feat: rework ansible & secrets

2025-09-17 18:24:14 +02:00 · 2022-07-03 15:45:26 +02:00
parent 2f8c22a53c
commit 12736a97de
160 changed files with 3210 additions and 1785 deletions
--- a/ansible/roles/coreelec/defaults/main.yml
+++ b/ansible/roles/coreelec/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+root_path: /storage
+nfs_shares:
+  - music
+  - photo
+  - video
--- a/ansible/roles/coreelec/files/backup.bash
+++ b/ansible/roles/coreelec/files/backup.bash
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Variables
+FLAG_NOTIF=false
+
+DATE=`date +%Y%m%d%H%M`
+BACKUP_PATH="/storage/backup"
+
+cd /
+
+tar cvf ${BACKUP_PATH}/${DATE}.tar \
+    storage/.kodi storage/.config storage/.cache storage/.ssh \
+    --exclude=storage/.kodi/userdata/Thumbnails
+
+# Keep the last 5 backups on disk
+find ${BACKUP_PATH}/*.tar -mtime +5 -type f -delete
--- a/ansible/roles/coreelec/tasks/backup.yml
+++ b/ansible/roles/coreelec/tasks/backup.yml
@@ -0,0 +1,13 @@
+---
+- name: backup | copy script
+  ansible.builtin.copy:
+    src: backup.bash
+    dest: /storage/backup.bash
+    mode: 0755
+
+- name: backup | crontab
+  ansible.builtin.cron:
+    name: "daily backup"
+    minute: "14"
+    hour: "4"
+    job: "/storage/backup.bash && curl -fsS -m 10 --retry 5 -o /dev/null https://healthchecks.{{ SECRET_CLUSTER_DOMAIN }}/ping/aae30879-cfdf-4b90-889f-d4ff69dd8aad"
--- a/ansible/roles/coreelec/tasks/main.yml
+++ b/ansible/roles/coreelec/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- ansible.builtin.include_tasks: backup.yml
+  tags:
+    - backup
+
+- ansible.builtin.include_tasks: nfs.yml
+  tags:
+    - nfs
--- a/ansible/roles/coreelec/tasks/nfs.yml
+++ b/ansible/roles/coreelec/tasks/nfs.yml
@@ -0,0 +1,19 @@
+---
+- name: nfs | create directories
+  ansible.builtin.file:
+    path: "{{ root_path }}/mnt/{{ item }}"
+    state: directory
+  loop: "{{ nfs_shares }}"
+
+- name: nfs | create system.d services
+  ansible.builtin.template:
+    src: "storage-nfs.mount"
+    dest: "/storage/.config/system.d/storage-mnt-{{ item }}.mount"
+  loop: "{{ nfs_shares }}"
+
+- name: nfs | activate system.d services
+  ansible.builtin.systemd:
+    name: storage-mnt-{{ item }}.mount
+    state: started
+    enabled: yes
+  loop: "{{ nfs_shares }}"
--- a/ansible/roles/coreelec/templates/storage-nfs.mount
+++ b/ansible/roles/coreelec/templates/storage-nfs.mount
@@ -0,0 +1,16 @@
+ #====================================================
+[Unit]
+Description=TrueNAS nfs share {{ item }}
+Requires=network-online.service
+After=network-online.service
+Before=kodi.service
+
+[Mount]
+What=truenas:/mnt/storage/{{ item }}
+Where=/storage/mnt/{{ item }}
+Options=
+Type=nfs
+
+[Install]
+WantedBy=multi-user.target
+#====================================================