add zfs support to new workstation/base role

author: Christian Pointner <equinox@spreadspace.org> 2020-11-11 03:09:35 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-11-11 12:53:16 +0100
commit: 1e4520fbdb6a72cfaf39746e3f89544771720394 (patch)
tree: e9171a34a2efe41ef08dbcf768e00df20abe79d2
parent: rename ubuntu-ws role to ws/base (diff)
8 files changed, 82 insertions, 137 deletions
diff --git a/chaos-at-home/ch-telesto.yml b/chaos-at-home/ch-telesto.yml
new file mode 100644
index 00000000..a78517ce
--- /dev/null
+++ b/chaos-at-home/ch-telesto.yml
@@ -0,0 +1,14 @@
+---
+- name: Basic Setup
+  hosts: ch-telesto
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: zfs/base
+  - role: ws/base
+  - role: core/admin-users
+  - role: apt-repo/spreadspace
+  - role: streaming/blackmagic/desktopvideo
diff --git a/chaos-at-home/group_vars/chaos-at-home.yml b/chaos-at-home/group_vars/chaos-at-home.yml
index f7da7437..8cc9a860 100644
--- a/chaos-at-home/group_vars/chaos-at-home.yml
+++ b/chaos-at-home/group_vars/chaos-at-home.yml
@@ -1,24 +1,27 @@
 $ANSIBLE_VAULT;1.2;AES256;chaos-at-home
-66636539316637643337323635383630306330396536346236333839653364343866633434376437
-3564646633666539396238383762656433633165386661620a353730316633323237653539313263
-31633563343634356261653231336465343666303537323830333662363330343032623634646131
-3065356635643364610a333366326563623633336463626330316637663432303765626633653738
-32386131613737653332643836636237663739626566386432616262363031646236366161303138
-31343730393662646333376631343539306136323432393639396433643665333531333963346264
-33393563383136396636303366353037386461376135353332353534306131326666333565356335
-38363938396635666630316630333266353238343834303338363637393661353263306531373535
-30336561663961313736636631653033303966376231353430323965376234643337626536383435
-36316430636130636433303736633665333938343731653130663562316464353764323736653533
-38616535313137383162343130366235613539623933393830323366376663313932303932376335
-61326334303733646539356334336437626363333865623963316361303330356535303733393034
-30653538373161626362643362313061633565393663323864653436666464353464353765613735
-62623635323164383537616161643566333539623732376130336266363631323733383434316666
-63303561386434633833396432653932353739383836646434393832363936336538383661313266
-34633432323366633664646335373362313831643834306265333163316462316233363335333938
-63383037376563343566663130353731333561343131353362393937326161396232663566366638
-61643263663865353364313431336439326139303233646665356435616638656466353064383632
-33626538646166326639383064353736623666653339623865643237396563336361353263616466
-66346563313737313037653735363666643662356239353163336337393565643165633732663839
-30616166346637623030646262386435613066636132646665623764643661653730343730346331
-62666638313737346332336236653864633931356231613037373638656562396438323533323062
-393534663638616536653534663333613639
+37363633653262356539353263326436303965373365613031326238343332623531633734626466
+6431623733383832306662613039373138346666336663640a303764313730626231383965663130
+37386565653733303737343433626332373639353663616235346131313339396263386133326361
+6565353432386538320a623337346334663139323533613333363665656162346138313236393637
+36623439626632396531353631613037313166666136373934623739333237623661396332376436
+31373461653564386266336639633861613536663831633162323863373630393834663531306531
+32343932303561333363373561353035346562383833336663383135626631663133346663333635
+62333661386237613035313235303132396431643732383732386336636165393838393464323033
+34343963646534306433303163616132653164666163336137353034336164383661616263613965
+62633937656538323461306361626235613338653266386134363363356163366161366166346362
+35366531376664613237376133396164373762383735373236343166383534636636643733393838
+37616361316363373262336530336564653335383630633736383239353635616432386635306134
+38663464653535613738666631303337326334346635393363363837623734316233396166303232
+34343561313736353765633064656665333934316631613233353163393837646465303830613231
+62363033363066336438306636636330646530663330356638343930646430323838666533666337
+31363038356435346239613930323161643065663063613665333566623634653333396561376365
+35336437643339303465323361326561646436366437636165356563653636333766343038303134
+61343239333536623331306561646336636335323432643434333561386664373861303732393665
+32393332336135633135643938613330666236323631613634353533656462383966333761343461
+34353838356561636161383565333039613136333431623936316136396630363662313234613735
+39383765643961316164633333323237343063653565353461626461333737313363326436376461
+61656465373035316466653733613931666139643336363866636136333039643536333336653630
+35383463623334616162306639303132633637373031383638666331653333656132313934366131
+61343337626561333537613534396333636139356264313731636462363362336231663363613862
+63653365393139383234306362306430373636636262313662663531633537356536303931373963
+3565613330363934636135636531633932653537656563336336
diff --git a/inventory/group_vars/chaos-at-home/vars.yml b/inventory/group_vars/chaos-at-home/vars.yml
index ac999612..c09c75e1 100644
--- a/inventory/group_vars/chaos-at-home/vars.yml
+++ b/inventory/group_vars/chaos-at-home/vars.yml
@@ -7,3 +7,7 @@ admin_users_group:
 acmetool_account_email: admin@chaos-at-home.org
 
 apt_repo_provider: inode
+
+apt_repo_blackmagic_auth:
+  username: "chaos-at-home"
+  password: "{{ vault_apt_repo_blackmagic_auth.password }}"
diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml
index 50cafbec..a1130257 100644
--- a/inventory/host_vars/ch-equinox-ws.yml
+++ b/inventory/host_vars/ch-equinox-ws.yml
@@ -56,7 +56,7 @@ apt_repo_components:
   - universe
   - multiverse
 
-ubuntu_ws_extra_packages:
+ws_base_extra_packages:
   - aisleriot
   - atftp
   - asciidoc
diff --git a/inventory/host_vars/ch-telesto.yml b/inventory/host_vars/ch-telesto.yml
index 6e642dee..a2d94e16 100644
--- a/inventory/host_vars/ch-telesto.yml
+++ b/inventory/host_vars/ch-telesto.yml
@@ -47,7 +47,33 @@ network:
   - *_network_primary_
 
 
+apt_repo_components:
+  - main
+  - restricted
+  - universe
+  - multiverse
+
 base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}"
 
 admin_users_host:
   - equinox
+
+zfs_arc_size:
+  min: 1GB
+  max: 2GB
+
+zfs_pools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720808-part4 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720810-part4
+
+ws_base_home_zfs:
+  pool: storage
+  name: home
+  properties:
+    xattr: sa
+    compression: lz4
+    quota: 100G
+
+ws_base_extra_packages:
+  - obs-studio
diff --git a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2
deleted file mode 100644
index 7a424673..00000000
--- a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2
+++ /dev/null
@@ -1,111 +0,0 @@
-#########################################################################
-#  spreadspace preseed file for Ubuntu focal based workstations
-#########################################################################
-
-d-i debian-installer/language string {{ preseed_language }}
-d-i debian-installer/country string {{ preseed_country }}
-d-i debian-installer/locale string {{ preseed_locales | first }}
-d-i localechooser/preferred-locale string {{ preseed_locales | first }}
-d-i localechooser/supported-locales multiselect {{ preseed_locales | join(', ') }}
-d-i localechooser/translation/warn-light boolean true
-
-d-i console-setup/ask_detect boolean false
-d-i keyboard-configuration/layoutcode string {{ preseed_keyboard_layout }}
-d-i keyboard-configuration/variantcode string {{ preseed_keyboard_variant }}
-
-d-i hw-detect/load_firmware boolean false
-
-{% if preseed_no_netplan %}
-d-i netcfg/do_not_use_netplan boolean true
-{% endif %}
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
-{% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
-d-i netcfg/disable_dhcp boolean false
-d-i netcfg/disable_autoconfig boolean false
-{% else %}
-d-i netcfg/disable_dhcp boolean true
-d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
-d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
-d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
-d-i netcfg/confirm_static boolean true
-{% endif %}
-
-d-i netcfg/hostname string {{ hostvars[install_hostname].host_name }}
-d-i netcfg/get_hostname string {{ hostvars[install_hostname].host_name }}
-d-i netcfg/domain string {{ hostvars[install_hostname].network_cooked.domain }}
-d-i netcfg/get_domain string {{ hostvars[install_hostname].network_cooked.domain }}
-d-i netcfg/wireless_wep string
-
-
-d-i mirror/country string manual
-d-i mirror/http/hostname string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.host }}
-d-i mirror/http/directory string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.path }}
-d-i mirror/http/proxy string
-
-
-d-i passwd/make-user boolean false
-d-i passwd/root-login boolean true
-d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
-d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
-
-
-d-i clock-setup/utc boolean true
-d-i time/zone string {{ preseed_timezone }}
-d-i clock-setup/ntp boolean false
-
-
-{% include 'partman_config.j2' %}
-
-
-{% if preseed_kernel_image is defined %}
-d-i base-installer/kernel/image string {{ preseed_kernel_image }}
-{% elif preseed_virtual_machine %}
-d-i base-installer/kernel/image string linux-virtual
-{% endif %}
-{% if preseed_no_splash %}
-d-i debian-installer/splash boolean false
-d-i debian-installer/add-kernel-opts string nosplash
-{% endif %}
-
-d-i base-installer/install-recommends boolean false
-d-i apt-setup/security_host string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.host }}
-d-i apt-setup/security_path string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.path }}
-{% if hostvars[install_hostname].install_cooked.arch | default('amd64') == 'amd64' %}
-d-i apt-setup/multiarch string amd64
-{% endif %}
-
-tasksel tasksel/first multiselect {{ preseed_install_tasks | join(', ') }}
-d-i pkgsel/include string openssh-server {{ hostvars[install_hostname].python_basename }} {{ hostvars[install_hostname].python_basename }}-apt{% if preseed_no_netplan %} ifupdown{% endif %}{{ '' }}
-d-i pkgsel/upgrade select safe-upgrade
-popularity-contest popularity-contest/participate boolean false
-d-i pkgsel/update-policy select none
-
-d-i finish-install/reboot_in_progress note
-
-
-d-i preseed/late_command string \
-    lvremove -f {{ hostvars[install_hostname].host_name }}/dummy; \
-    in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \
-    in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
-    in-target bash -c "env SUDO_FORCE_REMOVE=yes apt-get purge -y -q ubuntu-minimal sudo ubuntu-advantage-tools"; \
-{% if preseed_no_netplan %}
-    in-target bash -c "apt-get purge -y -q netplan.io && apt-get autoremove -y -q && rm -rf /etc/netplan"; \
-{% endif %}
-    in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \
-{% if preseed_force_net_ifnames_policy is defined %}
-    mkdir -p /target/etc/systemd/network; \
-    in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \
-    in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \
-    in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \
-    in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \
-    in-target bash -c "echo 'NamePolicy={{ preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \
-    in-target bash -c "update-initramfs -u"; \
-{% endif %}
-    in-target bash -c "passwd -d root && passwd -l root"; \
-{% if hostvars[install_hostname].ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[install_hostname].ansible_port }}/' -i /etc/ssh/sshd_config"; \
-{% endif %}
-    mkdir -p -m 0700 /target/root/.ssh; \
-    cp /authorized_keys /target/root/.ssh/
diff --git a/roles/ws/base/defaults/main.yml b/roles/ws/base/defaults/main.yml
index 9db0c3dc..eb094e0b 100644
--- a/roles/ws/base/defaults/main.yml
+++ b/roles/ws/base/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
-ubuntu_ws_extra_packages: []
+ws_base_extra_packages: []
+
+# ws_base_home_zfs: {}
diff --git a/roles/ws/base/tasks/main.yml b/roles/ws/base/tasks/main.yml
index 9e3b55b8..75a753d8 100644
--- a/roles/ws/base/tasks/main.yml
+++ b/roles/ws/base/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+- name: create zfs dataset for /home
+  when: ws_base_home_zfs is defined
+  zfs:
+    name: "{{ ws_base_home_zfs.pool }}/{{ ws_base_home_zfs.name }}"
+    state: present
+    extra_zfs_properties: "{{ ws_base_home_zfs.properties | default({}) | combine({'mountpoint': '/home'}) }}"
+
 - name: prohibited packages
   loop:
     - flashplugin-installer
@@ -78,5 +85,5 @@
 
 - name: install extra packages
   apt:
-    name: "{{ ubuntu_ws_extra_packages }}"
+    name: "{{ ws_base_extra_packages }}"
     state: present
author	Christian Pointner <equinox@spreadspace.org>	2020-11-11 03:09:35 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-11-11 12:53:16 +0100
commit	1e4520fbdb6a72cfaf39746e3f89544771720394 (patch)
tree	e9171a34a2efe41ef08dbcf768e00df20abe79d2
parent	rename ubuntu-ws role to ws/base (diff)