diff options
Diffstat (limited to 'skillz/sk-2019.yml')
-rw-r--r-- | skillz/sk-2019.yml | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/skillz/sk-2019.yml b/skillz/sk-2019.yml new file mode 100644 index 00000000..3d555ba5 --- /dev/null +++ b/skillz/sk-2019.yml @@ -0,0 +1,139 @@ +--- +- name: Basic Setup + hosts: sk-2019 + roles: + # - role: apt-repo/base + # - role: core/base + # - role: core/sshd/base + # - role: core/zsh + - role: core/cpu-microcode + # - role: core/users + - role: storage/luks/base + - role: storage/zfs/base + - role: apt-repo/spreadspace + - role: storage/zfs/sanoid + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in luks_devices.items() %} + echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + systemctl restart mariadb.service + systemctl restart apache2.service + + - name: install ispconfig fix systemd service unit + copy: + dest: /etc/systemd/system/fix-fstab.service + content: | + [Unit] + Description=fix fstab entries made by ispconfig + + [Service] + Type=oneshot + ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab + + - name: install ispconfig fix systemd service unit + copy: + dest: /etc/systemd/system/fix-fstab.timer + content: | + [Unit] + Description=fix fstab entries made by ispconfig + + [Timer] + OnCalendar=*-*-* *:*:00 + + [Install] + WantedBy=timers.target + + - name: enable and start fstab fix + systemd: + name: fix-fstab.timer + daemon_reload: yes + enabled: yes + state: started + + ### the machine reboots often - make it so that no manual intervention is necessary + ### of course this makes encrypting the disks a little bit silly... + - name: create base dir for crypto volume key files + file: + path: /etc/cryptsetup-keys.d/ + state: directory + mode: 0500 + + - name: generate key files for crypto volumes + loop: "{{ luks_devices | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key" + content: "{{ item.value.passphrase }}" + mode: 0400 + notify: rebuild initramfs + + - name: generate crypttab + copy: + dest: /etc/crypttab + content: | + # ansible generated + {% for name, volume in luks_devices.items() %} + {{ name }} {{ volume.device }} /etc/cryptsetup-keys.d/{{ name }}.key luks + {% endfor %} + notify: rebuild initramfs + + handlers: + - name: rebuild initramfs + command: dpkg-reconfigure initramfs-tools + + +### TODO: +# +# zfs create -o quota=30G -o compress=lz4 storage/mysql +# zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup +# zfs create -o quota=300G -o compress=lz4 storage/vmail +# zfs create -o quota=600G -o compress=lz4 storage/www +# zfs create -o quota=40G -o compress=lz4 storage/log +# zfs create -o quota=50G -o compress=lz4 storage/configz +# zfs create -o quota=20G -o compress=lz4 storage/backup +# +# mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# +### add to /etc/fstab: +## +## /srv/storage/mysql /var/lib/mysql none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/automysqlbackup /var/lib/automysqlbackup none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/vmail /var/vmail none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/www /var/www none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/log /var/log/ispconfig none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/backup /var/backup none defaults,bind,x-systemd.automount,nofail 0 0 +# +# mount -a +# + + +########### manual post-boot + +# cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }' +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# rm -rf /srv/storage/* |