Be explicit about services in playbook
This commit is contained in:
parent
bbb29cf25d
commit
f2ddfe92ee
@ -1,15 +0,0 @@
|
||||
- name: Get user info
|
||||
getent:
|
||||
database: passwd
|
||||
key: "{{ service_user_name }}"
|
||||
|
||||
- name: Set service variables
|
||||
set_fact:
|
||||
service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}"
|
||||
service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}"
|
||||
|
||||
- name: Print service variables
|
||||
debug:
|
||||
msg:
|
||||
- "service_user_uid: {{ service_user_uid }}"
|
||||
- "service_user_gid: {{ service_user_gid }}"
|
@ -1,11 +1,4 @@
|
||||
- name: "services : zfs"
|
||||
hosts: "zfs"
|
||||
roles:
|
||||
- role: "datasets"
|
||||
tags: "services:datasets"
|
||||
|
||||
- name: "services : asgard"
|
||||
hosts: "asgard"
|
||||
roles:
|
||||
- role: "base"
|
||||
tags: "services:base"
|
||||
---
|
||||
- ansible.builtin.import_playbook: "system.yml"
|
||||
- ansible.builtin.import_playbook: "valkyrie.yml"
|
||||
- ansible.builtin.import_playbook: "yggdrasil.yml"
|
||||
|
@ -1,19 +0,0 @@
|
||||
- name: "play:services : role:base : tasks:system:podman"
|
||||
ansible.builtin.import_tasks: "system/podman.yml"
|
||||
tags: "services:base:system:podman"
|
||||
|
||||
- name: "play:services : role:base : tasks:system:directories"
|
||||
ansible.builtin.import_tasks: "system/directories.yml"
|
||||
tags: "services:base:system:directories"
|
||||
|
||||
- name: "play:services : role:base : tasks:system:nameserver"
|
||||
ansible.builtin.import_tasks: "system/nameserver.yml"
|
||||
tags: "services:base:system:nameserver"
|
||||
|
||||
- name: "play:services : role:base : tasks:system:veth"
|
||||
ansible.builtin.import_tasks: "system/veth.yml"
|
||||
tags: "services:base:system:veth"
|
||||
|
||||
- name: "play:services : role:base : tasks:system:auto_update"
|
||||
ansible.builtin.import_tasks: "system/auto_update.yml"
|
||||
tags: "services:base:system:auto_update"
|
@ -1,37 +0,0 @@
|
||||
- name: "system : auto_update : pod-service update script"
|
||||
ansible.builtin.copy:
|
||||
src: "./system/systemd/pod-service-auto-update"
|
||||
dest: "/usr/local/sbin/pod-service-auto-update"
|
||||
mode: 0755
|
||||
|
||||
- name: "system : auto_update : pod-service update service"
|
||||
ansible.builtin.copy:
|
||||
src: "./system/systemd/pod-service-auto-update.service"
|
||||
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
||||
mode: 0644
|
||||
register: services_base_system_pod_service_auto_update_service_file
|
||||
|
||||
- name: "system : auto_update : pod-service update timer"
|
||||
ansible.builtin.copy:
|
||||
src: "./system/systemd/pod-service-auto-update.timer"
|
||||
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
||||
mode: 0644
|
||||
register: services_base_system_pod_service_auto_update_timer_file
|
||||
|
||||
- name: "system : auto_update : image prune service"
|
||||
ansible.builtin.copy:
|
||||
src: "./system/systemd/podman-image-prune.service"
|
||||
dest: "/etc/systemd/user/podman-image-prune.service"
|
||||
mode: 0644
|
||||
register: services_base_system_podman_image_prune_service_file
|
||||
|
||||
# Include instead of import as otherwise the when clause is always applied which triggers errors if
|
||||
# the above tasks haven't executed.
|
||||
- name: "system : auto_update : systemd daemon reload for each service"
|
||||
ansible.builtin.include_role:
|
||||
name: "include"
|
||||
tasks_from: "daemon_reload"
|
||||
when:
|
||||
services_base_system_pod_service_auto_update_service_file.changed or
|
||||
services_base_system_pod_service_auto_update_timer_file.changed or
|
||||
services_base_system_podman_image_prune_service_file.changed
|
@ -1,9 +0,0 @@
|
||||
- name: "system : podman : install podman"
|
||||
ansible.builtin.apt:
|
||||
name: "podman"
|
||||
register: services_base_system_podman_install
|
||||
|
||||
- name: "system : podman : reboot host"
|
||||
ansible.builtin.reboot:
|
||||
when:
|
||||
services_base_system_podman_install.changed
|
@ -1,20 +0,0 @@
|
||||
- name: "system : veth : configure connect-pod-service"
|
||||
ansible.builtin.copy:
|
||||
src: "./system/veth/connect-pod-service@.service"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||
mode: 0644
|
||||
register: services_base_system_connect_pod_service_service_file
|
||||
|
||||
- name: "system : veth : configure connect-pod-service path trigger"
|
||||
ansible.builtin.template:
|
||||
src: "./system/veth/connect-pod-service@.path.j2"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||
mode: 0644
|
||||
register: services_base_system_connect_pod_service_path_file
|
||||
|
||||
- name: "system : veth : systemd daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when:
|
||||
services_base_system_connect_pod_service_service_file.changed or
|
||||
services_base_system_connect_pod_service_path_file.changed
|
@ -1,45 +0,0 @@
|
||||
- name: "user : {{ services_service_name }} : set variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "include"
|
||||
tasks_from: "vars"
|
||||
tags:
|
||||
- "services:base:user:setup"
|
||||
- "services:base:user:{{ services_service_name }}:setup"
|
||||
- "services:base:user:directories"
|
||||
- "services:base:user:{{ services_service_name }}:directories"
|
||||
- "services:base:user:podman"
|
||||
- "services:base:user:{{ services_service_name }}:podman"
|
||||
- "services:base:user:auto_update"
|
||||
- "services:base:user:{{ services_service_name }}:auto_update"
|
||||
- "services:base:user:veth"
|
||||
- "services:base:user:{{ services_service_name }}:veth"
|
||||
|
||||
- name: "play:services : role:base : tasks:user:setup"
|
||||
ansible.builtin.import_tasks: "user/setup.yml"
|
||||
tags:
|
||||
- "services:base:user:setup"
|
||||
- "services:base:user:{{ services_service_name }}:setup"
|
||||
|
||||
- name: "play:services : role:base : tasks:user:directories"
|
||||
ansible.builtin.import_tasks: "user/directories.yml"
|
||||
tags:
|
||||
- "services:base:user:directories"
|
||||
- "services:base:user:{{ services_service_name }}:directories"
|
||||
|
||||
- name: "play:services : role:base : tasks:user:podman"
|
||||
ansible.builtin.import_tasks: "user/podman.yml"
|
||||
tags:
|
||||
- "services:base:user:podman"
|
||||
- "services:base:user:{{ services_service_name }}:podman"
|
||||
|
||||
- name: "play:services : role:base : tasks:user:auto_update"
|
||||
ansible.builtin.import_tasks: "user/auto_update.yml"
|
||||
tags:
|
||||
- "services:base:user:auto_update"
|
||||
- "services:base:user:{{ services_service_name }}:auto_update"
|
||||
|
||||
- name: "play:services : role:base : tasks:user:veth"
|
||||
ansible.builtin.import_tasks: "user/veth.yml"
|
||||
tags:
|
||||
- "services:base:user:veth"
|
||||
- "services:base:user:{{ services_service_name }}:veth"
|
@ -1,15 +0,0 @@
|
||||
- name: "play:services : role:base : tasks:system"
|
||||
ansible.builtin.import_tasks: "include/system.yml"
|
||||
tags: "services:base:system"
|
||||
|
||||
- name: "play:services : role:base : tasks:user"
|
||||
ansible.builtin.include_tasks: "include/user.yml"
|
||||
tags: "always"
|
||||
args:
|
||||
apply:
|
||||
tags:
|
||||
- "services:base:user"
|
||||
- "services:base:user:{{ services_service_name }}"
|
||||
loop: "{{ services_host_services }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_name"
|
@ -1,15 +0,0 @@
|
||||
- name: "play:services : role:datasets : tasks:system"
|
||||
ansible.builtin.import_tasks: "include/system.yml"
|
||||
tags: "services:datasets:system"
|
||||
|
||||
- name: "play:services : role:datasets : tasks:user"
|
||||
ansible.builtin.include_tasks: "include/user.yml"
|
||||
tags: "always"
|
||||
args:
|
||||
apply:
|
||||
tags:
|
||||
- "services:datasets:user"
|
||||
- "services:datasets:user:{{ services_service_name }}"
|
||||
loop: "{{ services_host_services }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_name"
|
@ -0,0 +1,6 @@
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
@ -1,16 +1,16 @@
|
||||
- name: "system : create containers dataset"
|
||||
- name: "create containers dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/containers"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
"com.sun:auto-snapshot": "false"
|
||||
|
||||
- name: "system : create services root dataset"
|
||||
- name: "create services root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}"
|
||||
state: "present"
|
||||
|
||||
- name: "system : create containers zvol"
|
||||
- name: "create containers zvol"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||
state: "present"
|
||||
@ -19,7 +19,7 @@
|
||||
refreservation: "none"
|
||||
"com.sun:auto-snapshot": "false"
|
||||
|
||||
- name: "system : format containers zvol"
|
||||
- name: "format containers zvol"
|
||||
community.general.filesystem:
|
||||
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||
fstype: "ext4"
|
||||
@ -27,7 +27,7 @@
|
||||
|
||||
- block:
|
||||
|
||||
- name: "system : get containers zvol uuid"
|
||||
- name: "get containers zvol uuid"
|
||||
ansible.builtin.command: >-
|
||||
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
||||
register: services_datasets_system_zvol_uuid
|
||||
@ -42,14 +42,14 @@
|
||||
when:
|
||||
services_datasets_system_zvol_format.changed
|
||||
|
||||
- name: "system : create data root dataset"
|
||||
- name: "create data root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- name: "system : create home root dataset"
|
||||
- name: "create home root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/home"
|
||||
state: "present"
|
13
plays/services/roles/datasets_user/meta/argument_specs.yml
Normal file
13
plays/services/roles/datasets_user/meta/argument_specs.yml
Normal file
@ -0,0 +1,13 @@
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_volumes:
|
||||
type: "dict"
|
||||
elem: "dict"
|
||||
required: true
|
@ -1,15 +1,15 @@
|
||||
- name: "user : {{ services_service_name }} : set variables"
|
||||
- name: "{{ services_service_name }} : set variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "include"
|
||||
tasks_from: "vars"
|
||||
|
||||
- name: "user : {{ services_service_name }} : create home dataset"
|
||||
- name: "{{ services_service_name }} : create home dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
||||
state: "present"
|
||||
register: services_datasets_user_zfs_home
|
||||
|
||||
- name: "user : {{ services_service_name }} : populate home dataset with skeleton"
|
||||
- name: "{{ services_service_name }} : populate home dataset with skeleton"
|
||||
ansible.builtin.copy:
|
||||
src: "/etc/skel/"
|
||||
dest: "{{ services_service_user_home }}"
|
||||
@ -17,16 +17,16 @@
|
||||
when:
|
||||
services_datasets_user_zfs_home.changed
|
||||
|
||||
- name: "user : {{ services_service_name }} : create data dataset"
|
||||
- name: "{{ services_service_name }} : create data dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- name: "user : {{ services_service_name }} : create volume datasets"
|
||||
- name: "{{ services_service_name }} : create volume datasets"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.name }}"
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
|
||||
state: "present"
|
||||
extra_zfs_properties: "{{ item.properties | default({}) }}"
|
||||
loop: "{{ services[services_service_name].volumes }}"
|
||||
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
|
||||
loop: "{{ services_service_volumes | dict2items }}"
|
@ -1,12 +1,18 @@
|
||||
argument_specs:
|
||||
vars:
|
||||
options:
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
daemon_reload:
|
||||
options:
|
||||
services_host_services:
|
||||
type: "list"
|
||||
elem: "str"
|
||||
required: true
|
||||
hosts:
|
||||
options:
|
||||
services_host_services:
|
||||
type: "list"
|
||||
elem: "str"
|
||||
required: true
|
||||
vars:
|
||||
options:
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -4,10 +4,6 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services:
|
||||
type: "dict"
|
||||
elem: "dict"
|
||||
required: true
|
||||
services_host_services:
|
||||
type: "list"
|
||||
elem: "str"
|
@ -0,0 +1,37 @@
|
||||
- name: "auto_update : pod-service update script"
|
||||
ansible.builtin.copy:
|
||||
src: "./auto_update/pod-service-auto-update"
|
||||
dest: "/usr/local/sbin/pod-service-auto-update"
|
||||
mode: 0755
|
||||
|
||||
- name: "auto_update : pod-service update service"
|
||||
ansible.builtin.copy:
|
||||
src: "./auto_update/pod-service-auto-update.service"
|
||||
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
||||
mode: 0644
|
||||
register: services_system_pod_service_auto_update_service_file
|
||||
|
||||
- name: "auto_update : pod-service update timer"
|
||||
ansible.builtin.copy:
|
||||
src: "./auto_update/pod-service-auto-update.timer"
|
||||
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
||||
mode: 0644
|
||||
register: services_system_pod_service_auto_update_timer_file
|
||||
|
||||
- name: "auto_update : image prune service"
|
||||
ansible.builtin.copy:
|
||||
src: "./auto_update/podman-image-prune.service"
|
||||
dest: "/etc/systemd/user/podman-image-prune.service"
|
||||
mode: 0644
|
||||
register: services_system_podman_image_prune_service_file
|
||||
|
||||
# Include instead of import as otherwise the when clause is always applied which triggers errors if
|
||||
# the above tasks haven't executed.
|
||||
- name: "auto_update : systemd daemon reload for each service"
|
||||
ansible.builtin.include_role:
|
||||
name: "include"
|
||||
tasks_from: "daemon_reload"
|
||||
when:
|
||||
services_system_pod_service_auto_update_service_file.changed or
|
||||
services_system_pod_service_auto_update_timer_file.changed or
|
||||
services_system_podman_image_prune_service_file.changed
|
@ -1,22 +1,22 @@
|
||||
- name: "system : directories : create services directory"
|
||||
- name: "directories : create services directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "system : directories : create containers root directory"
|
||||
- name: "directories : create containers root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "system : directories : create data root directory"
|
||||
- name: "directories : create data root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "system : directories : create home root directory"
|
||||
- name: "directories : create home root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/home"
|
||||
state: "directory"
|
@ -1,14 +1,14 @@
|
||||
- name: "system : nameserver : fetch valkyrie's resolv.conf"
|
||||
- name: "nameserver : fetch valkyrie's resolv.conf"
|
||||
ansible.builtin.fetch:
|
||||
src: "/etc/resolv.conf"
|
||||
dest: "./files/base/system/nameserver/"
|
||||
dest: "./files/setup_system/nameserver/"
|
||||
flat: true
|
||||
when:
|
||||
ansible_hostname == "valkyrie"
|
||||
|
||||
- name: "system : nameserver : copy valkyrie's resolv.conf to other hosts"
|
||||
- name: "nameserver : copy valkyrie's resolv.conf to other hosts"
|
||||
ansible.builtin.copy:
|
||||
src: "../../../files/base/system/nameserver/resolv.conf"
|
||||
src: "../../../files/setup_system/nameserver/resolv.conf"
|
||||
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
||||
when:
|
||||
ansible_hostname != "valkyrie"
|
@ -0,0 +1,9 @@
|
||||
- name: "podman : install podman"
|
||||
ansible.builtin.apt:
|
||||
name: "podman"
|
||||
register: services_system_podman_install
|
||||
|
||||
- name: "podman : reboot host"
|
||||
ansible.builtin.reboot:
|
||||
when:
|
||||
services_system_podman_install.changed
|
20
plays/services/roles/setup_system/tasks/include/veth.yml
Normal file
20
plays/services/roles/setup_system/tasks/include/veth.yml
Normal file
@ -0,0 +1,20 @@
|
||||
- name: "veth : configure connect-pod-service"
|
||||
ansible.builtin.copy:
|
||||
src: "./veth/connect-pod-service@.service"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||
mode: 0644
|
||||
register: services_system_connect_pod_service_service_file
|
||||
|
||||
- name: "veth : configure connect-pod-service path trigger"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/connect-pod-service@.path.j2"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||
mode: 0644
|
||||
register: services_system_connect_pod_service_path_file
|
||||
|
||||
- name: "veth : systemd daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when:
|
||||
services_system_connect_pod_service_service_file.changed or
|
||||
services_system_connect_pod_service_path_file.changed
|
19
plays/services/roles/setup_system/tasks/main.yml
Normal file
19
plays/services/roles/setup_system/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
||||
- name: "play:services : role:setup_system : tasks:podman"
|
||||
ansible.builtin.import_tasks: "include/podman.yml"
|
||||
tags: "services:setup_system:podman"
|
||||
|
||||
- name: "play:services : role:setup_system : tasks:directories"
|
||||
ansible.builtin.import_tasks: "include/directories.yml"
|
||||
tags: "services:setup_system:directories"
|
||||
|
||||
- name: "play:services : role:setup_system : tasks:nameserver"
|
||||
ansible.builtin.import_tasks: "include/nameserver.yml"
|
||||
tags: "services:setup_system:nameserver"
|
||||
|
||||
- name: "play:services : role:setup_system : tasks:veth"
|
||||
ansible.builtin.import_tasks: "include/veth.yml"
|
||||
tags: "services:setup_system:veth"
|
||||
|
||||
- name: "play:services : role:setup_system : tasks:auto_update"
|
||||
ansible.builtin.import_tasks: "include/auto_update.yml"
|
||||
tags: "services:setup_system:auto_update"
|
@ -4,9 +4,8 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_host_services:
|
||||
type: "list"
|
||||
elem: "str"
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
services_base_bridge_gateway:
|
||||
type: "str"
|
@ -1,13 +1,13 @@
|
||||
- block:
|
||||
|
||||
- name: "user : {{ services_service_name }} : auto_update : enable auto-update timer"
|
||||
- name: "{{ services_service_name }} : auto_update : enable auto-update timer"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-service-auto-update.timer"
|
||||
enabled: true
|
||||
state: "started"
|
||||
scope: "user"
|
||||
|
||||
- name: "user : {{ services_service_name }} : auto_update : enable podman image prune"
|
||||
- name: "{{ services_service_name }} : auto_update : enable podman image prune"
|
||||
ansible.builtin.systemd:
|
||||
name: "podman-image-prune.service"
|
||||
enabled: true
|
@ -1,4 +1,4 @@
|
||||
- name: "user : {{ services_service_name }} : directories : create containers directory"
|
||||
- name: "{{ services_service_name }} : directories : create containers directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}"
|
||||
state: "directory"
|
||||
@ -6,7 +6,7 @@
|
||||
group: "{{ services_service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "user : {{ services_service_name }} : directories : create data directory"
|
||||
- name: "{{ services_service_name }} : directories : create data directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
|
||||
state: "directory"
|
||||
@ -14,15 +14,15 @@
|
||||
group: "{{ services_service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "user : {{ services_service_name }} : directories : create volume directories"
|
||||
- name: "{{ services_service_name }} : directories : create volume directories"
|
||||
ansible.builtin.include_tasks: "directories/volumes.yml"
|
||||
loop: "{{ services[services_service_name].volumes }}"
|
||||
loop: "{{ services_service_volumes | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_volume"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "user : {{ services_service_name }} : directories : create systemd directory"
|
||||
- name: "{{ services_service_name }} : directories : create systemd directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_home }}/.config/systemd/user"
|
||||
state: "directory"
|
@ -1,19 +1,19 @@
|
||||
- name: "user : {{ services_service_name }} : directories : create volume \"{{ services_service_volume.name }}\""
|
||||
- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}"
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "user : {{ services_service_name }} : directories : check if \"{{ services_service_volume.name }}\" mount exists"
|
||||
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
|
||||
ansible.builtin.stat:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data"
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
||||
register: services_base_user_volume_mount
|
||||
|
||||
- name: "user : {{ services_service_name }} : directories : create \"{{ services_service_volume.name }}\" mount"
|
||||
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data"
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
@ -1,19 +1,19 @@
|
||||
- block:
|
||||
|
||||
- name: "user : {{ services_service_name }} : podman : create container configuration directory"
|
||||
- name: "{{ services_service_name }} : podman : create container configuration directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_home }}/.config/containers"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "user : {{ services_service_name }} : podman : configure podman storage"
|
||||
- name: "{{ services_service_name }} : podman : configure podman storage"
|
||||
ansible.builtin.template:
|
||||
src: "./user/podman/storage.conf.j2"
|
||||
src: "./podman/storage.conf.j2"
|
||||
dest: "{{ services_service_user_home }}/.config/containers/storage.conf"
|
||||
mode: 0644
|
||||
register: services_base_user_containers_storage
|
||||
|
||||
- name: "user : {{ services_service_name }} : podman : reset podman"
|
||||
- name: "{{ services_service_name }} : podman : reset podman"
|
||||
ansible.builtin.shell: "cd $HOME; yes | podman system reset"
|
||||
when:
|
||||
services_base_user_containers_storage.changed
|
@ -1,4 +1,4 @@
|
||||
- name: "user : {{ services_service_name }} : setup : create system user"
|
||||
- name: "{{ services_service_name }} : setup : create system user"
|
||||
ansible.builtin.user:
|
||||
name: "{{ services_service_user_name }}"
|
||||
create_home: true
|
||||
@ -6,14 +6,14 @@
|
||||
system: true
|
||||
register: services_base_user_create
|
||||
|
||||
- name: "user : {{ services_service_name }} : setup : set default shell"
|
||||
- name: "{{ services_service_name }} : setup : set default shell"
|
||||
ansible.builtin.user:
|
||||
name: "{{ services_service_user_name }}"
|
||||
shell: "{{ services[services_service_name].shell | default('/usr/sbin/nologin') }}"
|
||||
shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "user : {{ services_service_name }} : setup : set home directory ownership"
|
||||
- name: "{{ services_service_name }} : setup : set home directory ownership"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_home }}"
|
||||
state: "directory"
|
||||
@ -21,7 +21,7 @@
|
||||
group: "{{ services_service_user_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: "user : {{ services_service_name }} : setup : configure subuids and subgids"
|
||||
- name: "{{ services_service_name }} : setup : configure subuids and subgids"
|
||||
ansible.builtin.shell: |
|
||||
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
|
||||
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
|
||||
@ -29,12 +29,12 @@
|
||||
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
|
||||
{{ services_service_user_name }}
|
||||
|
||||
- name: "user : {{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
|
||||
- name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
|
||||
ansible.builtin.shell: |
|
||||
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
|
||||
{{ services_service_user_home }}/.bashrc
|
||||
|
||||
- name: "user : {{ services_service_name }} : setup : enable lingering"
|
||||
- name: "{{ services_service_name }} : setup : enable lingering"
|
||||
ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"
|
||||
|
||||
when:
|
@ -1,6 +1,6 @@
|
||||
- name: "user : {{ services_service_name }} : veth : configure interface"
|
||||
- name: "{{ services_service_name }} : veth : configure interface"
|
||||
ansible.builtin.template:
|
||||
src: "./user/veth/interface.j2"
|
||||
src: "./veth/interface.j2"
|
||||
dest: "/etc/network/interfaces.d/{{ services_service_iface_name }}"
|
||||
mode: 0644
|
||||
validate: >
|
||||
@ -14,9 +14,9 @@
|
||||
fi'
|
||||
vars:
|
||||
services_service_iface_name: "veth-{{ services_service_name }}"
|
||||
services_service_iface_address: "{{ services[services_service_name].address }}"
|
||||
services_service_iface_address: "{{ services_addresses[services_service_name] }}"
|
||||
|
||||
- name: "user : {{ services_service_name }} : veth : enable the path trigger"
|
||||
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
||||
ansible.builtin.systemd:
|
||||
name: "connect-pod-service@{{ services_service_name }}.path"
|
||||
enabled: true
|
45
plays/services/roles/setup_user/tasks/main.yml
Normal file
45
plays/services/roles/setup_user/tasks/main.yml
Normal file
@ -0,0 +1,45 @@
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars"
|
||||
ansible.builtin.import_role:
|
||||
name: "include"
|
||||
tasks_from: "vars"
|
||||
tags:
|
||||
- "services:setup_user:user"
|
||||
- "services:setup_user:{{ services_service_name }}:user"
|
||||
- "services:setup_user:directories"
|
||||
- "services:setup_user:{{ services_service_name }}:directories"
|
||||
- "services:setup_user:podman"
|
||||
- "services:setup_user:{{ services_service_name }}:podman"
|
||||
- "services:setup_user:auto_update"
|
||||
- "services:setup_user:{{ services_service_name }}:auto_update"
|
||||
- "services:setup_user:veth"
|
||||
- "services:setup_user:{{ services_service_name }}:veth"
|
||||
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user"
|
||||
ansible.builtin.import_tasks: "include/user.yml"
|
||||
tags:
|
||||
- "services:setup_user:user"
|
||||
- "services:setup_user:{{ services_service_name }}:user"
|
||||
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories"
|
||||
ansible.builtin.import_tasks: "include/directories.yml"
|
||||
tags:
|
||||
- "services:setup_user:directories"
|
||||
- "services:setup_user:{{ services_service_name }}:directories"
|
||||
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman"
|
||||
ansible.builtin.import_tasks: "include/podman.yml"
|
||||
tags:
|
||||
- "services:setup_user:podman"
|
||||
- "services:setup_user:{{ services_service_name }}:podman"
|
||||
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update"
|
||||
ansible.builtin.import_tasks: "include/auto_update.yml"
|
||||
tags:
|
||||
- "services:setup_user:auto_update"
|
||||
- "services:setup_user:{{ services_service_name }}:auto_update"
|
||||
|
||||
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth"
|
||||
ansible.builtin.import_tasks: "include/veth.yml"
|
||||
tags:
|
||||
- "services:setup_user:veth"
|
||||
- "services:setup_user:{{ services_service_name }}:veth"
|
@ -7,9 +7,9 @@ iface {{ services_service_iface_name }} inet manual
|
||||
|
||||
post-up ip -n {{ services_service_user_name }} link set veth0 up
|
||||
post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0
|
||||
post-up ip -n {{ services_service_user_name }} route add default via {{ services_base_bridge_gateway }} dev veth0
|
||||
post-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_gateway }} dev veth0
|
||||
|
||||
pre-down ip -n {{ services_service_user_name }} route del default via {{ services_base_bridge_gateway }} dev veth0
|
||||
pre-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_gateway }} dev veth0
|
||||
pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0
|
||||
pre-down ip -n {{ services_service_user_name }} link set veth0 down
|
||||
|
28
plays/services/system.yml
Normal file
28
plays/services/system.yml
Normal file
@ -0,0 +1,28 @@
|
||||
- name: "services : system : asgard"
|
||||
hosts: "asgard"
|
||||
tasks:
|
||||
- name: "datasets_system"
|
||||
ansible.builtin.include_role:
|
||||
name: "datasets_system"
|
||||
apply:
|
||||
tags: "services:datasets_system"
|
||||
when:
|
||||
"'zfs' in group_names"
|
||||
tags: "always"
|
||||
|
||||
- ansible.builtin.import_role:
|
||||
name: "setup_system"
|
||||
tags: "services:setup_system"
|
||||
|
||||
- name: "set service bridge addresses"
|
||||
ansible.builtin.set_fact:
|
||||
services_bridge_gateway: "{{ vpn_bridge_prefix }}.1"
|
||||
services_addresses:
|
||||
rproxy: "{{ vpn_bridge_valkyrie_prefix }}.2"
|
||||
www: "{{ vpn_bridge_valkyrie_prefix }}.3"
|
||||
lrproxy: "{{ vpn_bridge_yggdrasil_prefix }}.2"
|
||||
database: "{{ vpn_bridge_yggdrasil_prefix }}.3"
|
||||
cloud: "{{ vpn_bridge_yggdrasil_prefix }}.4"
|
||||
git: "{{ vpn_bridge_yggdrasil_prefix }}.5"
|
||||
notes: "{{ vpn_bridge_yggdrasil_prefix }}.6"
|
||||
tags: "always"
|
35
plays/services/valkyrie.yml
Normal file
35
plays/services/valkyrie.yml
Normal file
@ -0,0 +1,35 @@
|
||||
- name: "services : valkyrie"
|
||||
hosts: "valkyrie"
|
||||
tasks:
|
||||
- name: "set service volumes"
|
||||
ansible.builtin.set_fact:
|
||||
services_valkyrie_volumes:
|
||||
rproxy:
|
||||
etc-letsencrypt:
|
||||
www: {}
|
||||
tags: "always"
|
||||
|
||||
- name: "setup_user"
|
||||
ansible.builtin.include_role:
|
||||
name: "setup_user"
|
||||
apply:
|
||||
tags:
|
||||
- "services:setup_user"
|
||||
- "services:setup_user:{{ services_service_name }}"
|
||||
vars:
|
||||
services_service_name: "rproxy"
|
||||
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
|
||||
services_service_user_shell: "/usr/bin/rbash"
|
||||
tags: "always"
|
||||
|
||||
- name: "setup_user"
|
||||
ansible.builtin.include_role:
|
||||
name: "setup_user"
|
||||
apply:
|
||||
tags:
|
||||
- "services:setup_user"
|
||||
- "services:setup_user:{{ services_service_name }}"
|
||||
vars:
|
||||
services_service_name: "www"
|
||||
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
|
||||
tags: "always"
|
58
plays/services/yggdrasil.yml
Normal file
58
plays/services/yggdrasil.yml
Normal file
@ -0,0 +1,58 @@
|
||||
- name: "services : yggdrasil"
|
||||
hosts: "yggdrasil"
|
||||
tasks:
|
||||
- name: "set service volumes"
|
||||
ansible.builtin.set_fact:
|
||||
services_yggdrasil_services:
|
||||
- "lrproxy"
|
||||
- "database"
|
||||
- "cloud"
|
||||
- "git"
|
||||
- "notes"
|
||||
services_yggdrasil_volumes:
|
||||
lrproxy:
|
||||
etc-letsencrypt:
|
||||
database:
|
||||
wal:
|
||||
extra_zfs_properties:
|
||||
recordsize: "8K"
|
||||
data:
|
||||
extra_zfs_properties:
|
||||
recordsize: "8K"
|
||||
logbias: "throughput"
|
||||
cloud:
|
||||
nextcloud:
|
||||
data:
|
||||
git:
|
||||
data:
|
||||
notes:
|
||||
data:
|
||||
tags: "always"
|
||||
|
||||
- name: "datasets_user"
|
||||
ansible.builtin.include_role:
|
||||
name: "datasets_user"
|
||||
apply:
|
||||
tags:
|
||||
- "services:datasets_user"
|
||||
- "services:datasets_user:{{ services_service_name }}"
|
||||
vars:
|
||||
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
|
||||
loop: "{{ services_yggdrasil_services }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_name"
|
||||
tags: "always"
|
||||
|
||||
- name: "setup_user"
|
||||
ansible.builtin.include_role:
|
||||
name: "setup_user"
|
||||
apply:
|
||||
tags:
|
||||
- "services:setup_user"
|
||||
- "services:setup_user:{{ services_service_name }}"
|
||||
vars:
|
||||
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
|
||||
loop: "{{ services_yggdrasil_services }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_name"
|
||||
tags: "always"
|
Loading…
Reference in New Issue
Block a user