16 files changed, 297 insertions, 56 deletions

diff --git a/inventory/host_vars/ch-gnocchi.yml b/inventory/host_vars/ch-gnocchi.yml
index 35527e2d..d5525443 100644
--- a/inventory/host_vars/ch-gnocchi.yml
+++ b/inventory/host_vars/ch-gnocchi.yml
@@ -33,7 +33,7 @@ __interface_zones__:
 
 
 __interface_zones_yaml__: |
-  {% for interface in __interface_zones__.keys() %}
+  {% for interface in (__interface_zones__.keys() | sort) %}
   {%   for zone in __interface_zones__[interface] %}
   {%     if zone is mapping %}
   {{ zone.name }}:
@@ -61,7 +61,7 @@ __interface_configs__: |
   # The loopback network interface
   auto lo
   iface lo inet loopback
-  {% for interface in __interface_zones__.keys() %}
+  {% for interface in (__interface_zones__.keys() | sort) %}
 
 
   auto {{ interface }}
diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml
index 9a89fe7c..194ecbb7 100644
--- a/inventory/host_vars/ch-mimas.yml
+++ b/inventory/host_vars/ch-mimas.yml
@@ -10,8 +10,7 @@ install:
     virtio:
       vda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 62g
   interfaces:
   - bridge: br-public
diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index 7ebda8ff..98f5fb6e 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -10,8 +10,7 @@ install:
     scsi:
       sda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 5g
   interfaces:
   - bridge: br-public
diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml
index e89463a9..71fe8c75 100644
--- a/inventory/host_vars/emc-master.yml
+++ b/inventory/host_vars/emc-master.yml
@@ -10,14 +10,11 @@ install:
     scsi:
       sda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 20g
-      sdb:
-        type: zfs
-        pool: storage
-        name: "streamstats"
-        size: 50g
+      # sdb:
+      #   type: image
+      #   path: /dev/zvol/storage/streamstats
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/host_vars/lw-master.yml b/inventory/host_vars/lw-master.yml
index e89463a9..71fe8c75 100644
--- a/inventory/host_vars/lw-master.yml
+++ b/inventory/host_vars/lw-master.yml
@@ -10,14 +10,11 @@ install:
     scsi:
       sda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 20g
-      sdb:
-        type: zfs
-        pool: storage
-        name: "streamstats"
-        size: 50g
+      # sdb:
+      #   type: image
+      #   path: /dev/zvol/storage/streamstats
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/host_vars/r3-cccamp19-av.yml b/inventory/host_vars/r3-cccamp19-av.yml
index 378f459c..54f6c5da 100644
--- a/inventory/host_vars/r3-cccamp19-av.yml
+++ b/inventory/host_vars/r3-cccamp19-av.yml
@@ -31,5 +31,7 @@ network:
     mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
     gateway: "{{ network_zones.lan.gateway }}"
 
+install_playbook: r3-cccamp19_vm
+
 dyndns:
   server: ch-pan
diff --git a/inventory/host_vars/r3-cccamp19-flora.yml b/inventory/host_vars/r3-cccamp19-flora.yml
index 378f459c..54f6c5da 100644
--- a/inventory/host_vars/r3-cccamp19-flora.yml
+++ b/inventory/host_vars/r3-cccamp19-flora.yml
@@ -31,5 +31,7 @@ network:
     mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
     gateway: "{{ network_zones.lan.gateway }}"
 
+install_playbook: r3-cccamp19_vm
+
 dyndns:
   server: ch-pan
diff --git a/inventory/host_vars/r3-cccamp19-verr.yml b/inventory/host_vars/r3-cccamp19-verr.yml
index 03b32e4c..81cbe05b 100644
--- a/inventory/host_vars/r3-cccamp19-verr.yml
+++ b/inventory/host_vars/r3-cccamp19-verr.yml
@@ -31,5 +31,7 @@ network:
     mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
     gateway: "{{ network_zones.lan.gateway }}"
 
+install_playbook: r3-cccamp19_vm
+
 dyndns:
   server: ch-pan
diff --git a/inventory/host_vars/sk-2019.yml b/inventory/host_vars/sk-2019.yml
index 9de2b04a..f54d852f 100644
--- a/inventory/host_vars/sk-2019.yml
+++ b/inventory/host_vars/sk-2019.yml
@@ -10,12 +10,13 @@ install:
 network: {}
 
 base_intel_nic_stability_fix: true
+ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan  + ssh_keys.brt }}"
+ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}"
+
 
 admin_user_host:
 - "{{ brt_user }}"
 
-ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan  + ssh_keys.brt }}"
-ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}"
 
 
 cryptdisk_volumes:
@@ -27,11 +28,12 @@ cryptdisk_volumes:
     device: /dev/disk/by-id/nvme-eui.0025388791050fdc-part3
 
 
+zfs_use_systemd_mount_generator: no
+zfs_arc_size:
+  min: "{{ 2 * 1024 * 1024 * 1024 }}"
+  max: "{{ 12 * 1024 * 1024 * 1024 }}"
+
 zfs_zpools:
   storage:
     mountpoint: /srv/storage
     create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
-
-# zfs_arc_size:
-#   min: "{{ 2 * 1024 * 1024 * 1024 }}"
-#   max: "{{ 16 * 1024 * 1024 * 1024 }}"
diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml
index 4584813e..705ff929 100644
--- a/inventory/host_vars/sk-2019vm.yml
+++ b/inventory/host_vars/sk-2019vm.yml
@@ -10,12 +10,42 @@ install:
 network: {}
 
 base_intel_nic_stability_fix: true
+ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}"
 
 apt_repo_components:
 - main
 - contrib  ## for zfs
 - non-free ## for microcode updates
 
+
+cryptdisk_volumes:
+  crypto-nvme0:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3
+  crypto-nvme1:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3
+
+
+zfs_arc_size:
+  min: "{{ 2 * 1024 * 1024 * 1024 }}"
+  max: "{{ 8 * 1024 * 1024 * 1024 }}"
+
+zfs_zpools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
+
+zfs_sanoid_modules:
+  storage/vm:
+    use_template: production
+    recursive: yes
+    process_children_only: yes
+  storage/vm/sk-testvm:
+    use_template: ignore
+    recursive: yes
+
+
 vm_host:
   network:
     dns:
@@ -42,23 +72,7 @@ vm_host:
             ele-gwhetzner: 2
             ch-mimas: 6
             sk-testvm: 7
-
-ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}"
-
-cryptdisk_volumes:
-  crypto-nvme0:
-    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
-    device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3
-  crypto-nvme1:
-    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
-    device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3
-
-
-zfs_zpools:
-  storage:
-    mountpoint: /srv/storage
-    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
-
-zfs_arc_size:
-  min: "{{ 2 * 1024 * 1024 * 1024 }}"
-  max: "{{ 8 * 1024 * 1024 * 1024 }}"
+  zfs:
+    default:
+      pool: storage
+      name: vm
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index 15dcb860..085a9c95 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -11,15 +11,17 @@ network: {}
 
 base_intel_nic_stability_fix: true
 
-zfs_zpools:
-  storage:
-    mountpoint: /srv/storage
-    create_vdevs: mirror nvme0n1p3 nvme1n1p3
 
+zfs_use_systemd_mount_generator: no
 zfs_arc_size:
   min: "{{ 2 * 1024 * 1024 * 1024 }}"
   max: "{{ 16 * 1024 * 1024 * 1024 }}"
 
+zfs_zpools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: mirror nvme0n1p3 nvme1n1p3
+
 
 docker_zfs:
   pool: storage
diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml
index 6ee92378..5d9561f0 100644
--- a/inventory/host_vars/sk-testvm.yml
+++ b/inventory/host_vars/sk-testvm.yml
@@ -10,8 +10,7 @@ install:
     scsi:
       sda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 10g
   interfaces:
   - bridge: br-public
diff --git a/inventory/host_vars/sk-tomnext-hp.yml b/inventory/host_vars/sk-tomnext-hp.yml
new file mode 100644
index 00000000..72f116b9
--- /dev/null
+++ b/inventory/host_vars/sk-tomnext-hp.yml
@@ -0,0 +1,32 @@
+---
+vm_host: sk-tomnext
+
+install:
+  host: "{{ vm_host }}"
+  mem: 8192
+  numcpu: 4
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 20g
+  interfaces:
+  - bridge: br-public
+    name: primary0
+    autostart: True
+
+network:
+  nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary:
+    interface: primary0
+    ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
+    mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
+    gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+    overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+
+external_ip: "{{ network.primary.overlay }}"
diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml
new file mode 100644
index 00000000..296a9e28
--- /dev/null
+++ b/inventory/host_vars/sk-tomnext-nc.yml
@@ -0,0 +1,126 @@
+---
+vm_host: sk-tomnext
+
+install:
+  host: "{{ vm_host }}"
+  mem: 16384
+  numcpu: 8
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 15g
+      sdb:
+        type: zfs
+        name: data
+        size: 800g
+  interfaces:
+  - bridge: br-public
+    name: primary0
+  autostart: True
+
+network:
+  nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary:
+    interface: primary0
+    ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
+    mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
+    gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+    overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+
+external_ip: "{{ network.primary.overlay }}"
+
+
+apt_repo_components:
+- main
+- contrib  ## for zfs
+
+
+zfs_arc_size:
+  min: "{{ 2 * 1024 * 1024 * 1024 }}"
+  max: "{{ 8 * 1024 * 1024 * 1024 }}"
+
+zfs_zpools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: /dev/sdb
+
+zfs_sanoid_modules:
+  storage/nextcloud:
+    use_template: production
+    recursive: yes
+    process_children_only: yes
+
+
+docker_zfs:
+  pool: storage
+  name: docker
+  size: 15G
+
+kubelet_zfs:
+  pool: storage
+  name: kubelet
+  size: 15G
+
+kubernetes_version: 1.18.3
+kubernetes_container_runtime: docker
+kubernetes_standalone_max_pods: 15
+kubernetes_standalone_pod_cidr: 192.168.255.0/24
+kubernetes_standalone_cni_variant: with-portmap
+
+
+acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
+nginx_server_names_hash_bucket_size: 64
+
+nextcloud_zfs:
+  pool: storage
+  name: nextcloud
+  size: 700G
+
+nextcloud_instances:
+  team.tomwaitz.eu:
+    # new: true
+    version: 18.0.4
+    port: 8100
+    hostnames:
+      - team.tomwaitz.eu
+    quota: 700G
+    database:
+      type: mariadb
+      version: 10.5.3
+      password: "{{ vault_nextcloud_database_passwords['team.tomwaitz.eu'] }}"
+    custom_image:
+      dockerfile: |
+        RUN set -x \
+            && sed 's/main$/main contrib non-free/' -i /etc/apt/sources.list \
+            && apt-get update -q \
+            && apt-get install -y -q unrar \
+            && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+
+collabora_code_base_path: /srv/storage/collabora/code
+
+collabora_code_instances:
+  o.tomwaitz.eu:
+    version: 4.2.3.1
+    port: 8200
+    hostname: o.tomwaitz.eu
+    admin:
+      username: admin
+      password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}"
+    backend_storages:
+    - team.tomwaitz.eu
+    custom_image:
+      dockerfile: |
+        USER root
+        RUN set -x \
+            && echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections \
+            && apt-get update -q \
+            && apt-get install -y -q ttf-mscorefonts-installer \
+            && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+        USER 101
diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml
new file mode 100644
index 00000000..22a96897
--- /dev/null
+++ b/inventory/host_vars/sk-tomnext.yml
@@ -0,0 +1,70 @@
+---
+install:
+  cloud:
+    credentials: "{{ vault_hroot_robot_account }}"
+    server_name: "{{ host_name }}"
+  disks:
+    layout: nvme_raid
+    root_lvm_size: 10G
+
+network: {}
+
+base_intel_nic_stability_fix: true
+ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}"
+
+apt_repo_components:
+- main
+- contrib  ## for zfs
+- non-free ## for microcode updates
+
+
+cryptdisk_volumes:
+  crypto-nvme0:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157a42-part3
+  crypto-nvme1:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
+    device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157b3d-part3
+
+
+zfs_arc_size:
+  min: "{{ 2 * 1024 * 1024 * 1024 }}"
+  max: "{{ 8 * 1024 * 1024 * 1024 }}"
+
+zfs_zpools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
+
+zfs_sanoid_modules:
+  storage/vm:
+    use_template: production
+    recursive: yes
+    process_children_only: yes
+  storage/vm/sk-tomnext-nc:
+    use_template: ignore
+    recursive: yes
+
+
+vm_host:
+  network:
+    dns:
+    - 213.133.100.100
+    - 213.133.98.98
+    - 213.133.99.99
+    bridges:
+      public:
+        prefix: 192.168.250.254/24
+        offsets:
+          sk-tomnext-nc: 103
+          sk-tomnext-hp: 104
+        nat: yes
+        overlay:
+          prefix: 94.130.206.64/26
+          offsets:
+            sk-tomnext-nc: 39
+            sk-tomnext-hp: 40
+  zfs:
+    default:
+      pool: storage
+      name: vm
diff --git a/inventory/host_vars/sk-torrent.yml b/inventory/host_vars/sk-torrent.yml
index cdf5f94a..8135dde0 100644
--- a/inventory/host_vars/sk-torrent.yml
+++ b/inventory/host_vars/sk-torrent.yml
@@ -10,13 +10,11 @@ install:
     scsi:
       sda:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}"
+        name: root
         size: 10g
       sdb:
         type: zfs
-        pool: storage
-        name: "{{ inventory_hostname }}-data"
+        name: data
         size: 180g
   interfaces:
   - bridge: br-public