Fix baldur playbook

This commit is contained in:
Wojciech Kozlowski 2023-07-15 19:48:50 +02:00
parent 867eca1e9b
commit 7b84ee2d21
11 changed files with 164 additions and 62 deletions

View File

@ -4,11 +4,27 @@
# --------------------------------------------------------------------------------------------------
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_hostname: "baldur"
# --------------------------------------------------------------------------------------------------
# vpn
# --------------------------------------------------------------------------------------------------
vpn_subnet_id: 3
# --------------------------------------------------------------------------------------------------
# music:rip
# --------------------------------------------------------------------------------------------------
music_user_name: "music"
music_user_password: "{{ vault_music_user_password }}"
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
music_user_data_collection_directory: "{{ music_user_data_directory }}/collection"
music_user_data_archive_directory: "{{ music_user_data_directory }}/archive"
# --------------------------------------------------------------------------------------------------
# services
# --------------------------------------------------------------------------------------------------
@ -18,17 +34,29 @@ services_resolv_host: "baldur"
services_host_services:
lrproxy:
address: "{{ vpn_bridge_prefix }}.2"
tcp: [80, 443]
restic: true
database:
address: "{{ vpn_bridge_prefix }}.3"
restic: true
cloud:
address: "{{ vpn_bridge_prefix }}.4"
restic: true
git:
address: "{{ vpn_bridge_prefix }}.5"
tcp: ["{{ services.git.ssh_port }}"]
restic: true
notes:
address: "{{ vpn_bridge_prefix }}.6"
restic: true
music:
address: "{{ vpn_bridge_prefix }}.7"
www:
collection_path: "{{ music_user_data_collection_directory }}"
archive_path: "{{ music_user_data_archive_directory }}"
restic: true
rproxy:
address: "{{ vpn_bridge_prefix }}.8"
tcp: [80, 443]
restic: true
www:
address: "{{ vpn_bridge_prefix }}.9"
restic: false

View File

@ -12,7 +12,7 @@
default('127.0.0.1') }}"
loop: "{{ [system_mail_smtp_server | default([])] |
union( [vpn_wireguard_server_address | default([])] ) |
union( [services_backups_restic_aws_bucket_endpoint | default([])] ) |
union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
flatten }}"
when: not (the_nine_worlds_production | bool)
tags: "always"
@ -51,6 +51,37 @@
tags:
- "system:base"
- "system:base:user"
vars:
system_base_user_become_user: "{{ system_base_ssh_user }}"
- role: "system/directories"
tags: "system:directories"
# ----------------------------------------------------------------------------------------------
# backups
# ----------------------------------------------------------------------------------------------
- role: "backups/restic/setup"
tags: "backups:restic:setup"
# ----------------------------------------------------------------------------------------------
# music
# ----------------------------------------------------------------------------------------------
- role: "music/user"
tags: "music:user"
vars:
music_user_public_key_file: "~/.ssh/debian-virt.pub"
- role: "music/collection"
tags: "music:collection"
- role: "backups/restic/user"
vars:
backups_restic_user_name: "{{ music_user_name }}"
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}"
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
tags:
- "music:backups"
- "music:backups:restic"
- "music:backups:restic:user"
# ----------------------------------------------------------------------------------------------
# vpn
@ -60,12 +91,6 @@
- role: "vpn/bridge"
tags: "vpn:bridge"
# ----------------------------------------------------------------------------------------------
# backups
# ----------------------------------------------------------------------------------------------
- role: "backups/restic/setup"
tags: "backups:restic:setup"
# ----------------------------------------------------------------------------------------------
# services
# ----------------------------------------------------------------------------------------------
@ -106,15 +131,26 @@
- name: "backups : restic"
ansible.builtin.include_role:
name: "services/backups/restic"
name: "backups/restic/user"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:backups"
- "services:backups:restic"
- "services:backups:restic:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups:restic"
- "services:backups:restic:user"
- "services:backups:restic:user:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups:restic:user"
vars:
backups_restic_user_name: "\
{{ services_backups_restic_services[services_service_name].user_name }}"
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
backups_restic_user_data_dataset: "\
{{ services_backups_restic_services[services_service_name].data_dataset | default('') }}"
backups_restic_user_data_directory: "\
{{ services_backups_restic_services[services_service_name].data_directory }}"
backups_restic_user_aws_bucket_prefix: "\
{{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
when: "services_host_services[services_service_name].restic"
loop_control:
loop_var: "services_service_name"
tags: "always"

View File

@ -2,8 +2,14 @@
- name: "music : yggdrasil"
hosts: "yggdrasil"
roles:
- role: "music/datasets"
tags: "music:datasets"
- role: "music/datasets/user"
tags:
- "music:datasets"
- "music:datasets:user"
- role: "music/datasets/collection"
tags:
- "music:datasets"
- "music:datasets:collection"
- role: "music/user"
tags: "music:user"
vars:
@ -13,6 +19,8 @@
{% else %}\
~/.ssh/debian-virt.pub\
{% endif %}"
- role: "music/collection"
tags: "music:collection"
- role: "music/rip"
tags: "music:rip"
- role: "backups/snapshots/user"
@ -33,10 +41,11 @@
backups_restic_user_data_dataset: "{{ music_user_data_dataset }}"
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"
tags:
- "music:backups"
- "music:backups:restic"
- "music:backups:restic:user"
- role: "music/org"
tags: "music:org"
vars:
music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"

View File

@ -0,0 +1,16 @@
---
argument_specs:
main:
options:
music_user_name:
type: "str"
required: true
music_user_data_directory:
type: "str"
required: true
music_user_data_collection_directory:
type: "str"
required: true
music_user_data_archive_directory:
type: "str"
required: true

View File

@ -0,0 +1,24 @@
---
- name: "create data directory"
ansible.builtin.file:
path: "{{ music_user_data_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "create collection directory"
ansible.builtin.file:
path: "{{ music_user_data_collection_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "create archive directory"
ansible.builtin.file:
path: "{{ music_user_data_archive_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755

View File

@ -2,12 +2,6 @@
argument_specs:
main:
options:
music_user_home_dataset:
type: "str"
required: true
music_user_home_directory:
type: "str"
required: true
music_user_data_dataset:
type: "str"
required: true
@ -17,3 +11,9 @@ argument_specs:
music_user_data_archive_dataset:
type: "str"
required: true
system_backups_snapshots_data_dataset:
type: "str"
required: true
music_user_name:
type: "str"
required: true

View File

@ -1,19 +1,4 @@
---
- name: "create home dataset"
community.general.zfs:
name: "{{ music_user_home_dataset }}"
state: "present"
register: music_datasets_user_zfs_home
- name: "populate home dataset with skeleton"
ansible.builtin.copy:
src: "/etc/skel/"
dest: "{{ music_user_home_directory }}"
mode: "preserve"
remote_src: true
when:
music_datasets_user_zfs_home.changed
- name: "create data dataset"
community.general.zfs:
name: "{{ music_user_data_dataset }}"

View File

@ -0,0 +1,10 @@
---
argument_specs:
main:
options:
music_user_home_dataset:
type: "str"
required: true
music_user_home_directory:
type: "str"
required: true

View File

@ -0,0 +1,15 @@
---
- name: "create home dataset"
community.general.zfs:
name: "{{ music_user_home_dataset }}"
state: "present"
register: music_datasets_user_zfs_home
- name: "populate home dataset with skeleton"
ansible.builtin.copy:
src: "/etc/skel/"
dest: "{{ music_user_home_directory }}"
mode: "preserve"
remote_src: true
when:
music_datasets_user_zfs_home.changed

View File

@ -11,6 +11,9 @@ argument_specs:
music_user_home_directory:
type: "str"
required: true
music_user_data_directory:
music_user_data_collection_directory:
type: "str"
required: true
music_user_data_archive_directory:
type: "str"
required: true

View File

@ -1,28 +1,4 @@
---
- name: "directories : create data directory"
ansible.builtin.file:
path: "{{ music_user_data_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "directories : create collection directory"
ansible.builtin.file:
path: "{{ music_user_data_collection_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "directories : create archive directory"
ansible.builtin.file:
path: "{{ music_user_data_archive_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "directories : create rip directory"
ansible.builtin.file:
path: "{{ music_user_home_directory }}/rip"