Fix baldur playbook
This commit is contained in:
parent
867eca1e9b
commit
7b84ee2d21
@ -4,11 +4,27 @@
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
|
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:var
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_var_hostname: "baldur"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# vpn
|
# vpn
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
vpn_subnet_id: 3
|
vpn_subnet_id: 3
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# music:rip
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
music_user_name: "music"
|
||||||
|
music_user_password: "{{ vault_music_user_password }}"
|
||||||
|
|
||||||
|
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
|
||||||
|
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
|
||||||
|
music_user_data_collection_directory: "{{ music_user_data_directory }}/collection"
|
||||||
|
music_user_data_archive_directory: "{{ music_user_data_directory }}/archive"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# services
|
# services
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
@ -18,17 +34,29 @@ services_resolv_host: "baldur"
|
|||||||
services_host_services:
|
services_host_services:
|
||||||
lrproxy:
|
lrproxy:
|
||||||
address: "{{ vpn_bridge_prefix }}.2"
|
address: "{{ vpn_bridge_prefix }}.2"
|
||||||
tcp: [80, 443]
|
restic: true
|
||||||
database:
|
database:
|
||||||
address: "{{ vpn_bridge_prefix }}.3"
|
address: "{{ vpn_bridge_prefix }}.3"
|
||||||
|
restic: true
|
||||||
cloud:
|
cloud:
|
||||||
address: "{{ vpn_bridge_prefix }}.4"
|
address: "{{ vpn_bridge_prefix }}.4"
|
||||||
|
restic: true
|
||||||
git:
|
git:
|
||||||
address: "{{ vpn_bridge_prefix }}.5"
|
address: "{{ vpn_bridge_prefix }}.5"
|
||||||
tcp: ["{{ services.git.ssh_port }}"]
|
tcp: ["{{ services.git.ssh_port }}"]
|
||||||
|
restic: true
|
||||||
notes:
|
notes:
|
||||||
address: "{{ vpn_bridge_prefix }}.6"
|
address: "{{ vpn_bridge_prefix }}.6"
|
||||||
|
restic: true
|
||||||
music:
|
music:
|
||||||
address: "{{ vpn_bridge_prefix }}.7"
|
address: "{{ vpn_bridge_prefix }}.7"
|
||||||
www:
|
collection_path: "{{ music_user_data_collection_directory }}"
|
||||||
|
archive_path: "{{ music_user_data_archive_directory }}"
|
||||||
|
restic: true
|
||||||
|
rproxy:
|
||||||
address: "{{ vpn_bridge_prefix }}.8"
|
address: "{{ vpn_bridge_prefix }}.8"
|
||||||
|
tcp: [80, 443]
|
||||||
|
restic: true
|
||||||
|
www:
|
||||||
|
address: "{{ vpn_bridge_prefix }}.9"
|
||||||
|
restic: false
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
default('127.0.0.1') }}"
|
default('127.0.0.1') }}"
|
||||||
loop: "{{ [system_mail_smtp_server | default([])] |
|
loop: "{{ [system_mail_smtp_server | default([])] |
|
||||||
union( [vpn_wireguard_server_address | default([])] ) |
|
union( [vpn_wireguard_server_address | default([])] ) |
|
||||||
union( [services_backups_restic_aws_bucket_endpoint | default([])] ) |
|
union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
|
||||||
flatten }}"
|
flatten }}"
|
||||||
when: not (the_nine_worlds_production | bool)
|
when: not (the_nine_worlds_production | bool)
|
||||||
tags: "always"
|
tags: "always"
|
||||||
@ -51,6 +51,37 @@
|
|||||||
tags:
|
tags:
|
||||||
- "system:base"
|
- "system:base"
|
||||||
- "system:base:user"
|
- "system:base:user"
|
||||||
|
vars:
|
||||||
|
system_base_user_become_user: "{{ system_base_ssh_user }}"
|
||||||
|
- role: "system/directories"
|
||||||
|
tags: "system:directories"
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------------------------------
|
||||||
|
# backups
|
||||||
|
# ----------------------------------------------------------------------------------------------
|
||||||
|
- role: "backups/restic/setup"
|
||||||
|
tags: "backups:restic:setup"
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------------------------------
|
||||||
|
# music
|
||||||
|
# ----------------------------------------------------------------------------------------------
|
||||||
|
- role: "music/user"
|
||||||
|
tags: "music:user"
|
||||||
|
vars:
|
||||||
|
music_user_public_key_file: "~/.ssh/debian-virt.pub"
|
||||||
|
- role: "music/collection"
|
||||||
|
tags: "music:collection"
|
||||||
|
- role: "backups/restic/user"
|
||||||
|
vars:
|
||||||
|
backups_restic_user_name: "{{ music_user_name }}"
|
||||||
|
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
|
||||||
|
backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}"
|
||||||
|
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
|
||||||
|
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
|
||||||
|
tags:
|
||||||
|
- "music:backups"
|
||||||
|
- "music:backups:restic"
|
||||||
|
- "music:backups:restic:user"
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------
|
||||||
# vpn
|
# vpn
|
||||||
@ -60,12 +91,6 @@
|
|||||||
- role: "vpn/bridge"
|
- role: "vpn/bridge"
|
||||||
tags: "vpn:bridge"
|
tags: "vpn:bridge"
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------
|
|
||||||
# backups
|
|
||||||
# ----------------------------------------------------------------------------------------------
|
|
||||||
- role: "backups/restic/setup"
|
|
||||||
tags: "backups:restic:setup"
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------
|
||||||
# services
|
# services
|
||||||
# ----------------------------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------------------------
|
||||||
@ -106,15 +131,26 @@
|
|||||||
|
|
||||||
- name: "backups : restic"
|
- name: "backups : restic"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: "services/backups/restic"
|
name: "backups/restic/user"
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
- "services:{{ services_service_name }}"
|
- "services:{{ services_service_name }}"
|
||||||
- "services:backups"
|
- "services:backups"
|
||||||
- "services:backups:restic"
|
- "services:backups:restic:user"
|
||||||
- "services:backups:restic:{{ services_service_name }}"
|
- "services:backups:restic:user:{{ services_service_name }}"
|
||||||
- "services:{{ services_service_name }}:backups:restic"
|
- "services:{{ services_service_name }}:backups:restic:user"
|
||||||
|
vars:
|
||||||
|
backups_restic_user_name: "\
|
||||||
|
{{ services_backups_restic_services[services_service_name].user_name }}"
|
||||||
|
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
|
||||||
|
backups_restic_user_data_dataset: "\
|
||||||
|
{{ services_backups_restic_services[services_service_name].data_dataset | default('') }}"
|
||||||
|
backups_restic_user_data_directory: "\
|
||||||
|
{{ services_backups_restic_services[services_service_name].data_directory }}"
|
||||||
|
backups_restic_user_aws_bucket_prefix: "\
|
||||||
|
{{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}"
|
||||||
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
||||||
|
when: "services_host_services[services_service_name].restic"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "services_service_name"
|
loop_var: "services_service_name"
|
||||||
tags: "always"
|
tags: "always"
|
||||||
|
@ -2,8 +2,14 @@
|
|||||||
- name: "music : yggdrasil"
|
- name: "music : yggdrasil"
|
||||||
hosts: "yggdrasil"
|
hosts: "yggdrasil"
|
||||||
roles:
|
roles:
|
||||||
- role: "music/datasets"
|
- role: "music/datasets/user"
|
||||||
tags: "music:datasets"
|
tags:
|
||||||
|
- "music:datasets"
|
||||||
|
- "music:datasets:user"
|
||||||
|
- role: "music/datasets/collection"
|
||||||
|
tags:
|
||||||
|
- "music:datasets"
|
||||||
|
- "music:datasets:collection"
|
||||||
- role: "music/user"
|
- role: "music/user"
|
||||||
tags: "music:user"
|
tags: "music:user"
|
||||||
vars:
|
vars:
|
||||||
@ -13,6 +19,8 @@
|
|||||||
{% else %}\
|
{% else %}\
|
||||||
~/.ssh/debian-virt.pub\
|
~/.ssh/debian-virt.pub\
|
||||||
{% endif %}"
|
{% endif %}"
|
||||||
|
- role: "music/collection"
|
||||||
|
tags: "music:collection"
|
||||||
- role: "music/rip"
|
- role: "music/rip"
|
||||||
tags: "music:rip"
|
tags: "music:rip"
|
||||||
- role: "backups/snapshots/user"
|
- role: "backups/snapshots/user"
|
||||||
@ -33,10 +41,11 @@
|
|||||||
backups_restic_user_data_dataset: "{{ music_user_data_dataset }}"
|
backups_restic_user_data_dataset: "{{ music_user_data_dataset }}"
|
||||||
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
|
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
|
||||||
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
|
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
|
||||||
music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"
|
|
||||||
tags:
|
tags:
|
||||||
- "music:backups"
|
- "music:backups"
|
||||||
- "music:backups:restic"
|
- "music:backups:restic"
|
||||||
- "music:backups:restic:user"
|
- "music:backups:restic:user"
|
||||||
- role: "music/org"
|
- role: "music/org"
|
||||||
tags: "music:org"
|
tags: "music:org"
|
||||||
|
vars:
|
||||||
|
music_org_nextcloud_ip_address: "{{ services_all_services.lrproxy.address }}"
|
||||||
|
16
playbooks/roles/music/collection/meta/argument_specs.yml
Normal file
16
playbooks/roles/music/collection/meta/argument_specs.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
options:
|
||||||
|
music_user_name:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_collection_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_archive_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
24
playbooks/roles/music/collection/tasks/main.yml
Normal file
24
playbooks/roles/music/collection/tasks/main.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
- name: "create data directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_data_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "create collection directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_data_collection_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "create archive directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_data_archive_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
@ -2,12 +2,6 @@
|
|||||||
argument_specs:
|
argument_specs:
|
||||||
main:
|
main:
|
||||||
options:
|
options:
|
||||||
music_user_home_dataset:
|
|
||||||
type: "str"
|
|
||||||
required: true
|
|
||||||
music_user_home_directory:
|
|
||||||
type: "str"
|
|
||||||
required: true
|
|
||||||
music_user_data_dataset:
|
music_user_data_dataset:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
@ -17,3 +11,9 @@ argument_specs:
|
|||||||
music_user_data_archive_dataset:
|
music_user_data_archive_dataset:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
|
system_backups_snapshots_data_dataset:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_name:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
@ -1,19 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: "create home dataset"
|
|
||||||
community.general.zfs:
|
|
||||||
name: "{{ music_user_home_dataset }}"
|
|
||||||
state: "present"
|
|
||||||
register: music_datasets_user_zfs_home
|
|
||||||
|
|
||||||
- name: "populate home dataset with skeleton"
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "/etc/skel/"
|
|
||||||
dest: "{{ music_user_home_directory }}"
|
|
||||||
mode: "preserve"
|
|
||||||
remote_src: true
|
|
||||||
when:
|
|
||||||
music_datasets_user_zfs_home.changed
|
|
||||||
|
|
||||||
- name: "create data dataset"
|
- name: "create data dataset"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
name: "{{ music_user_data_dataset }}"
|
name: "{{ music_user_data_dataset }}"
|
10
playbooks/roles/music/datasets/user/meta/argument_specs.yml
Normal file
10
playbooks/roles/music/datasets/user/meta/argument_specs.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
options:
|
||||||
|
music_user_home_dataset:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_home_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
15
playbooks/roles/music/datasets/user/tasks/main.yml
Normal file
15
playbooks/roles/music/datasets/user/tasks/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
- name: "create home dataset"
|
||||||
|
community.general.zfs:
|
||||||
|
name: "{{ music_user_home_dataset }}"
|
||||||
|
state: "present"
|
||||||
|
register: music_datasets_user_zfs_home
|
||||||
|
|
||||||
|
- name: "populate home dataset with skeleton"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "/etc/skel/"
|
||||||
|
dest: "{{ music_user_home_directory }}"
|
||||||
|
mode: "preserve"
|
||||||
|
remote_src: true
|
||||||
|
when:
|
||||||
|
music_datasets_user_zfs_home.changed
|
@ -11,6 +11,9 @@ argument_specs:
|
|||||||
music_user_home_directory:
|
music_user_home_directory:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
music_user_data_directory:
|
music_user_data_collection_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_archive_directory:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
|
@ -1,28 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: "directories : create data directory"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ music_user_data_directory }}"
|
|
||||||
state: "directory"
|
|
||||||
owner: "{{ music_user_name }}"
|
|
||||||
group: "{{ music_user_name }}"
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: "directories : create collection directory"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ music_user_data_collection_directory }}"
|
|
||||||
state: "directory"
|
|
||||||
owner: "{{ music_user_name }}"
|
|
||||||
group: "{{ music_user_name }}"
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: "directories : create archive directory"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ music_user_data_archive_directory }}"
|
|
||||||
state: "directory"
|
|
||||||
owner: "{{ music_user_name }}"
|
|
||||||
group: "{{ music_user_name }}"
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: "directories : create rip directory"
|
- name: "directories : create rip directory"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ music_user_home_directory }}/rip"
|
path: "{{ music_user_home_directory }}/rip"
|
||||||
|
Loading…
Reference in New Issue
Block a user