🔧 ansible playbooks

2025-09-17 18:24:14 +02:00 · 2022-09-25 00:23:48 +02:00
parent e48e5b273e
commit d960dc0ee1
6 changed files with 22 additions and 17 deletions
--- a/ansible/inventory/group_vars/all/all.sops.yml
+++ b/ansible/inventory/group_vars/all/all.sops.yml
@@ -2,7 +2,6 @@ kind: Secret
 secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
 secret_cluster_domain: ENC[AES256_GCM,data:o+bvKkMvPfZ9+oobxsZj,iv:iJTqLF0+3v/kMHWJIUXQK3++CoLI+fC6IOrQgpiXofw=,tag:XWEid6zEhdpxka88rW2mkw==,type:str]
 secret_email_domain: ENC[AES256_GCM,data:xQwrd9Tgcgpq+I63KA8=,iv:w8fs1kXFwuRBNiswZMu5i/bOazqUPRxEwMWm0z/igxg=,tag:FaWpGtK7ldOEcHgXxZX6/A==,type:str]
-postgres_password: ENC[AES256_GCM,data:xNkFUfAWE3YLRYbzHfoZRg==,iv:RDLvBCkF+cRlHZumScZbRmDsymoSjlESMBaITk0FmxE=,tag:BJdUa2NcTSNoHlng1OKjJA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -18,8 +17,8 @@ sops:
            c3JkOFZzYnpINjQ5QnNkaE9IYUdXL3MKsBelDv/z5nTYC6/1Zm8kmzqEoLBVPnhy
            v0v/6n1GksmzslbNdKhy+xtxHYrqouhc2P4hNi0R8p8u76RXERN5fg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-23T10:38:21Z"
-    mac: ENC[AES256_GCM,data:VchuuJFJO63sWqBgOPQNgtzve5fA5PGo1j6UQGv+v4mFcSbb8+P0ihpynZl6bNcqdA5+dgYalsFpEOsjmHeshn9d1R9dtSiycK8k1IFUdsvbfnRTdxTwyc93xT2AGgGOstq2kPxBQ6CKHDJTI/yMpuzdd6ZoKnlxFW4+orxAf5c=,iv:w6HGOtuA6XVOaZFzB8lcSh3qEatGD3GudhbjzeJQ82k=,tag:lSvDhiiI1zhoCypHliaUXQ==,type:str]
+    lastmodified: "2022-09-24T21:41:39Z"
+    mac: ENC[AES256_GCM,data:YWFS0eyejY3d7HrAewpKhs4Z0ATLZRFAhx/hO8+7OMHnCw+LSXzv0YCygVOTilUJ6By56CRwqF0B9gY/zQUF9mCklyFeHpogmPL92cbAe/gsgKpJI+Nnqrdrch2J8gRv485NI8EQ8sYqSZ0RNsyDiOOyY3OW86L4vqZBqb31O/4=,iv:EGKIAUqY7UQU2+1qpo2VYMvAMomn6vbmGv3uKCpLOOs=,tag:4MNWlJ5Knbymkr/T22P+FA==,type:str]
    pgp: []
    unencrypted_regex: ^(kind)$
    version: 3.7.3
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -5,11 +5,13 @@ all:
      ansible_connection: local
      ansible_python_interpreter: /usr/bin/python3
    coreelec:
+      ansible_host: coreelec.{{ secret_domain }}
      ansible_user: root
  children:
    truenas-instances:
      hosts:
        truenas:
+          ansible_host: truenas.{{ secret_domain }}
        truenas-remote:
          ansible_port: 35875
      vars:
@@ -17,7 +19,8 @@ all:
    truenas-jails:
      hosts:
        borgserver:
-        postgres:
+          ansible_host: borgserver.{{ secret_domain }}
+        # postgres:
 kubernetes:
  children:
    master:
--- a/ansible/roles/coreelec/tasks/nfs.yml
+++ b/ansible/roles/coreelec/tasks/nfs.yml
@@ -12,10 +12,13 @@
    dest: "/storage/.config/system.d/storage-mnt-{{ item }}.mount"
    mode: 0775
  loop: "{{ nfs_shares }}"
+  register: services

 - name: nfs | activate system.d services
  ansible.builtin.systemd:
    name: storage-mnt-{{ item }}.mount
-    state: started
+    state: restarted
    enabled: true
+    daemon_reload: true
  loop: "{{ nfs_shares }}"
+  when: services.changed
--- a/ansible/roles/coreelec/templates/storage-nfs.mount
+++ b/ansible/roles/coreelec/templates/storage-nfs.mount
@@ -6,7 +6,7 @@ After=network-online.service
 Before=kodi.service

 [Mount]
-What=truenas:/mnt/storage/{{ item }}
+What=truenas.{{ secret_domain }}:/mnt/storage/{{ item }}
 Where=/storage/mnt/{{ item }}
 Options=
 Type=nfs
--- a/ansible/roles/truenas/tasks/main.yml
+++ b/ansible/roles/truenas/tasks/main.yml
@@ -11,17 +11,17 @@
 - block:
    - ansible.builtin.include_tasks: jails/main.yml

-    - ansible.builtin.shell:
-        cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf
-      register: postgres_data_exists
-      become: true
-      changed_when: false
-      failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1
+    # - ansible.builtin.shell:
+    #     cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf
+    #   register: postgres_data_exists
+    #   become: true
+    #   changed_when: false
+    #   failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1

-    - ansible.builtin.include_tasks: jails/postgres-init.yml
-      when: postgres_data_exists.rc == 1
+    # - ansible.builtin.include_tasks: jails/postgres-init.yml
+    #   when: postgres_data_exists.rc == 1

-    - ansible.builtin.include_tasks: jails/postgres-conf.yml
+    # - ansible.builtin.include_tasks: jails/postgres-conf.yml

    - ansible.builtin.shell:
        cmd: test -f /mnt/storage/jail-mounts/borgserver/keys/host/ssh_host_ed25519_key
--- a/ansible/roles/workstation/defaults/main.yml
+++ b/ansible/roles/workstation/defaults/main.yml
@@ -1,7 +1,7 @@
 fonts_dir: ~/.local/share/fonts
 icons_dir: ~/.local/share/icons
 newaita_iconset_url: "https://github.com/cbrnix/Newaita/archive/1.09.20a.tar.gz"
-nas_hostname: truenas
+nas_hostname: truenas.{{ secret_domain }}
 mnt_dir: /mnt
 nas_dir: ~/NAS
 nfs_shares: