From 4b62c9b4dec734034ad1c3fa0c596acd9c166f02 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 18 Nov 2023 14:55:19 -0500 Subject: [PATCH] Add a script to decrypt and mount disks on the home server. --- ansible/playbook.yaml | 6 ++ .../roles/homeserver/files/decrypt_disks.bash | 10 ++++ ansible/roles/homeserver/tasks/common.yaml | 55 +++++++++++++++++++ ansible/roles/homeserver/tasks/freebsd.yaml | 10 ++++ ansible/roles/homeserver/tasks/linux.yaml | 29 ++++++++++ ansible/roles/homeserver/tasks/main.yaml | 2 + ansible/roles/homeserver/tasks/peruser.yaml | 29 ++++++++++ .../homeserver/tasks/peruser_freebsd.yaml | 0 .../roles/homeserver/tasks/peruser_linux.yaml | 0 9 files changed, 141 insertions(+) create mode 100644 ansible/roles/homeserver/files/decrypt_disks.bash create mode 100644 ansible/roles/homeserver/tasks/common.yaml create mode 100644 ansible/roles/homeserver/tasks/freebsd.yaml create mode 100644 ansible/roles/homeserver/tasks/linux.yaml create mode 100644 ansible/roles/homeserver/tasks/main.yaml create mode 100644 ansible/roles/homeserver/tasks/peruser.yaml create mode 100644 ansible/roles/homeserver/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/homeserver/tasks/peruser_linux.yaml diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index fab14cf..690048f 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -136,3 +136,9 @@ - fstab - build - freebsd_update_server + +- hosts: homeserver + vars: + ansible_become: True + roles: + - homeserver diff --git a/ansible/roles/homeserver/files/decrypt_disks.bash b/ansible/roles/homeserver/files/decrypt_disks.bash new file mode 100644 index 0000000..474fc39 --- /dev/null +++ b/ansible/roles/homeserver/files/decrypt_disks.bash @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +# Decrypt and mount the disks after a fresh reboot. +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +zfs load-key -r zmass/encrypted +zfs mount -a +service bemount start diff --git a/ansible/roles/homeserver/tasks/common.yaml b/ansible/roles/homeserver/tasks/common.yaml new file mode 100644 index 0000000..bef243a --- /dev/null +++ b/ansible/roles/homeserver/tasks/common.yaml @@ -0,0 +1,55 @@ +# - name: Create directories +# file: +# name: "{{ item }}" +# state: directory +# mode: 0755 +# owner: root +# group: wheel +# loop: +# - /foo/bar + +# - name: Install scripts +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0755 +# owner: root +# group: wheel +# loop: +# - src: foo.bash +# dest: /usr/local/bin/foo + +# - name: Install Configuration +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0600 +# owner: root +# group: wheel +# loop: +# - src: foo.conf +# dest: /usr/local/etc/foo.conf + +# - name: Clone Source +# git: +# repo: "https://foo.bar/baz.git" +# dest: /foo/bar +# version: "v1.0.2" +# force: true +# diff: false + +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/homeserver/tasks/freebsd.yaml b/ansible/roles/homeserver/tasks/freebsd.yaml new file mode 100644 index 0000000..aeabf39 --- /dev/null +++ b/ansible/roles/homeserver/tasks/freebsd.yaml @@ -0,0 +1,10 @@ +- name: Install scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: root + group: wheel + loop: + - src: decrypt_disks.bash + dest: /usr/local/bin/decrypt_disks diff --git a/ansible/roles/homeserver/tasks/linux.yaml b/ansible/roles/homeserver/tasks/linux.yaml new file mode 100644 index 0000000..bbbb096 --- /dev/null +++ b/ansible/roles/homeserver/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/homeserver/tasks/main.yaml b/ansible/roles/homeserver/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/homeserver/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/roles/homeserver/tasks/peruser.yaml b/ansible/roles/homeserver/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/homeserver/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/homeserver/tasks/peruser_freebsd.yaml b/ansible/roles/homeserver/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/homeserver/tasks/peruser_linux.yaml b/ansible/roles/homeserver/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29