From 7b84ee2d21419869d96f441a89eeb5893d1a720b Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sat, 15 Jul 2023 19:48:50 +0200
Subject: [PATCH] Fix baldur playbook

---
 inventory/host_vars/baldur/vars.yml           | 32 +++++++++-
 playbooks/baldur.yml                          | 58 +++++++++++++++----
 playbooks/music.yml                           | 15 ++++-
 .../music/collection/meta/argument_specs.yml  | 16 +++++
 .../roles/music/collection/tasks/main.yml     | 24 ++++++++
 .../{ => collection}/meta/argument_specs.yml  | 12 ++--
 .../datasets/{ => collection}/tasks/main.yml  | 15 -----
 .../datasets/user/meta/argument_specs.yml     | 10 ++++
 .../roles/music/datasets/user/tasks/main.yml  | 15 +++++
 .../roles/music/rip/meta/argument_specs.yml   |  5 +-
 .../music/rip/tasks/include/directories.yml   | 24 --------
 11 files changed, 164 insertions(+), 62 deletions(-)
 create mode 100644 playbooks/roles/music/collection/meta/argument_specs.yml
 create mode 100644 playbooks/roles/music/collection/tasks/main.yml
 rename playbooks/roles/music/datasets/{ => collection}/meta/argument_specs.yml (84%)
 rename playbooks/roles/music/datasets/{ => collection}/tasks/main.yml (62%)
 create mode 100644 playbooks/roles/music/datasets/user/meta/argument_specs.yml
 create mode 100644 playbooks/roles/music/datasets/user/tasks/main.yml

diff --git a/inventory/host_vars/baldur/vars.yml b/inventory/host_vars/baldur/vars.yml
index eed4986..94323c7 100644
--- a/inventory/host_vars/baldur/vars.yml
+++ b/inventory/host_vars/baldur/vars.yml
@@ -4,11 +4,27 @@
 # --------------------------------------------------------------------------------------------------
 system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
 
+# --------------------------------------------------------------------------------------------------
+# system:var
+# --------------------------------------------------------------------------------------------------
+system_var_hostname: "baldur"
+
 # --------------------------------------------------------------------------------------------------
 # vpn
 # --------------------------------------------------------------------------------------------------
 vpn_subnet_id: 3
 
+# --------------------------------------------------------------------------------------------------
+# music:rip
+# --------------------------------------------------------------------------------------------------
+music_user_name: "music"
+music_user_password: "{{ vault_music_user_password }}"
+
+music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
+music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
+music_user_data_collection_directory: "{{ music_user_data_directory }}/collection"
+music_user_data_archive_directory: "{{ music_user_data_directory }}/archive"
+
 # --------------------------------------------------------------------------------------------------
 # services
 # --------------------------------------------------------------------------------------------------
@@ -18,17 +34,29 @@ services_resolv_host: "baldur"
 services_host_services:
   lrproxy:
     address: "{{ vpn_bridge_prefix }}.2"
-    tcp: [80, 443]
+    restic: true
   database:
     address: "{{ vpn_bridge_prefix }}.3"
+    restic: true
   cloud:
     address: "{{ vpn_bridge_prefix }}.4"
+    restic: true
   git:
     address: "{{ vpn_bridge_prefix }}.5"
     tcp: ["{{ services.git.ssh_port }}"]
+    restic: true
   notes:
     address: "{{ vpn_bridge_prefix }}.6"
+    restic: true
   music:
     address: "{{ vpn_bridge_prefix }}.7"
-  www:
+    collection_path: "{{ music_user_data_collection_directory }}"
+    archive_path: "{{ music_user_data_archive_directory }}"
+    restic: true
+  rproxy:
     address: "{{ vpn_bridge_prefix }}.8"
+    tcp: [80, 443]
+    restic: true
+  www:
+    address: "{{ vpn_bridge_prefix }}.9"
+    restic: false
diff --git a/playbooks/baldur.yml b/playbooks/baldur.yml
index b6f13c5..526726a 100644
--- a/playbooks/baldur.yml
+++ b/playbooks/baldur.yml
@@ -12,7 +12,7 @@
                        default('127.0.0.1') }}"
       loop: "{{ [system_mail_smtp_server | default([])] |
                 union( [vpn_wireguard_server_address | default([])] ) |
-                union( [services_backups_restic_aws_bucket_endpoint | default([])] ) |
+                union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
                 flatten }}"
       when: not (the_nine_worlds_production | bool)
       tags: "always"
@@ -51,6 +51,37 @@
       tags:
         - "system:base"
         - "system:base:user"
+      vars:
+        system_base_user_become_user: "{{ system_base_ssh_user }}"
+    - role: "system/directories"
+      tags: "system:directories"
+
+    # ----------------------------------------------------------------------------------------------
+    # backups
+    # ----------------------------------------------------------------------------------------------
+    - role: "backups/restic/setup"
+      tags: "backups:restic:setup"
+
+    # ----------------------------------------------------------------------------------------------
+    # music
+    # ----------------------------------------------------------------------------------------------
+    - role: "music/user"
+      tags: "music:user"
+      vars:
+        music_user_public_key_file: "~/.ssh/debian-virt.pub"
+    - role: "music/collection"
+      tags: "music:collection"
+    - role: "backups/restic/user"
+      vars:
+        backups_restic_user_name: "{{ music_user_name }}"
+        backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
+        backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}"
+        backups_restic_user_data_directory: "{{ music_user_data_directory }}"
+        backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
+      tags:
+        - "music:backups"
+        - "music:backups:restic"
+        - "music:backups:restic:user"
 
     # ----------------------------------------------------------------------------------------------
     # vpn
@@ -60,12 +91,6 @@
     - role: "vpn/bridge"
       tags: "vpn:bridge"
 
-    # ----------------------------------------------------------------------------------------------
-    # backups
-    # ----------------------------------------------------------------------------------------------
-    - role: "backups/restic/setup"
-      tags: "backups:restic:setup"
-
     # ----------------------------------------------------------------------------------------------
     # services
     # ----------------------------------------------------------------------------------------------
@@ -106,15 +131,26 @@
 
     - name: "backups : restic"
       ansible.builtin.include_role:
-        name: "services/backups/restic"
+        name: "backups/restic/user"
         apply:
           tags:
             - "services:{{ services_service_name }}"
             - "services:backups"
-            - "services:backups:restic"
-            - "services:backups:restic:{{ services_service_name }}"
-            - "services:{{ services_service_name }}:backups:restic"
+            - "services:backups:restic:user"
+            - "services:backups:restic:user:{{ services_service_name }}"
+            - "services:{{ services_service_name }}:backups:restic:user"
+      vars:
+        backups_restic_user_name: "\
+          {{ services_backups_restic_services[services_service_name].user_name }}"
+        backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
+        backups_restic_user_data_dataset: "\
+          {{ services_backups_restic_services[services_service_name].data_dataset | default('') }}"
+        backups_restic_user_data_directory: "\
+          {{ services_backups_restic_services[services_service_name].data_directory }}"
+        backups_restic_user_aws_bucket_prefix: "\
+          {{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}"
       loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
+      when: "services_host_services[services_service_name].restic"
       loop_control:
         loop_var: "services_service_name"
       tags: "always"
diff --git a/playbooks/music.yml b/playbooks/music.yml
index 348a112..863f328 100644
--- a/playbooks/music.yml
+++ b/playbooks/music.yml
@@ -2,8 +2,14 @@
 - name: "music : yggdrasil"
   hosts: "yggdrasil"
   roles:
-    - role: "music/datasets"
-      tags: "music:datasets"
+    - role: "music/datasets/user"
+      tags:
+        - "music:datasets"
+        - "music:datasets:user"
+    - role: "music/datasets/collection"
+      tags:
+        - "music:datasets"
+        - "music:datasets:collection"
     - role: "music/user"
       tags: "music:user"
       vars:
@@ -13,6 +19,8 @@
           {% else %}\
           ~/.ssh/debian-virt.pub\
           {% endif %}"
+    - role: "music/collection"
+      tags: "music:collection"
     - role: "music/rip"
       tags: "music:rip"
     - role: "backups/snapshots/user"
@@ -33,10 +41,11 @@
         backups_restic_user_data_dataset: "{{ music_user_data_dataset }}"
         backups_restic_user_data_directory: "{{ music_user_data_directory }}"
         backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
-        music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"
       tags:
         - "music:backups"
         - "music:backups:restic"
         - "music:backups:restic:user"
     - role: "music/org"
       tags: "music:org"
+      vars:
+        music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"
diff --git a/playbooks/roles/music/collection/meta/argument_specs.yml b/playbooks/roles/music/collection/meta/argument_specs.yml
new file mode 100644
index 0000000..0c5719e
--- /dev/null
+++ b/playbooks/roles/music/collection/meta/argument_specs.yml
@@ -0,0 +1,16 @@
+---
+argument_specs:
+  main:
+    options:
+      music_user_name:
+        type: "str"
+        required: true
+      music_user_data_directory:
+        type: "str"
+        required: true
+      music_user_data_collection_directory:
+        type: "str"
+        required: true
+      music_user_data_archive_directory:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/music/collection/tasks/main.yml b/playbooks/roles/music/collection/tasks/main.yml
new file mode 100644
index 0000000..2f1840b
--- /dev/null
+++ b/playbooks/roles/music/collection/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: "create data directory"
+  ansible.builtin.file:
+    path: "{{ music_user_data_directory }}"
+    state: "directory"
+    owner: "{{ music_user_name }}"
+    group: "{{ music_user_name }}"
+    mode: 0755
+
+- name: "create collection directory"
+  ansible.builtin.file:
+    path: "{{ music_user_data_collection_directory }}"
+    state: "directory"
+    owner: "{{ music_user_name }}"
+    group: "{{ music_user_name }}"
+    mode: 0755
+
+- name: "create archive directory"
+  ansible.builtin.file:
+    path: "{{ music_user_data_archive_directory }}"
+    state: "directory"
+    owner: "{{ music_user_name }}"
+    group: "{{ music_user_name }}"
+    mode: 0755
diff --git a/playbooks/roles/music/datasets/meta/argument_specs.yml b/playbooks/roles/music/datasets/collection/meta/argument_specs.yml
similarity index 84%
rename from playbooks/roles/music/datasets/meta/argument_specs.yml
rename to playbooks/roles/music/datasets/collection/meta/argument_specs.yml
index e2d691d..1aba36c 100644
--- a/playbooks/roles/music/datasets/meta/argument_specs.yml
+++ b/playbooks/roles/music/datasets/collection/meta/argument_specs.yml
@@ -2,12 +2,6 @@
 argument_specs:
   main:
     options:
-      music_user_home_dataset:
-        type: "str"
-        required: true
-      music_user_home_directory:
-        type: "str"
-        required: true
       music_user_data_dataset:
         type: "str"
         required: true
@@ -17,3 +11,9 @@ argument_specs:
       music_user_data_archive_dataset:
         type: "str"
         required: true
+      system_backups_snapshots_data_dataset:
+        type: "str"
+        required: true
+      music_user_name:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/music/datasets/tasks/main.yml b/playbooks/roles/music/datasets/collection/tasks/main.yml
similarity index 62%
rename from playbooks/roles/music/datasets/tasks/main.yml
rename to playbooks/roles/music/datasets/collection/tasks/main.yml
index c333302..4e167ec 100644
--- a/playbooks/roles/music/datasets/tasks/main.yml
+++ b/playbooks/roles/music/datasets/collection/tasks/main.yml
@@ -1,19 +1,4 @@
 ---
-- name: "create home dataset"
-  community.general.zfs:
-    name: "{{ music_user_home_dataset }}"
-    state: "present"
-  register: music_datasets_user_zfs_home
-
-- name: "populate home dataset with skeleton"
-  ansible.builtin.copy:
-    src: "/etc/skel/"
-    dest: "{{ music_user_home_directory }}"
-    mode: "preserve"
-    remote_src: true
-  when:
-    music_datasets_user_zfs_home.changed
-
 - name: "create data dataset"
   community.general.zfs:
     name: "{{ music_user_data_dataset }}"
diff --git a/playbooks/roles/music/datasets/user/meta/argument_specs.yml b/playbooks/roles/music/datasets/user/meta/argument_specs.yml
new file mode 100644
index 0000000..39f9c6c
--- /dev/null
+++ b/playbooks/roles/music/datasets/user/meta/argument_specs.yml
@@ -0,0 +1,10 @@
+---
+argument_specs:
+  main:
+    options:
+      music_user_home_dataset:
+        type: "str"
+        required: true
+      music_user_home_directory:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/music/datasets/user/tasks/main.yml b/playbooks/roles/music/datasets/user/tasks/main.yml
new file mode 100644
index 0000000..905252c
--- /dev/null
+++ b/playbooks/roles/music/datasets/user/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: "create home dataset"
+  community.general.zfs:
+    name: "{{ music_user_home_dataset }}"
+    state: "present"
+  register: music_datasets_user_zfs_home
+
+- name: "populate home dataset with skeleton"
+  ansible.builtin.copy:
+    src: "/etc/skel/"
+    dest: "{{ music_user_home_directory }}"
+    mode: "preserve"
+    remote_src: true
+  when:
+    music_datasets_user_zfs_home.changed
diff --git a/playbooks/roles/music/rip/meta/argument_specs.yml b/playbooks/roles/music/rip/meta/argument_specs.yml
index 72ecaf2..ecdec55 100644
--- a/playbooks/roles/music/rip/meta/argument_specs.yml
+++ b/playbooks/roles/music/rip/meta/argument_specs.yml
@@ -11,6 +11,9 @@ argument_specs:
       music_user_home_directory:
         type: "str"
         required: true
-      music_user_data_directory:
+      music_user_data_collection_directory:
+        type: "str"
+        required: true
+      music_user_data_archive_directory:
         type: "str"
         required: true
diff --git a/playbooks/roles/music/rip/tasks/include/directories.yml b/playbooks/roles/music/rip/tasks/include/directories.yml
index ff4c37f..993733a 100644
--- a/playbooks/roles/music/rip/tasks/include/directories.yml
+++ b/playbooks/roles/music/rip/tasks/include/directories.yml
@@ -1,28 +1,4 @@
 ---
-- name: "directories : create data directory"
-  ansible.builtin.file:
-    path: "{{ music_user_data_directory }}"
-    state: "directory"
-    owner: "{{ music_user_name }}"
-    group: "{{ music_user_name }}"
-    mode: 0755
-
-- name: "directories : create collection directory"
-  ansible.builtin.file:
-    path: "{{ music_user_data_collection_directory }}"
-    state: "directory"
-    owner: "{{ music_user_name }}"
-    group: "{{ music_user_name }}"
-    mode: 0755
-
-- name: "directories : create archive directory"
-  ansible.builtin.file:
-    path: "{{ music_user_data_archive_directory }}"
-    state: "directory"
-    owner: "{{ music_user_name }}"
-    group: "{{ music_user_name }}"
-    mode: 0755
-
 - name: "directories : create rip directory"
   ansible.builtin.file:
     path: "{{ music_user_home_directory }}/rip"