[cameron] deploys backup and home service scripts

host_vars/cameron.adm.crans.org

@@ -3,3 +3,43 @@ loc_borg:
   to_exclude:
     - /var/mail
     - /var/lib/lxcfs
+
+loc_service_home:
+  name: home
+  install_dir: /var/local/services/home
+  cron:
+    frequency: "* * * * *"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/home.git
+    version: master
+  config:
+    ldap_server: ldap://re2o-ldap.adm.crans.org
+    binddn: cn=home,ou=service-users,dc=crans,dc=org
+    password: "{{ vault.ldap_home_password }}"
+    rootdn: cn=Utilisateurs,dc=crans,dc=org
+    home_dir: /pool/home
+    mail_dir: /pool/mail
+    home_quota: /usr/sbin/zfs set userquota@{user}=30G pool/home
+    mail_quota: /usr/sbin/zfs set userquota@{user}=10G pool/mail
+
+loc_service_backup:
+  name: backup
+  install_dir: /var/local/services/backup
+  cron:
+    frequency: "0 0 * * *"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
+  generated: yes
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/backup.git
+    version: master
+  config:
+    binddn: cn=home,ou=service-users,dc=crans,dc=org
+    password: "{{ vault.ldap_home_password }}"
+    rootdn: cn=Utilisateurs,dc=crans,dc=org
+    ldap_server: ldap://re2o-ldap.adm.crans.org
+    borg_key: "{{ vault.borgbackup_passwd }}"

plays/home.yml

@@ -2,11 +2,12 @@
 ---
 - hosts: cameron.adm.crans.org
   vars:
-    home:
-      ldap_server: ldap://re2o-ldap.adm.crans.org
-      ldap_password: "{{ vault.ldap_home_password }}"
-      binddn: cn=home,ou=service-users,dc=crans,dc=org
-      rootdn: cn=Utilisateurs,dc=crans,dc=org
-      borg_key: "{{ vault.borgbackup_passwd }}"
+    service: "{{ glob_service_home | default({}) | combine(loc_service_home | default({})) }}"
   roles:
-    - home
+    - service
+
+- hosts: cameron.adm.crans.org
+  vars:
+    service: "{{ glob_service_backup | default({}) | combine(loc_service_backup | default({})) }}"
+  roles:
+    - service

roles/home/tasks/main.yml

----
-- name: Install home dependencies
-  apt:
-    update_cache: true
-    install_recommends: false
-    name:
-      - python3-jinja2
-      - python3-ldap
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
-- name: Create home directory
-  file:
-    path: /var/local/home
-    state: directory
-    mode: '2775'
-    owner: root
-    group: _nounou
-
-- name: Set ACL for home directory
-  acl:
-    path: /var/local/home
-    default: true
-    entity: _nounou
-    etype: group
-    permissions: rwx
-    state: query
-
-- name: Clone home repository
-  git:
-    repo: 'http://gitlab.adm.crans.org/nounous/home.git'
-    dest: /var/local/home
-    umask: '002'
-
-- name: Deploy home config
-  template:
-    src: home/home.json.j2
-    dest: /var/local/home/home.json
-    mode: 0600
-    owner: root
-    group: root
-
-- name: Deploy cron for home
-  template:
-    src: cron.d/home.j2
-    dest: /etc/cron.d/home

roles/home/templates/cron.d/home.j2

-{{ ansible_header | comment }}
-* * * * * root /usr/bin/python3 /var/local/home/home.py

roles/home/templates/home/home.json.j2

-{
-	"ldap_server": "{{ home.ldap_server }}"
-	"binddn": "{{ home.binddn }}"
-	"password": "{{ home.ldap_password }}"
-	"rootdn": "{{ home.rootdn }}"
-	"home_dir": "/pool/home"
-	"mail_dir": "/pool/mail"
-	"home_quota": "/usr/sbin/zfs set userquota@{user}=30G pool/home"
-	"mail_quota": "/usr/sbin/zfs set userquota@{user}=10G pool/mail"
-	"borg_key": "{{ home.borg_key }}"
-}