zfs conditionals and delegated perms

ansible/roles/zfs-install/defaults/main.yml

@@ -6,6 +6,7 @@ zfs_prereq_packages:
 zfs_packages:
   - zfs-utils
   - zfs-dkms
+  - mbuffer
 zfs_arc_min: '1073741824' 
 zfs_arc_max: '4294967296'
 zfs_zpool_ashift: '12'

ansible/roles/zfs-install/files/zfs-recv_authorized_keys

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+6ruP8XcCD3nWS9z0hp+Hnf6pxoL1nF4I0L9g9/3Sr zfs-recv@lab.balsillie.net

ansible/roles/zfs-install/tasks/main.yml

@@ -1,4 +1,16 @@
 ---
+- name: register kernel version
+  ansible.builtin.shell: 
+    cmd: uname -r
+  check_mode: no
+  register: kernel_version
+
+- name: check if zfs kernel module exists
+  ansible.builtin.stat:
+    path: /lib/modules/{{ kernel_version.stdout }}/updates/dkms/zfs.ko.zst
+  register: zfs_module
+
+- block:
   - name: install zfs prerequisites
     become: true
     community.general.pacman:
@@ -57,11 +69,6 @@
       name: zfs
       state: present
 
-- name: create zpool
-  become: true
-  ansible.builtin.shell:
-    cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }} 
-
   - name: enable zfs services
     become: true
     ansible.builtin.service:
@@ -72,6 +79,21 @@
       - zfs-import-cache.service
       - zfs-mount.service
       - zfs.target
+  when: not zfs_module.stat.exists 
+
+- name: check if zpool exists
+  community.general.zpool_facts: 
+    name: "{{ zfs_zpool_name }}"
+
+- name: create zpool
+  become: true
+  ansible.builtin.shell:
+    cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }} 
+  when: ansible_zfs_pools[0].name != zfs_zpool_name
+
+- name: check if zfs dataset exists
+  community.general.zfs_facts:
+    name: "{{ zfs_backup_dataset }}"
 
 - name: create backup zfs dataset
   community.general.zfs:
@@ -89,3 +111,48 @@
       volmode: dev
       devices: off
       atime: off
+  when: ansible_zfs_datasets[0].name != zfs_backup_dataset
+
+- name: create zfs receive user
+  become: true
+  ansible.builtin.user:
+    name: zfs-recv
+    shell: /bin/bash
+    state: present
+    create_home: yes
+
+- name: add ssh directory for zfs receive user
+  become: true
+  ansible.builtin.file:
+    path: /home/zfs-recv/.ssh
+    state: directory
+    owner: zfs-recv
+    group: zfs-recv
+    mode: 0755
+
+- name: add authorized key for zfs receive user
+  become: true
+  ansible.builtin.copy:
+    src: zfs-recv_authorized_keys
+    dest: /home/zfs-recv/.ssh/authorized_keys
+    owner: zfs-recv
+    group: zfs-recv
+    mode: 0644
+
+- name: add zfs delegated permission for zfs-recv user
+  become: true
+  community.general.zfs_delegate_admin:
+    name: "{{ zfs_backup_dataset }}"
+    local: yes
+    descendents: yes
+    state: present
+    users:
+      - zfs-recv
+    permissions:
+      - compression
+      - mountpoint
+      - create
+      - mount
+      - receive
+      - rollback
+      - recordsize