tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed backblaze backup 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2022-12-06 23:16:52 +01:00
parent b371e246a9
commit b36f97fa65
5 changed files with 97 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
#README.md# Normal file
View File

@ -0,0 +1,87 @@
# TuDatTr IaC
## Backups
Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
but first of all we need to create the buckets and provide ansible with the needed information.
## Vault
- Create vault with: `ansible-vault create secrets.yml`
- Create entry in vault with: `ansible-vault edit secrets.yml`
- Add following entries:
- `vault_pi_tudattr_password: <YOURPASSWORD>` (password you've setup on the device)
- `vault_aya01_tudattr_password: <YOURPASSWORD>` (password you've setup on the device)
- `vault_pihole_password: <YOURPASSWORD>` (arbitrary password you want to log in with)
- `vault_mysql_root_password: <YOURPASSWORD>` (arbitrary password, used internally)
- `vault_mysql_user_password: <YOURPASSWORD>` (arbitrary password, used internally)
- `vault_ddns_tudattrdev_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
- `vault_ddns_borgland_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
## Server
- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system
- Create user (tudattr)
- Get IP of remote system (192.168.20.11)
- Create ssh-config entry
```config
Host aya01
HostName 192.168.20.11
Port 22
User tudattr
IdentityFile /mnt/veracrypt1/genesis
```
- copy public key to remote system
`ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01`
- Add this host to ansible inventory
- Install sudo on remote
- add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr`
- set time correctly when getting the following error
```sh
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.
```
By doing on remote system (example):
```sh
sudo systemctl stop ntp.service
sudo ntpd -gq
sudo systemctl start ntp.service
```
### zoneminder
- Enable authentification in (Option->System)
- Create new Camera:
- General>Name: BirdCam
- General>Function: Ffmpeg
- General>Function: Modect
- Source>Source Path: `rtsp://user:pw@ip:554/cam/mpeg4`
- Change default admin password
- Create users
## RaspberryPi
- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi
- Get IP of remote system (192.168.20.11)
- Create ssh-config entry
```config
Host pi
HostName 192.168.20.11
Port 22
User tudattr
IdentityFile /mnt/veracrypt1/genesis
```
- enable ssh on pi
- copy public key to pi
- change user password of user on pi
- execute `ansible-playbook -i production --ask-vault-pass --extra-vars '@secrets.yml' pi.yml`
## Mikrotik
- Create rsa-key on your device and name it mikrotik_rsa
- On mikrotik run: `/user/ssh-keys/import public-key-file=mikrotik_rsa.pub user=tudattr`
- Create ssh-config entry:
```config
Host mikrotik
HostName 192.168.70.1
Port 2200
User tudattr
IdentityFile /mnt/veracrypt1/mikrotik_rsa
```
## Todo
- Role to setup backup
- Role to load customization/configurations from backup to servers
- aya01 fstab

1
.#README.md Symbolic link
View File

@ -0,0 +1 @@
tuan@genesis.977:1670174348

5
roles/backblaze/tasks/backup.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Loop over subelements of the dictionary - name: Backing up for "{{ inventory_hostname }}"
shell: shell:
cmd: "rclone -vv sync {{ item.1 }} secret:{{ item.1 }}" cmd: "rclone sync {{ item.1 }} secret:{{ item.1 }}"
when: item.0.key == inventory_hostname when: item.0.key == inventory_hostname
loop: "{{ backblaze_paths | dict2items | subelements('value') }}" loop: "{{ backblaze_paths | dict2items | subelements('value') }}"
become: true

2
roles/backblaze/tasks/config.yml
View File

@ -8,7 +8,7 @@
state: directory state: directory
become: true become: true
- name: Copy rclone config to "{{ inventory_hostname }}" - name: Copy "templates/{{ inventory_hostname }}/rclone.conf" config to "{{ inventory_hostname }}":"{{ rclone_config }}/rclone.conf"
template: template:
src: "templates/{{ inventory_hostname }}/rclone.conf" src: "templates/{{ inventory_hostname }}/rclone.conf"
dest: "{{ rclone_config }}/rclone.conf" dest: "{{ rclone_config }}/rclone.conf"

10
roles/backblaze/tasks/install.yml
View File

@ -1,13 +1,13 @@
--- ---
- name: Update and upgrade packages - name: Update and upgrade packages
apt: apt:
update_cache: yes update_cache: true
upgrade: yes upgrade: true
autoremove: yes autoremove: true
become: yes become: true
- name: Install rclone - name: Install rclone
apt: apt:
name: "rclone" name: "rclone"
state: present state: present
become: yes become: true