From d960dc0ee15aa10666dae1fc78c9db310e32446d Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 25 Sep 2022 00:23:48 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20ansible=20playbooks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/inventory/group_vars/all/all.sops.yml | 5 ++--- ansible/inventory/hosts.yml | 5 ++++- ansible/roles/coreelec/tasks/nfs.yml | 5 ++++- .../roles/coreelec/templates/storage-nfs.mount | 4 ++-- ansible/roles/truenas/tasks/main.yml | 18 +++++++++--------- ansible/roles/workstation/defaults/main.yml | 2 +- 6 files changed, 22 insertions(+), 17 deletions(-) diff --git a/ansible/inventory/group_vars/all/all.sops.yml b/ansible/inventory/group_vars/all/all.sops.yml index cf15fc301..cc88dae0c 100644 --- a/ansible/inventory/group_vars/all/all.sops.yml +++ b/ansible/inventory/group_vars/all/all.sops.yml @@ -2,7 +2,6 @@ kind: Secret secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str] secret_cluster_domain: ENC[AES256_GCM,data:o+bvKkMvPfZ9+oobxsZj,iv:iJTqLF0+3v/kMHWJIUXQK3++CoLI+fC6IOrQgpiXofw=,tag:XWEid6zEhdpxka88rW2mkw==,type:str] secret_email_domain: ENC[AES256_GCM,data:xQwrd9Tgcgpq+I63KA8=,iv:w8fs1kXFwuRBNiswZMu5i/bOazqUPRxEwMWm0z/igxg=,tag:FaWpGtK7ldOEcHgXxZX6/A==,type:str] -postgres_password: ENC[AES256_GCM,data:xNkFUfAWE3YLRYbzHfoZRg==,iv:RDLvBCkF+cRlHZumScZbRmDsymoSjlESMBaITk0FmxE=,tag:BJdUa2NcTSNoHlng1OKjJA==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +17,8 @@ sops: c3JkOFZzYnpINjQ5QnNkaE9IYUdXL3MKsBelDv/z5nTYC6/1Zm8kmzqEoLBVPnhy v0v/6n1GksmzslbNdKhy+xtxHYrqouhc2P4hNi0R8p8u76RXERN5fg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-23T10:38:21Z" - mac: ENC[AES256_GCM,data:VchuuJFJO63sWqBgOPQNgtzve5fA5PGo1j6UQGv+v4mFcSbb8+P0ihpynZl6bNcqdA5+dgYalsFpEOsjmHeshn9d1R9dtSiycK8k1IFUdsvbfnRTdxTwyc93xT2AGgGOstq2kPxBQ6CKHDJTI/yMpuzdd6ZoKnlxFW4+orxAf5c=,iv:w6HGOtuA6XVOaZFzB8lcSh3qEatGD3GudhbjzeJQ82k=,tag:lSvDhiiI1zhoCypHliaUXQ==,type:str] + lastmodified: "2022-09-24T21:41:39Z" + mac: ENC[AES256_GCM,data:YWFS0eyejY3d7HrAewpKhs4Z0ATLZRFAhx/hO8+7OMHnCw+LSXzv0YCygVOTilUJ6By56CRwqF0B9gY/zQUF9mCklyFeHpogmPL92cbAe/gsgKpJI+Nnqrdrch2J8gRv485NI8EQ8sYqSZ0RNsyDiOOyY3OW86L4vqZBqb31O/4=,iv:EGKIAUqY7UQU2+1qpo2VYMvAMomn6vbmGv3uKCpLOOs=,tag:4MNWlJ5Knbymkr/T22P+FA==,type:str] pgp: [] unencrypted_regex: ^(kind)$ version: 3.7.3 diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index efb3e7171..dababf790 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -5,11 +5,13 @@ all: ansible_connection: local ansible_python_interpreter: /usr/bin/python3 coreelec: + ansible_host: coreelec.{{ secret_domain }} ansible_user: root children: truenas-instances: hosts: truenas: + ansible_host: truenas.{{ secret_domain }} truenas-remote: ansible_port: 35875 vars: @@ -17,7 +19,8 @@ all: truenas-jails: hosts: borgserver: - postgres: + ansible_host: borgserver.{{ secret_domain }} + # postgres: kubernetes: children: master: diff --git a/ansible/roles/coreelec/tasks/nfs.yml b/ansible/roles/coreelec/tasks/nfs.yml index 3a5a3be5b..6c310b2ff 100644 --- a/ansible/roles/coreelec/tasks/nfs.yml +++ b/ansible/roles/coreelec/tasks/nfs.yml @@ -12,10 +12,13 @@ dest: "/storage/.config/system.d/storage-mnt-{{ item }}.mount" mode: 0775 loop: "{{ nfs_shares }}" + register: services - name: nfs | activate system.d services ansible.builtin.systemd: name: storage-mnt-{{ item }}.mount - state: started + state: restarted enabled: true + daemon_reload: true loop: "{{ nfs_shares }}" + when: services.changed diff --git a/ansible/roles/coreelec/templates/storage-nfs.mount b/ansible/roles/coreelec/templates/storage-nfs.mount index acd929898..33e0736ca 100644 --- a/ansible/roles/coreelec/templates/storage-nfs.mount +++ b/ansible/roles/coreelec/templates/storage-nfs.mount @@ -6,11 +6,11 @@ After=network-online.service Before=kodi.service [Mount] -What=truenas:/mnt/storage/{{ item }} +What=truenas.{{ secret_domain }}:/mnt/storage/{{ item }} Where=/storage/mnt/{{ item }} Options= Type=nfs [Install] WantedBy=multi-user.target -#==================================================== \ No newline at end of file +#==================================================== diff --git a/ansible/roles/truenas/tasks/main.yml b/ansible/roles/truenas/tasks/main.yml index 0c1bbac83..d1f307234 100644 --- a/ansible/roles/truenas/tasks/main.yml +++ b/ansible/roles/truenas/tasks/main.yml @@ -11,17 +11,17 @@ - block: - ansible.builtin.include_tasks: jails/main.yml - - ansible.builtin.shell: - cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf - register: postgres_data_exists - become: true - changed_when: false - failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1 + # - ansible.builtin.shell: + # cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf + # register: postgres_data_exists + # become: true + # changed_when: false + # failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1 - - ansible.builtin.include_tasks: jails/postgres-init.yml - when: postgres_data_exists.rc == 1 + # - ansible.builtin.include_tasks: jails/postgres-init.yml + # when: postgres_data_exists.rc == 1 - - ansible.builtin.include_tasks: jails/postgres-conf.yml + # - ansible.builtin.include_tasks: jails/postgres-conf.yml - ansible.builtin.shell: cmd: test -f /mnt/storage/jail-mounts/borgserver/keys/host/ssh_host_ed25519_key diff --git a/ansible/roles/workstation/defaults/main.yml b/ansible/roles/workstation/defaults/main.yml index 0a5651e93..0b07fdd3a 100644 --- a/ansible/roles/workstation/defaults/main.yml +++ b/ansible/roles/workstation/defaults/main.yml @@ -1,7 +1,7 @@ fonts_dir: ~/.local/share/fonts icons_dir: ~/.local/share/icons newaita_iconset_url: "https://github.com/cbrnix/Newaita/archive/1.09.20a.tar.gz" -nas_hostname: truenas +nas_hostname: truenas.{{ secret_domain }} mnt_dir: /mnt nas_dir: ~/NAS nfs_shares: