diff options
Diffstat (limited to 'dan/sk-2019.yml')
| -rw-r--r-- | dan/sk-2019.yml | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/dan/sk-2019.yml b/dan/sk-2019.yml deleted file mode 100644 index 3d555ba5..00000000 --- a/dan/sk-2019.yml +++ /dev/null @@ -1,139 +0,0 @@ ---- -- name: Basic Setup - hosts: sk-2019 - roles: - # - role: apt-repo/base - # - role: core/base - # - role: core/sshd/base - # - role: core/zsh - - role: core/cpu-microcode - # - role: core/users - - role: storage/luks/base - - role: storage/zfs/base - - role: apt-repo/spreadspace - - role: storage/zfs/sanoid - tasks: - - name: install post-boot script - copy: - dest: /usr/local/bin/post-boot - mode: 0755 - content: | - #!/bin/bash - set -e - - {% for name, volume in luks_devices.items() %} - echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" - cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' - {% endfor %} - - systemctl restart zfs-import-cache.service - systemctl restart zfs-mount.service - systemctl restart zfs-share.service - systemctl restart zfs-zed.service - mount -a - - sleep 2 - systemctl restart mariadb.service - systemctl restart apache2.service - - - name: install ispconfig fix systemd service unit - copy: - dest: /etc/systemd/system/fix-fstab.service - content: | - [Unit] - Description=fix fstab entries made by ispconfig - - [Service] - Type=oneshot - ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab - - - name: install ispconfig fix systemd service unit - copy: - dest: /etc/systemd/system/fix-fstab.timer - content: | - [Unit] - Description=fix fstab entries made by ispconfig - - [Timer] - OnCalendar=*-*-* *:*:00 - - [Install] - WantedBy=timers.target - - - name: enable and start fstab fix - systemd: - name: fix-fstab.timer - daemon_reload: yes - enabled: yes - state: started - - ### the machine reboots often - make it so that no manual intervention is necessary - ### of course this makes encrypting the disks a little bit silly... - - name: create base dir for crypto volume key files - file: - path: /etc/cryptsetup-keys.d/ - state: directory - mode: 0500 - - - name: generate key files for crypto volumes - loop: "{{ luks_devices | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key" - content: "{{ item.value.passphrase }}" - mode: 0400 - notify: rebuild initramfs - - - name: generate crypttab - copy: - dest: /etc/crypttab - content: | - # ansible generated - {% for name, volume in luks_devices.items() %} - {{ name }} {{ volume.device }} /etc/cryptsetup-keys.d/{{ name }}.key luks - {% endfor %} - notify: rebuild initramfs - - handlers: - - name: rebuild initramfs - command: dpkg-reconfigure initramfs-tools - - -### TODO: -# -# zfs create -o quota=30G -o compress=lz4 storage/mysql -# zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup -# zfs create -o quota=300G -o compress=lz4 storage/vmail -# zfs create -o quota=600G -o compress=lz4 storage/www -# zfs create -o quota=40G -o compress=lz4 storage/log -# zfs create -o quota=50G -o compress=lz4 storage/configz -# zfs create -o quota=20G -o compress=lz4 storage/backup -# -# mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup -# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup -# chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup -# -### add to /etc/fstab: -## -## /srv/storage/mysql /var/lib/mysql none defaults,bind,x-systemd.automount,nofail 0 0 -## /srv/storage/automysqlbackup /var/lib/automysqlbackup none defaults,bind,x-systemd.automount,nofail 0 0 -## /srv/storage/vmail /var/vmail none defaults,bind,x-systemd.automount,nofail 0 0 -## /srv/storage/www /var/www none defaults,bind,x-systemd.automount,nofail 0 0 -## /srv/storage/log /var/log/ispconfig none defaults,bind,x-systemd.automount,nofail 0 0 -## /srv/storage/backup /var/backup none defaults,bind,x-systemd.automount,nofail 0 0 -# -# mount -a -# - - -########### manual post-boot - -# cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }' -# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke -# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke -# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke -# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount -# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount -# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount -# rm -rf /srv/storage/* |