#!/usr/bin/env ansible-playbook # vim:ft=ansible: --- # Mass storage Pis - hosts: pistorage tasks: - name: assure mount directory file: path=/data state=directory mode=0755 tags: [ pis, storage ] - name: assure mount mount: path=/data src=LABEL=mass state=mounted fstype=ext4 tags: [ pis, storage ] - hosts: pi-storage-1.desu.ltd tasks: - name: assure directories in mount file: path=/data/{{ item }} state=directory mode=0755 with_items: - nfs - postgresql tags: [ pis, storage ] - name: assure symlinks to directories in mount file: path={{ item.path }} src=/data/{{ item.src }} state=link with_items: - { path: /var/lib/postgresql, src: postgresql } - { path: /srv/nfs, src: nfs } tags: [ pis, storage ] roles: - role: backup vars: backup_s3backup_list_extra: - /srv/nfs/k8s/default/web-9iron-pvc - /srv/nfs/k8s/default/web-grafana-pvc - /srv/nfs/k8s/default/web-jackett-config-pvc - /srv/nfs/k8s/default/web-netbox-pvc - /srv/nfs/k8s/default/web-transmission-config-pvc backup_time: "Mon *-*-* 02:00:00" tags: [ backup ] - role: motd vars: motd_watch_services_extra: - docker - postgresql - role: postgresql vars: postgresql_global_config_options: - option: listen_addresses value: 192.168.103.1,172.23.103.1 postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.0/8', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Used for internal access from other nodes - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } # Allow hosts over zerotier - { type: host, database: all, user: all, address: '172.23.0.0/16', auth_method: md5 } postgresql_users: - name: gulagbot password: "{{ secret_gulagbot_local_db_pass }}" - name: grafana password: "{{ secret_grafana_local_db_pass }}" - name: netbox password: "{{ secret_netbox_local_db_pass }}" - name: firefly password: "{{ secret_firefly_db_pass }}" postgresql_databases: - name: gulagbot owner: gulagbot - name: grafana owner: grafana - name: netbox owner: netbox - name: firefly owner: firefly tags: [ pis, storage, psql ] - role: nfs vars: nfs_exports: - "/srv/nfs 192.168.0.0/16(ro,no_root_squash,sync) 172.23.0.0/16(ro,no_root_squash,sync)" - "/srv/nfs/bulk 192.168.0.0/16(rw,no_root_squash,sync) 172.23.0.0/16(rw,no_root_squash,sync)" - "/srv/nfs/bulk/media 192.168.0.0/16(rw,no_root_squash,sync) 172.23.0.0/16(rw,no_root_squash,sync)" - "/srv/nfs/k8s 192.168.0.0/16(rw,no_root_squash,sync) 172.23.0.0/16(ro,no_root_squash,sync)" tags: [ pis, storage, nfs ]