diff --git a/README.md b/README.md index 6727b18..ffb60d9 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,14 @@ Don't forget to set a password for the new user with `passwd tudattr` ## Backups Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. but first of all we need to create the buckets and provide ansible with the needed information. + +When creating your own rclone config the `password` and `password2` entries have to be passed though `rclone obscure` like this: + +``` sh +echo "$PASSWORD" | rclone obscure - +``` + +` ## Vault - Create vault with: `ansible-vault create secrets.yml` - Create entry in vault with: `ansible-vault edit secrets.yml` diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 35fc36a..2fb64e0 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -87,6 +87,12 @@ mysql_user: user aya01_host: "aya01" aya01_ip: "192.168.20.12" +# +# mii +# +mii_host: "mii" +mii_ip: "192.168.200.2" + # # ZoneMinder # @@ -180,13 +186,14 @@ pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/" # # Directories that will be backupped to backblaze -backblaze_paths: - aya01: - - "{{ docker_compose_dir }}" - - "{{ docker_dir }}" - pi: - - "{{ docker_compose_dir }}" - - "{{ docker_dir }}" +# MOVED TO HOSTVARS +# backblaze_paths: +# aya01: +# - "{{ docker_compose_dir }}" +# - "{{ docker_dir }}" +# pi: +# - "{{ docker_compose_dir }}" +# - "{{ docker_dir }}" # # samba diff --git a/host_vars/aya01.yml b/host_vars/aya01.yml index 4c1a11d..019e576 100644 --- a/host_vars/aya01.yml +++ b/host_vars/aya01.yml @@ -2,4 +2,16 @@ ansible_user: "{{ user }}" ansible_host: 192.168.20.12 ansible_port: 22 ansible_ssh_private_key_file: '{{ pk_path }}' -ansible_become_pass: '{{ vault_aya01_tudattr_password }}' +ansible_become_pass: '{{ vault.aya01.sudo }}' + +host: + ip: "{{ ansible_host }}" + backblaze: + account: "{{ vault.aya01.backblaze.account }}" + key: "{{ vault.aya01.backblaze.key }}" + remote: "remote:aya01-tudattr-dev" + password: "{{ vault.aya01.rclone.password }}" + password2: "{{ vault.aya01.rclone.password2 }}" + paths: + - "{{ docker_compose_dir }}" + - "{{ docker_dir }}" diff --git a/host_vars/mii.yml b/host_vars/mii.yml index 795db6e..30672db 100644 --- a/host_vars/mii.yml +++ b/host_vars/mii.yml @@ -2,4 +2,16 @@ ansible_user: "{{ user }}" ansible_host: 202.61.207.139 ansible_port: 22 ansible_ssh_private_key_file: '{{ pk_path }}' -ansible_become_pass: '{{ vault_mii_tudattr_password }}' +ansible_become_pass: '{{ vault.mii.sudo }}' + +host: + ip: "192.168.200.2" + backblaze: + account: "{{ vault.mii.backblaze.account }}" + key: "{{ vault.mii.backblaze.key }}" + remote: "remote:mii-tudattr-dev" + password: "{{ vault.mii.rclone.password }}" + password2: "{{ vault.mii.rclone.password2 }}" + paths: + - "{{ docker_compose_dir }}" + - "{{ docker_dir }}" diff --git a/host_vars/pi.yml b/host_vars/pi.yml index 5d8c542..cc3c453 100644 --- a/host_vars/pi.yml +++ b/host_vars/pi.yml @@ -2,4 +2,16 @@ ansible_user: "{{ user }}" ansible_host: 192.168.20.11 ansible_port: 22 ansible_ssh_private_key_file: '{{ pk_path }}' -ansible_become_pass: '{{ vault_pi_tudattr_password }}' +ansible_become_pass: '{{ vault.pi.sudo }}' + +host: + ip: "{{ ansible_host }}" + backblaze: + account: "{{ vault.pi.backblaze.account }}" + key: "{{ vault.pi.backblaze.key }}" + remote: "remote:pi-tudattr-dev" + password: "{{ vault.pi.rclone.password }}" + password2: "{{ vault.pi.rclone.password2 }}" + paths: + - "{{ docker_compose_dir }}" + - "{{ docker_dir }}" diff --git a/host_vars/vagrant.yml b/host_vars/vagrant.yml index 8662183..a58c557 100644 --- a/host_vars/vagrant.yml +++ b/host_vars/vagrant.yml @@ -2,3 +2,5 @@ ansible_user: vagrant ansible_host: 127.0.0.1 ansible_port: 2222 ansible_ssh_private_key_file: .vagrant/machines/vagrant/virtualbox/private_key + +ost_ip: "{{ ansible_host }}" diff --git a/mii.yml b/mii.yml index c54bed7..b1bc646 100644 --- a/mii.yml +++ b/mii.yml @@ -6,6 +6,12 @@ - role: common tags: - common + - role: backblaze + tags: + - backblaze + - role: node_exporter + tags: + - node_exporter - role: docker tags: - docker diff --git a/pi.yml b/pi.yml index c026cdf..c1dec84 100644 --- a/pi.yml +++ b/pi.yml @@ -8,8 +8,10 @@ - common - role: backblaze tags: - - backup + - backblaze + - role: node_exporter + tags: + - node_exporter - role: docker tags: - docker - diff --git a/roles/backblaze/tasks/backup.yml b/roles/backblaze/tasks/backup.yml index 64ec987..91ec15f 100644 --- a/roles/backblaze/tasks/backup.yml +++ b/roles/backblaze/tasks/backup.yml @@ -1,17 +1,18 @@ --- - name: Shut down docker - shell: - cmd: "docker compose down --remove-orphans" - chdir: "{{ docker_compose_dir }}" + systemd: + name: docker + state: stopped + become: true - name: Backing up for "{{ inventory_hostname }}" shell: - cmd: "rclone sync {{ item.1 }} secret:{{ item.1 }}" - when: item.0.key == inventory_hostname - loop: "{{ backblaze_paths | dict2items | subelements('value') }}" + cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16" + loop: "{{ host.backblaze.paths }}" become: true - name: Restart docker - shell: - cmd: "docker compose up -d" - chdir: "{{ docker_compose_dir }}" + systemd: + name: docker + state: started + become: true diff --git a/roles/backblaze/tasks/config.yml b/roles/backblaze/tasks/config.yml index 0eee4cf..4021211 100644 --- a/roles/backblaze/tasks/config.yml +++ b/roles/backblaze/tasks/config.yml @@ -1,5 +1,5 @@ --- -- name: Create rclone config folder at "{{ rclone_config }}" +- name: Create rclone config folder file: path: "{{ rclone_config }}" owner: '0' @@ -8,9 +8,9 @@ state: directory become: true -- name: Copy "templates/{{ inventory_hostname }}/rclone.conf" config to "{{ inventory_hostname }}":"{{ rclone_config }}/rclone.conf" +- name: Copy "rclone.conf" template: - src: "templates/{{ inventory_hostname }}/rclone.conf" + src: "rclone.conf.j2" dest: "{{ rclone_config }}/rclone.conf" owner: '0' group: '0' diff --git a/roles/backblaze/tasks/main.yml b/roles/backblaze/tasks/main.yml index e6a018b..9e7df93 100644 --- a/roles/backblaze/tasks/main.yml +++ b/roles/backblaze/tasks/main.yml @@ -3,5 +3,3 @@ - include_tasks: install.yml - include_tasks: config.yml - include_tasks: backup.yml - tags: - - backup diff --git a/roles/backblaze/templates/aya01/rclone.conf b/roles/backblaze/templates/aya01/rclone.conf deleted file mode 100644 index ebd8f06..0000000 --- a/roles/backblaze/templates/aya01/rclone.conf +++ /dev/null @@ -1,10 +0,0 @@ -[remote] -type = b2 -account = {{ vault_backblaze_aya01_account }} -key = {{ vault_backblaze_aya01_key }} - -[secret] -type = crypt -remote = remote:aya01-tudattr-dev -password = {{ vault_rclone_aya01_password }} -password2 = {{ vault_rclone_aya01_password2 }} \ No newline at end of file diff --git a/roles/backblaze/templates/pi/rclone.conf b/roles/backblaze/templates/pi/rclone.conf deleted file mode 100644 index 9d5c0c7..0000000 --- a/roles/backblaze/templates/pi/rclone.conf +++ /dev/null @@ -1,10 +0,0 @@ -[remote] -type = b2 -account = {{ vault_backblaze_pi_account }} -key = {{ vault_backblaze_pi_key }} - -[secret] -type = crypt -remote = remote:pi-tudattr-dev -password = {{ vault_rclone_pi_password }} -password2 = {{ vault_rclone_pi_password2 }} \ No newline at end of file diff --git a/roles/backblaze/templates/rclone.conf.j2 b/roles/backblaze/templates/rclone.conf.j2 new file mode 100644 index 0000000..4c535f0 --- /dev/null +++ b/roles/backblaze/templates/rclone.conf.j2 @@ -0,0 +1,10 @@ +[remote] +type = b2 +account = {{ host.backblaze.account }} +key = {{ host.backblaze.key }} + +[secret] +type = crypt +remote = {{ host.backblaze.remote }} +password = {{ host.backblaze.password }} +password2 = {{ host.backblaze.password2 }} diff --git a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 index 4def80d..f7285b1 100644 --- a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 +++ b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 @@ -16,13 +16,15 @@ rule_files: # - "second_rules.yml" scrape_configs: - - job_name: 'node' + - job_name: 'aya01' scrape_interval: 10s scrape_timeout: 10s tls_config: insecure_skip_verify: true static_configs: - targets: ['{{ aya01_ip }}:{{node_exporter_port}}'] + - targets: ['{{ mii_ip }}:{{node_exporter_port}}'] + - targets: ['{{ pi_ip }}:{{node_exporter_port}}'] - job_name: Mikrotik static_configs: - targets: diff --git a/roles/node_exporter/templates/node_exporter.service.j2 b/roles/node_exporter/templates/node_exporter.service.j2 index 825b5ff..c645a7e 100644 --- a/roles/node_exporter/templates/node_exporter.service.j2 +++ b/roles/node_exporter/templates/node_exporter.service.j2 @@ -4,7 +4,7 @@ Description=NodeExporter [Service] TimeoutStartSec=0 User=node_exporter -ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ aya01_ip }}:{{ node_exporter_port }} {{ node_exporter_options }} +ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }} [Install] WantedBy=multi-user.target