Skip to content
Snippets Groups Projects
Commit 0fedc8cf authored by shirenn's avatar shirenn 🌊
Browse files

[cameron] deploys backup and home service scripts

parent 72fa48a1
No related branches found
No related tags found
1 merge request!272Stabilize Ansible
......@@ -3,3 +3,43 @@ loc_borg:
to_exclude:
- /var/mail
- /var/lib/lxcfs
loc_service_home:
name: home
install_dir: /var/local/services/home
cron:
frequency: "* * * * *"
dependencies:
- python3-jinja2
- python3-ldap
git:
remote: https://gitlab.adm.crans.org/nounous/home.git
version: master
config:
ldap_server: ldap://re2o-ldap.adm.crans.org
binddn: cn=home,ou=service-users,dc=crans,dc=org
password: "{{ vault.ldap_home_password }}"
rootdn: cn=Utilisateurs,dc=crans,dc=org
home_dir: /pool/home
mail_dir: /pool/mail
home_quota: /usr/sbin/zfs set userquota@{user}=30G pool/home
mail_quota: /usr/sbin/zfs set userquota@{user}=10G pool/mail
loc_service_backup:
name: backup
install_dir: /var/local/services/backup
cron:
frequency: "0 0 * * *"
dependencies:
- python3-jinja2
- python3-ldap
generated: yes
git:
remote: https://gitlab.adm.crans.org/nounous/backup.git
version: master
config:
binddn: cn=home,ou=service-users,dc=crans,dc=org
password: "{{ vault.ldap_home_password }}"
rootdn: cn=Utilisateurs,dc=crans,dc=org
ldap_server: ldap://re2o-ldap.adm.crans.org
borg_key: "{{ vault.borgbackup_passwd }}"
......@@ -2,11 +2,12 @@
---
- hosts: cameron.adm.crans.org
vars:
home:
ldap_server: ldap://re2o-ldap.adm.crans.org
ldap_password: "{{ vault.ldap_home_password }}"
binddn: cn=home,ou=service-users,dc=crans,dc=org
rootdn: cn=Utilisateurs,dc=crans,dc=org
borg_key: "{{ vault.borgbackup_passwd }}"
service: "{{ glob_service_home | default({}) | combine(loc_service_home | default({})) }}"
roles:
- home
- service
- hosts: cameron.adm.crans.org
vars:
service: "{{ glob_service_backup | default({}) | combine(loc_service_backup | default({})) }}"
roles:
- service
---
- name: Install home dependencies
apt:
update_cache: true
install_recommends: false
name:
- python3-jinja2
- python3-ldap
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create home directory
file:
path: /var/local/home
state: directory
mode: '2775'
owner: root
group: _nounou
- name: Set ACL for home directory
acl:
path: /var/local/home
default: true
entity: _nounou
etype: group
permissions: rwx
state: query
- name: Clone home repository
git:
repo: 'http://gitlab.adm.crans.org/nounous/home.git'
dest: /var/local/home
umask: '002'
- name: Deploy home config
template:
src: home/home.json.j2
dest: /var/local/home/home.json
mode: 0600
owner: root
group: root
- name: Deploy cron for home
template:
src: cron.d/home.j2
dest: /etc/cron.d/home
{{ ansible_header | comment }}
* * * * * root /usr/bin/python3 /var/local/home/home.py
{
"ldap_server": "{{ home.ldap_server }}"
"binddn": "{{ home.binddn }}"
"password": "{{ home.ldap_password }}"
"rootdn": "{{ home.rootdn }}"
"home_dir": "/pool/home"
"mail_dir": "/pool/mail"
"home_quota": "/usr/sbin/zfs set userquota@{user}=30G pool/home"
"mail_quota": "/usr/sbin/zfs set userquota@{user}=10G pool/mail"
"borg_key": "{{ home.borg_key }}"
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment