diff --git a/ansible/main.yml b/ansible/main.yml index 054ecba..dfa78c0 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -166,138 +166,8 @@ user: root when: gandi_api_key is defined -# Custom repo config -- hosts: compute - become: yes - handlers: - - import_tasks: handlers.yml - tasks: - - name: Install compute packages - apt: - name: - - podman - - sshfs - force_apt_get: yes - update_cache: yes - - - name: Mount bigdummy /bigdata via NFS - mount: - src: root@10.42.0.202:/bigdata - path: /bigdata - fstype: fuse.sshfs - opts: reconnect,allow_other,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast - state: mounted - - - name: Mount vtluug /media via sshfs - mount: - src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media - path: /media-vtluug - fstype: fuse.sshfs - opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast - state: mounted - - # /home/paul/.ssh/id_rsa_fast must exist - - name: Install sshtunnel systemd service - copy: - src: files/fogcutter/sshtunnel.service - dest: /etc/systemd/system/sshtunnel.service - owner: root - group: root - mode: '0644' - notify: Load, start, and enable sshtunnel service - - - debug: - msg: Start podman services manually - -# NFS core config -# ASSUMES /bigdata IS CONFIGURED (make sure dir is 755) -- hosts: nfs - become: yes - handlers: - - import_tasks: handlers.yml - tasks: - - name: Install zfs-zed, and nfs-kernel-server - apt: - name: - - beets - - nfs-kernel-server - - zfs-auto-snapshot - - zfs-zed - force_apt_get: yes - update_cache: yes - - - name: Configure zfs-zed - copy: - src: files/zed.rc - dest: /etc/zfs/zed.d/zed.rc - owner: root - group: root - mode: '0644' - notify: Restart zfs-zed - - - name: Install weekly bigdata scrub cron job - cron: - name: 'Weekly zfs pool status check' - special_time: weekly - job: '/usr/sbin/zpool status | mail -s "ZFS STATUS" paulsw.pw+alerts@gmail.com' - user: root - - - name: Install rclone - apt: - deb: https://github.com/rclone/rclone/releases/download/v1.49.2/rclone-v1.49.2-linux-amd64.deb - force_apt_get: yes - - - debug: - msg: Manually configure rclone remote drive - - - name: Export /bigdata - copy: - src: files/exports - dest: /etc/exports - owner: root - group: root - mode: '0644' - notify: Re-export exportfs - -# Proxy config -- hosts: proxy - become: yes - tasks: - ## Changes will take effect during next reboot - - name: Configure sysctl to reject RA acceptance - template: - src: templates/disablera.conf.j2 - dest: /etc/sysctl.d/disablera.conf - owner: root - group: root - mode: '0644' - - - name: Add HAProxy GPG key - apt_key: - url: https://haproxy.debian.net/bernat.debian.org.gpg - - - name: Add HAProxy APT repository - apt_repository: - repo: deb http://haproxy.debian.net buster-backports-2.2 main - - - name: Install HAProxy - apt: - name: haproxy - state: present - force_apt_get: yes - update_cache: yes - - - name: Install HAProxy proxy config - copy: - src: files/{{ inventory_hostname }}/haproxy.cfg - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: '0644' - notify: Restart haproxy - -# IRC config -- hosts: irc +# docker +- hosts: irc,compute become: yes handlers: - import_tasks: handlers.yml @@ -319,6 +189,33 @@ force_apt_get: yes update_cache: yes +# Custom repo config +- hosts: compute + become: yes + handlers: + - import_tasks: handlers.yml + tasks: + - name: Install compute packages + apt: + name: + - sshfs + force_apt_get: yes + update_cache: yes + + - name: Mount vtluug /media via sshfs + mount: + src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media + path: /media-vtluug + fstype: fuse.sshfs + opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast + state: mounted + +# IRC config +- hosts: irc + become: yes + handlers: + - import_tasks: handlers.yml + tasks: - name: Add joe to docker group user: name: joe