From b371e246a9bb610c976baee33278b68c4af58caa Mon Sep 17 00:00:00 2001
From: TuDatTr <tuan-dat.tran@tudattr.dev>
Date: Tue, 6 Dec 2022 16:36:21 +0100
Subject: [PATCH] Added zoneminder to aya01 (if I hadn't before) Added
 backblaze (todo documentation)

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
---
 README.md                                   | 12 ++++++-
 aya01.yml                                   |  1 +
 group_vars/all/vars.yml                     | 40 +++++++++++++++++++++
 pi.yml                                      |  2 ++
 roles/backblaze/tasks/backup.yml            |  6 ++++
 roles/backblaze/tasks/config.yml            | 18 ++++++++++
 roles/backblaze/tasks/install.yml           | 13 +++++++
 roles/backblaze/tasks/main.yml              |  5 +++
 roles/backblaze/templates/aya01/rclone.conf | 10 ++++++
 roles/backblaze/templates/pi/rclone.conf    | 10 ++++++
 roles/common/tasks/aya01_fstab.yml          | 21 +++++++++++
 roles/common/tasks/main.yml                 |  2 +-
 roles/docker/tasks/aya01_compose.yml        |  4 ++-
 roles/docker/tasks/main.yml                 |  4 +--
 roles/docker/templates/aya01/compose.yaml   | 11 +++---
 roles/docker/templates/pi/compose.yaml      |  2 +-
 16 files changed, 150 insertions(+), 11 deletions(-)
 create mode 100644 roles/backblaze/tasks/backup.yml
 create mode 100644 roles/backblaze/tasks/config.yml
 create mode 100644 roles/backblaze/tasks/install.yml
 create mode 100644 roles/backblaze/tasks/main.yml
 create mode 100644 roles/backblaze/templates/aya01/rclone.conf
 create mode 100644 roles/backblaze/templates/pi/rclone.conf

diff --git a/README.md b/README.md
index 32ad295..599417d 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@
   ```
   - copy public key to remote system
   `ssh-copy-id -i /mnt/veracrypt1/genesis.pub aya01`
-- Adjust ansible inventory
+- Add this host to ansible inventory
 - Install sudo on remote
 - add user to sudo group (with `su --login` without login the path will not be loaded correctly see [here](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754)) and `usermod -a -G sudo tudattr`
 - set time correctly when getting the following error
@@ -38,6 +38,16 @@ sudo systemctl stop ntp.service
 sudo ntpd -gq
 sudo systemctl start ntp.service
 ```
+### zoneminder
+- Enable authentification in (Option->System)
+- Create new Camera:
+  - General>Name: BirdCam
+  - General>Function: Ffmpeg
+  - General>Function: Modect
+  - Source>Source Path: `rtsp://user:pw@ip:554/cam/mpeg4`
+- Change default admin password
+- Create users
+
 
 
 ## RaspberryPi
diff --git a/aya01.yml b/aya01.yml
index 93bf0c2..9cb9a2d 100644
--- a/aya01.yml
+++ b/aya01.yml
@@ -4,5 +4,6 @@
   gather_facts: yes
   roles:
     - role: common
+    - role: backblaze
     - role: power_management
     - role: docker
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 767d06a..d261e82 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -4,6 +4,22 @@
 user: tudattr
 timezone: Europe/Berlin
 local_domain: borg.land
+rclone_config: "/root/.config/rclone/"
+
+
+#
+# aya01 - Disks
+#
+
+fstab_entries:
+- name: "config"
+  uuid: "4942deb8-707e-48b5-81e3-555ae3cda9ba"
+  type: "ext4"
+  path: "/opt/"
+- name: "media"
+  uuid: "c4c724ec-4fe3-4665-adf4-acd31d6b7f95"
+  type: "ext4"
+  path: "/media/"
 
 #
 # Packages
@@ -17,6 +33,7 @@ common_packages:
   - smartmontools
   - curl
   - tree
+  - rsync
   
 #
 # Docker
@@ -29,5 +46,28 @@ docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{
  
 docker_compose_dir: /opt/docker/compose
 docker_dir: /opt/docker/config
+docker_data_dir: /media/docker/data # only available on aya01
 
 mysql_user: user
+
+#
+# aya01
+# 
+
+zoneminder_config: "{{ docker_dir }}/zm/"
+zoneminder_data: "{{ docker_data_dir }}/zm/data"
+
+#
+# pi
+#
+
+#
+# backblaze
+#
+backblaze_paths:
+  aya01:
+    - "{{ docker_compose_dir }}"
+    - "{{ docker_dir }}"
+  pi:
+    - "{{ docker_compose_dir }}"
+    - "{{ docker_dir }}"
diff --git a/pi.yml b/pi.yml
index 436024c..17eaebb 100644
--- a/pi.yml
+++ b/pi.yml
@@ -4,4 +4,6 @@
   gather_facts: yes
   roles:
     - common
+    - backblaze
     - docker
+    
diff --git a/roles/backblaze/tasks/backup.yml b/roles/backblaze/tasks/backup.yml
new file mode 100644
index 0000000..f878afd
--- /dev/null
+++ b/roles/backblaze/tasks/backup.yml
@@ -0,0 +1,6 @@
+---
+- name: Loop over subelements of the dictionary
+  shell:
+    cmd: "rclone -vv sync {{ item.1 }} secret:{{ item.1 }}"
+  when: item.0.key == inventory_hostname
+  loop: "{{ backblaze_paths | dict2items | subelements('value') }}"
diff --git a/roles/backblaze/tasks/config.yml b/roles/backblaze/tasks/config.yml
new file mode 100644
index 0000000..bd0d15a
--- /dev/null
+++ b/roles/backblaze/tasks/config.yml
@@ -0,0 +1,18 @@
+---
+- name: Create rclone config folder at "{{ rclone_config }}"
+  file:
+    path: "{{ rclone_config }}"
+    owner: '0'
+    group: '0'
+    mode: '700'
+    state: directory
+  become: true
+
+- name: Copy rclone config to "{{ inventory_hostname }}"
+  template:
+    src: "templates/{{ inventory_hostname }}/rclone.conf"
+    dest: "{{ rclone_config }}/rclone.conf"
+    owner: '0'
+    group: '0'
+    mode: '400'
+  become: true
diff --git a/roles/backblaze/tasks/install.yml b/roles/backblaze/tasks/install.yml
new file mode 100644
index 0000000..9cb9f14
--- /dev/null
+++ b/roles/backblaze/tasks/install.yml
@@ -0,0 +1,13 @@
+---
+- name: Update and upgrade packages 
+  apt:
+    update_cache: yes
+    upgrade: yes
+    autoremove: yes
+  become: yes
+
+- name: Install rclone
+  apt:
+    name: "rclone"
+    state: present
+  become: yes
diff --git a/roles/backblaze/tasks/main.yml b/roles/backblaze/tasks/main.yml
new file mode 100644
index 0000000..9e7df93
--- /dev/null
+++ b/roles/backblaze/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+
+- include_tasks: install.yml
+- include_tasks: config.yml
+- include_tasks: backup.yml
diff --git a/roles/backblaze/templates/aya01/rclone.conf b/roles/backblaze/templates/aya01/rclone.conf
new file mode 100644
index 0000000..ebd8f06
--- /dev/null
+++ b/roles/backblaze/templates/aya01/rclone.conf
@@ -0,0 +1,10 @@
+[remote]
+type = b2
+account = {{ vault_backblaze_aya01_account }}
+key = {{ vault_backblaze_aya01_key }}
+
+[secret]
+type = crypt
+remote = remote:aya01-tudattr-dev
+password = {{ vault_rclone_aya01_password }}
+password2 = {{ vault_rclone_aya01_password2 }}
\ No newline at end of file
diff --git a/roles/backblaze/templates/pi/rclone.conf b/roles/backblaze/templates/pi/rclone.conf
new file mode 100644
index 0000000..9d5c0c7
--- /dev/null
+++ b/roles/backblaze/templates/pi/rclone.conf
@@ -0,0 +1,10 @@
+[remote]
+type = b2
+account = {{ vault_backblaze_pi_account }}
+key = {{ vault_backblaze_pi_key }}
+
+[secret]
+type = crypt
+remote = remote:pi-tudattr-dev
+password = {{ vault_rclone_pi_password }}
+password2 = {{ vault_rclone_pi_password2 }}
\ No newline at end of file
diff --git a/roles/common/tasks/aya01_fstab.yml b/roles/common/tasks/aya01_fstab.yml
index e69de29..e70c1eb 100644
--- a/roles/common/tasks/aya01_fstab.yml
+++ b/roles/common/tasks/aya01_fstab.yml
@@ -0,0 +1,21 @@
+---
+- name: Create folders to mount to
+  file:
+    path: "{{ item.path }}"
+    state: directory
+  loop: "{{ fstab_entries }}"
+  become: true
+
+- name: Create fstab entries
+  mount:
+    src: "UUID={{ item.uuid }}"
+    path: "{{ item.path }}"
+    fstype: "{{ item.type }}"
+    state: present
+    backup: true
+  loop: "{{ fstab_entries }}"
+  become: true
+
+- name: Mount all disks
+  command: mount -a
+  become: true
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 8169400..930b857 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -2,4 +2,4 @@
 - include_tasks: time.yml
 - include_tasks: essential.yml
 - include_tasks: aya01_fstab.yml
-  when: ansible_hostname == "aya01"
+  when: inventory_hostname == "aya01"
diff --git a/roles/docker/tasks/aya01_compose.yml b/roles/docker/tasks/aya01_compose.yml
index 0aa31b6..157a16c 100644
--- a/roles/docker/tasks/aya01_compose.yml
+++ b/roles/docker/tasks/aya01_compose.yml
@@ -6,7 +6,9 @@
     mode: '700'
     state: directory
   loop:
-    - "{{ docker_dir }}/zm/"
+    - "{{ zoneminder_data }}"
+    - "{{ zoneminder_config }}"
+  become: true
 
 # Todo, check if docker compose is running
 # - name: Shut down docker
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7be4290..c0c2a60 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -2,6 +2,6 @@
 - include_tasks: install.yml
 - include_tasks: user_group_setup.yml
 - include_tasks: pi_compose.yml
-  when: ansible_hostname == "pi"
+  when: inventory_hostname == "pi"
 - include_tasks: aya01_compose.yml
-  when: ansible_hostname == "aya01"
+  when: inventory_hostname == "aya01"
diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml
index b7457c6..b721f9c 100644
--- a/roles/docker/templates/aya01/compose.yaml
+++ b/roles/docker/templates/aya01/compose.yaml
@@ -7,7 +7,7 @@ services:
       - zoneminder
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
-      - "{{ docker_dir }}/zm/db:/var/lib/mysql"
+      - "{{ zoneminder_config}}/db:/var/lib/mysql"
     environment:
       - "MYSQL_DATABASE=zm"
       - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
@@ -30,9 +30,9 @@ services:
       - net
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
-      - "{{ docker_dir }}/zm/data:/data"
-      - "{{ docker_dir }}/zm/config:/config"
-      - "{{ docker_dir }}/zm/log:/log"
+      - "{{ zoneminder_data }}:/data"
+      - "{{ zoneminder_config }}/config:/config"
+      - "{{ zoneminder_config }}/log:/log"
       - type: tmpfs
         target: /dev/shm
         tmpfs:
@@ -51,7 +51,8 @@ networks:
   net:
     driver: bridge
     ipam:
-      driver: default
+#      driver: default
       config:
         - subnet: 172.16.69.0/24
+          ip_range: 172.28.69.0/24
           gateway: 172.16.69.1
diff --git a/roles/docker/templates/pi/compose.yaml b/roles/docker/templates/pi/compose.yaml
index 084fe7e..c6649ef 100644
--- a/roles/docker/templates/pi/compose.yaml
+++ b/roles/docker/templates/pi/compose.yaml
@@ -80,7 +80,7 @@ networks:
   net:
     driver: bridge
     ipam:
-      driver: default
+#      driver: default
       config:
         - subnet: 172.16.69.0/24
           gateway: 172.16.69.1