Be explicit about services in playbook

This commit is contained in:
Wojciech Kozlowski 2022-12-12 23:49:20 +01:00
parent bbb29cf25d
commit f2ddfe92ee
41 changed files with 340 additions and 251 deletions

View File

@ -1,15 +0,0 @@
- name: Get user info
getent:
database: passwd
key: "{{ service_user_name }}"
- name: Set service variables
set_fact:
service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}"
service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}"
- name: Print service variables
debug:
msg:
- "service_user_uid: {{ service_user_uid }}"
- "service_user_gid: {{ service_user_gid }}"

View File

@ -1,11 +1,4 @@
- name: "services : zfs" ---
hosts: "zfs" - ansible.builtin.import_playbook: "system.yml"
roles: - ansible.builtin.import_playbook: "valkyrie.yml"
- role: "datasets" - ansible.builtin.import_playbook: "yggdrasil.yml"
tags: "services:datasets"
- name: "services : asgard"
hosts: "asgard"
roles:
- role: "base"
tags: "services:base"

View File

@ -1,19 +0,0 @@
- name: "play:services : role:base : tasks:system:podman"
ansible.builtin.import_tasks: "system/podman.yml"
tags: "services:base:system:podman"
- name: "play:services : role:base : tasks:system:directories"
ansible.builtin.import_tasks: "system/directories.yml"
tags: "services:base:system:directories"
- name: "play:services : role:base : tasks:system:nameserver"
ansible.builtin.import_tasks: "system/nameserver.yml"
tags: "services:base:system:nameserver"
- name: "play:services : role:base : tasks:system:veth"
ansible.builtin.import_tasks: "system/veth.yml"
tags: "services:base:system:veth"
- name: "play:services : role:base : tasks:system:auto_update"
ansible.builtin.import_tasks: "system/auto_update.yml"
tags: "services:base:system:auto_update"

View File

@ -1,37 +0,0 @@
- name: "system : auto_update : pod-service update script"
ansible.builtin.copy:
src: "./system/systemd/pod-service-auto-update"
dest: "/usr/local/sbin/pod-service-auto-update"
mode: 0755
- name: "system : auto_update : pod-service update service"
ansible.builtin.copy:
src: "./system/systemd/pod-service-auto-update.service"
dest: "/etc/systemd/user/pod-service-auto-update.service"
mode: 0644
register: services_base_system_pod_service_auto_update_service_file
- name: "system : auto_update : pod-service update timer"
ansible.builtin.copy:
src: "./system/systemd/pod-service-auto-update.timer"
dest: "/etc/systemd/user/pod-service-auto-update.timer"
mode: 0644
register: services_base_system_pod_service_auto_update_timer_file
- name: "system : auto_update : image prune service"
ansible.builtin.copy:
src: "./system/systemd/podman-image-prune.service"
dest: "/etc/systemd/user/podman-image-prune.service"
mode: 0644
register: services_base_system_podman_image_prune_service_file
# Include instead of import as otherwise the when clause is always applied which triggers errors if
# the above tasks haven't executed.
- name: "system : auto_update : systemd daemon reload for each service"
ansible.builtin.include_role:
name: "include"
tasks_from: "daemon_reload"
when:
services_base_system_pod_service_auto_update_service_file.changed or
services_base_system_pod_service_auto_update_timer_file.changed or
services_base_system_podman_image_prune_service_file.changed

View File

@ -1,9 +0,0 @@
- name: "system : podman : install podman"
ansible.builtin.apt:
name: "podman"
register: services_base_system_podman_install
- name: "system : podman : reboot host"
ansible.builtin.reboot:
when:
services_base_system_podman_install.changed

View File

@ -1,20 +0,0 @@
- name: "system : veth : configure connect-pod-service"
ansible.builtin.copy:
src: "./system/veth/connect-pod-service@.service"
dest: "/etc/systemd/system/connect-pod-service@.service"
mode: 0644
register: services_base_system_connect_pod_service_service_file
- name: "system : veth : configure connect-pod-service path trigger"
ansible.builtin.template:
src: "./system/veth/connect-pod-service@.path.j2"
dest: "/etc/systemd/system/connect-pod-service@.path"
mode: 0644
register: services_base_system_connect_pod_service_path_file
- name: "system : veth : systemd daemon reload"
ansible.builtin.systemd:
daemon_reload: true
when:
services_base_system_connect_pod_service_service_file.changed or
services_base_system_connect_pod_service_path_file.changed

View File

@ -1,45 +0,0 @@
- name: "user : {{ services_service_name }} : set variables"
ansible.builtin.import_role:
name: "include"
tasks_from: "vars"
tags:
- "services:base:user:setup"
- "services:base:user:{{ services_service_name }}:setup"
- "services:base:user:directories"
- "services:base:user:{{ services_service_name }}:directories"
- "services:base:user:podman"
- "services:base:user:{{ services_service_name }}:podman"
- "services:base:user:auto_update"
- "services:base:user:{{ services_service_name }}:auto_update"
- "services:base:user:veth"
- "services:base:user:{{ services_service_name }}:veth"
- name: "play:services : role:base : tasks:user:setup"
ansible.builtin.import_tasks: "user/setup.yml"
tags:
- "services:base:user:setup"
- "services:base:user:{{ services_service_name }}:setup"
- name: "play:services : role:base : tasks:user:directories"
ansible.builtin.import_tasks: "user/directories.yml"
tags:
- "services:base:user:directories"
- "services:base:user:{{ services_service_name }}:directories"
- name: "play:services : role:base : tasks:user:podman"
ansible.builtin.import_tasks: "user/podman.yml"
tags:
- "services:base:user:podman"
- "services:base:user:{{ services_service_name }}:podman"
- name: "play:services : role:base : tasks:user:auto_update"
ansible.builtin.import_tasks: "user/auto_update.yml"
tags:
- "services:base:user:auto_update"
- "services:base:user:{{ services_service_name }}:auto_update"
- name: "play:services : role:base : tasks:user:veth"
ansible.builtin.import_tasks: "user/veth.yml"
tags:
- "services:base:user:veth"
- "services:base:user:{{ services_service_name }}:veth"

View File

@ -1,15 +0,0 @@
- name: "play:services : role:base : tasks:system"
ansible.builtin.import_tasks: "include/system.yml"
tags: "services:base:system"
- name: "play:services : role:base : tasks:user"
ansible.builtin.include_tasks: "include/user.yml"
tags: "always"
args:
apply:
tags:
- "services:base:user"
- "services:base:user:{{ services_service_name }}"
loop: "{{ services_host_services }}"
loop_control:
loop_var: "services_service_name"

View File

@ -1,15 +0,0 @@
- name: "play:services : role:datasets : tasks:system"
ansible.builtin.import_tasks: "include/system.yml"
tags: "services:datasets:system"
- name: "play:services : role:datasets : tasks:user"
ansible.builtin.include_tasks: "include/user.yml"
tags: "always"
args:
apply:
tags:
- "services:datasets:user"
- "services:datasets:user:{{ services_service_name }}"
loop: "{{ services_host_services }}"
loop_control:
loop_var: "services_service_name"

View File

@ -0,0 +1,6 @@
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true

View File

@ -1,16 +1,16 @@
- name: "system : create containers dataset" - name: "create containers dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/containers" name: "rpool/var/lib/containers"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
"com.sun:auto-snapshot": "false" "com.sun:auto-snapshot": "false"
- name: "system : create services root dataset" - name: "create services root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}" name: "rpool/var/lib/{{ ansible_hostname }}"
state: "present" state: "present"
- name: "system : create containers zvol" - name: "create containers zvol"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/containers" name: "rpool/var/lib/{{ ansible_hostname }}/containers"
state: "present" state: "present"
@ -19,7 +19,7 @@
refreservation: "none" refreservation: "none"
"com.sun:auto-snapshot": "false" "com.sun:auto-snapshot": "false"
- name: "system : format containers zvol" - name: "format containers zvol"
community.general.filesystem: community.general.filesystem:
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
fstype: "ext4" fstype: "ext4"
@ -27,7 +27,7 @@
- block: - block:
- name: "system : get containers zvol uuid" - name: "get containers zvol uuid"
ansible.builtin.command: >- ansible.builtin.command: >-
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
register: services_datasets_system_zvol_uuid register: services_datasets_system_zvol_uuid
@ -42,14 +42,14 @@
when: when:
services_datasets_system_zvol_format.changed services_datasets_system_zvol_format.changed
- name: "system : create data root dataset" - name: "create data root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data" name: "rpool/var/lib/{{ ansible_hostname }}/data"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"
- name: "system : create home root dataset" - name: "create home root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/home" name: "rpool/var/lib/{{ ansible_hostname }}/home"
state: "present" state: "present"

View File

@ -0,0 +1,13 @@
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true
services_service_name:
type: "str"
required: true
services_service_volumes:
type: "dict"
elem: "dict"
required: true

View File

@ -1,15 +1,15 @@
- name: "user : {{ services_service_name }} : set variables" - name: "{{ services_service_name }} : set variables"
ansible.builtin.import_role: ansible.builtin.import_role:
name: "include" name: "include"
tasks_from: "vars" tasks_from: "vars"
- name: "user : {{ services_service_name }} : create home dataset" - name: "{{ services_service_name }} : create home dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
state: "present" state: "present"
register: services_datasets_user_zfs_home register: services_datasets_user_zfs_home
- name: "user : {{ services_service_name }} : populate home dataset with skeleton" - name: "{{ services_service_name }} : populate home dataset with skeleton"
ansible.builtin.copy: ansible.builtin.copy:
src: "/etc/skel/" src: "/etc/skel/"
dest: "{{ services_service_user_home }}" dest: "{{ services_service_user_home }}"
@ -17,16 +17,16 @@
when: when:
services_datasets_user_zfs_home.changed services_datasets_user_zfs_home.changed
- name: "user : {{ services_service_name }} : create data dataset" - name: "{{ services_service_name }} : create data dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"
- name: "user : {{ services_service_name }} : create volume datasets" - name: "{{ services_service_name }} : create volume datasets"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.name }}" name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
state: "present" state: "present"
extra_zfs_properties: "{{ item.properties | default({}) }}" extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
loop: "{{ services[services_service_name].volumes }}" loop: "{{ services_service_volumes | dict2items }}"

View File

@ -1,12 +1,18 @@
argument_specs: argument_specs:
vars:
options:
services_service_name:
type: "str"
required: true
daemon_reload: daemon_reload:
options: options:
services_host_services: services_host_services:
type: "list" type: "list"
elem: "str" elem: "str"
required: true required: true
hosts:
options:
services_host_services:
type: "list"
elem: "str"
required: true
vars:
options:
services_service_name:
type: "str"
required: true

View File

@ -4,10 +4,6 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services:
type: "dict"
elem: "dict"
required: true
services_host_services: services_host_services:
type: "list" type: "list"
elem: "str" elem: "str"

View File

@ -0,0 +1,37 @@
- name: "auto_update : pod-service update script"
ansible.builtin.copy:
src: "./auto_update/pod-service-auto-update"
dest: "/usr/local/sbin/pod-service-auto-update"
mode: 0755
- name: "auto_update : pod-service update service"
ansible.builtin.copy:
src: "./auto_update/pod-service-auto-update.service"
dest: "/etc/systemd/user/pod-service-auto-update.service"
mode: 0644
register: services_system_pod_service_auto_update_service_file
- name: "auto_update : pod-service update timer"
ansible.builtin.copy:
src: "./auto_update/pod-service-auto-update.timer"
dest: "/etc/systemd/user/pod-service-auto-update.timer"
mode: 0644
register: services_system_pod_service_auto_update_timer_file
- name: "auto_update : image prune service"
ansible.builtin.copy:
src: "./auto_update/podman-image-prune.service"
dest: "/etc/systemd/user/podman-image-prune.service"
mode: 0644
register: services_system_podman_image_prune_service_file
# Include instead of import as otherwise the when clause is always applied which triggers errors if
# the above tasks haven't executed.
- name: "auto_update : systemd daemon reload for each service"
ansible.builtin.include_role:
name: "include"
tasks_from: "daemon_reload"
when:
services_system_pod_service_auto_update_service_file.changed or
services_system_pod_service_auto_update_timer_file.changed or
services_system_podman_image_prune_service_file.changed

View File

@ -1,22 +1,22 @@
- name: "system : directories : create services directory" - name: "directories : create services directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}" path: "/var/lib/{{ ansible_hostname }}"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "system : directories : create containers root directory" - name: "directories : create containers root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/containers" path: "/var/lib/{{ ansible_hostname }}/containers"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "system : directories : create data root directory" - name: "directories : create data root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data" path: "/var/lib/{{ ansible_hostname }}/data"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "system : directories : create home root directory" - name: "directories : create home root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/home" path: "/var/lib/{{ ansible_hostname }}/home"
state: "directory" state: "directory"

View File

@ -1,14 +1,14 @@
- name: "system : nameserver : fetch valkyrie's resolv.conf" - name: "nameserver : fetch valkyrie's resolv.conf"
ansible.builtin.fetch: ansible.builtin.fetch:
src: "/etc/resolv.conf" src: "/etc/resolv.conf"
dest: "./files/base/system/nameserver/" dest: "./files/setup_system/nameserver/"
flat: true flat: true
when: when:
ansible_hostname == "valkyrie" ansible_hostname == "valkyrie"
- name: "system : nameserver : copy valkyrie's resolv.conf to other hosts" - name: "nameserver : copy valkyrie's resolv.conf to other hosts"
ansible.builtin.copy: ansible.builtin.copy:
src: "../../../files/base/system/nameserver/resolv.conf" src: "../../../files/setup_system/nameserver/resolv.conf"
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
when: when:
ansible_hostname != "valkyrie" ansible_hostname != "valkyrie"

View File

@ -0,0 +1,9 @@
- name: "podman : install podman"
ansible.builtin.apt:
name: "podman"
register: services_system_podman_install
- name: "podman : reboot host"
ansible.builtin.reboot:
when:
services_system_podman_install.changed

View File

@ -0,0 +1,20 @@
- name: "veth : configure connect-pod-service"
ansible.builtin.copy:
src: "./veth/connect-pod-service@.service"
dest: "/etc/systemd/system/connect-pod-service@.service"
mode: 0644
register: services_system_connect_pod_service_service_file
- name: "veth : configure connect-pod-service path trigger"
ansible.builtin.template:
src: "./veth/connect-pod-service@.path.j2"
dest: "/etc/systemd/system/connect-pod-service@.path"
mode: 0644
register: services_system_connect_pod_service_path_file
- name: "veth : systemd daemon reload"
ansible.builtin.systemd:
daemon_reload: true
when:
services_system_connect_pod_service_service_file.changed or
services_system_connect_pod_service_path_file.changed

View File

@ -0,0 +1,19 @@
- name: "play:services : role:setup_system : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags: "services:setup_system:podman"
- name: "play:services : role:setup_system : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags: "services:setup_system:directories"
- name: "play:services : role:setup_system : tasks:nameserver"
ansible.builtin.import_tasks: "include/nameserver.yml"
tags: "services:setup_system:nameserver"
- name: "play:services : role:setup_system : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags: "services:setup_system:veth"
- name: "play:services : role:setup_system : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags: "services:setup_system:auto_update"

View File

@ -4,9 +4,8 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_host_services: services_service_name:
type: "list" type: "str"
elem: "str"
required: true required: true
services_base_bridge_gateway: services_base_bridge_gateway:
type: "str" type: "str"

View File

@ -1,13 +1,13 @@
- block: - block:
- name: "user : {{ services_service_name }} : auto_update : enable auto-update timer" - name: "{{ services_service_name }} : auto_update : enable auto-update timer"
ansible.builtin.systemd: ansible.builtin.systemd:
name: "pod-service-auto-update.timer" name: "pod-service-auto-update.timer"
enabled: true enabled: true
state: "started" state: "started"
scope: "user" scope: "user"
- name: "user : {{ services_service_name }} : auto_update : enable podman image prune" - name: "{{ services_service_name }} : auto_update : enable podman image prune"
ansible.builtin.systemd: ansible.builtin.systemd:
name: "podman-image-prune.service" name: "podman-image-prune.service"
enabled: true enabled: true

View File

@ -1,4 +1,4 @@
- name: "user : {{ services_service_name }} : directories : create containers directory" - name: "{{ services_service_name }} : directories : create containers directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}" path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}"
state: "directory" state: "directory"
@ -6,7 +6,7 @@
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
mode: 0755 mode: 0755
- name: "user : {{ services_service_name }} : directories : create data directory" - name: "{{ services_service_name }} : directories : create data directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
state: "directory" state: "directory"
@ -14,15 +14,15 @@
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
mode: 0755 mode: 0755
- name: "user : {{ services_service_name }} : directories : create volume directories" - name: "{{ services_service_name }} : directories : create volume directories"
ansible.builtin.include_tasks: "directories/volumes.yml" ansible.builtin.include_tasks: "directories/volumes.yml"
loop: "{{ services[services_service_name].volumes }}" loop: "{{ services_service_volumes | dict2items }}"
loop_control: loop_control:
loop_var: "services_service_volume" loop_var: "services_service_volume"
- block: - block:
- name: "user : {{ services_service_name }} : directories : create systemd directory" - name: "{{ services_service_name }} : directories : create systemd directory"
ansible.builtin.file: ansible.builtin.file:
path: "{{ services_service_user_home }}/.config/systemd/user" path: "{{ services_service_user_home }}/.config/systemd/user"
state: "directory" state: "directory"

View File

@ -1,19 +1,19 @@
- name: "user : {{ services_service_name }} : directories : create volume \"{{ services_service_volume.name }}\"" - name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}" path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
mode: 0755 mode: 0755
- name: "user : {{ services_service_name }} : directories : check if \"{{ services_service_volume.name }}\" mount exists" - name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
ansible.builtin.stat: ansible.builtin.stat:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data" path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
register: services_base_user_volume_mount register: services_base_user_volume_mount
- name: "user : {{ services_service_name }} : directories : create \"{{ services_service_volume.name }}\" mount" - name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.name }}/_data" path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"

View File

@ -1,19 +1,19 @@
- block: - block:
- name: "user : {{ services_service_name }} : podman : create container configuration directory" - name: "{{ services_service_name }} : podman : create container configuration directory"
ansible.builtin.file: ansible.builtin.file:
path: "{{ services_service_user_home }}/.config/containers" path: "{{ services_service_user_home }}/.config/containers"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "user : {{ services_service_name }} : podman : configure podman storage" - name: "{{ services_service_name }} : podman : configure podman storage"
ansible.builtin.template: ansible.builtin.template:
src: "./user/podman/storage.conf.j2" src: "./podman/storage.conf.j2"
dest: "{{ services_service_user_home }}/.config/containers/storage.conf" dest: "{{ services_service_user_home }}/.config/containers/storage.conf"
mode: 0644 mode: 0644
register: services_base_user_containers_storage register: services_base_user_containers_storage
- name: "user : {{ services_service_name }} : podman : reset podman" - name: "{{ services_service_name }} : podman : reset podman"
ansible.builtin.shell: "cd $HOME; yes | podman system reset" ansible.builtin.shell: "cd $HOME; yes | podman system reset"
when: when:
services_base_user_containers_storage.changed services_base_user_containers_storage.changed

View File

@ -1,4 +1,4 @@
- name: "user : {{ services_service_name }} : setup : create system user" - name: "{{ services_service_name }} : setup : create system user"
ansible.builtin.user: ansible.builtin.user:
name: "{{ services_service_user_name }}" name: "{{ services_service_user_name }}"
create_home: true create_home: true
@ -6,14 +6,14 @@
system: true system: true
register: services_base_user_create register: services_base_user_create
- name: "user : {{ services_service_name }} : setup : set default shell" - name: "{{ services_service_name }} : setup : set default shell"
ansible.builtin.user: ansible.builtin.user:
name: "{{ services_service_user_name }}" name: "{{ services_service_user_name }}"
shell: "{{ services[services_service_name].shell | default('/usr/sbin/nologin') }}" shell: "{{ services_service_user_shell | default('/usr/sbin/nologin') }}"
- block: - block:
- name: "user : {{ services_service_name }} : setup : set home directory ownership" - name: "{{ services_service_name }} : setup : set home directory ownership"
ansible.builtin.file: ansible.builtin.file:
path: "{{ services_service_user_home }}" path: "{{ services_service_user_home }}"
state: "directory" state: "directory"
@ -21,7 +21,7 @@
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
recurse: true recurse: true
- name: "user : {{ services_service_name }} : setup : configure subuids and subgids" - name: "{{ services_service_name }} : setup : configure subuids and subgids"
ansible.builtin.shell: | ansible.builtin.shell: |
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536)) export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536)) export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
@ -29,12 +29,12 @@
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \ --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
{{ services_service_user_name }} {{ services_service_user_name }}
- name: "user : {{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set" - name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
ansible.builtin.shell: | ansible.builtin.shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \ echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
{{ services_service_user_home }}/.bashrc {{ services_service_user_home }}/.bashrc
- name: "user : {{ services_service_name }} : setup : enable lingering" - name: "{{ services_service_name }} : setup : enable lingering"
ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}" ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"
when: when:

View File

@ -1,6 +1,6 @@
- name: "user : {{ services_service_name }} : veth : configure interface" - name: "{{ services_service_name }} : veth : configure interface"
ansible.builtin.template: ansible.builtin.template:
src: "./user/veth/interface.j2" src: "./veth/interface.j2"
dest: "/etc/network/interfaces.d/{{ services_service_iface_name }}" dest: "/etc/network/interfaces.d/{{ services_service_iface_name }}"
mode: 0644 mode: 0644
validate: > validate: >
@ -14,9 +14,9 @@
fi' fi'
vars: vars:
services_service_iface_name: "veth-{{ services_service_name }}" services_service_iface_name: "veth-{{ services_service_name }}"
services_service_iface_address: "{{ services[services_service_name].address }}" services_service_iface_address: "{{ services_addresses[services_service_name] }}"
- name: "user : {{ services_service_name }} : veth : enable the path trigger" - name: "{{ services_service_name }} : veth : enable the path trigger"
ansible.builtin.systemd: ansible.builtin.systemd:
name: "connect-pod-service@{{ services_service_name }}.path" name: "connect-pod-service@{{ services_service_name }}.path"
enabled: true enabled: true

View File

@ -0,0 +1,45 @@
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "include"
tasks_from: "vars"
tags:
- "services:setup_user:user"
- "services:setup_user:{{ services_service_name }}:user"
- "services:setup_user:directories"
- "services:setup_user:{{ services_service_name }}:directories"
- "services:setup_user:podman"
- "services:setup_user:{{ services_service_name }}:podman"
- "services:setup_user:auto_update"
- "services:setup_user:{{ services_service_name }}:auto_update"
- "services:setup_user:veth"
- "services:setup_user:{{ services_service_name }}:veth"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:user"
ansible.builtin.import_tasks: "include/user.yml"
tags:
- "services:setup_user:user"
- "services:setup_user:{{ services_service_name }}:user"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags:
- "services:setup_user:directories"
- "services:setup_user:{{ services_service_name }}:directories"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:podman"
ansible.builtin.import_tasks: "include/podman.yml"
tags:
- "services:setup_user:podman"
- "services:setup_user:{{ services_service_name }}:podman"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:auto_update"
ansible.builtin.import_tasks: "include/auto_update.yml"
tags:
- "services:setup_user:auto_update"
- "services:setup_user:{{ services_service_name }}:auto_update"
- name: "play:services : role:setup_user:{{ services_service_name }} : tasks:veth"
ansible.builtin.import_tasks: "include/veth.yml"
tags:
- "services:setup_user:veth"
- "services:setup_user:{{ services_service_name }}:veth"

View File

@ -7,9 +7,9 @@ iface {{ services_service_iface_name }} inet manual
post-up ip -n {{ services_service_user_name }} link set veth0 up post-up ip -n {{ services_service_user_name }} link set veth0 up
post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0 post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0
post-up ip -n {{ services_service_user_name }} route add default via {{ services_base_bridge_gateway }} dev veth0 post-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_gateway }} dev veth0
pre-down ip -n {{ services_service_user_name }} route del default via {{ services_base_bridge_gateway }} dev veth0 pre-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_gateway }} dev veth0
pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0 pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0
pre-down ip -n {{ services_service_user_name }} link set veth0 down pre-down ip -n {{ services_service_user_name }} link set veth0 down

28
plays/services/system.yml Normal file
View File

@ -0,0 +1,28 @@
- name: "services : system : asgard"
hosts: "asgard"
tasks:
- name: "datasets_system"
ansible.builtin.include_role:
name: "datasets_system"
apply:
tags: "services:datasets_system"
when:
"'zfs' in group_names"
tags: "always"
- ansible.builtin.import_role:
name: "setup_system"
tags: "services:setup_system"
- name: "set service bridge addresses"
ansible.builtin.set_fact:
services_bridge_gateway: "{{ vpn_bridge_prefix }}.1"
services_addresses:
rproxy: "{{ vpn_bridge_valkyrie_prefix }}.2"
www: "{{ vpn_bridge_valkyrie_prefix }}.3"
lrproxy: "{{ vpn_bridge_yggdrasil_prefix }}.2"
database: "{{ vpn_bridge_yggdrasil_prefix }}.3"
cloud: "{{ vpn_bridge_yggdrasil_prefix }}.4"
git: "{{ vpn_bridge_yggdrasil_prefix }}.5"
notes: "{{ vpn_bridge_yggdrasil_prefix }}.6"
tags: "always"

View File

@ -0,0 +1,35 @@
- name: "services : valkyrie"
hosts: "valkyrie"
tasks:
- name: "set service volumes"
ansible.builtin.set_fact:
services_valkyrie_volumes:
rproxy:
etc-letsencrypt:
www: {}
tags: "always"
- name: "setup_user"
ansible.builtin.include_role:
name: "setup_user"
apply:
tags:
- "services:setup_user"
- "services:setup_user:{{ services_service_name }}"
vars:
services_service_name: "rproxy"
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
services_service_user_shell: "/usr/bin/rbash"
tags: "always"
- name: "setup_user"
ansible.builtin.include_role:
name: "setup_user"
apply:
tags:
- "services:setup_user"
- "services:setup_user:{{ services_service_name }}"
vars:
services_service_name: "www"
services_service_volumes: "{{ services_valkyrie_volumes[services_service_name] }}"
tags: "always"

View File

@ -0,0 +1,58 @@
- name: "services : yggdrasil"
hosts: "yggdrasil"
tasks:
- name: "set service volumes"
ansible.builtin.set_fact:
services_yggdrasil_services:
- "lrproxy"
- "database"
- "cloud"
- "git"
- "notes"
services_yggdrasil_volumes:
lrproxy:
etc-letsencrypt:
database:
wal:
extra_zfs_properties:
recordsize: "8K"
data:
extra_zfs_properties:
recordsize: "8K"
logbias: "throughput"
cloud:
nextcloud:
data:
git:
data:
notes:
data:
tags: "always"
- name: "datasets_user"
ansible.builtin.include_role:
name: "datasets_user"
apply:
tags:
- "services:datasets_user"
- "services:datasets_user:{{ services_service_name }}"
vars:
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
loop: "{{ services_yggdrasil_services }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "setup_user"
ansible.builtin.include_role:
name: "setup_user"
apply:
tags:
- "services:setup_user"
- "services:setup_user:{{ services_service_name }}"
vars:
services_service_volumes: "{{ services_yggdrasil_volumes[services_service_name] }}"
loop: "{{ services_yggdrasil_services }}"
loop_control:
loop_var: "services_service_name"
tags: "always"