtin.fetch:
|
ansible.builtin.fetch:
|
||||||
src: "/etc/resolv.conf"
|
src: "/etc/resolv.conf"
|
||||||
dest: "./files/system_setup/nameserver/"
|
dest: "./files/setup_system/nameserver/"
|
||||||
flat: true
|
flat: true
|
||||||
when:
|
when:
|
||||||
ansible_hostname == "valkyrie"
|
ansible_hostname == "valkyrie"
|
||||||
|
|
||||||
- name: "nameserver : copy valkyrie's resolv.conf to other hosts"
|
- name: "nameserver : copy valkyrie's resolv.conf to other hosts"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "../../../files/system_setup/nameserver/resolv.conf"
|
src: "../../../files/setup_system/nameserver/resolv.conf"
|
||||||
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
||||||
when:
|
when:
|
||||||
ansible_hostname != "valkyrie"
|
ansible_hostname != "valkyrie"
|
@ -1,9 +1,9 @@
|
|||||||
- name: "podman : install podman"
|
- name: "podman : install podman"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "podman"
|
name: "podman"
|
||||||
register: services_system_setup_podman_install
|
register: services_setup_system_podman_install
|
||||||
|
|
||||||
- name: "podman : reboot host"
|
- name: "podman : reboot host"
|
||||||
ansible.builtin.reboot:
|
ansible.builtin.reboot:
|
||||||
when:
|
when:
|
||||||
services_system_setup_podman_install.changed
|
services_setup_system_podman_install.changed
|
@ -3,18 +3,18 @@
|
|||||||
src: "./veth/connect-pod-service@.service"
|
src: "./veth/connect-pod-service@.service"
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_system_setup_connect_pod_service_service_file
|
register: services_setup_system_connect_pod_service_service_file
|
||||||
|
|
||||||
- name: "veth : configure connect-pod-service path trigger"
|
- name: "veth : configure connect-pod-service path trigger"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./veth/connect-pod-service@.path.j2"
|
src: "./veth/connect-pod-service@.path.j2"
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_system_setup_connect_pod_service_path_file
|
register: services_setup_system_connect_pod_service_path_file
|
||||||
|
|
||||||
- name: "veth : systemd daemon reload"
|
- name: "veth : systemd daemon reload"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
when:
|
when:
|
||||||
services_system_setup_connect_pod_service_service_file.changed or
|
services_setup_system_connect_pod_service_service_file.changed or
|
||||||
services_system_setup_connect_pod_service_path_file.changed
|
services_setup_system_connect_pod_service_path_file.changed
|
19
plays/services/roles/setup_system/tasks/main.yml
Normal file
19
plays/services/roles/setup_system/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
- name: "play:services : role:setup_system : tasks:podman"
|
||||||
|
ansible.builtin.import_tasks: "include/podman.yml"
|
||||||
|
tags: "services:setup_system:podman"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_system : tasks:directories"
|
||||||
|
ansible.builtin.import_tasks: "include/directories.yml"
|
||||||
|
tags: "services:setup_system:directories"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_system : tasks:nameserver"
|
||||||
|
ansible.builtin.import_tasks: "include/nameserver.yml"
|
||||||
|
tags: "services:setup_system:nameserver"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_system : tasks:veth"
|
||||||
|
ansible.builtin.import_tasks: "include/veth.yml"
|
||||||
|
tags: "services:setup_system:veth"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_system : tasks:auto_update"
|
||||||
|
ansible.builtin.import_tasks: "include/auto_update.yml"
|
||||||
|
tags: "services:setup_system:auto_update"
|
@ -14,9 +14,14 @@
|
|||||||
group: "{{ services_service_user_name }}"
|
group: "{{ services_service_user_name }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : directories : include volume list"
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: "include"
|
||||||
|
vars_from: "volumes"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : directories : create volume directories"
|
- name: "{{ services_service_name }} : directories : create volume directories"
|
||||||
ansible.builtin.include_tasks: "directories/volumes.yml"
|
ansible.builtin.include_tasks: "directories/volumes.yml"
|
||||||
loop: "{{ services_service_volumes | dict2items }}"
|
loop: "{{ services_volumes[services_service_name] | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "services_service_volume"
|
loop_var: "services_service_volume"
|
||||||
|
|
@ -9,7 +9,7 @@
|
|||||||
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
|
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
||||||
register: services_user_setup_volume_mount
|
register: services_setup_user_volume_mount
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@ -19,4 +19,4 @@
|
|||||||
group: "{{ services_service_user_name }}"
|
group: "{{ services_service_user_name }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when:
|
when:
|
||||||
not services_user_setup_volume_mount.stat.exists
|
not services_setup_user_volume_mount.stat.exists
|
@ -11,11 +11,11 @@
|
|||||||
src: "./podman/storage.conf.j2"
|
src: "./podman/storage.conf.j2"
|
||||||
dest: "{{ services_service_user_home }}/.config/containers/storage.conf"
|
dest: "{{ services_service_user_home }}/.config/containers/storage.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_user_setup_containers_storage
|
register: services_setup_user_containers_storage
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : podman : reset podman"
|
- name: "{{ services_service_name }} : podman : reset podman"
|
||||||
ansible.builtin.shell: "cd $HOME; yes | podman system reset"
|
ansible.builtin.shell: "cd $HOME; yes | podman system reset"
|
||||||
when:
|
when:
|
||||||
services_user_setup_containers_storage.changed
|
services_setup_user_containers_storage.changed
|
||||||
|
|
||||||
become_user: "{{ services_service_user_name }}"
|
become_user: "{{ services_service_user_name }}"
|
@ -9,7 +9,7 @@
|
|||||||
- name: "{{ services_service_name }} : setup : set default shell"
|
- name: "{{ services_service_name }} : setup : set default shell"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ services_service_user_name }}"
|
name: "{{ services_service_user_name }}"
|
||||||
shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}"
|
shell: "{{ services_setup_user_shell[services_service_name] | default('/usr/sbin/nologin') }}"
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
@ -14,7 +14,7 @@
|
|||||||
fi'
|
fi'
|
||||||
vars:
|
vars:
|
||||||
services_service_iface_name: "veth-{{ services_service_name }}"
|
services_service_iface_name: "veth-{{ services_service_name }}"
|
||||||
services_service_iface_address: "{{ services_addresses[services_service_name] }}"
|
services_service_iface_address: "{{ services_host_services[services_service_name].address }}"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
55
plays/services/roles/setup_user/tasks/main.yml
Normal file
55
plays/services/roles/setup_user/tasks/main.yml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars"
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: "include"
|
||||||
|
vars_from: "user"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:user"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:user"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:user"
|
||||||
|
- "services:setup_user:directories"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:directories"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:directories"
|
||||||
|
- "services:setup_user:podman"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:podman"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:podman"
|
||||||
|
- "services:setup_user:auto_update"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:auto_update"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:auto_update"
|
||||||
|
- "services:setup_user:veth"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:veth"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:veth"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user"
|
||||||
|
ansible.builtin.import_tasks: "include/user.yml"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:user"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:user"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:user"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories"
|
||||||
|
ansible.builtin.import_tasks: "include/directories.yml"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:directories"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:directories"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:directories"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman"
|
||||||
|
ansible.builtin.import_tasks: "include/podman.yml"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:podman"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:podman"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:podman"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update"
|
||||||
|
ansible.builtin.import_tasks: "include/auto_update.yml"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:auto_update"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:auto_update"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:auto_update"
|
||||||
|
|
||||||
|
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth"
|
||||||
|
ansible.builtin.import_tasks: "include/veth.yml"
|
||||||
|
tags:
|
||||||
|
- "services:setup_user:veth"
|
||||||
|
- "services:setup_user:{{ services_service_name }}:veth"
|
||||||
|
- "services:{{ services_service_name }}:setup_user:veth"
|
2
plays/services/roles/setup_user/vars/main.yml
Normal file
2
plays/services/roles/setup_user/vars/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
services_setup_user_shell:
|
||||||
|
rproxy: "/usr/bin/rbash"
|
@ -1,19 +0,0 @@
|
|||||||
- name: "play:services : role:system_setup : tasks:podman"
|
|
||||||
ansible.builtin.import_tasks: "include/podman.yml"
|
|
||||||
tags: "services:system_setup:podman"
|
|
||||||
|
|
||||||
- name: "play:services : role:system_setup : tasks:directories"
|
|
||||||
ansible.builtin.import_tasks: "include/directories.yml"
|
|
||||||
tags: "services:system_setup:directories"
|
|
||||||
|
|
||||||
- name: "play:services : role:system_setup : tasks:nameserver"
|
|
||||||
ansible.builtin.import_tasks: "include/nameserver.yml"
|
|
||||||
tags: "services:system_setup:nameserver"
|
|
||||||
|
|
||||||
- name: "play:services : role:system_setup : tasks:veth"
|
|
||||||
ansible.builtin.import_tasks: "include/veth.yml"
|
|
||||||
tags: "services:system_setup:veth"
|
|
||||||
|
|
||||||
- name: "play:services : role:system_setup : tasks:auto_update"
|
|
||||||
ansible.builtin.import_tasks: "include/auto_update.yml"
|
|
||||||
tags: "services:system_setup:auto_update"
|
|
@ -1,55 +0,0 @@
|
|||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:vars"
|
|
||||||
ansible.builtin.import_role:
|
|
||||||
name: "include"
|
|
||||||
tasks_from: "vars"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:user"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:user"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:user"
|
|
||||||
- "services:user_setup:directories"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:directories"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:directories"
|
|
||||||
- "services:user_setup:podman"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:podman"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:podman"
|
|
||||||
- "services:user_setup:auto_update"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:auto_update"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:auto_update"
|
|
||||||
- "services:user_setup:veth"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:veth"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:veth"
|
|
||||||
|
|
||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:user"
|
|
||||||
ansible.builtin.import_tasks: "include/user.yml"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:user"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:user"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:user"
|
|
||||||
|
|
||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:directories"
|
|
||||||
ansible.builtin.import_tasks: "include/directories.yml"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:directories"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:directories"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:directories"
|
|
||||||
|
|
||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:podman"
|
|
||||||
ansible.builtin.import_tasks: "include/podman.yml"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:podman"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:podman"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:podman"
|
|
||||||
|
|
||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:auto_update"
|
|
||||||
ansible.builtin.import_tasks: "include/auto_update.yml"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:auto_update"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:auto_update"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:auto_update"
|
|
||||||
|
|
||||||
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:veth"
|
|
||||||
ansible.builtin.import_tasks: "include/veth.yml"
|
|
||||||
tags:
|
|
||||||
- "services:user_setup:veth"
|
|
||||||
- "services:user_setup:{{ services_service_name }}:veth"
|
|
||||||
- "services:{{ services_service_name }}:user_setup:veth"
|
|
@ -1,28 +0,0 @@
|
|||||||
- name: "services : system : asgard"
|
|
||||||
hosts: "asgard"
|
|
||||||
tasks:
|
|
||||||
- name: "system_datasets"
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: "system_datasets"
|
|
||||||
apply:
|
|
||||||
tags: "services:system_datasets"
|
|
||||||
when:
|
|
||||||
"'zfs' in group_names"
|
|
||||||
tags: "always"
|
|
||||||
|
|
||||||
- ansible.builtin.import_role:
|
|
||||||
name: "system_setup"
|
|
||||||
tags: "services:system_setup"
|
|
||||||
|
|
||||||
- name: "set service bridge addresses"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
services_bridge_gateway: "{{ vpn_bridge_prefix }}.1"
|
|
||||||
services_addresses:
|
|
||||||
rproxy: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.2"
|
|
||||||
www: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.3"
|
|
||||||
lrproxy: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.2"
|
|
||||||
database: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.3"
|
|
||||||
cloud: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.4"
|
|
||||||
git: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.5"
|
|
||||||
notes: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.6"
|
|
||||||
tags: "always"
|
|
@ -1,39 +0,0 @@
|
|||||||
- name: "services : valkyrie"
|
|
||||||
hosts: "valkyrie"
|
|
||||||
tasks:
|
|
||||||
- name: "set service volumes"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
services_valkyrie_volumes:
|
|
||||||
rproxy:
|
|
||||||
etc-letsencrypt:
|
|
||||||
www: {}
|
|
||||||
tags: "always"
|
|
||||||
|
|
||||||
- name: "user_setup"
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: "user_setup"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- "services:user_setup"
|
|
||||||
- "services:user_setup:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}:user_setup"
|
|
||||||
vars:
|
|
||||||
services_service_name: "rproxy"
|
|
||||||
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
|
|
||||||
services_service_user_shell: "/usr/bin/rbash"
|
|
||||||
tags: "always"
|
|
||||||
|
|
||||||
- name: "user_setup"
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: "user_setup"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- "services:user_setup"
|
|
||||||
- "services:user_setup:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}:user_setup"
|
|
||||||
vars:
|
|
||||||
services_service_name: "www"
|
|
||||||
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
|
|
||||||
tags: "always"
|
|
@ -1,62 +0,0 @@
|
|||||||
- name: "services : yggdrasil"
|
|
||||||
hosts: "yggdrasil"
|
|
||||||
tasks:
|
|
||||||
- name: "set service volumes"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
services_yggdrasil_services:
|
|
||||||
- "lrproxy"
|
|
||||||
- "database"
|
|
||||||
- "cloud"
|
|
||||||
- "git"
|
|
||||||
- "notes"
|
|
||||||
services_yggdrasil_volumes:
|
|
||||||
lrproxy:
|
|
||||||
etc-letsencrypt:
|
|
||||||
database:
|
|
||||||
wal:
|
|
||||||
extra_zfs_properties:
|
|
||||||
recordsize: "8K"
|
|
||||||
data:
|
|
||||||
extra_zfs_properties:
|
|
||||||
recordsize: "8K"
|
|
||||||
logbias: "throughput"
|
|
||||||
cloud:
|
|
||||||
nextcloud:
|
|
||||||
data:
|
|
||||||
git:
|
|
||||||
data:
|
|
||||||
notes:
|
|
||||||
data:
|
|
||||||
tags: "always"
|
|
||||||
|
|
||||||
- name: "user_datasets"
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: "user_datasets"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- "services:user_datasets"
|
|
||||||
- "services:user_datasets:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}:user_datasets"
|
|
||||||
vars:
|
|
||||||
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
|
|
||||||
loop: "{{ services_yggdrasil_services }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: "services_service_name"
|
|
||||||
tags: "always"
|
|
||||||
|
|
||||||
- name: "user_setup"
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: "user_setup"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- "services:user_setup"
|
|
||||||
- "services:user_setup:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}"
|
|
||||||
- "services:{{ services_service_name }}:user_setup"
|
|
||||||
vars:
|
|
||||||
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
|
|
||||||
loop: "{{ services_yggdrasil_services }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: "services_service_name"
|
|
||||||
tags: "always"
|
|
Loading…
Reference in New Issue
Block a user