6 files changed, 56 insertions, 20 deletions

diff --git a/dan/host_vars/sk-2019vm.yml b/dan/host_vars/sk-2019vm.yml
index 53629208..a20c9957 100644
--- a/dan/host_vars/sk-2019vm.yml
+++ b/dan/host_vars/sk-2019vm.yml
@@ -1,10 +1,22 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-64313638393461613535643731303830343539313333643462633232303936346665636536313630
-6261376532663565343434376633613930613331626530380a633235326261306166356166636363
-32636530656665303633373331353565626534646466666336636561376638323834646262633636
-3633656465366263640a653837613439363438653366643763323933366361323938326439373138
-36323638633530323630323133386332303965353866353831383961333363613933373132353663
-35393938326630356261336136633763316436366435313965306166656138393032306434363861
-62383632636239653233626535316361376637646564333861323936343833383030303139346135
-39303735623038633661626238616638373061643762336339366434303162633731646432626364
-3432
+31643161386262663634396262643361353430306563326165323830666335303036626130353330
+6332343034356334306166633236326532366334333438340a366262336162643563363931616232
+31383137666134633536366233623237306365613661353562393836623831656138633066373265
+3033373239316132650a343364333332623661313430636631383731633261343432633437313266
+65343236613666383133666334666338623037383865376264646338373166323632366439666636
+63373833303036316439663661316462333330643461386662383631373732306262356130393266
+61323937633036666561356233666534326636363762656639626230626431323365393437366562
+32623566316364646336353031653866313764393366653635613261323565626339353739353565
+66653536636432386361633734653431623365323262643238376533616165643861616232323861
+37323631393934653632373465663337663537366464666338646466633130346164303163376665
+63386335356435323064386232353363313739343135623938316631333764366637393836646465
+61663830383735396339373837363262316431316362326334633666333839386236633139373035
+62386665396235643439666265653630653138626562373734396236326162623162353437346534
+38623331663730623830313138363462366232356163303265353839633538616261633632623262
+31376266303337373236653833623161393537373638376533643138346161373061636662373239
+35373836636233376162333038613030633734356462383932323238316237313163396634343964
+62383831666538393262383337646164376336393732376136666333613938623164393866353164
+36663037353836333230623938633530616130323563653533663363333166303466313132366134
+61313239643738303861353262323461376431633332313961363431666365396439313332653338
+34633931343337303136343434313062633137646236336532356630373531633738306465376663
+3836
diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml
index befbedf0..00c6a067 100644
--- a/dan/sk-2019vm.yml
+++ b/dan/sk-2019vm.yml
@@ -5,5 +5,7 @@
   - role: base
   - role: sshd
   - role: zsh
+  - role: admin-user
+  - role: cryptdisk
   - role: zfs/base
   - role: vm/host
diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml
index 04f34626..c0578ab9 100644
--- a/inventory/host_vars/sk-2019vm.yml
+++ b/inventory/host_vars/sk-2019vm.yml
@@ -12,9 +12,8 @@ network: {}
 vm_host:
   network:
     interface: br-public
-    ip: 192.168.250.254
-    mask: 255.255.255.0
-    nameservers:
+    prefix: 192.168.250.254/24
+    dns:
     - 213.133.100.100
     - 213.133.98.98
     - 213.133.99.99
@@ -23,6 +22,17 @@ vm_host:
     nat: yes
 
 
+ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}"
+
+cryptdisk_volumes:
+  crypto-nvme0:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3
+  crypto-nvme1:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3
+
+
 zfs_zpool_name: storage
 zfs_zpool_mountpoint: /srv/storage
-zfs_zpool_create_vdevs: mirror nvme0n1p3 nvme1n1p3
+zfs_zpool_create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml
index 656bef32..88fa4de1 100644
--- a/inventory/host_vars/sk-testvm.yml
+++ b/inventory/host_vars/sk-testvm.yml
@@ -13,6 +13,18 @@ install:
         pool: storage
         name: "{{ inventory_hostname }}"
         size: 5g
+  interfaces:
+  - bridge: br-public
+    name: primary0
   autostart: False
 
-network: {}
+network:
+  nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary:
+    interface: primary0
+    ip: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr(hostvars[vm_host].vm_host.network.offsets[inventory_hostname]) | ipaddr('address') }}"
+    mask: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr('netmask') }}"
+    gateway: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr('address') }}"
diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2
index 59037fd9..426d4323 100644
--- a/roles/vm/define/templates/libvirt-domain.xml.j2
+++ b/roles/vm/define/templates/libvirt-domain.xml.j2
@@ -42,7 +42,7 @@
 {%     if src.type == 'lvm' %}
       <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/>
 {%     elif src.type == 'zfs' %}
-      <source dev='/dev/zvol/{{ srv.pool }}/{{ srv.name }}'/>
+      <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/>
 {%     endif %}
       <target dev='{{ device }}' bus='virtio'/>
     </disk>
@@ -57,7 +57,7 @@
 {%     if src.type == 'lvm' %}
       <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/>
 {%     elif src.type == 'zfs' %}
-      <source dev='/dev/zvol/{{ srv.pool }}/{{ srv.name }}'/>
+      <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/>
 {%     endif %}
       <target dev='{{ device }}' bus='scsi'/>
     </disk>
diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml
index d3d2edf2..7ce3de45 100644
--- a/roles/vm/host/tasks/network.yml
+++ b/roles/vm/host/tasks/network.yml
@@ -6,8 +6,8 @@
     content: |
       auto {{ vm_host.network.interface }}
       iface {{ vm_host.network.interface }} inet static
-        address {{ vm_host.network.ip }}
-        netmask {{ vm_host.network.mask }}
+        address {{ vm_host.network.prefix | ipaddr('address') }}
+        netmask {{ vm_host.network.prefix | ipaddr('netmask') }}
         bridge_ports none
         bridge_stp off
         bridge_waitport 0
@@ -19,8 +19,8 @@
         up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
         up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
       {% if 'nat' in vm_host.network and vm_host.network.nat %}
-        up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
-        down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+        up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+        down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
       {% endif %}
   register: vmhost_interface_config