diff --git a/.gitignore b/.gitignore index 0d8a56a..39f94fc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ # ---> Ansible *.retry -*vault_token + roles/* !roles/requirements.yml node_modules diff --git a/.vscode/settings.json b/.vscode/settings.json index a5f45dc..6d294e4 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -6,5 +6,6 @@ "**/.woodpecker/*.yml": "yaml" }, "ansible.ansible.useFullyQualifiedCollectionNames": true, - "editor.formatOnSave": true + "editor.formatOnSave": true, + "ansible.python.interpreterPath": "/root/.virtualenvs/ansible/bin/python" } diff --git a/credentials/vault_token b/credentials/vault_token new file mode 100755 index 0000000..1aa8b74 --- /dev/null +++ b/credentials/vault_token @@ -0,0 +1,3 @@ +#!/bin/bash +set -e +bw get password 8b2cc036-1b49-4891-aff9-b4fcd6d9f3ec \ No newline at end of file diff --git a/inventories/group_vars/nodes.yml b/inventories/group_vars/nodes.yml index 54c8414..4b14534 100644 --- a/inventories/group_vars/nodes.yml +++ b/inventories/group_vars/nodes.yml @@ -5,6 +5,9 @@ borg_version: "1.2.3" home: /home/backup pool: "{{ home }}/repos" +service_name: "{{ pool[1:] | replace('/', '-') }}" + +nfs_url: 10.23.0.11:/media/big_data/Infra/borg auth_users: - host: docker.home diff --git a/inventories/secrets/borg.home.yml b/inventories/secrets/borg.home.yml deleted file mode 100644 index da4447e..0000000 --- a/inventories/secrets/borg.home.yml +++ /dev/null @@ -1,6 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64343764653264313038396261633363376366373462316234623132306465343431393966623534 -6332363366396161323561623130303130613234373966320a303163643663653930633235306331 -37313338303637336133356535653636333462343237646438373830313835333834343133636136 -3565626161353363640a393632346535353636356134663263356361656561383866643533376138 -3137 diff --git a/playbooks/install.yml b/playbooks/install.yml index 738da86..7496c3e 100644 --- a/playbooks/install.yml +++ b/playbooks/install.yml @@ -1,26 +1,28 @@ --- - name: Ansible-borg-server-playbook hosts: nodes - pre_tasks: - - name: Load secrets - ansible.builtin.include_vars: - file: "{{ inventory_dir }}/secrets/{{ inventory_hostname }}.yml" - tags: - - always - post_tasks: - name: Install nfs-common ansible.builtin.package: name: nfs-common tags: - mount + - name: Add repo mount - ansible.posix.mount: - src: 10.23.0.11:/media/big_data/Infra/borg - path: "{{ pool }}" - opts: rw,sync,hard,_netdev - state: mounted - fstype: nfs + ansible.builtin.template: + src: "mnt-borg.{{ item }}.j2" + dest: "/etc/systemd/system/{{ service_name }}.{{ item }}" + tags: + - mount + loop: + - automount + - mount + + - name: Enable automount + ansible.builtin.systemd: + name: "{{ service_name }}.automount" + state: started + enabled: true tags: - mount diff --git a/playbooks/templates/mnt-borg.automount.j2 b/playbooks/templates/mnt-borg.automount.j2 new file mode 100644 index 0000000..040fc2c --- /dev/null +++ b/playbooks/templates/mnt-borg.automount.j2 @@ -0,0 +1,10 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Automount Borg repos + +[Automount] +Where={{pool}} + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/playbooks/templates/mnt-borg.mount.j2 b/playbooks/templates/mnt-borg.mount.j2 new file mode 100644 index 0000000..3242ad1 --- /dev/null +++ b/playbooks/templates/mnt-borg.mount.j2 @@ -0,0 +1,14 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Borg repos moint +After=network.target + +[Mount] +What={{nfs_url}} +Where={{pool}} +Type=nfs +Options=_netdev,auto + +[Install] +WantedBy=multi-user.target \ No newline at end of file