crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[cameron] deploys backup and home service scripts

certbot_on_virtu
_shirenn 2021-06-25 11:18:42 +02:00
parent 72fa48a15c
commit 0fedc8cf42
5 changed files with 48 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
host_vars/cameron.adm.crans.org
View File

@ -3,3 +3,43 @@ loc_borg:
to_exclude: to_exclude:
- /var/mail - /var/mail
- /var/lib/lxcfs - /var/lib/lxcfs
loc_service_home:
name: home
install_dir: /var/local/services/home
cron:
frequency: "* * * * *"
dependencies:
- python3-jinja2
- python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/home.git
version: master
config:
ldap_server: ldap://re2o-ldap.adm.crans.org
binddn: cn=home,ou=service-users,dc=crans,dc=org
password: "{{ vault.ldap_home_password }}"
rootdn: cn=Utilisateurs,dc=crans,dc=org
home_dir: /pool/home
mail_dir: /pool/mail
home_quota: /usr/sbin/zfs set userquota@{user}=30G pool/home
mail_quota: /usr/sbin/zfs set userquota@{user}=10G pool/mail
loc_service_backup:
name: backup
install_dir: /var/local/services/backup
cron:
frequency: "0 0 * * *"
dependencies:
- python3-jinja2
- python3-ldap
generated: yes
git:
remote: https://gitlab.adm.crans.org/nounous/backup.git
version: master
config:
binddn: cn=home,ou=service-users,dc=crans,dc=org
password: "{{ vault.ldap_home_password }}"
rootdn: cn=Utilisateurs,dc=crans,dc=org
ldap_server: ldap://re2o-ldap.adm.crans.org
borg_key: "{{ vault.borgbackup_passwd }}"

15
plays/home.yml
View File

@ -2,11 +2,12 @@
--- ---
- hosts: cameron.adm.crans.org - hosts: cameron.adm.crans.org
vars: vars:
home: service: "{{ glob_service_home | default({}) | combine(loc_service_home | default({})) }}"
ldap_server: ldap://re2o-ldap.adm.crans.org
ldap_password: "{{ vault.ldap_home_password }}"
binddn: cn=home,ou=service-users,dc=crans,dc=org
rootdn: cn=Utilisateurs,dc=crans,dc=org
borg_key: "{{ vault.borgbackup_passwd }}"
roles: roles:
- home - service
- hosts: cameron.adm.crans.org
vars:
service: "{{ glob_service_backup | default({}) | combine(loc_service_backup | default({})) }}"
roles:
- service

47
roles/home/tasks/main.yml
View File

@ -1,47 +0,0 @@
---
- name: Install home dependencies
apt:
update_cache: true
install_recommends: false
name:
- python3-jinja2
- python3-ldap
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create home directory
file:
path: /var/local/home
state: directory
mode: '2775'
owner: root
group: _nounou
- name: Set ACL for home directory
acl:
path: /var/local/home
default: true
entity: _nounou
etype: group
permissions: rwx
state: query
- name: Clone home repository
git:
repo: 'http://gitlab.adm.crans.org/nounous/home.git'
dest: /var/local/home
umask: '002'
- name: Deploy home config
template:
src: home/home.json.j2
dest: /var/local/home/home.json
mode: 0600
owner: root
group: root
- name: Deploy cron for home
template:
src: cron.d/home.j2
dest: /etc/cron.d/home

2
roles/home/templates/cron.d/home.j2
View File

@ -1,2 +0,0 @@
{{ ansible_header | comment }}
* * * * * root /usr/bin/python3 /var/local/home/home.py

11
roles/home/templates/home/home.json.j2
View File

@ -1,11 +0,0 @@
{
"ldap_server": "{{ home.ldap_server }}"
"binddn": "{{ home.binddn }}"
"password": "{{ home.ldap_password }}"
"rootdn": "{{ home.rootdn }}"
"home_dir": "/pool/home"
"mail_dir": "/pool/mail"
"home_quota": "/usr/sbin/zfs set userquota@{user}=30G pool/home"
"mail_quota": "/usr/sbin/zfs set userquota@{user}=10G pool/mail"
"borg_key": "{{ home.borg_key }}"
}