--- - name: Basic Setup hosts: sk-2019 roles: # - role: apt-repo/base # - role: core/base # - role: core/sshd/base # - role: core/zsh - role: core/cpu-microcode # - role: core/users - role: storage/luks/base - role: storage/zfs/base - role: apt-repo/spreadspace - role: storage/zfs/sanoid tasks: - name: install post-boot script copy: dest: /usr/local/bin/post-boot mode: 0755 content: | #!/bin/bash set -e {% for name, volume in luks_devices.items() %} echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' {% endfor %} systemctl restart zfs-import-cache.service systemctl restart zfs-mount.service systemctl restart zfs-share.service systemctl restart zfs-zed.service mount -a sleep 2 systemctl restart mariadb.service systemctl restart apache2.service - name: install ispconfig fix systemd service unit copy: dest: /etc/systemd/system/fix-fstab.service content: | [Unit] Description=fix fstab entries made by ispconfig [Service] Type=oneshot ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab - name: install ispconfig fix systemd service unit copy: dest: /etc/systemd/system/fix-fstab.timer content: | [Unit] Description=fix fstab entries made by ispconfig [Timer] OnCalendar=*-*-* *:*:00 [Install] WantedBy=timers.target - name: enable and start fstab fix systemd: name: fix-fstab.timer daemon_reload: yes enabled: yes state: started ### the machine reboots often - make it so that no manual intervention is necessary ### of course this makes encrypting the disks a little bit silly... - name: create base dir for crypto volume key files file: path: /etc/cryptsetup-keys.d/ state: directory mode: 0500 - name: generate key files for crypto volumes loop: "{{ luks_devices | dict2items }}" loop_control: label: "{{ item.key }}" copy: dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key" content: "{{ item.value.passphrase }}" mode: 0400 notify: rebuild initramfs - name: generate crypttab copy: dest: /etc/crypttab content: | # ansible generated {% for name, volume in luks_devices.items() %} {{ name }} {{ volume.device }} /etc/cryptsetup-keys.d/{{ name }}.key luks {% endfor %} notify: rebuild initramfs handlers: - name: rebuild initramfs command: dpkg-reconfigure initramfs-tools ### TODO: # # zfs create -o quota=30G -o compress=lz4 storage/mysql # zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup # zfs create -o quota=300G -o compress=lz4 storage/vmail # zfs create -o quota=600G -o compress=lz4 storage/www # zfs create -o quota=40G -o compress=lz4 storage/log # zfs create -o quota=50G -o compress=lz4 storage/configz # zfs create -o quota=20G -o compress=lz4 storage/backup # # mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup # chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup # chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup # ### add to /etc/fstab: ## ## /srv/storage/mysql /var/lib/mysql none defaults,bind,x-systemd.automount,nofail 0 0 ## /srv/storage/automysqlbackup /var/lib/automysqlbackup none defaults,bind,x-systemd.automount,nofail 0 0 ## /srv/storage/vmail /var/vmail none defaults,bind,x-systemd.automount,nofail 0 0 ## /srv/storage/www /var/www none defaults,bind,x-systemd.automount,nofail 0 0 ## /srv/storage/log /var/log/ispconfig none defaults,bind,x-systemd.automount,nofail 0 0 ## /srv/storage/backup /var/backup none defaults,bind,x-systemd.automount,nofail 0 0 # # mount -a # ########### manual post-boot # cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }' # umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke # umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke # umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke # mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount # mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount # mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount # rm -rf /srv/storage/*