Another re-arrangement of services play

This commit is contained in:
Wojciech Kozlowski 2022-12-14 21:19:05 +01:00
parent d547729275
commit 5d1877bfec
42 changed files with 219 additions and 274 deletions

View File

@ -1,3 +1,9 @@
# --------------------------------------------------------------------------------------------------
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_tcp_ports: "{{
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn:wireguard # vpn:wireguard
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
@ -13,6 +19,9 @@ vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1" vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255" vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
vpn_bridge_netmask: "255.255.255.0" vpn_bridge_netmask: "255.255.255.0"
vpn_bridge_dnat: "{{ services_host_services | dict2items |
community.general.json_query('[?@.value.tcp].
{address: value.address, ports: value.tcp}') }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
@ -52,6 +61,11 @@ services:
smtp_name: "{{ vault_services.notes.smtp_name }}" smtp_name: "{{ vault_services.notes.smtp_name }}"
smtp_password: "{{ vault_services.notes.smtp_password }}" smtp_password: "{{ vault_services.notes.smtp_password }}"
# --------------------------------------------------------------------------------------------------
# services:user_setup
# --------------------------------------------------------------------------------------------------
services_bridge_gateway: "{{ vpn_bridge_address }}"
scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}" scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}"
scw_access_key: "{{ vault_scw_access_key }}" scw_access_key: "{{ vault_scw_access_key }}"
scw_secret_key: "{{ vault_scw_secret_key }}" scw_secret_key: "{{ vault_scw_secret_key }}"

View File

@ -7,7 +7,7 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# system:base # system:base
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_base_udp_ports: system_base_udp_ports:
- 12768 - "{{ vpn_wireguard_port }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn:wireguard # vpn:wireguard

View File

@ -8,11 +8,8 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_base_additional_ssh_users: system_base_additional_ssh_users:
- "pod-rproxy" - "pod-rproxy"
system_base_additional_tcp_ports:
- 80
- 443
system_base_udp_ports: system_base_udp_ports:
- 51820 - "{{ vpn_wireguard_port }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn # vpn
@ -30,10 +27,11 @@ vpn_wireguard_clients:
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24" subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn:bridge # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
vpn_bridge_dnat: services_host_services:
- address: "{{ vpn_bridge_prefix }}.2" rproxy:
ports: address: "{{ vpn_bridge_prefix }}.2"
- 80 tcp: [80, 443]
- 443 www:
address: "{{ vpn_bridge_prefix }}.3"

View File

@ -16,14 +16,6 @@ system_zfs_zpools_load_key:
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# --------------------------------------------------------------------------------------------------
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_tcp_ports:
- 80
- 443
- 2770
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn # vpn
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
@ -40,13 +32,18 @@ vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
vpn_wireguard_routing_table: 66 vpn_wireguard_routing_table: 66
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn:bridge # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
vpn_bridge_dnat: services_host_services:
- address: "{{ vpn_bridge_prefix }}.2" lrproxy:
ports: address: "{{ vpn_bridge_prefix }}.2"
- 80 tcp: [80, 443]
- 443 database:
- address: "{{ vpn_bridge_prefix }}.5" address: "{{ vpn_bridge_prefix }}.3"
ports: cloud:
- 2770 address: "{{ vpn_bridge_prefix }}.4"
git:
address: "{{ vpn_bridge_prefix }}.5"
tcp: [2770]
notes:
address: "{{ vpn_bridge_prefix }}.6"

View File

@ -1,4 +1,45 @@
--- ---
- ansible.builtin.import_playbook: "system.yml" - name: "services : zfs"
- ansible.builtin.import_playbook: "valkyrie.yml" hosts: "zfs"
- ansible.builtin.import_playbook: "yggdrasil.yml" tasks:
- name: "datasets_system"
ansible.builtin.include_role:
name: "datasets_system"
apply:
tags: "services:datasets_system"
tags: "always"
- name: "datasets_user"
ansible.builtin.include_role:
name: "datasets_user"
apply:
tags:
- "services:datasets_user"
- "services:datasets_user:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:datasets_user"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "services : asgard"
hosts: "asgard"
tasks:
- ansible.builtin.import_role:
name: "setup_system"
tags: "services:setup_system"
- name: "setup_user"
ansible.builtin.include_role:
name: "setup_user"
apply:
tags:
- "services:setup_user"
- "services:setup_user:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:setup_user"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"

View File

@ -23,24 +23,24 @@
community.general.filesystem: community.general.filesystem:
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
fstype: "ext4" fstype: "ext4"
register: services_system_datasets_zvol_format register: services_datasets_system_zvol_format
- block: - block:
- name: "get containers zvol uuid" - name: "get containers zvol uuid"
ansible.builtin.command: >- ansible.builtin.command: >-
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
register: services_system_datasets_zvol_uuid register: services_datasets_system_zvol_uuid
- name: "system : add fstab entry and mount containers zvol" - name: "system : add fstab entry and mount containers zvol"
ansible.posix.mount: ansible.posix.mount:
path: "/var/lib/{{ ansible_hostname }}/containers" path: "/var/lib/{{ ansible_hostname }}/containers"
src: "UUID={{ services_system_datasets_zvol_uuid.stdout }}" src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
fstype: "ext4" fstype: "ext4"
state: "mounted" state: "mounted"
when: when:
services_system_datasets_zvol_format.changed services_datasets_system_zvol_format.changed
- name: "create data root dataset" - name: "create data root dataset"
community.general.zfs: community.general.zfs:

View File

@ -7,7 +7,3 @@ argument_specs:
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true
services_service_volumes:
type: "dict"
elem: "dict"
required: true

View File

@ -1,13 +1,13 @@
- name: "{{ services_service_name }} : set variables" - name: "{{ services_service_name }} : set variables"
ansible.builtin.import_role: ansible.builtin.import_role:
name: "include" name: "include"
tasks_from: "vars" vars_from: "user"
- name: "{{ services_service_name }} : create home dataset" - name: "{{ services_service_name }} : create home dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
state: "present" state: "present"
register: services_user_datasets_zfs_home register: services_datasets_user_zfs_home
- name: "{{ services_service_name }} : populate home dataset with skeleton" - name: "{{ services_service_name }} : populate home dataset with skeleton"
ansible.builtin.copy: ansible.builtin.copy:
@ -15,7 +15,7 @@
dest: "{{ services_service_user_home }}" dest: "{{ services_service_user_home }}"
remote_src: true remote_src: true
when: when:
services_user_datasets_zfs_home.changed services_datasets_user_zfs_home.changed
- name: "{{ services_service_name }} : create data dataset" - name: "{{ services_service_name }} : create data dataset"
community.general.zfs: community.general.zfs:
@ -24,9 +24,14 @@
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"
- name: "{{ services_service_name }} : include volume list"
ansible.builtin.import_role:
name: "include"
vars_from: "volumes"
- name: "{{ services_service_name }} : create volume datasets" - name: "{{ services_service_name }} : create volume datasets"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}" name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
state: "present" state: "present"
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}" extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
loop: "{{ services_service_volumes | dict2items }}" loop: "{{ services_volumes[services_service_name] | dict2items }}"

View File

@ -1,7 +0,0 @@
- name: "vars : {{ services_service_name }} : set user name variable"
set_fact:
services_service_user_name: "pod-{{ services_service_name }}"
- name: "vars : {{ services_service_name }} : set user home variable"
set_fact:
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"

View File

@ -0,0 +1,2 @@
services_service_user_name: "pod-{{ services_service_name }}"
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"

View File

@ -0,0 +1,21 @@
services_volumes:
rproxy:
etc-letsencrypt:
www: {}
lrproxy:
etc-letsencrypt:
database:
wal:
extra_zfs_properties:
recordsize: "8K"
data:
extra_zfs_properties:
recordsize: "8K"
logbias: "throughput"
cloud:
nextcloud:
data:
git:
data:
notes:
data:

View File

@ -9,21 +9,21 @@
src: "./auto_update/pod-service-auto-update.service" src: "./auto_update/pod-service-auto-update.service"
dest: "/etc/systemd/user/pod-service-auto-update.service" dest: "/etc/systemd/user/pod-service-auto-update.service"
mode: 0644 mode: 0644
register: services_system_pod_service_auto_update_service_file register: services_setup_system_pod_service_auto_update_service_file
- name: "auto_update : pod-service update timer" - name: "auto_update : pod-service update timer"
ansible.builtin.copy: ansible.builtin.copy:
src: "./auto_update/pod-service-auto-update.timer" src: "./auto_update/pod-service-auto-update.timer"
dest: "/etc/systemd/user/pod-service-auto-update.timer" dest: "/etc/systemd/user/pod-service-auto-update.timer"
mode: 0644 mode: 0644
register: services_system_pod_service_auto_update_timer_file register: services_setup_system_pod_service_auto_update_timer_file
- name: "auto_update : image prune service" - name: "auto_update : image prune service"
ansible.builtin.copy: ansible.builtin.copy:
src: "./auto_update/podman-image-prune.service" src: "./auto_update/podman-image-prune.service"
dest: "/etc/systemd/user/podman-image-prune.service" dest: "/etc/systemd/user/podman-image-prune.service"
mode: 0644 mode: 0644
register: services_system_podman_image_prune_service_file register: services_setup_system_podman_image_prune_service_file
# Include instead of import as otherwise the when clause is always applied which triggers errors if # Include instead of import as otherwise the when clause is always applied which triggers errors if
# the above tasks haven't executed. # the above tasks haven't executed.
@ -32,6 +32,6 @@
name: "include" name: "include"
tasks_from: "daemon_reload" tasks_from: "daemon_reload"
when: when:
services_system_pod_service_auto_update_service_file.changed or services_setup_system_pod_service_auto_update_service_file.changed or
services_system_pod_service_auto_update_timer_file.changed or services_setup_system_pod_service_auto_update_timer_file.changed or
services_system_podman_image_prune_service_file.changed services_setup_system_podman_image_prune_service_file.changed

View File

@ -1,14 +1,14 @@
- name: "nameserver : fetch valkyrie's resolv.conf" - name: "nameserver : fetch valkyrie's resolv.conf"
ansible.builtin.fetch: ansible.builtin.fetch:
src: "/etc/resolv.conf" src: "/etc/resolv.conf"
dest: "./files/system_setup/nameserver/" dest: "./files/setup_system/nameserver/"
flat: true flat: true
when: when:
ansible_hostname == "valkyrie" ansible_hostname == "valkyrie"
- name: "nameserver : copy valkyrie's resolv.conf to other hosts" - name: "nameserver : copy valkyrie's resolv.conf to other hosts"
ansible.builtin.copy: ansible.builtin.copy:
src: "../../../files/system_setup/nameserver/resolv.conf" src: "../../../files/setup_system/nameserver/resolv.conf"
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
when: when:
ansible_hostname != "valkyrie" ansible_hostname != "valkyrie"

View File

@ -1,9 +1,9 @@
- name: "podman : install podman" - name: "podman : install podman"
ansible.builtin.apt: ansible.builtin.apt:
name: "podman" name: "podman"
register: services_system_setup_podman_install register: services_setup_system_podman_install
- name: "podman : reboot host" - name: "podman : reboot host"
ansible.builtin.reboot: ansible.builtin.reboot:
when: when:
services_system_setup_podman_install.changed services_setup_system_podman_install.changed

View File

@ -3,18 +3,18 @@
src: "./veth/connect-pod-service@.service" src: "./veth/connect-pod-service@.service"
dest: "/etc/systemd/system/connect-pod-service@.service" dest: "/etc/systemd/system/connect-pod-service@.service"
mode: 0644 mode: 0644
register: services_system_setup_connect_pod_service_service_file register: services_setup_system_connect_pod_service_service_file
- name: "veth : configure connect-pod-service path trigger" - name: "veth : configure connect-pod-service path trigger"
ansible.builtin.template: ansible.builtin.template:
src: "./veth/connect-pod-service@.path.j2" src: "./veth/connect-pod-service@.path.j2"
dest: "/etc/systemd/system/connect-pod-service@.path" dest: "/etc/systemd/system/connect-pod-service@.path"
mode: 0644 mode: 0644
register: services_system_setup_connect_pod_service_path_file register: services_setup_system_connect_pod_service_path_file
- name: "veth : systemd daemon reload" - name: "veth : systemd daemon reload"
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
when: when:
services_system_setup_connect_pod_service_service_file.changed or services_setup_system_connect_pod_service_service_file.changed or
services_system_setup_connect_pod_service_path_file.changed services_setup_system_connect_pod_service_path_file.changed

View File

@ -0,0 +1,19 @@
- name: "play:services : role:setup_system : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags: "services:setup_system:podman"
- name: "play:services : role:setup_system : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags: "services:setup_system:directories"
- name: "play:services : role:setup_system : tasks:nameserver"
ansible.builtin.import_tasks: "include/nameserver.yml"
tags: "services:setup_system:nameserver"
- name: "play:services : role:setup_system : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags: "services:setup_system:veth"
- name: "play:services : role:setup_system : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags: "services:setup_system:auto_update"

View File

@ -14,9 +14,14 @@
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
mode: 0755 mode: 0755
- name: "{{ services_service_name }} : directories : include volume list"
ansible.builtin.import_role:
name: "include"
vars_from: "volumes"
- name: "{{ services_service_name }} : directories : create volume directories" - name: "{{ services_service_name }} : directories : create volume directories"
ansible.builtin.include_tasks: "directories/volumes.yml" ansible.builtin.include_tasks: "directories/volumes.yml"
loop: "{{ services_service_volumes | dict2items }}" loop: "{{ services_volumes[services_service_name] | dict2items }}"
loop_control: loop_control:
loop_var: "services_service_volume" loop_var: "services_service_volume"

View File

@ -9,7 +9,7 @@
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists" - name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
ansible.builtin.stat: ansible.builtin.stat:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
register: services_user_setup_volume_mount register: services_setup_user_volume_mount
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount" - name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
ansible.builtin.file: ansible.builtin.file:
@ -19,4 +19,4 @@
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
mode: 0755 mode: 0755
when: when:
not services_user_setup_volume_mount.stat.exists not services_setup_user_volume_mount.stat.exists

View File

@ -11,11 +11,11 @@
src: "./podman/storage.conf.j2" src: "./podman/storage.conf.j2"
dest: "{{ services_service_user_home }}/.config/containers/storage.conf" dest: "{{ services_service_user_home }}/.config/containers/storage.conf"
mode: 0644 mode: 0644
register: services_user_setup_containers_storage register: services_setup_user_containers_storage
- name: "{{ services_service_name }} : podman : reset podman" - name: "{{ services_service_name }} : podman : reset podman"
ansible.builtin.shell: "cd $HOME; yes | podman system reset" ansible.builtin.shell: "cd $HOME; yes | podman system reset"
when: when:
services_user_setup_containers_storage.changed services_setup_user_containers_storage.changed
become_user: "{{ services_service_user_name }}" become_user: "{{ services_service_user_name }}"

View File

@ -9,7 +9,7 @@
- name: "{{ services_service_name }} : setup : set default shell" - name: "{{ services_service_name }} : setup : set default shell"
ansible.builtin.user: ansible.builtin.user:
name: "{{ services_service_user_name }}" name: "{{ services_service_user_name }}"
shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}" shell: "{{ services_setup_user_shell[services_service_name] | default('/usr/sbin/nologin') }}"
- block: - block:

View File

@ -14,7 +14,7 @@
fi' fi'
vars: vars:
services_service_iface_name: "veth-{{ services_service_name }}" services_service_iface_name: "veth-{{ services_service_name }}"
services_service_iface_address: "{{ services_addresses[services_service_name] }}" services_service_iface_address: "{{ services_host_services[services_service_name].address }}"
- name: "{{ services_service_name }} : veth : enable the path trigger" - name: "{{ services_service_name }} : veth : enable the path trigger"
ansible.builtin.systemd: ansible.builtin.systemd:

View File

@ -0,0 +1,55 @@
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "include"
vars_from: "user"
tags:
- "services:setup_user:user"
- "services:setup_user:{{ services_service_name }}:user"
- "services:{{ services_service_name }}:setup_user:user"
- "services:setup_user:directories"
- "services:setup_user:{{ services_service_name }}:directories"
- "services:{{ services_service_name }}:setup_user:directories"
- "services:setup_user:podman"
- "services:setup_user:{{ services_service_name }}:podman"
- "services:{{ services_service_name }}:setup_user:podman"
- "services:setup_user:auto_update"
- "services:setup_user:{{ services_service_name }}:auto_update"
- "services:{{ services_service_name }}:setup_user:auto_update"
- "services:setup_user:veth"
- "services:setup_user:{{ services_service_name }}:veth"
- "services:{{ services_service_name }}:setup_user:veth"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user"
ansible.builtin.import_tasks: "include/user.yml"
tags:
- "services:setup_user:user"
- "services:setup_user:{{ services_service_name }}:user"
- "services:{{ services_service_name }}:setup_user:user"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags:
- "services:setup_user:directories"
- "services:setup_user:{{ services_service_name }}:directories"
- "services:{{ services_service_name }}:setup_user:directories"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags:
- "services:setup_user:podman"
- "services:setup_user:{{ services_service_name }}:podman"
- "services:{{ services_service_name }}:setup_user:podman"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags:
- "services:setup_user:auto_update"
- "services:setup_user:{{ services_service_name }}:auto_update"
- "services:{{ services_service_name }}:setup_user:auto_update"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags:
- "services:setup_user:veth"
- "services:setup_user:{{ services_service_name }}:veth"
- "services:{{ services_service_name }}:setup_user:veth"

View File

@ -0,0 +1,2 @@
services_setup_user_shell:
rproxy: "/usr/bin/rbash"

View File

@ -1,19 +0,0 @@
- name: "play:services : role:system_setup : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags: "services:system_setup:podman"
- name: "play:services : role:system_setup : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags: "services:system_setup:directories"
- name: "play:services : role:system_setup : tasks:nameserver"
ansible.builtin.import_tasks: "include/nameserver.yml"
tags: "services:system_setup:nameserver"
- name: "play:services : role:system_setup : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags: "services:system_setup:veth"
- name: "play:services : role:system_setup : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags: "services:system_setup:auto_update"

View File

@ -1,55 +0,0 @@
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "include"
tasks_from: "vars"
tags:
- "services:user_setup:user"
- "services:user_setup:{{ services_service_name }}:user"
- "services:{{ services_service_name }}:user_setup:user"
- "services:user_setup:directories"
- "services:user_setup:{{ services_service_name }}:directories"
- "services:{{ services_service_name }}:user_setup:directories"
- "services:user_setup:podman"
- "services:user_setup:{{ services_service_name }}:podman"
- "services:{{ services_service_name }}:user_setup:podman"
- "services:user_setup:auto_update"
- "services:user_setup:{{ services_service_name }}:auto_update"
- "services:{{ services_service_name }}:user_setup:auto_update"
- "services:user_setup:veth"
- "services:user_setup:{{ services_service_name }}:veth"
- "services:{{ services_service_name }}:user_setup:veth"
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:user"
ansible.builtin.import_tasks: "include/user.yml"
tags:
- "services:user_setup:user"
- "services:user_setup:{{ services_service_name }}:user"
- "services:{{ services_service_name }}:user_setup:user"
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags:
- "services:user_setup:directories"
- "services:user_setup:{{ services_service_name }}:directories"
- "services:{{ services_service_name }}:user_setup:directories"
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags:
- "services:user_setup:podman"
- "services:user_setup:{{ services_service_name }}:podman"
- "services:{{ services_service_name }}:user_setup:podman"
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags:
- "services:user_setup:auto_update"
- "services:user_setup:{{ services_service_name }}:auto_update"
- "services:{{ services_service_name }}:user_setup:auto_update"
- name: "play:services : role:user_setup:{{ services_service_name }} : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags:
- "services:user_setup:veth"
- "services:user_setup:{{ services_service_name }}:veth"
- "services:{{ services_service_name }}:user_setup:veth"

View File

@ -1,28 +0,0 @@
- name: "services : system : asgard"
hosts: "asgard"
tasks:
- name: "system_datasets"
ansible.builtin.include_role:
name: "system_datasets"
apply:
tags: "services:system_datasets"
when:
"'zfs' in group_names"
tags: "always"
- ansible.builtin.import_role:
name: "system_setup"
tags: "services:system_setup"
- name: "set service bridge addresses"
ansible.builtin.set_fact:
services_bridge_gateway: "{{ vpn_bridge_prefix }}.1"
services_addresses:
rproxy: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.2"
www: "{{ hostvars.valkyrie.vpn_bridge_prefix }}.3"
lrproxy: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.2"
database: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.3"
cloud: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.4"
git: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.5"
notes: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.6"
tags: "always"

View File

@ -1,39 +0,0 @@
- name: "services : valkyrie"
hosts: "valkyrie"
tasks:
- name: "set service volumes"
ansible.builtin.set_fact:
services_valkyrie_volumes:
rproxy:
etc-letsencrypt:
www: {}
tags: "always"
- name: "user_setup"
ansible.builtin.include_role:
name: "user_setup"
apply:
tags:
- "services:user_setup"
- "services:user_setup:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:user_setup"
vars:
services_service_name: "rproxy"
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
services_service_user_shell: "/usr/bin/rbash"
tags: "always"
- name: "user_setup"
ansible.builtin.include_role:
name: "user_setup"
apply:
tags:
- "services:user_setup"
- "services:user_setup:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:user_setup"
vars:
services_service_name: "www"
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
tags: "always"

View File

@ -1,62 +0,0 @@
- name: "services : yggdrasil"
hosts: "yggdrasil"
tasks:
- name: "set service volumes"
ansible.builtin.set_fact:
services_yggdrasil_services:
- "lrproxy"
- "database"
- "cloud"
- "git"
- "notes"
services_yggdrasil_volumes:
lrproxy:
etc-letsencrypt:
database:
wal:
extra_zfs_properties:
recordsize: "8K"
data:
extra_zfs_properties:
recordsize: "8K"
logbias: "throughput"
cloud:
nextcloud:
data:
git:
data:
notes:
data:
tags: "always"
- name: "user_datasets"
ansible.builtin.include_role:
name: "user_datasets"
apply:
tags:
- "services:user_datasets"
- "services:user_datasets:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:user_datasets"
vars:
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
loop: "{{ services_yggdrasil_services }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "user_setup"
ansible.builtin.include_role:
name: "user_setup"
apply:
tags:
- "services:user_setup"
- "services:user_setup:{{ services_service_name }}"
- "services:{{ services_service_name }}"
- "services:{{ services_service_name }}:user_setup"
vars:
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
loop: "{{ services_yggdrasil_services }}"
loop_control:
loop_var: "services_service_name"
tags: "always"