From e123c1f228de3ea004ac5118b73478ccb57c4d92 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Fri, 3 Mar 2023 12:20:47 -0500
Subject: [PATCH] Add a ZFS role for Linux.

---
 ansible/playbook.yaml                         |  1 +
 .../roles/package_manager/tasks/linux.yaml    | 19 -------
 ansible/roles/zfs/defaults/main.yaml          |  1 +
 .../files/archzfs.conf                        |  0
 ansible/roles/zfs/tasks/common.yaml           | 15 ++++++
 ansible/roles/zfs/tasks/freebsd.yaml          |  5 ++
 ansible/roles/zfs/tasks/linux.yaml            | 52 +++++++++++++++++++
 ansible/roles/zfs/tasks/main.yaml             |  2 +
 ansible/roles/zfs/tasks/peruser.yaml          | 29 +++++++++++
 ansible/roles/zfs/tasks/peruser_freebsd.yaml  |  0
 ansible/roles/zfs/tasks/peruser_linux.yaml    |  0
 11 files changed, 105 insertions(+), 19 deletions(-)
 create mode 100644 ansible/roles/zfs/defaults/main.yaml
 rename ansible/roles/{package_manager => zfs}/files/archzfs.conf (100%)
 create mode 100644 ansible/roles/zfs/tasks/common.yaml
 create mode 100644 ansible/roles/zfs/tasks/freebsd.yaml
 create mode 100644 ansible/roles/zfs/tasks/linux.yaml
 create mode 100644 ansible/roles/zfs/tasks/main.yaml
 create mode 100644 ansible/roles/zfs/tasks/peruser.yaml
 create mode 100644 ansible/roles/zfs/tasks/peruser_freebsd.yaml
 create mode 100644 ansible/roles/zfs/tasks/peruser_linux.yaml

diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 9266531..885c7ba 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -5,6 +5,7 @@
     - sudo
     - users
     - package_manager
+    - zfs
     - zrepl
     - zsh
     - network
diff --git a/ansible/roles/package_manager/tasks/linux.yaml b/ansible/roles/package_manager/tasks/linux.yaml
index dbf049a..a8c97f9 100644
--- a/ansible/roles/package_manager/tasks/linux.yaml
+++ b/ansible/roles/package_manager/tasks/linux.yaml
@@ -43,24 +43,6 @@
   vars:
     sub_query: "results[?stat.path=='{{ item }}'].stat.exists"
 
-- name: Check trusted gpg keys
-  command: pacman-key -l
-  register: pacmankeys
-  changed_when: false
-  check_mode: no
-  no_log: true
-
-- name: Trust archzfs signing key
-  command: pacman-key -a -
-  args:
-    stdin: "{{ lookup('file', 'archzfs.gpg') }}"
-  when: '"DDF7DB817396A49B2A2723F7403BD972F75D9D76" not in pacmankeys.stdout'
-  register: archzfs_key_imported
-
-- name: Sign archzfs signing key
-  command: pacman-key --lsign-key "DDF7DB817396A49B2A2723F7403BD972F75D9D76"
-  when: archzfs_key_imported.changed
-
 - name: Additional pacman configs
   copy:
     src: "files/{{ item }}"
@@ -70,7 +52,6 @@
     group: root
   loop:
     - freeze_firefox.conf
-    - archzfs.conf
     
 - name: Install packages
   package:
diff --git a/ansible/roles/zfs/defaults/main.yaml b/ansible/roles/zfs/defaults/main.yaml
new file mode 100644
index 0000000..c6713ca
--- /dev/null
+++ b/ansible/roles/zfs/defaults/main.yaml
@@ -0,0 +1 @@
+install_zfs: true
diff --git a/ansible/roles/package_manager/files/archzfs.conf b/ansible/roles/zfs/files/archzfs.conf
similarity index 100%
rename from ansible/roles/package_manager/files/archzfs.conf
rename to ansible/roles/zfs/files/archzfs.conf
diff --git a/ansible/roles/zfs/tasks/common.yaml b/ansible/roles/zfs/tasks/common.yaml
new file mode 100644
index 0000000..fef1101
--- /dev/null
+++ b/ansible/roles/zfs/tasks/common.yaml
@@ -0,0 +1,15 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/zfs/tasks/freebsd.yaml b/ansible/roles/zfs/tasks/freebsd.yaml
new file mode 100644
index 0000000..b417174
--- /dev/null
+++ b/ansible/roles/zfs/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
diff --git a/ansible/roles/zfs/tasks/linux.yaml b/ansible/roles/zfs/tasks/linux.yaml
new file mode 100644
index 0000000..c5e01bb
--- /dev/null
+++ b/ansible/roles/zfs/tasks/linux.yaml
@@ -0,0 +1,52 @@
+- name: Check trusted gpg keys
+  command: pacman-key -l
+  register: pacmankeys
+  changed_when: false
+  check_mode: no
+  no_log: true
+
+- name: Trust archzfs signing key
+  command: pacman-key -a -
+  args:
+    stdin: "{{ lookup('file', 'archzfs.gpg') }}"
+  when: '"DDF7DB817396A49B2A2723F7403BD972F75D9D76" not in pacmankeys.stdout'
+  register: archzfs_key_imported
+
+- name: Sign archzfs signing key
+  command: pacman-key --lsign-key "DDF7DB817396A49B2A2723F7403BD972F75D9D76"
+  when: archzfs_key_imported.changed
+
+- name: Additional pacman configs
+  register: updatepacman
+  copy:
+    src: "files/{{ item }}"
+    dest: /etc/pacman.d/conf.d/
+    mode: 0644
+    owner: root
+    group: root
+  loop:
+    - archzfs.conf
+
+- name: Update cache
+  when: updatepacman.changed
+  pacman:
+    name: []
+    state: present
+    update_cache: true
+    
+- name: Install packages
+  package:
+    name:
+      - archzfs-linux
+    state: present
+
+- name: Enable services
+  systemd:
+    enabled: yes
+    name: "{{ item }}"
+    daemon_reload: yes
+  loop:
+    - zfs-import-cache.service
+    - zfs-mount.service
+    - zfs.target
+    - zfs-import.target
diff --git a/ansible/roles/zfs/tasks/main.yaml b/ansible/roles/zfs/tasks/main.yaml
new file mode 100644
index 0000000..9b478c8
--- /dev/null
+++ b/ansible/roles/zfs/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: install_zfs
diff --git a/ansible/roles/zfs/tasks/peruser.yaml b/ansible/roles/zfs/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/zfs/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/zfs/tasks/peruser_freebsd.yaml b/ansible/roles/zfs/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/zfs/tasks/peruser_linux.yaml b/ansible/roles/zfs/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29