diff options
-rw-r--r-- | chaos-at-home/ch-prometheus.yml | 23 | ||||
-rw-r--r-- | chaos-at-home/host_vars/ch-prometheus.yml | 31 | ||||
-rw-r--r-- | inventory/host_vars/ch-prometheus.yml | 40 |
3 files changed, 90 insertions, 4 deletions
diff --git a/chaos-at-home/ch-prometheus.yml b/chaos-at-home/ch-prometheus.yml index 19961cde..756722dd 100644 --- a/chaos-at-home/ch-prometheus.yml +++ b/chaos-at-home/ch-prometheus.yml @@ -7,6 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode + - role: cryptdisk - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid @@ -14,3 +15,25 @@ - role: vm/host/network - role: installer/debian/base - role: installer/openbsd/base + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in cryptdisk_volumes.items() %} + echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + systemctl restart libvirtd.service diff --git a/chaos-at-home/host_vars/ch-prometheus.yml b/chaos-at-home/host_vars/ch-prometheus.yml new file mode 100644 index 00000000..75a7cd05 --- /dev/null +++ b/chaos-at-home/host_vars/ch-prometheus.yml @@ -0,0 +1,31 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +37393662663666326639313062363238666161313534646136626436613035633838616331376563 +6364653261643633373530643530616263643464336438620a396230313933343465323731306164 +30326630323136346165373532353062623731306436346330373065643736653063356532643363 +3664623638613265660a613165353566353332396463343838643233326131373639616138663739 +32626233393363396639373136343932373365313531613434653539356238613033346130323537 +34373739393734616239656264373437363836613935303464326265353233383265386366303863 +32373433363861383161616564646331616134316335393936623839613361343835653534353532 +65633864623230643832666630653237366365623065333065643861633333396535346334353466 +63643464333563326363323334323533363165333533333335303862343466376631303737646331 +38326439303332396638396362316431626564376433613761393364336331356430316535363736 +62633562633538613662393837653037333261616531666338666430393038666164623330326536 +37373135353533393435313131623761363831373832336163333334336164393436353934636565 +34363338343566626530626265356437643436373738643634356133316636353062303566653665 +64666339313761396366353436313136663038666163383033616637303163616338636439613965 +35363335653434393237313135346238323364323033613966663533313462663437383136383237 +33323839383733366365323439666466346266323939386331646262373763326365666164663330 +61623537633038396663376337616163303666303264656432326137373237663564313237623163 +39383765613337633736633533383931356234356339663930643031643663663962306462623062 +66393434313430383233663037373139653132323933663737623763333139383239373435636330 +34633165613865633163373962353937326139333538393162643031383333373161613762646635 +39646135396265666562343731626531336537303465306366653233623438383063326634366265 +35656130346135373839633732336566316166623834613465396534313665316536333161386639 +63346139306536653333633564386661303137333838656537303038343038303365396138373463 +62353035633535353536383631313434303035336233313934633533626338623938666336356161 +61653236303134663136343336353161393063656630366262633738343936633935373335326466 +61383830653437356364383564366336336535383264393636343831643436646464373530376633 +31363234366239643766653139646535303463343434313335643639653135623935333163666337 +61373366343166356432306432373662306335383664383838653136626530383863626134383064 +66646633366233333332653537616366393938356565633435646134636562393233343338616337 +6237393166666531653466393337323161636664326263626130 diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml index de31cd83..425411df 100644 --- a/inventory/host_vars/ch-prometheus.yml +++ b/inventory/host_vars/ch-prometheus.yml @@ -8,10 +8,10 @@ install: raid: level: 1 members: - - /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310327Y - /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310329Z + - /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310327Y system_lvm: - size: 20G + size: 25G network: nameservers: @@ -40,17 +40,49 @@ apt_repo_components: - non-free ## for microcode updates +installer_lvm: + vg: "{{ host_name }}" + lv: installer + size: 10G + fs: ext4 + + +cryptdisk_volumes: + crypto-nvme0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310329Z-part4 + crypto-nvme1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310327Y-part4 + crypto-sata0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-sata0'].passphrase }}" + device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6HGTN + crypto-sata1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-sata1'].passphrase }}" + device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6GT2N + crypto-sata2: + passphrase: "{{ vault_cryptdisk_volumes['crypto-sata2'].passphrase }}" + device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6A2UN + + zfs_arc_size: min: "{{ 2 * 1024 * 1024 * 1024 }}" - max: "{{ 8 * 1024 * 1024 * 1024 }}" + max: "{{ 24 * 1024 * 1024 * 1024 }}" zfs_zpools: nvme: mountpoint: /srv/nvme - create_vdevs: mirror /dev/nvme0n1p4 /dev/nvme1n1p4 + create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 zfs_sanoid_modules: nvme/vm: use_template: production recursive: yes process_children_only: yes + storage: + use_template: production + recursive: yes + process_children_only: yes |