Move config to /etc/the-nine-worlds
This commit is contained in:
parent
33e80ca13e
commit
fd52ee9ec9
@ -140,7 +140,7 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
|
|||||||
```
|
```
|
||||||
2. Restore all the backups by ssh'ing into `baldur` and running (as root):
|
2. Restore all the backups by ssh'ing into `baldur` and running (as root):
|
||||||
```sh
|
```sh
|
||||||
/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d restore
|
/usr/local/sbin/restic-batch --config-dir /etc/the-nine-worlds/restic-batch.d restore
|
||||||
```
|
```
|
||||||
3. Once restore has completed, `chown -R <user>:<user>` all the restored directories in
|
3. Once restore has completed, `chown -R <user>:<user>` all the restored directories in
|
||||||
`/var/lib/the-nine-worlds/data`. Restic restores the UID information of the host from which the
|
`/var/lib/the-nine-worlds/data`. Restic restores the UID information of the host from which the
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:var
|
# system:var
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_etc_root_directory: "/etc/the-nine-worlds"
|
||||||
system_var_root_directory: "/var/lib/the-nine-worlds"
|
system_var_root_directory: "/var/lib/the-nine-worlds"
|
||||||
system_var_home_directory: "{{ system_var_root_directory }}/home"
|
system_var_home_directory: "{{ system_var_root_directory }}/home"
|
||||||
system_var_data_directory: "{{ system_var_root_directory }}/data"
|
system_var_data_directory: "{{ system_var_root_directory }}/data"
|
||||||
|
@ -5,11 +5,11 @@
|
|||||||
backups_restic_user_aws_access_key_id: "{{ vault_backups_restic_user_aws_access_key_id }}"
|
backups_restic_user_aws_access_key_id: "{{ vault_backups_restic_user_aws_access_key_id }}"
|
||||||
backups_restic_user_aws_secret_access_key: "\
|
backups_restic_user_aws_secret_access_key: "\
|
||||||
{{ vault_backups_restic_user_aws_secret_access_key }}"
|
{{ vault_backups_restic_user_aws_secret_access_key }}"
|
||||||
backups_restic_user_aws_keys_file: "/etc/restic-aws-keys.yml"
|
backups_restic_user_aws_keys_file: "{{ system_etc_root_directory }}/restic-aws-keys.yml"
|
||||||
backups_restic_user_aws_bucket_endpoint: "\
|
backups_restic_user_aws_bucket_endpoint: "\
|
||||||
{{ vault_backups_restic_user_aws_bucket_endpoint }}"
|
{{ vault_backups_restic_user_aws_bucket_endpoint }}"
|
||||||
backups_restic_user_restic_password: "{{ vault_backups_restic_user_restic_password }}"
|
backups_restic_user_restic_password: "{{ vault_backups_restic_user_restic_password }}"
|
||||||
backups_restic_user_restic_password_file: "/etc/restic.password"
|
backups_restic_user_restic_password_file: "{{ system_etc_root_directory }}/restic.password"
|
||||||
backups_restic_user_restic_keep_daily: 30
|
backups_restic_user_restic_keep_daily: 30
|
||||||
backups_restic_user_restic_keep_monthly: 3
|
backups_restic_user_restic_keep_monthly: 3
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
|
|
||||||
- name: "create resic-batch config directory"
|
- name: "create resic-batch config directory"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/etc/restic-batch.d"
|
path: "{{ system_etc_root_directory }}/restic-batch.d"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
@ -51,7 +51,7 @@
|
|||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: "install the restic-batch service"
|
- name: "install the restic-batch service"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: "./restic-batch.service"
|
src: "./restic-batch.service"
|
||||||
dest: "/etc/systemd/system/restic-batch.service"
|
dest: "/etc/systemd/system/restic-batch.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -7,4 +7,4 @@ OnFailure=status-mail@%n.service
|
|||||||
Type=oneshot
|
Type=oneshot
|
||||||
Environment=TZ=UTC
|
Environment=TZ=UTC
|
||||||
Environment=RESTIC_CACHE_DIR=/var/cache/restic
|
Environment=RESTIC_CACHE_DIR=/var/cache/restic
|
||||||
ExecStart=/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d backup
|
ExecStart=/usr/local/sbin/restic-batch --config-dir {{ system_etc_root_directory }}/restic-batch.d backup
|
@ -14,5 +14,5 @@
|
|||||||
- name: "{{ backups_restic_user_name }} : configure service restic backups"
|
- name: "{{ backups_restic_user_name }} : configure service restic backups"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./volumes.yml"
|
src: "./volumes.yml"
|
||||||
dest: "/etc/restic-batch.d/{{ backups_restic_user_name }}.yml"
|
dest: "{{ system_etc_root_directory }}/restic-batch.d/{{ backups_restic_user_name }}.yml"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -35,7 +35,7 @@
|
|||||||
|
|
||||||
- name: "create syncoid-batch config directory"
|
- name: "create syncoid-batch config directory"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/etc/syncoid-batch.d"
|
path: "{{ system_etc_root_directory }}/syncoid-batch.d"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
@ -46,7 +46,7 @@
|
|||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: "install syncoid-batch service"
|
- name: "install syncoid-batch service"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: "./syncoid-batch.service"
|
src: "./syncoid-batch.service"
|
||||||
dest: "/etc/systemd/system/syncoid-batch.service"
|
dest: "/etc/systemd/system/syncoid-batch.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -7,7 +7,7 @@ OnFailure=status-mail@%n.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/local/sbin/syncoid-batch --config-dir /etc/syncoid-batch.d
|
ExecStart=/usr/local/sbin/syncoid-batch --config-dir {{ system_etc_root_directory }}/syncoid-batch.d
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=sanoid.service
|
WantedBy=sanoid.service
|
@ -18,5 +18,5 @@
|
|||||||
- name: "{{ backups_snapshots_user_name }} : configure service syncoid snapshots"
|
- name: "{{ backups_snapshots_user_name }} : configure service syncoid snapshots"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./volumes.yml"
|
src: "./volumes.yml"
|
||||||
dest: "/etc/syncoid-batch.d/{{ backups_snapshots_user_name }}.yml"
|
dest: "{{ system_etc_root_directory }}/syncoid-batch.d/{{ backups_snapshots_user_name }}.yml"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
|
@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
||||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
||||||
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
||||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
||||||
-v /etc/timezone:/etc/timezone:ro \
|
-v /etc/timezone:/etc/timezone:ro \
|
||||||
-v /etc/localtime:/etc/localtime:ro \
|
-v /etc/localtime:/etc/localtime:ro \
|
||||||
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
|
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
|
||||||
-v {{ services_host_services[services_service_name].archive_path }}:/music:ro \
|
-v {{ services_host_services[services_service_name].archive_path }}:/music:ro \
|
||||||
-e ND_PORT="8080" \
|
-e ND_PORT="8080" \
|
||||||
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
|
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
|
||||||
-v {{ services_host_services[services_service_name].collection_path }}:/music:ro \
|
-v {{ services_host_services[services_service_name].collection_path }}:/music:ro \
|
||||||
-e ND_PORT="80" \
|
-e ND_PORT="80" \
|
||||||
|
@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||||
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
||||||
-e APP_PORT="22300" \
|
-e APP_PORT="22300" \
|
||||||
|
@ -14,7 +14,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||||
-v var-www-html:/var/www/html \
|
-v var-www-html:/var/www/html \
|
||||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
{{ services_rproxy_nginx_add_hosts }} \
|
{{ services_rproxy_nginx_add_hosts }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
||||||
--name=pod-www-nginx \
|
--name=pod-www-nginx \
|
||||||
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
||||||
|
@ -10,5 +10,5 @@
|
|||||||
- name: "nameserver : copy {{ services_resolv_host }}'s resolv.conf to other hosts"
|
- name: "nameserver : copy {{ services_resolv_host }}'s resolv.conf to other hosts"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "files/services/setup/system/nameserver/resolv.conf"
|
src: "files/services/setup/system/nameserver/resolv.conf"
|
||||||
dest: "{{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf"
|
dest: "{{ system_etc_root_directory }}/resolv.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -1,5 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: "create services directory"
|
- name: "create services etc directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ system_etc_root_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "create services var directory"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ system_var_root_directory }}"
|
path: "{{ system_var_root_directory }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
Loading…
Reference in New Issue
Block a user