14 files changed, 64 insertions, 40 deletions

diff --git a/chaos-at-home/ch-epimetheus.yml b/chaos-at-home/ch-epimetheus.yml
index 148cda82..d091ffc5 100644
--- a/chaos-at-home/ch-epimetheus.yml
+++ b/chaos-at-home/ch-epimetheus.yml
@@ -7,32 +7,18 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
-  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ch-epimetheus
+  roles:
   - role: apt-repo/spreadspace
   - role: nginx/base
   - role: monitoring/prometheus/exporter
-  - role: network/wakeonlan
   - role: storage/luks/volumes
   - role: storage/zfs/pools
   - role: storage/zfs/sanoid
   - role: storage/zfs/syncoid
   post_tasks:
-  - name: install simple suspend script
-    copy:
-      content: |
-        #!/bin/bash
-
-        if [ -z "$1" ]; then
-          echo "suspending indefinitely"
-          systemctl suspend
-        else
-          #rtcwake --seconds 300 -m mem
-          echo "suspending for $1"
-          rtcwake --time $(date -d "$1" +%s) -m mem
-        fi
-      dest: /root/suspend.sh
-      mode: 0755
-
   - name: install post-boot script
     copy:
       dest: /usr/local/bin/post-boot
@@ -59,8 +45,6 @@
       content: |
         #!/bin/bash
         {% set disk_variables = [] %}
-        disk_primary=$(basename $(realpath '{{ install.disks.primary }}'))
-        {{ disk_variables.append('$disk_primary') -}}
         {% for name,volume in luks_volumes.items() %}
         disk_{{ name | replace('-', '_') }}=$(basename $(realpath '{{ volume.device }}'))
         {{ disk_variables.append('$disk_'+(name | replace('-', '_'))) -}}
diff --git a/inventory/host_vars/ch-apps.yml b/inventory/host_vars/ch-apps.yml
index ed53fe38..9c263712 100644
--- a/inventory/host_vars/ch-apps.yml
+++ b/inventory/host_vars/ch-apps.yml
@@ -55,7 +55,7 @@ spreadspace_apt_repo_components:
 
 
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 
 prometheus_job_multitarget_blackbox__probe:
diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml
index 7b132e6d..9f1fd63e 100644
--- a/inventory/host_vars/ch-atlas.yml
+++ b/inventory/host_vars/ch-atlas.yml
@@ -26,7 +26,7 @@ network:
 
 
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 
 apt_repo_components:
diff --git a/inventory/host_vars/ch-epimetheus.yml b/inventory/host_vars/ch-epimetheus.yml
index 431f6337..fa05843e 100644
--- a/inventory/host_vars/ch-epimetheus.yml
+++ b/inventory/host_vars/ch-epimetheus.yml
@@ -1,27 +1,33 @@
 ---
-install:
-  efi: true
-  disks:
-    primary: /dev/disk/by-id/ata-ADATA_SP300_1302938101000079
+raspios_variant: lite
+raspios_arch: arm64
 
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
   primary: &_network_primary_
-    name: enp1s0
+    name: eth0
     address: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) }}"
     gateway: "{{ network_zones.lan.gateway }}"
   interfaces:
   - *_network_primary_
 
+raspios_boot_config:
+  - regexp: '^#?dtparam=i2c_vc'
+    line: 'dtparam=i2c_vc=on'
+  - regexp: '^#?dtoverlay=i2c-rtc'
+    line: 'dtoverlay=i2c-rtc,rv3028,i2c0'
+
+## TODO: eeprom config...
+#    POWER_OFF_ON_HALT=1
+#    WAKE_ON_GPIO=0
+
+base_entropy_generator: rngd
 
-wakeonlan_interfaces:
-  - enp7s0 ## onboard GBit/s port - enp1s0 is a 10g SFP+ card without support for WOL
 
 apt_repo_components:
   - main
   - contrib  ## for zfs
-  - non-free ## for microcode updates
 
 
 spreadspace_apt_repo_components:
@@ -63,8 +69,8 @@ luks_volumes:
 
 
 zfs_arc_size:
-  min: 8GB
-  max: 16GB
+  min: 1GB
+  max: 2GB
 
 zfs_pools:
   backup:
diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml
index 5aa92d38..d6a04ace 100644
--- a/inventory/host_vars/ch-equinox-t450s.yml
+++ b/inventory/host_vars/ch-equinox-t450s.yml
@@ -32,7 +32,7 @@ base_modules_blacklist: "{{ base_modules_blacklist_none }}"
 
 sshd_password_auth: yes
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 zsh_banner: equinox
 
diff --git a/inventory/host_vars/ch-hyperion.yml b/inventory/host_vars/ch-hyperion.yml
new file mode 100644
index 00000000..a551242a
--- /dev/null
+++ b/inventory/host_vars/ch-hyperion.yml
@@ -0,0 +1,15 @@
+---
+install:
+  efi: true
+  disks:
+    primary: /dev/disk/by-id/ata-ADATA_SP300_1302938101000079
+
+network:
+  nameservers: "{{ network_zones.lan.dns }}"
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: enp1s0
+    address: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) }}"
+    gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml
index ac7f1748..2aa8e522 100644
--- a/inventory/host_vars/ch-mimas.yml
+++ b/inventory/host_vars/ch-mimas.yml
@@ -21,7 +21,7 @@ spreadspace_apt_repo_components:
 sshd_allowusers_host: "{{ admin_users_host + (['git'] | product(gitolite_instances | list) | map('join', '-')) }}"
 
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 
 ntp_variant: systemd-timesyncd
diff --git a/inventory/host_vars/ch-phoebe.yml b/inventory/host_vars/ch-phoebe.yml
index 9e1b9d89..834ec6d5 100644
--- a/inventory/host_vars/ch-phoebe.yml
+++ b/inventory/host_vars/ch-phoebe.yml
@@ -30,7 +30,7 @@ apt_repo_components:
 
 
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 
 spreadspace_apt_repo_components:
diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml
index 20b717c0..332ba8ef 100644
--- a/inventory/host_vars/ch-prometheus.yml
+++ b/inventory/host_vars/ch-prometheus.yml
@@ -42,7 +42,7 @@ apt_repo_components:
 
 ssh_keys_root_extra:
   - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9AkOBxvf1wZ0B3wEyf7O3GbaIGx5o2f6cVuQIrOjeFfgMSAr1LwiB/gmHhMSEq6OSauD37TA5yDIrzk6NPPjVs/wiklsHgYtTqIxSPItTZFPX4gLvNwwGuRvEW9bTEiHd+bVPIiIT7HOje0kgacjan44rdgppX9DgcUp2j7uSZZabsxDCS/ms0slhwBNU1gtR31PoQ56vIya23D2uMauNAbRJzDEOfAjy4pHF8njYcXPas/yrbLi8PUZ1YO1u/AZto96EIYfHaCLWlstqeCX+R2JrTunvfTr8TF3AkFw8lHMzk3neUR+tPAAFQaqeTlqGPiSNq1Oyf+52XR16qwhd equinox@mail
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 
 spreadspace_apt_repo_components:
diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml
index 6da127ca..8d4f439c 100644
--- a/inventory/host_vars/sk-2019vm.yml
+++ b/inventory/host_vars/sk-2019vm.yml
@@ -29,7 +29,7 @@ ssh_users_root:
   - dan
 
 ssh_keys_root_extra:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
 
 apt_repo_components:
   - main
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index c7c21ef0..8e41304d 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -305,6 +305,12 @@ ansible_python_interpreter=/usr/local/bin/python3
 ch-router-obsd
 
 
+[raspios]
+ch-cm4-test
+ch-mclr
+ch-epimetheus
+
+
 ## legacy python version
 [python2:vars]
 ansible_python_interpreter=/usr/bin/python
diff --git a/roles/prepare-dkms/tasks/main.yml b/roles/prepare-dkms/tasks/main.yml
index 23533345..052d2684 100644
--- a/roles/prepare-dkms/tasks/main.yml
+++ b/roles/prepare-dkms/tasks/main.yml
@@ -1,14 +1,15 @@
 ---
 - name: prepare dkms on scaleway boxes
-  include_tasks: scaleway.yml
   when: "'scaleway-kernel' in group_names"
+  include_tasks: scaleway.yml
 
 - name: prepare dkms on for raspberry-pi
+  when: "('id' in ansible_lsb and ansible_lsb.id == 'Raspbian') or ('raspios' in group_names)"
   include_tasks: raspberrypi.yml
-  when: "('id' in ansible_lsb and ansible_lsb.id == 'Raspbian')"
 
 - name: prepare dkms on normal debian boxes
-  include_tasks: default.yml
   when:
     - "'scaleway-kernel' not in group_names"
+    - "'raspios' not in group_names"
     - "('id' not in ansible_lsb or ansible_lsb.id != 'Raspbian')"
+  include_tasks: default.yml
diff --git a/roles/raspios/image/tasks/main.yml b/roles/raspios/image/tasks/main.yml
index 95fd1407..e7e0cbba 100644
--- a/roles/raspios/image/tasks/main.yml
+++ b/roles/raspios/image/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: check if host is member of the raspios group
+  assert:
+    msg: "please add the host to the group 'raspios'"
+    that:
+    - "'raspios' in group_names"
+
 - name: fetch os list from download server
   check_mode: no
   uri:
diff --git a/roles/storage/zfs/syncoid/tasks/main.yml b/roles/storage/zfs/syncoid/tasks/main.yml
index 9e573db7..6b3e227e 100644
--- a/roles/storage/zfs/syncoid/tasks/main.yml
+++ b/roles/storage/zfs/syncoid/tasks/main.yml
@@ -22,7 +22,13 @@
     dest: /var/lib/syncoid/syncoid_pull
     mode: 0755
 
+- name: check if lvm.conf does exist
+  stat:
+    path: /etc/lvm/lvm.conf
+  register: zfs_syncoid_lvm_conf
+
 - name: configure lvm to ignore zfs volumes
+  when: zfs_syncoid_lvm_conf.stat.exists
   lineinfile:
     path: /etc/lvm/lvm.conf
     backrefs: yes