27 files changed, 787 insertions, 0 deletions

diff --git a/skillz/cloud-install.yml b/skillz/cloud-install.yml
new file mode 100644
index 00000000..72db81d9
--- /dev/null
+++ b/skillz/cloud-install.yml
@@ -0,0 +1,10 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostname }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+
+- import_playbook: ../common/cloud-install.yml
diff --git a/skillz/common.yml b/skillz/common.yml
new file mode 100644
index 00000000..af4b4fda
--- /dev/null
+++ b/skillz/common.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+  hosts: "{{ install_hostname }}"
+  roles:
+  - role: apt-repo/base
+    when: ansible_pkg_mgr == "apt"
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
diff --git a/skillz/generic.yml b/skillz/generic.yml
new file mode 100644
index 00000000..bc8866c5
--- /dev/null
+++ b/skillz/generic.yml
@@ -0,0 +1,5 @@
+---
+- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}"
+  hosts: "{{ myhosts }}"
+  roles:
+  - role: "{{ myrole }}"
diff --git a/skillz/group_vars/all.yml b/skillz/group_vars/all.yml
new file mode 100644
index 00000000..bace9df0
--- /dev/null
+++ b/skillz/group_vars/all.yml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+39333835343437643137363564396365316439626562616635373336383136393961366164373439
+6134633733313738636562666461653861346439323231300a343935313134326635643464626565
+61643764393538666235356530633236366431313236646664323561633032353966633262376435
+3532393163636264390a336634653935663361333433626231633764356666616632356166653434
+34623165613963373261343161653739323836626234333135366239623861396136656464343934
+62383134626161666633613937616132356330373364366235363362396532353638663437363563
+65646634643238653130396363323464656162666162343365666330633037363531316531396365
+32383765623666643561613465373038396266656465356263623135633631303130396466363031
+63383633636136366439313731363839336635386664383364376466323464363032303133623038
+62613639313531643666326539663864636364623161356563616231326237646130303961383666
+32366332303464363734306535633239636539653863383135383066653730386330626430303730
+61653634653935623837323639626261313166326235636232626162386430616135626536373437
+65656339383161333166353466643436656463653237303566303665343937386534393039663836
+62656237303863323564383331343665376663363131386238356633356662633537663866336531
+62376163316662613439666161343461396434306632633333376362346362386163373639333163
+66636661316530653336383562366237633230383635386362303435613466313963376634616138
+32376534313430643564366362353062336339343737306466386662623463393063363935333435
+61666137323339633932666364346266393561303631663932386166626136356439323863636637
+63326136633938616539623938313738656635656161396562326162336530623230336438313863
+63346162613235316435393137313935643637393765666561303261333265313031343231306133
+33663164393338613433303261323265616639396130613330313662303532323361656535666635
+37613836323239633139616435313361383138356463353033353639363365663934356561626331
+33663830343463306534343439633565343433633765323538353861636433303634303330643234
+64393032323434616533663038626466356532383735366331333933653635343966333463353435
+3663
diff --git a/skillz/host_vars/sk-2019.yml b/skillz/host_vars/sk-2019.yml
new file mode 100644
index 00000000..29633d0e
--- /dev/null
+++ b/skillz/host_vars/sk-2019.yml
@@ -0,0 +1,21 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+65356433653063643165336636353364333339626236303637353639346166623666333136663466
+3637633166353765393636323931336338616435383736620a393565653533643732323661336433
+36636164633535303531343362383439633038323539346331666333333964616164636362363666
+6230313331636566630a636539306135343532643234323566656635353836383865373865643337
+32313739663638336232313462663261383632313866663131626330353766613338346231363131
+65616564353865633930623732323262393232343161633764633430316437303138323635333335
+31383361313861646537636133346137393362663566653936626137663839353430373265353262
+33653432366234366531376163613762383961323333303864656335313265363163613666396534
+65366136353765323165636438663336653137363136636565313934643262303939353563663635
+32643336623564386464353065346134303063346533353833363334626535663137333164383961
+39343161316433386233373866366138666664316332613039633531653564343137313961636436
+30613131323635633833613762346538373533316566616639326461626366343663366238333661
+31636462626539663965613063633832656235343562616533383531353133383137333032643564
+39613234353061323131643530613430303233336331653136363836636639383761633635393636
+39393539393066323238636334316537333239353837343934633364323937306634336233363863
+61383661316438386338653735626162613732613634333464393739633061666566623531626166
+30636262343633313730346462373738396535383164666266396265366635653866306464663234
+32646232666135313264656538633834363931643232626431383539613462626364363763616437
+31633761326535613363653861316534363236336332313961343532623434363737326434356439
+66626335616634613364
diff --git a/skillz/host_vars/sk-2019vm.yml b/skillz/host_vars/sk-2019vm.yml
new file mode 100644
index 00000000..6ffcff58
--- /dev/null
+++ b/skillz/host_vars/sk-2019vm.yml
@@ -0,0 +1,21 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+31323764346661386139383032303266363633313764666462623534643433396631333062366631
+3435663166366366663734383739323731356161623835300a666335373262383065636665646136
+30653035393231643134623464383531623430633663666461306437383831326635363163623765
+3465323635376166620a343933626435323765373837313063363036326236653330353434303566
+66333664616362303533663764383939633366656166303936646263613934663139626365633137
+36633536333336643433643962616635646330383237326165343239633338313465636236373832
+65366331636464613434646266623166653932363239346339613934333732383765616566396232
+61333066353632346138663464393033316563336239326237613630303738396166373835643931
+36366436346461343735623338343938623234643039643239383463333966376363653035333966
+63363561376134656636333538313034356565616465333566633732643138316234326666343762
+61303230396163356538316661313763656563663063636238633239393661346264353563313165
+64376435323161316436333335343336363333303361613535646238353236353333366338386633
+65613036303162653136613935373266393631656431643830303637316438653233376130326461
+36616434343765386261326233376663396364346233343734363062653039396162396533626533
+30323438313865366136393233393438316430653931383630316333623430393733333535643735
+65643838633532353433343262356237333432343531336366323832356665306133656139373564
+37383531333030643432333137396332373036626134396332623530666636396162323237396636
+66656461373038316334313165633636663137323661353733343536656262323033623466346466
+62383835323066653063636566623765306362616166666130356361623964656330656236396165
+31663930633232653838
diff --git a/skillz/host_vars/sk-cloudio.yml b/skillz/host_vars/sk-cloudio.yml
new file mode 100644
index 00000000..8596b411
--- /dev/null
+++ b/skillz/host_vars/sk-cloudio.yml
@@ -0,0 +1,82 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+38373935316661656666663139653966636234643337653432343830376332386533323164323337
+3066393834633363656537383433343365346330636136360a333462373465393939383634303439
+36376238303837373763643235663330353662323165636233623534623065303961356630623536
+3335613565396430640a333930656531666530393836633432363762366439343535366266333933
+61313839373139303835633234376330623634313666643964633432613432316437363930666331
+37363065663437396234613735363337343563303064343033356562633061353433386435663630
+34633761646566373435643563666436303766346430313131643334666235363062353864313037
+35623130386465613335623132623236373431636632343563653836383237326131306134636464
+65663363613661303262363334393639323132343664363863653564626537643432393465313238
+64623836626537366339616339393938353336626134333734303738316162633065623464323832
+61303965326133323063623663333664313933653233373864383231393730616163656164643935
+61353636633734613638616637393938326530393330306463303339666135626534663465373032
+66353662333631363036353234626366306636323135643334613461393763306161633934303538
+65386135353436336462336165316138383562316664306430373763336161303933393234393466
+64646262366533363038663931623161333130643164346565373064666631303434323331386632
+61373163356566353962303161396261613834643265636433393032383739386331313134663266
+34396265666435626564383063376632373038343030366336343638656437626663653232353932
+35386361633933316263666263323534633737393337303939626564346231363162353136323561
+61313134343163303434323965616333613465393632393266666237613164386663373731333231
+39646636353163653933353765646563656466306437386135663530346134316163323239376338
+39393138383930643231323766643364643738633766353331656532316336366363376462653335
+31343935303238613034336436343137373331323766303139393437623137616563613430633433
+32626431653634333861623335643963353337323435653538343036306463623765666234353930
+32663665323661396161333162386538336633303036336665336139386638643463376361356234
+35653431343630643662306634346239643063306562363266336262363662383264383930396265
+63646632383932323335666164376661613132616665356135356535303961333437363039343132
+65363233336634383234303237323534636261333132326639393261643162393330386366383965
+36306538343363623064356132623236353338303866353666336666396264333864363836633233
+32646434303839616639333538346561373961363438326336663365306366623836663930616138
+31366133626135636665613663653131343766343766373530366637323333393237663430626535
+63633935626265383866643437383236363264396334313164666433353863373834316134386235
+33666335303739316131323431623836633030653134303736353730636637323362316562383933
+36353161346662396138303265616231633161663165656662343930643537363366373765613233
+37346430653465303063636363636565306337623939373539313837376139373062623561616232
+63643461393530366366313630313364306230663537333061356364383364663663316561393932
+33333638376530336633643836373231353839643366626661636330366534363661333765343833
+63336138656461373939396233306139306563653337386232383435313135396461653731386434
+64353835663863396633616262663866653264376530396261656666373138316636323038346330
+61633761353065663062323938353538643338363130613932353461366535326462613162643833
+62663062623438353862616436643363303063343337336537386635373537333330356537306631
+63663439343435313732363636376162613030663930646334623237323065623632346461653730
+34663937656130373066366666643539376661633062356331666436366239346165653164643132
+32396131326533363264616135386639313132663030373363343364323965313539323063333761
+34373162643736383633623736323731653537653338316164623064663865663032376238643834
+64613032656365326162633237633130353963633131353130656330663863663733653766323561
+36323139303738326264393833313761363937643262383933633366366634336261343536663565
+33316166313130626537393939363037616165303933393230333632306430623438643363663433
+39346333623061663166353138373963316263393332303862333764393435613233613965333965
+62333230323266333430633365623739633436633635383339373332333934353734313530353533
+35333964623532306363373461396462363733633837363132356638353266666634363035656665
+31333966666166373239346139623632346165393163643334626534623765643533653761303662
+32373765393332303131666230616232623432303036633362393230626666323566393762333538
+36366539313732373430343464656439623432303664383632613362366339636462616635613834
+62643962666634636365373132613634613462313938316566623265353730366436366631383431
+32623039656537613630613636323639623334613830653931326464326234623938653532303764
+65633535333062313738393330303832306530633130353737653961633566613963643065323033
+64646563346332343537623939646435663836656266633061373332313636366338633464373639
+33663732313262356133393363336361623636326231616631333633313230346362643163376130
+61393338313761623765353164656530643533643661663235353366373039323934313466346238
+61346661616237343164633137663134636631383563383038303330663664343066386135316433
+65626135643564653038653531313065393731666162383365386333626130636435613339333130
+64643538666565383965396263316365353234636634303563333435363865306662656631306166
+61633035306562336565656138313233396266656161666438366537663132613333666636366631
+63376636336237626233333937343236393166633733373534353131633036633239633234643536
+63353535306561343962303331306330633934323264326138613161633639616263333734663634
+38393964636137633862343066343538333938363733653866323161643834393363663539613630
+33643737663536373265356437346463656361303461626265393730663837633632363963373130
+31353164306563346239333736303636333336323065656231633038636137396463363638626630
+35656137616536363732376139663561646638663262376433643366373965323837623433323233
+31626131653766626537316430303564336263396239653964663936393433343831383132303530
+35643539366339393839653664666464643739393134666234333733613532363161663630373033
+32636665313461363932333533393133343762383561353863656536303565623564343262343337
+36653536366534653037633830323537653637326163303131616162303961393735623839353831
+30353134646639343531396437643831366239393066653433323135613033333162376364636639
+63313432643663613061333335333664626233626331663338626334613564386365653461383030
+32346130373965396164653663643933363235616534663031336430323838326265636563643839
+37646239653835366433646331633861633330663438323737653764663338643632353832383238
+33663831323062623036643039656534326234313161373836383966376564306231616162643831
+36623832346636306135333439656466303039396435613731393535376165613534623832633034
+61383133356332383730346630356131663263313532616661333139323133356666333966333762
+3731
diff --git a/skillz/host_vars/sk-testvm.yml b/skillz/host_vars/sk-testvm.yml
new file mode 100644
index 00000000..6081d56b
--- /dev/null
+++ b/skillz/host_vars/sk-testvm.yml
@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+35666266336366353336306161626463373466323434316163653235623464626134316237333961
+3139623939363464366539646365323136393939316333630a373365623838663038306438636537
+63663830653332316132353033326638663332363636623131666266313065323430346634333339
+6339336365343265660a353637373133323634646463396137353130663731623265663064653337
+66363135376339363862316134373631643765383935333030323938653337396435356361353638
+35346665376262306565393339646238353230363439333762306633316331643963653466313961
+32613063306437633333386265663562616563616664613962633564373563326539363866313763
+30613232353663643066613732316564666361646163366437323765633935656238336632323733
+65386135656435313466653666623233303661343530613932373961643634346562393532663462
+31353262323133363537303035383639353334323935613831376637613964663635306637643037
+62303134633064616531353039383336363563376365326234323835643233306139363032663536
+63373534323731366365393632623432326561303863616261306233616436383266646361356636
+64383831363863363738633065386435343935633137613964316237666566313430623061636439
+31646661333161623465316564323835653062343730343331353339363664663331303735346162
+63646531646430303630356132376232656639313163376631373135313237633334646135653239
+37386437633432376564383964636266623230363834633239356565376530633838333533346335
+66383966313862353130663334383535376464613638366330303962656336613765656362393335
+37643066353734303733346234633736653663376639656633306635363061623163376139616564
+646461383234653235356164626537326664
diff --git a/skillz/host_vars/sk-tomnext-nc.yml b/skillz/host_vars/sk-tomnext-nc.yml
new file mode 100644
index 00000000..b7b7c529
--- /dev/null
+++ b/skillz/host_vars/sk-tomnext-nc.yml
@@ -0,0 +1,24 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+38303565323764636435626633373138303637383839656366303532313266356665306666376534
+6566623963643964613133306334396336333566646631310a366430303430306563626530323636
+64316438663337653135353935373038393931393261653133336164383436653665666132383233
+3566353365376265630a316166653133336338336330303161393932666335393361346435623733
+39383137396232613937633863306437666263623638633663343966333339376665666439653663
+62633536633937373230346636356134623066373436613839306635353262363062313036666262
+36333330363161623939613431363135653337643030323233666566633132636234346638346337
+35366165663866313230633831643839356335623734306262663663336530356437623536373265
+64646136303831363364636261363333383564643339636662366336646662663837653865363333
+62633331376636663638656362643262373163623764663034363839633433666661623164633532
+37346532323961613133623661663363383963626561383033303961633162376631643730383434
+37356261373736313036613864626362633631663534376665626238353033613831636364326137
+61663033653663633533376361646330383339343733653836303163306638376139323331323164
+32636133343333396564666563393239306239633739336361346466366565303433323230303562
+64663535303665303739633833316639346262626237376130326162376363316236396536316466
+63616436636262363062653162316335393465653263373132646237386565636232376266366435
+65643964346332393832353163363038313237313038363030306161373836666562613831333033
+61303332616261616437386266336664356636303633646134386236396238363061636330616266
+66303131326431343132316232363863343233666163366362643763303162393238346432616632
+39343138383538626561356635633562336531623039313336323138363965656536613935336436
+39306638316339323033653861616533396339313764613264613365396664613230306237646562
+35396233356638313339656331323763636330373334613631626130306331336432633334323032
+386630346436653564616130323562323530
diff --git a/skillz/host_vars/sk-tomnext.yml b/skillz/host_vars/sk-tomnext.yml
new file mode 100644
index 00000000..2e8aec35
--- /dev/null
+++ b/skillz/host_vars/sk-tomnext.yml
@@ -0,0 +1,21 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+32633430643636636263663937653962346365323663323335326366363134386163373532643666
+3462383534633339623538646230653639393534343536360a343665316266613464333066626631
+36393863383832303761386566343430343138343230643761623761396239633839666266356265
+6164333761343338620a623432663562626332656136626537396230303766616631373733383566
+34356561613066356666646631373466316162383063386262646435343935356135623261393439
+38656639643366346338326136306239323637336237363532353334623639363539333131653935
+33306239313131326531613466613330346430376639666564383263643031666636326263346462
+63626135393338386166666539386337633361393334666238393833373437313739636465393161
+34633266633862303937346366363634613165313635646164663131393634376330386464316666
+31396433383761316431343036383134303732653765613330303863333934333839643764346331
+61623038303638313632343038306464653030663933313462656438303564363433356438303637
+65666363633166306630333866323034396131313866653338346465653637653564323363376531
+35636263623039356437333563636131373237623034393362653736356265363261306132373738
+39656437353561323633323565646464333361303530333530646234663036653937663231616237
+65313061613638393131666430306464366564383963346334646365366234663737633363303963
+35336663343936663661326638333136616432383831306333643363663761363937626466393331
+31343538353735626464643162306164623963613937656136393934663761633435376636303861
+33646432643963313131353639396432653337626232653262346133313564373766396537356362
+33373466393462376137323264616662343962376463303030616335303431386131613565356365
+38653564303532373566
diff --git a/skillz/host_vars/sk-torrent.yml b/skillz/host_vars/sk-torrent.yml
new file mode 100644
index 00000000..18a8fa1e
--- /dev/null
+++ b/skillz/host_vars/sk-torrent.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.2;AES256;skillz
+37333061623432316463656165303235356636626364393138613735333631646137313866383866
+6236313162353066383439613737393934616638316637370a626434626230373836313963336234
+33636230396235313934646634373034616564656339653066656166353936643236346235333038
+6334353930333062390a333531373932633331393636386630636162363962373538376133633036
+36363236633862303933663565653361646533396565646136613539363166376232386239343863
+62666331333634373962336466376339653531356637383930363866363031326533323730646435
+61303239613733326531636331626363343232663135343333343139623864653761373961343962
+31346233326638646133333133336538333361646261623436316238326530336464663761343361
+6137
diff --git a/skillz/image-generate.yml b/skillz/image-generate.yml
new file mode 100644
index 00000000..1b11f1eb
--- /dev/null
+++ b/skillz/image-generate.yml
@@ -0,0 +1,20 @@
+---
+- name: generate os image
+  hosts: "{{ install_hostnames }}"
+  connection: local
+  gather_facts: no
+  roles:
+  - role: "installer/{{ install_distro }}/image"
+  post_tasks:
+  - pause:
+      seconds: 0
+      prompt: |
+        The resulting images can be found here:
+
+        {% for host in play_hosts %}
+        {{ host }}:
+        {%   for image in hostvars[host].output_images %}
+          - {{ image }}
+        {%   endfor %}
+
+        {% endfor %}
diff --git a/skillz/iso-generate.yml b/skillz/iso-generate.yml
new file mode 100644
index 00000000..584b8914
--- /dev/null
+++ b/skillz/iso-generate.yml
@@ -0,0 +1,10 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostnames }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+
+- import_playbook: ../common/iso-generate.yml
diff --git a/skillz/iso-install.yml b/skillz/iso-install.yml
new file mode 100644
index 00000000..5defe6d3
--- /dev/null
+++ b/skillz/iso-install.yml
@@ -0,0 +1,10 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostname }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+
+- import_playbook: ../common/iso-install.yml
diff --git a/skillz/openwrt-deploy.yml b/skillz/openwrt-deploy.yml
new file mode 100644
index 00000000..e7cc49fa
--- /dev/null
+++ b/skillz/openwrt-deploy.yml
@@ -0,0 +1,9 @@
+---
+- name: generate os image
+  hosts: "{{ install_hostname }}"
+  connection: local
+  gather_facts: no
+  roles:
+  - role: installer/openwrt/image
+
+- import_playbook: ../common/openwrt-deploy.yml
diff --git a/skillz/sk-2019.yml b/skillz/sk-2019.yml
new file mode 100644
index 00000000..3d555ba5
--- /dev/null
+++ b/skillz/sk-2019.yml
@@ -0,0 +1,139 @@
+---
+- name: Basic Setup
+  hosts: sk-2019
+  roles:
+  # - role: apt-repo/base
+  # - role: core/base
+  # - role: core/sshd/base
+  # - role: core/zsh
+  - role: core/cpu-microcode
+  # - role: core/users
+  - role: storage/luks/base
+  - role: storage/zfs/base
+  - role: apt-repo/spreadspace
+  - role: storage/zfs/sanoid
+  tasks:
+  - name: install post-boot script
+    copy:
+      dest: /usr/local/bin/post-boot
+      mode: 0755
+      content: |
+        #!/bin/bash
+        set -e
+
+        {% for name, volume in luks_devices.items() %}
+        echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m"
+        cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+        {% endfor %}
+
+        systemctl restart zfs-import-cache.service
+        systemctl restart zfs-mount.service
+        systemctl restart zfs-share.service
+        systemctl restart zfs-zed.service
+        mount -a
+
+        sleep 2
+        systemctl restart mariadb.service
+        systemctl restart apache2.service
+
+  - name: install ispconfig fix systemd service unit
+    copy:
+      dest: /etc/systemd/system/fix-fstab.service
+      content: |
+        [Unit]
+        Description=fix fstab entries made by ispconfig
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab
+
+  - name: install ispconfig fix systemd service unit
+    copy:
+      dest: /etc/systemd/system/fix-fstab.timer
+      content: |
+        [Unit]
+        Description=fix fstab entries made by ispconfig
+
+        [Timer]
+        OnCalendar=*-*-* *:*:00
+
+        [Install]
+        WantedBy=timers.target
+
+  - name: enable and start fstab fix
+    systemd:
+      name: fix-fstab.timer
+      daemon_reload: yes
+      enabled: yes
+      state: started
+
+  ### the machine reboots often - make it so that no manual intervention is necessary
+  ### of course this makes encrypting the disks a little bit silly...
+  - name: create base dir for crypto volume key files
+    file:
+      path: /etc/cryptsetup-keys.d/
+      state: directory
+      mode: 0500
+
+  - name: generate key files for crypto volumes
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key"
+      content: "{{ item.value.passphrase }}"
+      mode: 0400
+    notify: rebuild initramfs
+
+  - name: generate crypttab
+    copy:
+      dest: /etc/crypttab
+      content: |
+        # ansible generated
+        {% for name, volume in luks_devices.items() %}
+        {{ name }}  {{ volume.device }}  /etc/cryptsetup-keys.d/{{ name }}.key  luks
+        {% endfor %}
+    notify: rebuild initramfs
+
+  handlers:
+  - name: rebuild initramfs
+    command: dpkg-reconfigure initramfs-tools
+
+
+### TODO:
+#
+# zfs create -o quota=30G -o compress=lz4 storage/mysql
+# zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup
+# zfs create -o quota=300G -o compress=lz4 storage/vmail
+# zfs create -o quota=600G -o compress=lz4 storage/www
+# zfs create -o quota=40G -o compress=lz4 storage/log
+# zfs create -o quota=50G -o compress=lz4 storage/configz
+# zfs create -o quota=20G -o compress=lz4 storage/backup
+#
+# mkdir -p   /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chattr +i  /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+#
+### add to /etc/fstab:
+##
+## /srv/storage/mysql            /var/lib/mysql             none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/automysqlbackup  /var/lib/automysqlbackup   none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/vmail            /var/vmail                 none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/www              /var/www                   none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/log              /var/log/ispconfig         none  defaults,bind,x-systemd.automount,nofail    0 0
+## /srv/storage/backup           /var/backup                none  defaults,bind,x-systemd.automount,nofail    0 0
+#
+# mount -a
+#
+
+
+########### manual post-boot
+
+# cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }'
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount
+# rm -rf  /srv/storage/*
diff --git a/skillz/sk-2019vm.yml b/skillz/sk-2019vm.yml
new file mode 100644
index 00000000..d7c42245
--- /dev/null
+++ b/skillz/sk-2019vm.yml
@@ -0,0 +1,39 @@
+---
+- name: Basic Setup
+  hosts: sk-2019vm
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/users
+  - role: storage/luks/base
+  - role: storage/zfs/base
+  - role: storage/zfs/sanoid
+  - role: vm/host/base
+  - role: vm/host/network
+  - role: installer/debian/base
+  tasks:
+  - name: install post-boot script
+    copy:
+      dest: /usr/local/bin/post-boot
+      mode: 0755
+      content: |
+        #!/bin/bash
+        set -e
+
+        {% for name, volume in luks_devices.items() %}
+        echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m"
+        cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+        {% endfor %}
+
+        systemctl restart zfs-import-cache.service
+        systemctl restart zfs-mount.service
+        systemctl restart zfs-share.service
+        systemctl restart zfs-zed.service
+        mount -a
+
+        sleep 2
+        rm -f /run/libvirt/qemu/autostarted
+        systemctl restart libvirtd.service
diff --git a/skillz/sk-cloudio.yml b/skillz/sk-cloudio.yml
new file mode 100644
index 00000000..15e8bfec
--- /dev/null
+++ b/skillz/sk-cloudio.yml
@@ -0,0 +1,31 @@
+---
+- name: Basic Setup
+  hosts: sk-cloudio
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: sk-cloudio
+  roles:
+  - role: core/users
+  - role: storage/zfs/base
+  - role: apt-repo/spreadspace
+  - role: storage/zfs/sanoid
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: x509/acmetool/base
+  - role: nginx/base
+  - role: mail/postfix/base
+  - role: apps/nextcloud
+  - role: apps/collabora/code
+  - role: apps/onlyoffice
+  #- role: apps/etherpad-lite
+  - role: apps/coturn
+  - role: apps/jitsi/meet
+  - role: apps/keycloak
+  #- role: apps/pigallery2
+  - role: apps/wikijs
diff --git a/skillz/sk-testvm.yml b/skillz/sk-testvm.yml
new file mode 100644
index 00000000..74ba2053
--- /dev/null
+++ b/skillz/sk-testvm.yml
@@ -0,0 +1,151 @@
+---
+- name: Basic Setup
+  hosts: sk-testvm
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+
+- name: Payload Setup
+  hosts: sk-testvm
+  vars:
+    acme_client: uacme
+    # acme_client: acmetool
+    # cert_provider: "{{ acme_client }}"
+    # cert_provider: static
+    # cert_provider: selfsigned
+    cert_provider: static-ca
+  roles:
+  - role: apt-repo/spreadspace
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: "x509/{{ cert_provider }}/base"
+  - role: nginx/base
+  - role: nginx/auth/sso/base
+  - role: nginx/auth/sso/backend
+  - role: nginx/vhost
+    nginx_vhost:
+      default: yes
+      name: nosuchsite
+      template: generic
+      tls:
+        certificate_provider: "{{ cert_provider }}"
+        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__default', default={}) }}"
+        hsts: no
+      hostnames:
+      - testvm.elev8.at
+      locations:
+        '/':
+          root: /var/www/default
+          index: index.html
+  - role: nginx/vhost
+    nginx_vhost:
+      name: login
+      template: generic
+      tls:
+        certificate_provider: "{{ cert_provider }}"
+        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}"
+        hsts: no
+      hostnames:
+      - login.spreadspace.org
+      - login.spreadspace.com
+      - login.spreadspace.net
+      - login.spreadspace.systems
+      locations:
+        '/':
+          proxy_pass: http://127.0.0.1:8082
+  - role: nginx/vhost
+    nginx_vhost:
+      name: test
+      template: generic
+      tls:
+        certificate_provider: "{{ cert_provider }}"
+        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}"
+        hsts: no
+      hostnames:
+      - test.spreadspace.org
+      - test.spreadspace.com
+      - test.spreadspace.net
+      - test.spreadspace.systems
+      extra_directives: |
+        include snippets/sso-spreadspace.conf;
+      locations:
+        '/':
+          # proxy_pass: http://127.0.0.1:8080
+          root: /var/www/test
+          index: index.html
+          extra_directives: |
+            #auth_request_set $username $upstream_http_x_username;
+            #proxy_set_header Remote-User $username;
+            auth_request_set $cookie $upstream_http_set_cookie;
+            add_header Set-Cookie $cookie;
+  # - role: apps/mumble
+  #   mumble_version: v1.4.287-4
+  #   mumble_instance: spreadspace
+  #   mumble_hostnames:
+  #   - test.spreadspace.org
+  #   - test.spreadspace.com
+  #   - test.spreadspace.net
+  #   - test.spreadspace.systems
+  #   mumble_superuser_password: "very-secret"
+  #   mumble_config_options:
+  #     bonjour: false
+  #     sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5"
+  #     welcometext: "Welcome to the spreadspace Mumble Test-Server"
+  #     rememberchannel: true
+  #   mumble_tls:
+  #     certificate_provider: "{{ cert_provider }}"
+  #     certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}"
+  # - role: apps/coturn
+  #   coturn_version: 4.6.2-r4
+  #   coturn_realm: spreadspace
+  #   coturn_hostnames:
+  #   - test.spreadspace.org
+  #   - test.spreadspace.com
+  #   - test.spreadspace.net
+  #   - test.spreadspace.systems
+  #   coturn_auth_secret: "somewhat-secret"
+  #   coturn_tls:
+  #     certificate_provider: "{{ cert_provider }}"
+  #     certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}"
+  post_tasks:
+  - name: make sure document root directories exist
+    loop:
+    - test
+    - default
+    file:
+      path: "/var/www/{{ item }}"
+      state: directory
+
+  - name: install index.html for default server
+    copy:
+      dest: /var/www/default/index.html
+      content: |
+        <html>
+          <head>
+            <title>No Such Site</title>
+          </head>
+          <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;">
+            <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;">
+              <h2 style="">You have reached testvm.elev8.at, nothing to see here.</h2>
+            </div>
+          </body>
+        </html>
+
+
+  - name: install index.html for test server
+    copy:
+      dest: /var/www/test/index.html
+      content: |
+        <html>
+          <head>
+            <title>This is Test</title>
+          </head>
+          <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;">
+            <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;">
+              <h2 style="">If you can read this the test was successful.</h2>
+            </div>
+          </body>
+        </html>
diff --git a/skillz/sk-tomnext-hp.yml b/skillz/sk-tomnext-hp.yml
new file mode 100644
index 00000000..b0c38093
--- /dev/null
+++ b/skillz/sk-tomnext-hp.yml
@@ -0,0 +1,6 @@
+---
+- name: do nothing
+  hosts: sk-tomnext-hp
+  tasks:
+  - debug:
+      msg: this host is not managed by ansible ... nothing to do here
diff --git a/skillz/sk-tomnext-nc.yml b/skillz/sk-tomnext-nc.yml
new file mode 100644
index 00000000..9b756a18
--- /dev/null
+++ b/skillz/sk-tomnext-nc.yml
@@ -0,0 +1,24 @@
+---
+- name: Basic Setup
+  hosts: sk-tomnext-nc
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+
+- name: Payload Setup
+  hosts: sk-tomnext-nc
+  roles:
+  - role: core/users
+  - role: storage/zfs/base
+  - role: apt-repo/spreadspace
+  - role: storage/zfs/sanoid
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: x509/acmetool/base
+  - role: nginx/base
+  - role: mail/postfix/base
+  - role: apps/nextcloud
+  - role: apps/collabora/code
+  - role: apps/onlyoffice
diff --git a/skillz/sk-tomnext.yml b/skillz/sk-tomnext.yml
new file mode 100644
index 00000000..8ad69918
--- /dev/null
+++ b/skillz/sk-tomnext.yml
@@ -0,0 +1,39 @@
+---
+- name: Basic Setup
+  hosts: sk-tomnext
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/users
+  - role: storage/luks/base
+  - role: storage/zfs/base
+  - role: storage/zfs/sanoid
+  - role: vm/host/base
+  - role: vm/host/network
+  - role: installer/debian/base
+  tasks:
+  - name: install post-boot script
+    copy:
+      dest: /usr/local/bin/post-boot
+      mode: 0755
+      content: |
+        #!/bin/bash
+        set -e
+
+        {% for name, volume in luks_devices.items() %}
+        echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m"
+        cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+        {% endfor %}
+
+        systemctl restart zfs-import-cache.service
+        systemctl restart zfs-mount.service
+        systemctl restart zfs-share.service
+        systemctl restart zfs-zed.service
+        mount -a
+
+        sleep 2
+        rm -f /run/libvirt/qemu/autostarted
+        systemctl restart libvirtd.service
diff --git a/skillz/sk-torrent.yml b/skillz/sk-torrent.yml
new file mode 100644
index 00000000..e6a176c1
--- /dev/null
+++ b/skillz/sk-torrent.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+  hosts: sk-torrent
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/users
+  - role: skillz/torrent
diff --git a/skillz/usb-generate.yml b/skillz/usb-generate.yml
new file mode 100644
index 00000000..7f633f1e
--- /dev/null
+++ b/skillz/usb-generate.yml
@@ -0,0 +1,10 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostnames }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+
+- import_playbook: ../common/usb-generate.yml
diff --git a/skillz/usb-install.yml b/skillz/usb-install.yml
new file mode 100644
index 00000000..0f62bc85
--- /dev/null
+++ b/skillz/usb-install.yml
@@ -0,0 +1,10 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostname }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+
+- import_playbook: ../common/usb-install.yml
diff --git a/skillz/vm-deploy.yml b/skillz/vm-deploy.yml
new file mode 100644
index 00000000..8530b14a
--- /dev/null
+++ b/skillz/vm-deploy.yml
@@ -0,0 +1,18 @@
+---
+- name: generate os image
+  hosts: "{{ install_hostname }}"
+  connection: local
+  gather_facts: no
+  roles:
+  - role: "installer/{{ install_distro }}/image"
+
+- name: cook variables for host
+  hosts: "{{ install_hostname }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+      vm_host: "{{ vm_host | default({}) }}"
+
+- import_playbook: ../common/vm-deploy.yml
diff --git a/skillz/vm-install.yml b/skillz/vm-install.yml
new file mode 100644
index 00000000..da6a29a5
--- /dev/null
+++ b/skillz/vm-install.yml
@@ -0,0 +1,11 @@
+---
+- name: cook variables for host
+  hosts: "{{ install_hostname }}"
+  gather_facts: no
+  tasks:
+  - set_fact:
+      install: "{{ install | default({}) }}"
+      network: "{{ network | default({}) }}"
+      vm_host: "{{ vm_host | default({}) }}"
+
+- import_playbook: ../common/vm-install.yml