--- - name: register kernel version ansible.builtin.shell: cmd: uname -r check_mode: no register: kernel_version - name: check if zfs kernel module exists ansible.builtin.stat: path: /lib/modules/{{ kernel_version.stdout }}/updates/dkms/zfs.ko.zst register: zfs_module - block: - name: install zfs prerequisites become: true community.general.pacman: name: "{{ zfs_prereq_packages }}" state: latest update_cache: true when: - ansible_os_family == 'Arch' - name: add gpg parameters file from template become: true ansible.builtin.template: src: key-params.j2 dest: /root/key-params owner: root group: root mode: 0660 - name: generate gpg key for root become: true ansible.builtin.shell: cmd: gpg --batch --gen-key /root/key-params - name: import zfs signing key become: true ansible.builtin.shell: cmd: gpg --receive-keys {{ aur_zfs_key_fingerprint|quote }} - name: trust zfs signing key become: true ansible.builtin.shell: cmd: gpg --quick-lsign-key {{ aur_zfs_key_fingerprint|quote }} - name: install zfs module become: true community.general.pacman: executable: /usr/bin/pikaur name: "{{ zfs_packages }}" state: latest update_cache: true when: - ansible_os_family == 'Arch' - name: set zfs module parameters become: true ansible.builtin.template: src: zfs.conf.j2 dest: /etc/modprobe.d/zfs.conf owner: root group: root mode: 0664 - name: load zfs module become: true community.general.modprobe: name: zfs state: present - name: enable zfs services become: true ansible.builtin.service: name: "{{ item }}" state: started enabled: yes loop: - zfs-import-cache.service - zfs-mount.service - zfs.target when: not zfs_module.stat.exists - name: check if zpool exists community.general.zpool_facts: name: "{{ zfs_zpool_name }}" - name: create zpool become: true ansible.builtin.shell: cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }} when: ansible_zfs_pools[0].name != zfs_zpool_name - name: check if zfs dataset exists community.general.zfs_facts: name: "{{ zfs_backup_dataset }}" - name: create backup zfs dataset community.general.zfs: name: "{{ zfs_backup_dataset }}" state: present extra_zfs_properties: canmount: off mountpoint: none primarycache: none secondarycache: none reservation: none refreservation: none dedup: off encryption: off volmode: dev devices: off atime: off when: ansible_zfs_datasets[0].name != zfs_backup_dataset - name: create zfs receive user become: true ansible.builtin.user: name: zfs-recv shell: /bin/bash state: present create_home: yes - name: add ssh directory for zfs receive user become: true ansible.builtin.file: path: /home/zfs-recv/.ssh state: directory owner: zfs-recv group: zfs-recv mode: 0755 - name: add authorized key for zfs receive user become: true ansible.builtin.copy: src: zfs-recv_authorized_keys dest: /home/zfs-recv/.ssh/authorized_keys owner: zfs-recv group: zfs-recv mode: 0644 - name: add zfs delegated permission for zfs-recv user become: true community.general.zfs_delegate_admin: name: "{{ zfs_backup_dataset }}" local: yes descendents: yes state: present users: - zfs-recv permissions: - compression - mountpoint - create - mount - receive - rollback - recordsize