feat: improce variable management
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
861e6af82e
commit
9c85cc9708
3
ansible/group_vars/NAS/ftp
Normal file
3
ansible/group_vars/NAS/ftp
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
vsftpd_config:
|
||||||
|
local_root: "/var/local/volume1"
|
||||||
|
seccomp_sandbox: False
|
@ -13,6 +13,3 @@ nfs_exports:
|
|||||||
- "/var/local/volume1/CardDav {{nfs_cluster_list}}"
|
- "/var/local/volume1/CardDav {{nfs_cluster_list}}"
|
||||||
|
|
||||||
|
|
||||||
vsftpd_config:
|
|
||||||
local_root: "/var/local/volume1"
|
|
||||||
seccomp_sandbox: False
|
|
1
ansible/group_vars/NAS/nomad
Normal file
1
ansible/group_vars/NAS/nomad
Normal file
@ -0,0 +1 @@
|
|||||||
|
nomad_node_class: 'NAS'
|
1
ansible/group_vars/cluster/nomad
Normal file
1
ansible/group_vars/cluster/nomad
Normal file
@ -0,0 +1 @@
|
|||||||
|
nomad_node_class: 'cluster'
|
@ -3,6 +3,9 @@ domain:
|
|||||||
consul_bootstrap_expect: 3
|
consul_bootstrap_expect: 3
|
||||||
consul_domain: "consul"
|
consul_domain: "consul"
|
||||||
nomad_bootstrap_expect: 3
|
nomad_bootstrap_expect: 3
|
||||||
|
nomad_client_meta:
|
||||||
|
- name: "env"
|
||||||
|
value: "production"
|
||||||
vault_unseal_keys_dir_output: "~/vaultUnseal/production"
|
vault_unseal_keys_dir_output: "~/vaultUnseal/production"
|
||||||
env_default_nfs_path: "/volume2"
|
env_default_nfs_path: "/volume2"
|
||||||
env_media_nfs_path: "/volume1"
|
env_media_nfs_path: "/volume1"
|
||||||
|
@ -5,6 +5,10 @@ domain:
|
|||||||
consul_bootstrap_expect: 2
|
consul_bootstrap_expect: 2
|
||||||
consul_domain: "consul"
|
consul_domain: "consul"
|
||||||
nomad_bootstrap_expect: 2
|
nomad_bootstrap_expect: 2
|
||||||
|
nomad_client_meta:
|
||||||
|
- name: "env"
|
||||||
|
value: "staging"
|
||||||
|
|
||||||
vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
|
vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
|
||||||
hosts_entries:
|
hosts_entries:
|
||||||
- ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}"
|
- ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}"
|
||||||
|
@ -5,18 +5,26 @@
|
|||||||
- role: ansible-hashicorp-vault
|
- role: ansible-hashicorp-vault
|
||||||
become: true
|
become: true
|
||||||
post_tasks:
|
post_tasks:
|
||||||
|
- name: Reading root contents
|
||||||
|
ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
|
||||||
|
register: root_token
|
||||||
|
delegate_to: localhost
|
||||||
|
changed_when: false
|
||||||
|
- name: debug
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: root_token
|
||||||
- name: Generate nomad token
|
- name: Generate nomad token
|
||||||
community.hashi_vault.vault_token_create:
|
community.hashi_vault.vault_token_create:
|
||||||
renewable: true
|
renewable: true
|
||||||
policies: "nomad-server-policy"
|
policies: "nomad-server-policy"
|
||||||
period: 72h
|
period: 72h
|
||||||
no_parent: true
|
no_parent: true
|
||||||
token: "{{ vault_init_parsed.root_token }}"
|
token: "{{ root_token.stdout }}"
|
||||||
url: http://{{ ansible_default_ipv4.address }}:8200
|
url: http://{{ ansible_default_ipv4.address }}:8200
|
||||||
retries: 4
|
retries: 4
|
||||||
run_once: true
|
run_once: true
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
when: vault_init_parsed.root_token is defined
|
when: root_token.stdout is defined
|
||||||
register: nomad_token_data
|
register: nomad_token_data
|
||||||
|
|
||||||
- name: Gather nomad token
|
- name: Gather nomad token
|
||||||
|
@ -21,12 +21,18 @@ bleys
|
|||||||
[wireguard:children]
|
[wireguard:children]
|
||||||
production
|
production
|
||||||
|
|
||||||
|
[NAS]
|
||||||
|
nas
|
||||||
|
|
||||||
|
[cluster]
|
||||||
[homelab]
|
|
||||||
oscar
|
oscar
|
||||||
bleys
|
|
||||||
gerard
|
gerard
|
||||||
|
bleys
|
||||||
|
|
||||||
|
|
||||||
|
[homelab:children]
|
||||||
|
NAS
|
||||||
|
cluster
|
||||||
|
|
||||||
[VPS]
|
[VPS]
|
||||||
corwin
|
corwin
|
||||||
|
@ -13,10 +13,17 @@ database_standby
|
|||||||
[wireguard:children]
|
[wireguard:children]
|
||||||
staging
|
staging
|
||||||
|
|
||||||
[homelab]
|
[NAS]
|
||||||
|
nas-dev
|
||||||
|
|
||||||
|
[cluster]
|
||||||
oscar-dev
|
oscar-dev
|
||||||
gerard-dev
|
gerard-dev
|
||||||
|
|
||||||
|
[homelab:children]
|
||||||
|
NAS
|
||||||
|
cluster
|
||||||
|
|
||||||
[VPS]
|
[VPS]
|
||||||
merlin-dev
|
merlin-dev
|
||||||
|
|
||||||
@ -25,8 +32,7 @@ homelab
|
|||||||
VPS
|
VPS
|
||||||
staging
|
staging
|
||||||
|
|
||||||
[NAS]
|
|
||||||
nas-dev
|
|
||||||
|
|
||||||
[staging]
|
[staging]
|
||||||
oscar-dev
|
oscar-dev
|
||||||
|
@ -7,9 +7,9 @@ job "borgmatic" {
|
|||||||
forcedeploy = "0"
|
forcedeploy = "0"
|
||||||
}
|
}
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${node.unique.name}"
|
attribute = "${node.class}"
|
||||||
operator = "set_contains"
|
operator = "set_contains"
|
||||||
value = "nas"
|
value = "NAS"
|
||||||
}
|
}
|
||||||
|
|
||||||
group "borgmatic"{
|
group "borgmatic"{
|
||||||
@ -25,7 +25,7 @@ job "borgmatic" {
|
|||||||
"/var/local/volume1:/var/local/volume1",
|
"/var/local/volume1:/var/local/volume1",
|
||||||
"local/borgmatic.d:/etc/borgmatic.d",
|
"local/borgmatic.d:/etc/borgmatic.d",
|
||||||
"secret/id_rsa:/root/.ssh/id_rsa",
|
"secret/id_rsa:/root/.ssh/id_rsa",
|
||||||
"/mnt/diskstation/nomad/borgmatic:/root/.cache/borg",
|
"/mnt/diskstation/nomad/borgmatic:/root/.cache/borg",
|
||||||
]
|
]
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -65,7 +65,8 @@ location:
|
|||||||
- /volume1/photo
|
- /volume1/photo
|
||||||
|
|
||||||
repositories:
|
repositories:
|
||||||
- u304977@u304977.your-storagebox.de:backup_syno
|
- u304977@u304977.your-storagebox.de:{{if eq "production" (env "meta.env") }}backup_hamelab{{else}}backup_homelab_dev{{end}}
|
||||||
|
|
||||||
exclude_patterns:
|
exclude_patterns:
|
||||||
- '*/nomad/jellyfin/cache'
|
- '*/nomad/jellyfin/cache'
|
||||||
- '*/loki/chunks'
|
- '*/loki/chunks'
|
||||||
@ -207,6 +208,7 @@ consistency:
|
|||||||
{{end}}
|
{{end}}
|
||||||
EOH
|
EOH
|
||||||
destination = "secret/id_rsa"
|
destination = "secret/id_rsa"
|
||||||
|
perms= "700"
|
||||||
}
|
}
|
||||||
resources {
|
resources {
|
||||||
memory = 300
|
memory = 300
|
||||||
|
Loading…
Reference in New Issue
Block a user