1 files changed, 139 insertions, 0 deletions

diff --git a/skillz/sk-2019.yml b/skillz/sk-2019.yml
new file mode 100644
index 00000000..3d555ba5
--- /dev/null
+++ b/skillz/sk-2019.yml
@@ -0,0 +1,139 @@
+---
+- name: Basic Setup
+  hosts: sk-2019
+  roles:
+  # - role: apt-repo/base
+  # - role: core/base
+  # - role: core/sshd/base
+  # - role: core/zsh
+  - role: core/cpu-microcode
+  # - role: core/users
+  - role: storage/luks/base
+  - role: storage/zfs/base
+  - role: apt-repo/spreadspace
+  - role: storage/zfs/sanoid
+  tasks:
+  - name: install post-boot script
+    copy:
+      dest: /usr/local/bin/post-boot
+      mode: 0755
+      content: |
+        #!/bin/bash
+        set -e
+
+        {% for name, volume in luks_devices.items() %}
+        echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m"
+        cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+        {% endfor %}
+
+        systemctl restart zfs-import-cache.service
+        systemctl restart zfs-mount.service
+        systemctl restart zfs-share.service
+        systemctl restart zfs-zed.service
+        mount -a
+
+        sleep 2
+        systemctl restart mariadb.service
+        systemctl restart apache2.service
+
+  - name: install ispconfig fix systemd service unit
+    copy:
+      dest: /etc/systemd/system/fix-fstab.service
+      content: |
+        [Unit]
+        Description=fix fstab entries made by ispconfig
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab
+
+  - name: install ispconfig fix systemd service unit
+    copy:
+      dest: /etc/systemd/system/fix-fstab.timer
+      content: |
+        [Unit]
+        Description=fix fstab entries made by ispconfig
+
+        [Timer]
+        OnCalendar=*-*-* *:*:00
+
+        [Install]
+        WantedBy=timers.target
+
+  - name: enable and start fstab fix
+    systemd:
+      name: fix-fstab.timer
+      daemon_reload: yes
+      enabled: yes
+      state: started
+
+  ### the machine reboots often - make it so that no manual intervention is necessary
+  ### of course this makes encrypting the disks a little bit silly...
+  - name: create base dir for crypto volume key files
+    file:
+      path: /etc/cryptsetup-keys.d/
+      state: directory
+      mode: 0500
+
+  - name: generate key files for crypto volumes
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key"
+      content: "{{ item.value.passphrase }}"
+      mode: 0400
+    notify: rebuild initramfs
+
+  - name: generate crypttab
+    copy:
+      dest: /etc/crypttab
+      content: |
+        # ansible generated
+        {% for name, volume in luks_devices.items() %}
+        {{ name }}  {{ volume.device }}  /etc/cryptsetup-keys.d/{{ name }}.key  luks
+        {% endfor %}
+    notify: rebuild initramfs
+
+  handlers:
+  - name: rebuild initramfs
+    command: dpkg-reconfigure initramfs-tools
+
+
+### TODO:
+#
+# zfs create -o quota=30G -o compress=lz4 storage/mysql
+# zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup
+# zfs create -o quota=300G -o compress=lz4 storage/vmail
+# zfs create -o quota=600G -o compress=lz4 storage/www
+# zfs create -o quota=40G -o compress=lz4 storage/log
+# zfs create -o quota=50G -o compress=lz4 storage/configz
+# zfs create -o quota=20G -o compress=lz4 storage/backup
+#
+# mkdir -p   /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chattr +i  /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+#
+### add to /etc/fstab:
+##
+## /srv/storage/mysql            /var/lib/mysql             none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/automysqlbackup  /var/lib/automysqlbackup   none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/vmail            /var/vmail                 none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/www              /var/www                   none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/log              /var/log/ispconfig         none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/backup           /var/backup                none  defaults,bind,x-systemd.automount,nofail    0 0
+#
+# mount -a
+#
+
+
+########### manual post-boot
+
+# cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }'
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# rm -rf  /srv/storage/*