the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Move config to /etc/the-nine-worlds

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-07-23 00:37:19 +02:00
parent 33e80ca13e
commit fd52ee9ec9
22 changed files with 31 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -140,7 +140,7 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
```
2. Restore all the backups by ssh'ing into `baldur` and running (as root):
```sh
/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d restore
/usr/local/sbin/restic-batch --config-dir /etc/the-nine-worlds/restic-batch.d restore
```
3. Once restore has completed, `chown -R <user>:<user>` all the restored directories in
`/var/lib/the-nine-worlds/data`. Restic restores the UID information of the host from which the

1
inventory/group_vars/asgard/vars.yml
View File

@ -2,6 +2,7 @@
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_etc_root_directory: "/etc/the-nine-worlds"
system_var_root_directory: "/var/lib/the-nine-worlds"
system_var_home_directory: "{{ system_var_root_directory }}/home"
system_var_data_directory: "{{ system_var_root_directory }}/data"

4
inventory/group_vars/restic/vars.yml
View File

@ -5,11 +5,11 @@
backups_restic_user_aws_access_key_id: "{{ vault_backups_restic_user_aws_access_key_id }}"
backups_restic_user_aws_secret_access_key: "\
{{ vault_backups_restic_user_aws_secret_access_key }}"
backups_restic_user_aws_keys_file: "/etc/restic-aws-keys.yml"
backups_restic_user_aws_keys_file: "{{ system_etc_root_directory }}/restic-aws-keys.yml"
backups_restic_user_aws_bucket_endpoint: "\
{{ vault_backups_restic_user_aws_bucket_endpoint }}"
backups_restic_user_restic_password: "{{ vault_backups_restic_user_restic_password }}"
backups_restic_user_restic_password_file: "/etc/restic.password"
backups_restic_user_restic_password_file: "{{ system_etc_root_directory }}/restic.password"
backups_restic_user_restic_keep_daily: 30
backups_restic_user_restic_keep_monthly: 3

4
playbooks/roles/backups/restic/setup/tasks/main.yml
View File

@ -36,7 +36,7 @@
- name: "create resic-batch config directory"
ansible.builtin.file:
path: "/etc/restic-batch.d"
path: "{{ system_etc_root_directory }}/restic-batch.d"
state: "directory"
mode: 0755
@ -51,7 +51,7 @@
mode: 0755
- name: "install the restic-batch service"
ansible.builtin.copy:
ansible.builtin.template:
src: "./restic-batch.service"
dest: "/etc/systemd/system/restic-batch.service"
mode: 0644

2
playbooks/roles/backups/restic/setup/files/restic-batch.service → playbooks/roles/backups/restic/setup/templates/restic-batch.service
View File

@ -7,4 +7,4 @@ OnFailure=status-mail@%n.service
Type=oneshot
Environment=TZ=UTC
Environment=RESTIC_CACHE_DIR=/var/cache/restic
ExecStart=/usr/local/sbin/restic-batch --config-dir /etc/restic-batch.d backup
ExecStart=/usr/local/sbin/restic-batch --config-dir {{ system_etc_root_directory }}/restic-batch.d backup

2
playbooks/roles/backups/restic/user/tasks/main.yml
View File

@ -14,5 +14,5 @@
- name: "{{ backups_restic_user_name }} : configure service restic backups"
ansible.builtin.template:
src: "./volumes.yml"
dest: "/etc/restic-batch.d/{{ backups_restic_user_name }}.yml"
dest: "{{ system_etc_root_directory }}/restic-batch.d/{{ backups_restic_user_name }}.yml"
mode: 0644

4
playbooks/roles/backups/snapshots/setup/tasks/main.yml
View File

@ -35,7 +35,7 @@
- name: "create syncoid-batch config directory"
ansible.builtin.file:
path: "/etc/syncoid-batch.d"
path: "{{ system_etc_root_directory }}/syncoid-batch.d"
state: "directory"
mode: 0755
@ -46,7 +46,7 @@
mode: 0755
- name: "install syncoid-batch service"
ansible.builtin.copy:
ansible.builtin.template:
src: "./syncoid-batch.service"
dest: "/etc/systemd/system/syncoid-batch.service"
mode: 0644

2
playbooks/roles/backups/snapshots/setup/files/syncoid-batch.service → playbooks/roles/backups/snapshots/setup/templates/syncoid-batch.service
View File

@ -7,7 +7,7 @@ OnFailure=status-mail@%n.service
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/syncoid-batch --config-dir /etc/syncoid-batch.d
ExecStart=/usr/local/sbin/syncoid-batch --config-dir {{ system_etc_root_directory }}/syncoid-batch.d
[Install]
WantedBy=sanoid.service

2
playbooks/roles/backups/snapshots/user/tasks/main.yml
View File

@ -18,5 +18,5 @@
- name: "{{ backups_snapshots_user_name }} : configure service syncoid snapshots"
ansible.builtin.template:
src: "./volumes.yml"
dest: "/etc/syncoid-batch.d/{{ backups_snapshots_user_name }}.yml"
dest: "{{ system_etc_root_directory }}/syncoid-batch.d/{{ backups_snapshots_user_name }}.yml"
mode: 0644

2
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service
View File

@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \

2
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service
View File

@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \

2
playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service
View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \

2
playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service
View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \

2
playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service
View File

@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \

2
playbooks/roles/services/deploy/music/templates/systemd/container-music-archive.service
View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
-v {{ services_host_services[services_service_name].archive_path }}:/music:ro \
-e ND_PORT="8080" \

2
playbooks/roles/services/deploy/music/templates/systemd/container-music-collection.service
View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
-v {{ services_host_services[services_service_name].collection_path }}:/music:ro \
-e ND_PORT="80" \

2
playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service
View File

@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
-e APP_PORT="22300" \

2
playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service
View File

@ -14,7 +14,7 @@ ExecStart=/usr/bin/podman run \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \

2
playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service
View File

@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
{{ services_rproxy_nginx_add_hosts }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \

2
playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service
View File

@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
--name=pod-www-nginx \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}

2
playbooks/roles/services/setup/system/tasks/include/nameserver.yml
View File

@ -10,5 +10,5 @@
- name: "nameserver : copy {{ services_resolv_host }}'s resolv.conf to other hosts"
ansible.builtin.copy:
src: "files/services/setup/system/nameserver/resolv.conf"
dest: "{{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf"
dest: "{{ system_etc_root_directory }}/resolv.conf"
mode: 0644

8
playbooks/roles/system/directories/tasks/main.yml
View File

@ -1,5 +1,11 @@
---
- name: "create services directory"
- name: "create services etc directory"
ansible.builtin.file:
path: "{{ system_etc_root_directory }}"
state: "directory"
mode: 0755
- name: "create services var directory"
ansible.builtin.file:
path: "{{ system_var_root_directory }}"
state: "directory"