chore: clean ansible

ansible/inventory/group_vars/all/all.sops.yml

@@ -1,10 +1,6 @@
 kind: Secret
-SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str]
-secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
-public_ssh_keys:
-    - ENC[AES256_GCM,data:/J9ejzvJHV5wdz9Dj0jUmAaVtIkgVpEoIRJocNGhszY2bmu5mruwWSz6E+XkcAGE0zQMo/9N8imIZoXfq0UQSyfCCitrA09x1z0Hf0s3iSA=,iv:jzA3bIQw+pL4tjNASNMwMcdHW+vSxgVo4Czo/ja0AO8=,tag:iTEDjARfH96oXATQu8VR8Q==,type:str]
-    - ENC[AES256_GCM,data:c105qLvE6iHoBQl4X0qEFDPXOsiA+YGUVK4gl7O0pqHZ6IIs3m1Z28PKl84GuaPL1pV7I55KccQdAnqjQw0XSZ/lWI+IC2BXj3dJ6paLZNU=,iv:lQod/AwDquA22zJLmvpiuQvaPXo1JFSOV+9yybVjMZc=,tag:Z2eArvfrP8YN3irG45wMRw==,type:str]
-    - ENC[AES256_GCM,data:pMYg+hNpYCl5fwvNbz0bjm0KaEuIGMeBXXblTGpbur17Nxulnn5DQ5H3k8Wash1F9BJeBfQOTGXDx1XEfp2CDlymuLHdjP6xU7+daD0/JbA=,iv:49Mh9zGN5AJgTXGb8lF38jyme46nd7RqKil3PI13ww8=,tag:2c6jSEZImNEWvM3Asc2jhw==,type:str]
+pushover_user_key: ENC[AES256_GCM,data:p/3iIeWqLgYPyJjfg3nc1alLuQzwJ1005cJThNT5,iv:FY7PL0V2erRY58lJcy4yzoirsAyoL9Ty8jtMnInSjyo=,tag:XcwxMoANHu/VDMlVOTfJ5Q==,type:str]
+pushover_api_token: ENC[AES256_GCM,data:n2TzLokjWBGdwJzkH82FgqW0OiRVKmlcIuHKshLQ,iv:YXWXgs/vVc0tMtuCqnxasKpp1RhY9wayhtQ8iKWlCQs=,tag:URftDsZ5RCVc94OQNIMCLw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -20,8 +16,8 @@ sops:
             c3JkOFZzYnpINjQ5QnNkaE9IYUdXL3MKsBelDv/z5nTYC6/1Zm8kmzqEoLBVPnhy
             v0v/6n1GksmzslbNdKhy+xtxHYrqouhc2P4hNi0R8p8u76RXERN5fg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-30T13:11:23Z"
-    mac: ENC[AES256_GCM,data:vbkpM6DptiFun826iT8NBTJs0bD4WhGEjfCOsdnOODvWR4dKwmV3lmmYHHMKhSpQLcfg6PASqh6Co8QyKIkiV9Z5ryQG/YIP1Mgj9deJ4aVB42DsJc3qlnhaNbfDZLRC+skH8tEwoJRC/pOW2h/5tIVMSAvcLFDOBnCjhQSmwnA=,iv:LoR/QruGdzbpOjhvyYgNiBZHZHq2KPIIZqVFMsyNenQ=,tag:gtv4NGP6+kbw7Yd5dPy1og==,type:str]
+    lastmodified: "2024-06-28T15:38:55Z"
+    mac: ENC[AES256_GCM,data:qKfDAbqQ/ZrTWdcd4RupJl4XPH/rVDs6KDWj1xzg+3k0znBqw2wzrn9NfiZuyp/gASU3ojPWG5ayBrmEF8f9TC5/3MJlTcjH1Ts2LvQWuyHSkzoLORjzGaRpZisoaK6OkMNtFzxZkCpanzMERQwNMeTRdA3BZ7RNi26FZ/TUii0=,iv:B/2xCQ01+jO9utTJkORZG5CFTmEWM3UVVfy+UOEQf0A=,tag:Lh3gqSR6Wij56VbxG0cAfQ==,type:str]
     pgp: []
     unencrypted_regex: ^(kind)$
     version: 3.8.1

ansible/inventory/group_vars/all/all.yml

@@ -0,0 +1 @@
+internal_domain: feisar.ovh

ansible/inventory/host_vars/truenas-remote.sops.yaml

@@ -1,26 +0,0 @@
-kind: Secret
-root_api_key: ENC[AES256_GCM,data:e+g6jvxD9kBSYVbzGXR0QZZMAnxndPu04Dhs3UjNsjHyq+GQRlapPJDQmnTWFa11KaEK3lOiSmU4yxcRjbgG2t3a,iv:mLG+dFHrmndRm5fT4KU+TIOMiAg/urQ4Zv3YaRaoVlg=,tag:DXTWollNdF4o2Pe2qdyufw==,type:str]
-ansible_host: ENC[AES256_GCM,data:ldsDTnydWPMnAnOiSlVrkiiL6w==,iv:luNgXdV3uBRaGzBIlw4E5UrZqKBaakgwc+9YC9xXInM=,tag:MldHmJpsOqe7oJMA83Xm9g==,type:str]
-ansible_password: ENC[AES256_GCM,data:6F+H0sO8BP7QSZxE6hE=,iv:GOMmcmYZVbT+UbjmHZf4f8jJaBEKV7JWDVpoMQ0QPsI=,tag:YZHl5Sy0wMLibgN7wJ7SNw==,type:str]
-ansible_become_pass: ENC[AES256_GCM,data:KFih2YRvhMLDao5fQ+Q=,iv:cv54gnuCtg6Nt/XbUJ2osNnvPTGhnpKLc5btMY/cSW8=,tag:uxgxAj6WLqms+S2N677kyg==,type:str]
-wireguard_private_key: ENC[AES256_GCM,data:qJL0V5muCpXRXnXIS4YNymB2HcvgAPs64R3YHXb3x9MHqjImGwSb4jfD8fs=,iv:UPer7aN1M7T+GBLZ6iP6xhfds6zZscgQgSV9ROdLrXg=,tag:kzEuJduCpzcDpwUFfbn+0w==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVy9DRjhqOW05Wm4rNXZo
-            bFJxem9UZjNSQW5UaTRZaWQ1clZQSHJrNHpVCmo3Y0RPd1BRRC9ZZHJ0SndSUXJv
-            UkpPWTNOUWFPL1hCUGJrTFBPZml5QncKLS0tIGI5UUJKMXR0d1d3ZzRDSURuWVFl
-            ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
-            R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-19T21:55:55Z"
-    mac: ENC[AES256_GCM,data:IIkga8Ccokgv3EmAAWyEGVhlAwqUcYHEg2T31BtMZTnvZV0+af/OWRafcCWCmoUmToG8r3eqYh1BkFuTAUY7gaBk7H+Wnl5pPnNANdf7LQfc/sCIHpBT/gjZb8Ewtbvzd4C/PAdwaVeJ2SP6IfYQ4MB7unav71Z3d5ynaeBFgrM=,iv:R7rvNBhl6L12Dw+HYygMx1QY5Aob60zi64/YyDYy+hQ=,tag:ENhDNeLAh3OdyCQSC7knUg==,type:str]
-    pgp: []
-    unencrypted_regex: ^(kind)$
-    version: 3.8.1

ansible/inventory/host_vars/truenas-remote.yaml

@@ -1,3 +0,0 @@
-main_nas: false
-pool_name: vol1
-snapshots_interval: "daily:14,weekly:12,monthly:12,yearly:3"

ansible/inventory/hosts.yml

@@ -2,15 +2,15 @@
 all:
   hosts:
     coreelec:
-      ansible_host: coreelec.{{ secret_domain }}
+      ansible_host: coreelec.{{ internal_domain }}
       ansible_user: root
   children:
     truenas-instances:
       hosts:
         truenas:
-          ansible_host: truenas.{{ secret_domain }}
+          ansible_host: truenas.{{ internal_domain }}
         truenas-remote:
-          ansible_host: truenas-remote.{{ secret_domain }}
+          ansible_host: truenas-remote.{{ internal_domain }}
           ansible_port: 35875
       vars:
         ansible_user: homelab

ansible/playbooks/bootstrap_ansible.yml

@@ -1,18 +0,0 @@
----
-- name: Boostrap host to enable Ansible playbooks
-  hosts: all
-  become: true
-  become_user: root
-  gather_facts: false
-  vars:
-    python_pwd: /usr/bin/python
-    python_package: python3
-  tasks:
-    - name: Check for Python
-      ansible.builtin.raw: test -e {{ python_pwd }}
-      changed_when: false
-      failed_when: false
-      register: check_python
-    - name: Install Python
-      ansible.builtin.raw: pkg install -y {{ python_package }}
-      when: check_python.rc != 0

ansible/requirements.yml

@@ -1,8 +0,0 @@
----
-collections:
-  - name: ansible.posix
-    version: 1.5.4
-  - name: community.general
-    version: 9.1.0
-  - name: community.sops
-    version: 1.7.0

ansible/roles/coreelec/tasks/backup.yml

@@ -1,13 +1,13 @@
 ---
 - name: backup | copy script
-  ansible.builtin.copy:
-    src: backup.bash
+  ansible.builtin.template:
+    src: backup.bash.j2
     dest: /storage/backup.bash
-    mode: 0755
+    mode: "0755"
 
 - name: backup | crontab
   ansible.builtin.cron:
-    name: "daily backup"
+    name: daily backup
     minute: "14"
     hour: "4"
-    job: "/storage/backup.bash"
+    job: /storage/backup.bash

ansible/roles/coreelec/tasks/nfs.yml

@@ -3,14 +3,14 @@
   ansible.builtin.file:
     path: "{{ root_path }}/mnt/{{ item }}"
     state: directory
-    mode: 0775
+    mode: "0775"
   loop: "{{ nfs_shares }}"
 
 - name: nfs | create system.d services
   ansible.builtin.template:
-    src: "storage-nfs.mount"
+    src: storage-nfs.mount.j2
     dest: "/storage/.config/system.d/storage-mnt-{{ item | replace('/','-') }}.mount"
-    mode: 0775
+    mode: "0775"
   loop: "{{ nfs_shares }}"
   register: services
 

ansible/roles/coreelec/templates/backup.bash.j2

@@ -3,7 +3,7 @@
 # Variables
 DATE=$(date +%Y%m%d%H%M)
 BACKUP_SRC="/storage/backup"
-BACKUP_DEST="homelab@storage.{{ secret_domain }}:/vol1/backups/servers/coreelec.{{ secret_domain }}/"
+BACKUP_DEST="homelab@storage.{{ internal_domain }}:/vol1/backups/servers/coreelec.{{ internal_domain }}/"
 
 error_handler() {
     local error_line=$1
@@ -17,7 +17,7 @@ error_handler() {
     curl -s \
         --form-string "token={{ pushover_api_token }}" \
         --form-string "user={{ pushover_user_key }}" \
-        --form-string "message=coreelec.{{ secret_domain }}
+        --form-string "message=coreelec.{{ internal_domain }}
 script: ${script_name}
 error_line: ${error_line}
 error_message: ${error_message}" \