vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: improce variable management
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
vincent 2023-12-24 15:52:06 +01:00
parent 861e6af82e
commit 9c85cc9708
11 changed files with 46 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/group_vars/NAS/ftp Normal file
View File

@ -0,0 +1,3 @@
vsftpd_config:
local_root: "/var/local/volume1"
seccomp_sandbox: False

3
ansible/group_vars/NAS/main → ansible/group_vars/NAS/nfs
View File

@ -13,6 +13,3 @@ nfs_exports:
- "/var/local/volume1/CardDav {{nfs_cluster_list}}" - "/var/local/volume1/CardDav {{nfs_cluster_list}}"
vsftpd_config:
local_root: "/var/local/volume1"
seccomp_sandbox: False

1
ansible/group_vars/NAS/nomad Normal file
View File

@ -0,0 +1 @@
nomad_node_class: 'NAS'

0
ansible/group_vars/homelab/mount → ansible/group_vars/cluster/mount
View File

1
ansible/group_vars/cluster/nomad Normal file
View File

@ -0,0 +1 @@
nomad_node_class: 'cluster'

3
ansible/group_vars/production
View File

@ -3,6 +3,9 @@ domain:
consul_bootstrap_expect: 3 consul_bootstrap_expect: 3
consul_domain: "consul" consul_domain: "consul"
nomad_bootstrap_expect: 3 nomad_bootstrap_expect: 3
nomad_client_meta:
- name: "env"
value: "production"
vault_unseal_keys_dir_output: "~/vaultUnseal/production" vault_unseal_keys_dir_output: "~/vaultUnseal/production"
env_default_nfs_path: "/volume2" env_default_nfs_path: "/volume2"
env_media_nfs_path: "/volume1" env_media_nfs_path: "/volume1"

4
ansible/group_vars/staging
View File

@ -5,6 +5,10 @@ domain:
consul_bootstrap_expect: 2 consul_bootstrap_expect: 2
consul_domain: "consul" consul_domain: "consul"
nomad_bootstrap_expect: 2 nomad_bootstrap_expect: 2
nomad_client_meta:
- name: "env"
value: "staging"
vault_unseal_keys_dir_output: "~/vaultUnseal/staging" vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
hosts_entries: hosts_entries:
- ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}" - ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}"

12
ansible/playbooks/HashicorpStack.yml
View File

@ -5,18 +5,26 @@
- role: ansible-hashicorp-vault - role: ansible-hashicorp-vault
become: true become: true
post_tasks: post_tasks:
- name: Reading root contents
ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
register: root_token
delegate_to: localhost
changed_when: false
- name: debug
ansible.builtin.debug:
var: root_token
- name: Generate nomad token - name: Generate nomad token
community.hashi_vault.vault_token_create: community.hashi_vault.vault_token_create:
renewable: true renewable: true
policies: "nomad-server-policy" policies: "nomad-server-policy"
period: 72h period: 72h
no_parent: true no_parent: true
token: "{{ vault_init_parsed.root_token }}" token: "{{ root_token.stdout }}"
url: http://{{ ansible_default_ipv4.address }}:8200 url: http://{{ ansible_default_ipv4.address }}:8200
retries: 4 retries: 4
run_once: true run_once: true
delegate_to: localhost delegate_to: localhost
when: vault_init_parsed.root_token is defined when: root_token.stdout is defined
register: nomad_token_data register: nomad_token_data
- name: Gather nomad token - name: Gather nomad token

12
ansible/production
View File

@ -21,12 +21,18 @@ bleys
[wireguard:children] [wireguard:children]
production production
[NAS]
nas
[cluster]
[homelab]
oscar oscar
bleys
gerard gerard
bleys
[homelab:children]
NAS
cluster
[VPS] [VPS]
corwin corwin

12
ansible/staging
View File

@ -13,10 +13,17 @@ database_standby
[wireguard:children] [wireguard:children]
staging staging
[homelab] [NAS]
nas-dev
[cluster]
oscar-dev oscar-dev
gerard-dev gerard-dev
[homelab:children]
NAS
cluster
[VPS] [VPS]
merlin-dev merlin-dev
@ -25,8 +32,7 @@ homelab
VPS VPS
staging staging
[NAS]
nas-dev
[staging] [staging]
oscar-dev oscar-dev

10
nomad-job/borgmatic.nomad
View File

@ -7,9 +7,9 @@ job "borgmatic" {
forcedeploy = "0" forcedeploy = "0"
} }
constraint { constraint {
attribute = "${node.unique.name}" attribute = "${node.class}"
operator = "set_contains" operator = "set_contains"
value = "nas" value = "NAS"
} }
group "borgmatic"{ group "borgmatic"{
@ -25,7 +25,7 @@ job "borgmatic" {
"/var/local/volume1:/var/local/volume1", "/var/local/volume1:/var/local/volume1",
"local/borgmatic.d:/etc/borgmatic.d", "local/borgmatic.d:/etc/borgmatic.d",
"secret/id_rsa:/root/.ssh/id_rsa", "secret/id_rsa:/root/.ssh/id_rsa",
"/mnt/diskstation/nomad/borgmatic:/root/.cache/borg", "/mnt/diskstation/nomad/borgmatic:/root/.cache/borg",
] ]
} }
@ -65,7 +65,8 @@ location:
- /volume1/photo - /volume1/photo
repositories: repositories:
- u304977@u304977.your-storagebox.de:backup_syno - u304977@u304977.your-storagebox.de:{{if eq "production" (env "meta.env") }}backup_hamelab{{else}}backup_homelab_dev{{end}}
exclude_patterns: exclude_patterns:
- '*/nomad/jellyfin/cache' - '*/nomad/jellyfin/cache'
- '*/loki/chunks' - '*/loki/chunks'
@ -207,6 +208,7 @@ consistency:
{{end}} {{end}}
EOH EOH
destination = "secret/id_rsa" destination = "secret/id_rsa"
perms= "700"
} }
resources { resources {
memory = 300 memory = 300