diff --git a/playbooks/tasks/services/vars-user.yml b/playbooks/tasks/services/vars-user.yml deleted file mode 100644 index 3aead91..0000000 --- a/playbooks/tasks/services/vars-user.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Get user info - getent: - database: passwd - key: "{{ service_user_name }}" - -- name: Set service variables - set_fact: - service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}" - service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}" - -- name: Print service variables - debug: - msg: - - "service_user_uid: {{ service_user_uid }}" - - "service_user_gid: {{ service_user_gid }}" diff --git a/plays/services/files/base/system/nameserver/.gitignore b/plays/services/files/setup_system/nameserver/.gitignore similarity index 100% rename from plays/services/files/base/system/nameserver/.gitignore rename to plays/services/files/setup_system/nameserver/.gitignore diff --git a/plays/services/main.yml b/plays/services/main.yml index 872fff7..a264d8f 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -1,11 +1,4 @@ -- name: "services : zfs" - hosts: "zfs" - roles: - - role: "datasets" - tags: "services:datasets" - -- name: "services : asgard" - hosts: "asgard" - roles: - - role: "base" - tags: "services:base" +--- +- ansible.builtin.import_playbook: "system.yml" +- ansible.builtin.import_playbook: "valkyrie.yml" +- ansible.builtin.import_playbook: "yggdrasil.yml" diff --git a/plays/services/roles/base/tasks/include/system.yml b/plays/services/roles/base/tasks/include/system.yml deleted file mode 100644 index bc61f54..0000000 --- a/plays/services/roles/base/tasks/include/system.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: "play:services : role:base : tasks:system:podman" - ansible.builtin.import_tasks: "system/podman.yml" - tags: "services:base:system:podman" - -- name: "play:services : role:base : tasks:system:directories" - ansible.builtin.import_tasks: "system/directories.yml" - tags: "services:base:system:directories" - -- name: "play:services : role:base : tasks:system:nameserver" - ansible.builtin.import_tasks: "system/nameserver.yml" - tags: "services:base:system:nameserver" - -- name: "play:services : role:base : tasks:system:veth" - ansible.builtin.import_tasks: "system/veth.yml" - tags: "services:base:system:veth" - -- name: "play:services : role:base : tasks:system:auto_update" - ansible.builtin.import_tasks: "system/auto_update.yml" - tags: "services:base:system:auto_update" diff --git a/plays/services/roles/base/tasks/include/system/auto_update.yml b/plays/services/roles/base/tasks/include/system/auto_update.yml deleted file mode 100644 index ee28f5c..0000000 --- a/plays/services/roles/base/tasks/include/system/auto_update.yml +++ /dev/null @@ -1,37 +0,0 @@ -- name: "system : auto_update : pod-service update script" - ansible.builtin.copy: - src: "./system/systemd/pod-service-auto-update" - dest: "/usr/local/sbin/pod-service-auto-update" - mode: 0755 - -- name: "system : auto_update : pod-service update service" - ansible.builtin.copy: - src: "./system/systemd/pod-service-auto-update.service" - dest: "/etc/systemd/user/pod-service-auto-update.service" - mode: 0644 - register: services_base_system_pod_service_auto_update_service_file - -- name: "system : auto_update : pod-service update timer" - ansible.builtin.copy: - src: "./system/systemd/pod-service-auto-update.timer" - dest: "/etc/systemd/user/pod-service-auto-update.timer" - mode: 0644 - register: services_base_system_pod_service_auto_update_timer_file - -- name: "system : auto_update : image prune service" - ansible.builtin.copy: - src: "./system/systemd/podman-image-prune.service" - dest: "/etc/systemd/user/podman-image-prune.service" - mode: 0644 - register: services_base_system_podman_image_prune_service_file - -# Include instead of import as otherwise the when clause is always applied which triggers errors if -# the above tasks haven't executed. -- name: "system : auto_update : systemd daemon reload for each service" - ansible.builtin.include_role: - name: "include" - tasks_from: "daemon_reload" - when: - services_base_system_pod_service_auto_update_service_file.changed or - services_base_system_pod_service_auto_update_timer_file.changed or - services_base_system_podman_image_prune_service_file.changed diff --git a/plays/services/roles/base/tasks/include/system/podman.yml b/plays/services/roles/base/tasks/include/system/podman.yml deleted file mode 100644 index d69bac7..0000000 --- a/plays/services/roles/base/tasks/include/system/podman.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: "system : podman : install podman" - ansible.builtin.apt: - name: "podman" - register: services_base_system_podman_install - -- name: "system : podman : reboot host" - ansible.builtin.reboot: - when: - services_base_system_podman_install.changed diff --git a/plays/services/roles/base/tasks/include/system/veth.yml b/plays/services/roles/base/tasks/include/system/veth.yml deleted file mode 100644 index 1b9c121..0000000 --- a/plays/services/roles/base/tasks/include/system/veth.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: "system : veth : configure connect-pod-service" - ansible.builtin.copy: - src: "./system/veth/connect-pod-service@.service" - dest: "/etc/systemd/system/connect-pod-service@.service" - mode: 0644 - register: services_base_system_connect_pod_service_service_file - -- name: "system : veth : configure connect-pod-service path trigger" - ansible.builtin.template: - src: "./system/veth/connect-pod-service@.path.j2" - dest: "/etc/systemd/system/connect-pod-service@.path" - mode: 0644 - register: services_base_system_connect_pod_service_path_file - -- name: "system : veth : systemd daemon reload" - ansible.builtin.systemd: - daemon_reload: true - when: - services_base_system_connect_pod_service_service_file.changed or - services_base_system_connect_pod_service_path_file.changed diff --git a/plays/services/roles/base/tasks/include/user.yml b/plays/services/roles/base/tasks/include/user.yml deleted file mode 100644 index e77cc4b..0000000 --- a/plays/services/roles/base/tasks/include/user.yml +++ /dev/null @@ -1,45 +0,0 @@ -- name: "user : {{ services_service_name }} : set variables" - ansible.builtin.import_role: - name: "include" - tasks_from: "vars" - tags: - - "services:base:user:setup" - - "services:base:user:{{ services_service_name }}:setup" - - "services:base:user:directories" - - "services:base:user:{{ services_service_name }}:directories" - - "services:base:user:podman" - - "services:base:user:{{ services_service_name }}:podman" - - "services:base:user:auto_update" - - "services:base:user:{{ services_service_name }}:auto_update" - - "services:base:user:veth" - - "services:base:user:{{ services_service_name }}:veth" - -- name: "play:services : role:base : tasks:user:setup" - ansible.builtin.import_tasks: "user/setup.yml" - tags: - - "services:base:user:setup" - - "services:base:user:{{ services_service_name }}:setup" - -- name: "play:services : role:base : tasks:user:directories" - ansible.builtin.import_tasks: "user/directories.yml" - tags: - - "services:base:user:directories" - - "services:base:user:{{ services_service_name }}:directories" - -- name: "play:services : role:base : tasks:user:podman" - ansible.builtin.import_tasks: "user/podman.yml" - tags: - - "services:base:user:podman" - - "services:base:user:{{ services_service_name }}:podman" - -- name: "play:services : role:base : tasks:user:auto_update" - ansible.builtin.import_tasks: "user/auto_update.yml" - tags: - - "services:base:user:auto_update" - - "services:base:user:{{ services_service_name }}:auto_update" - -- name: "play:services : role:base : tasks:user:veth" - ansible.builtin.import_tasks: "user/veth.yml" - tags: - - "services:base:user:veth" - - "services:base:user:{{ services_service_name }}:veth" diff --git a/plays/services/roles/base/tasks/main.yml b/plays/services/roles/base/tasks/main.yml deleted file mode 100644 index d8e0e73..0000000 --- a/plays/services/roles/base/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: "play:services : role:base : tasks:system" - ansible.builtin.import_tasks: "include/system.yml" - tags: "services:base:system" - -- name: "play:services : role:base : tasks:user" - ansible.builtin.include_tasks: "include/user.yml" - tags: "always" - args: - apply: - tags: - - "services:base:user" - - "services:base:user:{{ services_service_name }}" - loop: "{{ services_host_services }}" - loop_control: - loop_var: "services_service_name" diff --git a/plays/services/roles/datasets/tasks/main.yml b/plays/services/roles/datasets/tasks/main.yml deleted file mode 100644 index ca01bdf..0000000 --- a/plays/services/roles/datasets/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: "play:services : role:datasets : tasks:system" - ansible.builtin.import_tasks: "include/system.yml" - tags: "services:datasets:system" - -- name: "play:services : role:datasets : tasks:user" - ansible.builtin.include_tasks: "include/user.yml" - tags: "always" - args: - apply: - tags: - - "services:datasets:user" - - "services:datasets:user:{{ services_service_name }}" - loop: "{{ services_host_services }}" - loop_control: - loop_var: "services_service_name" diff --git a/plays/services/roles/datasets_system/meta/argument_specs.yml b/plays/services/roles/datasets_system/meta/argument_specs.yml new file mode 100644 index 0000000..be04257 --- /dev/null +++ b/plays/services/roles/datasets_system/meta/argument_specs.yml @@ -0,0 +1,6 @@ +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true diff --git a/plays/services/roles/datasets/tasks/include/system.yml b/plays/services/roles/datasets_system/tasks/main.yml similarity index 82% rename from plays/services/roles/datasets/tasks/include/system.yml rename to plays/services/roles/datasets_system/tasks/main.yml index f9dd2ed..ff76d72 100644 --- a/plays/services/roles/datasets/tasks/include/system.yml +++ b/plays/services/roles/datasets_system/tasks/main.yml @@ -1,16 +1,16 @@ -- name: "system : create containers dataset" +- name: "create containers dataset" community.general.zfs: name: "rpool/var/lib/containers" state: "present" extra_zfs_properties: "com.sun:auto-snapshot": "false" -- name: "system : create services root dataset" +- name: "create services root dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}" state: "present" -- name: "system : create containers zvol" +- name: "create containers zvol" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/containers" state: "present" @@ -19,7 +19,7 @@ refreservation: "none" "com.sun:auto-snapshot": "false" -- name: "system : format containers zvol" +- name: "format containers zvol" community.general.filesystem: dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" fstype: "ext4" @@ -27,7 +27,7 @@ - block: - - name: "system : get containers zvol uuid" + - name: "get containers zvol uuid" ansible.builtin.command: >- blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers register: services_datasets_system_zvol_uuid @@ -42,14 +42,14 @@ when: services_datasets_system_zvol_format.changed -- name: "system : create data root dataset" +- name: "create data root dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/data" state: "present" extra_zfs_properties: canmount: "off" -- name: "system : create home root dataset" +- name: "create home root dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/home" state: "present" diff --git a/plays/services/roles/datasets_user/meta/argument_specs.yml b/plays/services/roles/datasets_user/meta/argument_specs.yml new file mode 100644 index 0000000..d1a7b7b --- /dev/null +++ b/plays/services/roles/datasets_user/meta/argument_specs.yml @@ -0,0 +1,13 @@ +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true + services_service_name: + type: "str" + required: true + services_service_volumes: + type: "dict" + elem: "dict" + required: true diff --git a/plays/services/roles/datasets/tasks/include/user.yml b/plays/services/roles/datasets_user/tasks/main.yml similarity index 58% rename from plays/services/roles/datasets/tasks/include/user.yml rename to plays/services/roles/datasets_user/tasks/main.yml index 85e9562..96c8d06 100644 --- a/plays/services/roles/datasets/tasks/include/user.yml +++ b/plays/services/roles/datasets_user/tasks/main.yml @@ -1,15 +1,15 @@ -- name: "user : {{ services_service_name }} : set variables" +- name: "{{ services_service_name }} : set variables" ansible.builtin.import_role: name: "include" tasks_from: "vars" -- name: "user : {{ services_service_name }} : create home dataset" +- name: "{{ services_service_name }} : create home dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" state: "present" register: services_datasets_user_zfs_home -- name: "user : {{ services_service_name }} : populate home dataset with skeleton" +- name: "{{ services_service_name }} : populate home dataset with skeleton" ansible.builtin.copy: src: "/etc/skel/" dest: "{{ services_service_user_home }}" @@ -17,16 +17,16 @@ when: services_datasets_user_zfs_home.changed -- name: "user : {{ services_service_name }} : create data dataset" +- name: "{{ services_service_name }} : create data dataset" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" state: "present" extra_zfs_properties: canmount: "off" -- name: "user : {{ services_service_name }} : create volume datasets" +- name: "{{ services_service_name }} : create volume datasets" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.name }}" + name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}" state: "present" - extra_zfs_properties: "{{ item.properties | default({}) }}" - loop: "{{ services[services_service_name].volumes }}" + extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}" + loop: "{{ services_service_volumes | dict2items }}" diff --git a/plays/services/roles/include/meta/argument_specs.yml b/plays/services/roles/include/meta/argument_specs.yml index 23781ec..cd94c4c 100644 --- a/plays/services/roles/include/meta/argument_specs.yml +++ b/plays/services/roles/include/meta/argument_specs.yml @@ -1,12 +1,18 @@ argument_specs: - vars: - options: - services_service_name: - type: "str" - required: true daemon_reload: options: services_host_services: type: "list" elem: "str" required: true + hosts: + options: + services_host_services: + type: "list" + elem: "str" + required: true + vars: + options: + services_service_name: + type: "str" + required: true diff --git a/plays/services/roles/base/files/system/systemd/pod-service-auto-update b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update similarity index 100% rename from plays/services/roles/base/files/system/systemd/pod-service-auto-update rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update diff --git a/plays/services/roles/base/files/system/systemd/pod-service-auto-update.service b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.service similarity index 100% rename from plays/services/roles/base/files/system/systemd/pod-service-auto-update.service rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.service diff --git a/plays/services/roles/base/files/system/systemd/pod-service-auto-update.timer b/plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.timer similarity index 100% rename from plays/services/roles/base/files/system/systemd/pod-service-auto-update.timer rename to plays/services/roles/setup_system/files/auto_update/pod-service-auto-update.timer diff --git a/plays/services/roles/base/files/system/systemd/podman-image-prune.service b/plays/services/roles/setup_system/files/auto_update/podman-image-prune.service similarity index 100% rename from plays/services/roles/base/files/system/systemd/podman-image-prune.service rename to plays/services/roles/setup_system/files/auto_update/podman-image-prune.service diff --git a/plays/services/roles/base/files/system/veth/connect-pod-service@.service b/plays/services/roles/setup_system/files/veth/connect-pod-service@.service similarity index 100% rename from plays/services/roles/base/files/system/veth/connect-pod-service@.service rename to plays/services/roles/setup_system/files/veth/connect-pod-service@.service diff --git a/plays/services/roles/datasets/meta/argument_specs.yml b/plays/services/roles/setup_system/meta/argument_spec.yml similarity index 70% rename from plays/services/roles/datasets/meta/argument_specs.yml rename to plays/services/roles/setup_system/meta/argument_spec.yml index dd73ccc..f1bbfb9 100644 --- a/plays/services/roles/datasets/meta/argument_specs.yml +++ b/plays/services/roles/setup_system/meta/argument_spec.yml @@ -4,10 +4,6 @@ argument_specs: ansible_hostname: type: "str" required: true - services: - type: "dict" - elem: "dict" - required: true services_host_services: type: "list" elem: "str" diff --git a/plays/services/roles/setup_system/tasks/include/auto_update.yml b/plays/services/roles/setup_system/tasks/include/auto_update.yml new file mode 100644 index 0000000..2ddab7c --- /dev/null +++ b/plays/services/roles/setup_system/tasks/include/auto_update.yml @@ -0,0 +1,37 @@ +- name: "auto_update : pod-service update script" + ansible.builtin.copy: + src: "./auto_update/pod-service-auto-update" + dest: "/usr/local/sbin/pod-service-auto-update" + mode: 0755 + +- name: "auto_update : pod-service update service" + ansible.builtin.copy: + src: "./auto_update/pod-service-auto-update.service" + dest: "/etc/systemd/user/pod-service-auto-update.service" + mode: 0644 + register: services_system_pod_service_auto_update_service_file + +- name: "auto_update : pod-service update timer" + ansible.builtin.copy: + src: "./auto_update/pod-service-auto-update.timer" + dest: "/etc/systemd/user/pod-service-auto-update.timer" + mode: 0644 + register: services_system_pod_service_auto_update_timer_file + +- name: "auto_update : image prune service" + ansible.builtin.copy: + src: "./auto_update/podman-image-prune.service" + dest: "/etc/systemd/user/podman-image-prune.service" + mode: 0644 + register: services_system_podman_image_prune_service_file + +# Include instead of import as otherwise the when clause is always applied which triggers errors if +# the above tasks haven't executed. +- name: "auto_update : systemd daemon reload for each service" + ansible.builtin.include_role: + name: "include" + tasks_from: "daemon_reload" + when: + services_system_pod_service_auto_update_service_file.changed or + services_system_pod_service_auto_update_timer_file.changed or + services_system_podman_image_prune_service_file.changed diff --git a/plays/services/roles/base/tasks/include/system/directories.yml b/plays/services/roles/setup_system/tasks/include/directories.yml similarity index 64% rename from plays/services/roles/base/tasks/include/system/directories.yml rename to plays/services/roles/setup_system/tasks/include/directories.yml index c941d74..c282ee3 100644 --- a/plays/services/roles/base/tasks/include/system/directories.yml +++ b/plays/services/roles/setup_system/tasks/include/directories.yml @@ -1,22 +1,22 @@ -- name: "system : directories : create services directory" +- name: "directories : create services directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}" state: "directory" mode: 0755 -- name: "system : directories : create containers root directory" +- name: "directories : create containers root directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}/containers" state: "directory" mode: 0755 -- name: "system : directories : create data root directory" +- name: "directories : create data root directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}/data" state: "directory" mode: 0755 -- name: "system : directories : create home root directory" +- name: "directories : create home root directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}/home" state: "directory" diff --git a/plays/services/roles/base/tasks/include/system/nameserver.yml b/plays/services/roles/setup_system/tasks/include/nameserver.yml similarity index 50% rename from plays/services/roles/base/tasks/include/system/nameserver.yml rename to plays/services/roles/setup_system/tasks/include/nameserver.yml index 3d23161..8babcd4 100644 --- a/plays/services/roles/base/tasks/include/system/nameserver.yml +++ b/plays/services/roles/setup_system/tasks/include/nameserver.yml @@ -1,14 +1,14 @@ -- name: "system : nameserver : fetch valkyrie's resolv.conf" +- name: "nameserver : fetch valkyrie's resolv.conf" ansible.builtin.fetch: src: "/etc/resolv.conf" - dest: "./files/base/system/nameserver/" + dest: "./files/setup_system/nameserver/" flat: true when: ansible_hostname == "valkyrie" -- name: "system : nameserver : copy valkyrie's resolv.conf to other hosts" +- name: "nameserver : copy valkyrie's resolv.conf to other hosts" ansible.builtin.copy: - src: "../../../files/base/system/nameserver/resolv.conf" + src: "../../../files/setup_system/nameserver/resolv.conf" dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" when: ansible_hostname != "valkyrie" diff --git a/plays/services/roles/setup_system/tasks/include/podman.yml b/plays/services/roles/setup_system/tasks/include/podman.yml new file mode 100644 index 0000000..6a588f8 --- /dev/null +++ b/plays/services/roles/setup_system/tasks/include/podman.yml @@ -0,0 +1,9 @@ +- name: "podman : install podman" + ansible.builtin.apt: + name: "podman" + register: services_system_podman_install + +- name: "podman : reboot host" + ansible.builtin.reboot: + when: + services_system_podman_install.changed diff --git a/plays/services/roles/setup_system/tasks/include/veth.yml b/plays/services/roles/setup_system/tasks/include/veth.yml new file mode 100644 index 0000000..1ee258b --- /dev/null +++ b/plays/services/roles/setup_system/tasks/include/veth.yml @@ -0,0 +1,20 @@ +- name: "veth : configure connect-pod-service" + ansible.builtin.copy: + src: "./veth/connect-pod-service@.service" + dest: "/etc/systemd/system/connect-pod-service@.service" + mode: 0644 + register: services_system_connect_pod_service_service_file + +- name: "veth : configure connect-pod-service path trigger" + ansible.builtin.template: + src: "./veth/connect-pod-service@.path.j2" + dest: "/etc/systemd/system/connect-pod-service@.path" + mode: 0644 + register: services_system_connect_pod_service_path_file + +- name: "veth : systemd daemon reload" + ansible.builtin.systemd: + daemon_reload: true + when: + services_system_connect_pod_service_service_file.changed or + services_system_connect_pod_service_path_file.changed diff --git a/plays/services/roles/setup_system/tasks/main.yml b/plays/services/roles/setup_system/tasks/main.yml new file mode 100644 index 0000000..8d1332a --- /dev/null +++ b/plays/services/roles/setup_system/tasks/main.yml @@ -0,0 +1,19 @@ +- name: "play:services : role:setup_system : tasks:podman" + ansible.builtin.import_tasks: "include/podman.yml" + tags: "services:setup_system:podman" + +- name: "play:services : role:setup_system : tasks:directories" + ansible.builtin.import_tasks: "include/directories.yml" + tags: "services:setup_system:directories" + +- name: "play:services : role:setup_system : tasks:nameserver" + ansible.builtin.import_tasks: "include/nameserver.yml" + tags: "services:setup_system:nameserver" + +- name: "play:services : role:setup_system : tasks:veth" + ansible.builtin.import_tasks: "include/veth.yml" + tags: "services:setup_system:veth" + +- name: "play:services : role:setup_system : tasks:auto_update" + ansible.builtin.import_tasks: "include/auto_update.yml" + tags: "services:setup_system:auto_update" diff --git a/plays/services/roles/base/templates/system/veth/connect-pod-service@.path.j2 b/plays/services/roles/setup_system/templates/veth/connect-pod-service@.path.j2 similarity index 100% rename from plays/services/roles/base/templates/system/veth/connect-pod-service@.path.j2 rename to plays/services/roles/setup_system/templates/veth/connect-pod-service@.path.j2 diff --git a/plays/services/roles/base/meta/argument_spec.yml b/plays/services/roles/setup_user/meta/argument_spec.yml similarity index 74% rename from plays/services/roles/base/meta/argument_spec.yml rename to plays/services/roles/setup_user/meta/argument_spec.yml index 164f019..1bcd18c 100644 --- a/plays/services/roles/base/meta/argument_spec.yml +++ b/plays/services/roles/setup_user/meta/argument_spec.yml @@ -4,9 +4,8 @@ argument_specs: ansible_hostname: type: "str" required: true - services_host_services: - type: "list" - elem: "str" + services_service_name: + type: "str" required: true services_base_bridge_gateway: type: "str" diff --git a/plays/services/roles/base/tasks/include/user/auto_update.yml b/plays/services/roles/setup_user/tasks/include/auto_update.yml similarity index 64% rename from plays/services/roles/base/tasks/include/user/auto_update.yml rename to plays/services/roles/setup_user/tasks/include/auto_update.yml index 6f61d3b..93e5496 100644 --- a/plays/services/roles/base/tasks/include/user/auto_update.yml +++ b/plays/services/roles/setup_user/tasks/include/auto_update.yml @@ -1,13 +1,13 @@ - block: - - name: "user : {{ services_service_name }} : auto_update : enable auto-update timer" + - name: "{{ services_service_name }} : auto_update : enable auto-update timer" ansible.builtin.systemd: name: "pod-service-auto-update.timer" enabled: true state: "started" scope: "user" - - name: "user : {{ services_service_name }} : auto_update : enable podman image prune" + - name: "{{ services_service_name }} : auto_update : enable podman image prune" ansible.builtin.systemd: name: "podman-image-prune.service" enabled: true diff --git a/plays/services/roles/base/tasks/include/user/directories.yml b/plays/services/roles/setup_user/tasks/include/directories.yml similarity index 66% rename from plays/services/roles/base/tasks/include/user/directories.yml rename to plays/services/roles/setup_user/tasks/include/directories.yml index 0eb46b7..7c4a2a6 100644 --- a/plays/services/roles/base/tasks/include/user/directories.yml +++ b/plays/services/roles/setup_user/tasks/include/directories.yml @@ -1,4 +1,4 @@ -- name: "user : {{ services_service_name }} : directories : create containers directory" +- name: "{{ services_service_name }} : directories : create containers directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}" state: "directory" @@ -6,7 +6,7 @@ group: "{{ services_service_user_name }}" mode: 0755 -- name: "user : {{ services_service_name }} : directories : create data directory" +- name: "{{ services_service_name }} : directories : create data directory" ansible.builtin.file: path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" state: "directory" @@ -14,15 +14,15 @@ group: "{{ services_service_user_name }}" mode: 0755 -- name: "user : {{ services_service_name }} : directories : create volume directories" +- name: "{{ services_service_name }} : directories : create volume directories" ansible.builtin.include_tasks: "directories/volumes.yml" - loop: "{{ services[services_service_name].volumes }}" + loop: "{{ services_service_volumes | dict2items }}" loop_control: loop_var: "services_service_volume" - block: - - name: "user : {{ services_service_name }} : directories : create systemd directory" + - name: "{{ services_service_name }} : directories : create systemd directory" ansible.builtin.file: path: "{{ services_service_user_home }}/.config/systemd/user" state: "directory" diff --git a/plays/services/roles/base/tasks/include/user/directories/volumes.yml b/plays/services/roles/setup_user/tasks/include/directories/volumes.yml similarity index 54% rename from plays/services/roles/base/tasks/include/user/directories/volumes.yml rename to plays/services/roles/setup_user/tasks/include/directories/volumes.yml index 26f7530..9381468 100644 --- a/plays/services/roles/base/tasks/include/user/directories/volumes.yml +++ b/plays/services/roles/setup_user/tasks/include/directories/volumes.yml @@ -1,19 +1,19 @@ -- name: "user : {{ services_service_name }} : directories : create volume \"{{ services_service_volume.name }}\"" +- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\"" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}" + path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" mode: 0755 -- name: "user : {{ services_service_name }} : directories : check if \"{{ services_service_volume.name }}\" mount exists" +- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists" ansible.builtin.stat: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data" + path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" register: services_base_user_volume_mount -- name: "user : {{ services_service_name }} : directories : create \"{{ services_service_volume.name }}\" mount" +- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data" + path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" diff --git a/plays/services/roles/base/tasks/include/user/podman.yml b/plays/services/roles/setup_user/tasks/include/podman.yml similarity index 63% rename from plays/services/roles/base/tasks/include/user/podman.yml rename to plays/services/roles/setup_user/tasks/include/podman.yml index 4edfd03..10a8068 100644 --- a/plays/services/roles/base/tasks/include/user/podman.yml +++ b/plays/services/roles/setup_user/tasks/include/podman.yml @@ -1,19 +1,19 @@ - block: - - name: "user : {{ services_service_name }} : podman : create container configuration directory" + - name: "{{ services_service_name }} : podman : create container configuration directory" ansible.builtin.file: path: "{{ services_service_user_home }}/.config/containers" state: "directory" mode: 0755 - - name: "user : {{ services_service_name }} : podman : configure podman storage" + - name: "{{ services_service_name }} : podman : configure podman storage" ansible.builtin.template: - src: "./user/podman/storage.conf.j2" + src: "./podman/storage.conf.j2" dest: "{{ services_service_user_home }}/.config/containers/storage.conf" mode: 0644 register: services_base_user_containers_storage - - name: "user : {{ services_service_name }} : podman : reset podman" + - name: "{{ services_service_name }} : podman : reset podman" ansible.builtin.shell: "cd $HOME; yes | podman system reset" when: services_base_user_containers_storage.changed diff --git a/plays/services/roles/base/tasks/include/user/setup.yml b/plays/services/roles/setup_user/tasks/include/user.yml similarity index 67% rename from plays/services/roles/base/tasks/include/user/setup.yml rename to plays/services/roles/setup_user/tasks/include/user.yml index 32c7c91..d7551d4 100644 --- a/plays/services/roles/base/tasks/include/user/setup.yml +++ b/plays/services/roles/setup_user/tasks/include/user.yml @@ -1,4 +1,4 @@ -- name: "user : {{ services_service_name }} : setup : create system user" +- name: "{{ services_service_name }} : setup : create system user" ansible.builtin.user: name: "{{ services_service_user_name }}" create_home: true @@ -6,14 +6,14 @@ system: true register: services_base_user_create -- name: "user : {{ services_service_name }} : setup : set default shell" +- name: "{{ services_service_name }} : setup : set default shell" ansible.builtin.user: name: "{{ services_service_user_name }}" - shell: "{{ services[services_service_name].shell | default('/usr/sbin/nologin') }}" + shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}" - block: - - name: "user : {{ services_service_name }} : setup : set home directory ownership" + - name: "{{ services_service_name }} : setup : set home directory ownership" ansible.builtin.file: path: "{{ services_service_user_home }}" state: "directory" @@ -21,7 +21,7 @@ group: "{{ services_service_user_name }}" recurse: true - - name: "user : {{ services_service_name }} : setup : configure subuids and subgids" + - name: "{{ services_service_name }} : setup : configure subuids and subgids" ansible.builtin.shell: | export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536)) export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536)) @@ -29,12 +29,12 @@ --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \ {{ services_service_user_name }} - - name: "user : {{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set" + - name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set" ansible.builtin.shell: | echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \ {{ services_service_user_home }}/.bashrc - - name: "user : {{ services_service_name }} : setup : enable lingering" + - name: "{{ services_service_name }} : setup : enable lingering" ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}" when: diff --git a/plays/services/roles/base/tasks/include/user/veth.yml b/plays/services/roles/setup_user/tasks/include/veth.yml similarity index 71% rename from plays/services/roles/base/tasks/include/user/veth.yml rename to plays/services/roles/setup_user/tasks/include/veth.yml index c301e4d..3ce55e4 100644 --- a/plays/services/roles/base/tasks/include/user/veth.yml +++ b/plays/services/roles/setup_user/tasks/include/veth.yml @@ -1,6 +1,6 @@ -- name: "user : {{ services_service_name }} : veth : configure interface" +- name: "{{ services_service_name }} : veth : configure interface" ansible.builtin.template: - src: "./user/veth/interface.j2" + src: "./veth/interface.j2" dest: "/etc/network/interfaces.d/{{ services_service_iface_name }}" mode: 0644 validate: > @@ -14,9 +14,9 @@ fi' vars: services_service_iface_name: "veth-{{ services_service_name }}" - services_service_iface_address: "{{ services[services_service_name].address }}" + services_service_iface_address: "{{ services_addresses[services_service_name] }}" -- name: "user : {{ services_service_name }} : veth : enable the path trigger" +- name: "{{ services_service_name }} : veth : enable the path trigger" ansible.builtin.systemd: name: "connect-pod-service@{{ services_service_name }}.path" enabled: true diff --git a/plays/services/roles/setup_user/tasks/main.yml b/plays/services/roles/setup_user/tasks/main.yml new file mode 100644 index 0000000..f023ae0 --- /dev/null +++ b/plays/services/roles/setup_user/tasks/main.yml @@ -0,0 +1,45 @@ +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars" + ansible.builtin.import_role: + name: "include" + tasks_from: "vars" + tags: + - "services:setup_user:user" + - "services:setup_user:{{ services_service_name }}:user" + - "services:setup_user:directories" + - "services:setup_user:{{ services_service_name }}:directories" + - "services:setup_user:podman" + - "services:setup_user:{{ services_service_name }}:podman" + - "services:setup_user:auto_update" + - "services:setup_user:{{ services_service_name }}:auto_update" + - "services:setup_user:veth" + - "services:setup_user:{{ services_service_name }}:veth" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user" + ansible.builtin.import_tasks: "include/user.yml" + tags: + - "services:setup_user:user" + - "services:setup_user:{{ services_service_name }}:user" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories" + ansible.builtin.import_tasks: "include/directories.yml" + tags: + - "services:setup_user:directories" + - "services:setup_user:{{ services_service_name }}:directories" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman" + ansible.builtin.import_tasks: "include/podman.yml" + tags: + - "services:setup_user:podman" + - "services:setup_user:{{ services_service_name }}:podman" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update" + ansible.builtin.import_tasks: "include/auto_update.yml" + tags: + - "services:setup_user:auto_update" + - "services:setup_user:{{ services_service_name }}:auto_update" + +- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth" + ansible.builtin.import_tasks: "include/veth.yml" + tags: + - "services:setup_user:veth" + - "services:setup_user:{{ services_service_name }}:veth" diff --git a/plays/services/roles/base/templates/user/podman/storage.conf.j2 b/plays/services/roles/setup_user/templates/podman/storage.conf.j2 similarity index 100% rename from plays/services/roles/base/templates/user/podman/storage.conf.j2 rename to plays/services/roles/setup_user/templates/podman/storage.conf.j2 diff --git a/plays/services/roles/base/templates/user/veth/interface.j2 b/plays/services/roles/setup_user/templates/veth/interface.j2 similarity index 90% rename from plays/services/roles/base/templates/user/veth/interface.j2 rename to plays/services/roles/setup_user/templates/veth/interface.j2 index 6d83e2e..07de7f3 100644 --- a/plays/services/roles/base/templates/user/veth/interface.j2 +++ b/plays/services/roles/setup_user/templates/veth/interface.j2 @@ -7,9 +7,9 @@ iface {{ services_service_iface_name }} inet manual post-up ip -n {{ services_service_user_name }} link set veth0 up post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0 - post-up ip -n {{ services_service_user_name }} route add default via {{ services_base_bridge_gateway }} dev veth0 + post-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_gateway }} dev veth0 - pre-down ip -n {{ services_service_user_name }} route del default via {{ services_base_bridge_gateway }} dev veth0 + pre-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_gateway }} dev veth0 pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0 pre-down ip -n {{ services_service_user_name }} link set veth0 down diff --git a/plays/services/system.yml b/plays/services/system.yml new file mode 100644 index 0000000..24a15da --- /dev/null +++ b/plays/services/system.yml @@ -0,0 +1,28 @@ +- name: "services : system : asgard" + hosts: "asgard" + tasks: + - name: "datasets_system" + ansible.builtin.include_role: + name: "datasets_system" + apply: + tags: "services:datasets_system" + when: + "'zfs' in group_names" + tags: "always" + + - ansible.builtin.import_role: + name: "setup_system" + tags: "services:setup_system" + + - name: "set service bridge addresses" + ansible.builtin.set_fact: + services_bridge_gateway: "{{ vpn_bridge_prefix }}.1" + services_addresses: + rproxy: "{{ vpn_bridge_valkyrie_prefix }}.2" + www: "{{ vpn_bridge_valkyrie_prefix }}.3" + lrproxy: "{{ vpn_bridge_yggdrasil_prefix }}.2" + database: "{{ vpn_bridge_yggdrasil_prefix }}.3" + cloud: "{{ vpn_bridge_yggdrasil_prefix }}.4" + git: "{{ vpn_bridge_yggdrasil_prefix }}.5" + notes: "{{ vpn_bridge_yggdrasil_prefix }}.6" + tags: "always" diff --git a/plays/services/valkyrie.yml b/plays/services/valkyrie.yml new file mode 100644 index 0000000..b3b2a18 --- /dev/null +++ b/plays/services/valkyrie.yml @@ -0,0 +1,35 @@ +- name: "services : valkyrie" + hosts: "valkyrie" + tasks: + - name: "set service volumes" + ansible.builtin.set_fact: + services_valkyrie_volumes: + rproxy: + etc-letsencrypt: + www: {} + tags: "always" + + - name: "setup_user" + ansible.builtin.include_role: + name: "setup_user" + apply: + tags: + - "services:setup_user" + - "services:setup_user:{{ services_service_name }}" + vars: + services_service_name: "rproxy" + services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}" + services_service_user_shell: "/usr/bin/rbash" + tags: "always" + + - name: "setup_user" + ansible.builtin.include_role: + name: "setup_user" + apply: + tags: + - "services:setup_user" + - "services:setup_user:{{ services_service_name }}" + vars: + services_service_name: "www" + services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}" + tags: "always" diff --git a/plays/services/yggdrasil.yml b/plays/services/yggdrasil.yml new file mode 100644 index 0000000..25cae3c --- /dev/null +++ b/plays/services/yggdrasil.yml @@ -0,0 +1,58 @@ +- name: "services : yggdrasil" + hosts: "yggdrasil" + tasks: + - name: "set service volumes" + ansible.builtin.set_fact: + services_yggdrasil_services: + - "lrproxy" + - "database" + - "cloud" + - "git" + - "notes" + services_yggdrasil_volumes: + lrproxy: + etc-letsencrypt: + database: + wal: + extra_zfs_properties: + recordsize: "8K" + data: + extra_zfs_properties: + recordsize: "8K" + logbias: "throughput" + cloud: + nextcloud: + data: + git: + data: + notes: + data: + tags: "always" + + - name: "datasets_user" + ansible.builtin.include_role: + name: "datasets_user" + apply: + tags: + - "services:datasets_user" + - "services:datasets_user:{{ services_service_name }}" + vars: + services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}" + loop: "{{ services_yggdrasil_services }}" + loop_control: + loop_var: "services_service_name" + tags: "always" + + - name: "setup_user" + ansible.builtin.include_role: + name: "setup_user" + apply: + tags: + - "services:setup_user" + - "services:setup_user:{{ services_service_name }}" + vars: + services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}" + loop: "{{ services_yggdrasil_services }}" + loop_control: + loop_var: "services_service_name" + tags: "always"