173 lines
4.3 KiB
YAML
173 lines
4.3 KiB
YAML
---
|
|
- name: register kernel version
|
|
ansible.builtin.shell:
|
|
cmd: uname -r
|
|
check_mode: no
|
|
register: kernel_version
|
|
|
|
- name: check if zfs kernel module exists
|
|
ansible.builtin.stat:
|
|
path: /lib/modules/{{ kernel_version.stdout }}/updates/dkms/zfs.ko.zst
|
|
register: zfs_module
|
|
|
|
- block:
|
|
# TODO add when condition to skip this block if module exists
|
|
- name: install zfs prerequisites
|
|
become: true
|
|
community.general.pacman:
|
|
name: "{{ zfs_prereq_packages }}"
|
|
state: latest
|
|
update_cache: true
|
|
when:
|
|
- ansible_os_family == 'Arch'
|
|
|
|
- name: add gpg parameters file from template
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: key-params.j2
|
|
dest: /root/key-params
|
|
owner: root
|
|
group: root
|
|
mode: 0660
|
|
|
|
- name: generate gpg key for root
|
|
become: true
|
|
ansible.builtin.shell:
|
|
cmd: gpg --batch --gen-key /root/key-params
|
|
|
|
- name: import zfs signing key
|
|
become: true
|
|
ansible.builtin.shell:
|
|
cmd: gpg --receive-keys {{ aur_zfs_key_fingerprint|quote }}
|
|
|
|
- name: trust zfs signing key
|
|
become: true
|
|
ansible.builtin.shell:
|
|
cmd: gpg --quick-lsign-key {{ aur_zfs_key_fingerprint|quote }}
|
|
|
|
- name: install zfs module
|
|
become: true
|
|
community.general.pacman:
|
|
executable: /usr/bin/pikaur
|
|
name: "{{ zfs_packages }}"
|
|
state: latest
|
|
update_cache: true
|
|
when:
|
|
- ansible_os_family == 'Arch'
|
|
|
|
- name: set zfs module parameters
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: zfs.conf.j2
|
|
dest: /etc/modprobe.d/zfs.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0664
|
|
|
|
- name: load zfs module
|
|
become: true
|
|
community.general.modprobe:
|
|
name: zfs
|
|
state: present
|
|
|
|
- name: enable zfs services
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: yes
|
|
loop:
|
|
- zfs-import-cache.service
|
|
- zfs-mount.service
|
|
- zfs.target
|
|
when: not zfs_module.stat.exists
|
|
|
|
- name: check if zpool exists
|
|
community.general.zpool_facts:
|
|
name: "{{ zfs_zpool_name }}"
|
|
|
|
- name: create zpool
|
|
become: true
|
|
ansible.builtin.shell:
|
|
cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }}
|
|
when: ansible_zfs_pools[0].name != zfs_zpool_name
|
|
|
|
- name: check if zfs dataset exists
|
|
community.general.zfs_facts:
|
|
name: "{{ zfs_backup_dataset }}"
|
|
|
|
- name: create backup zfs dataset
|
|
community.general.zfs:
|
|
name: "{{ zfs_backup_dataset }}"
|
|
state: present
|
|
extra_zfs_properties:
|
|
canmount: off
|
|
mountpoint: none
|
|
primarycache: none
|
|
secondarycache: none
|
|
reservation: none
|
|
refreservation: none
|
|
dedup: off
|
|
encryption: off
|
|
volmode: dev
|
|
devices: off
|
|
atime: off
|
|
when: ansible_zfs_datasets[0].name != zfs_backup_dataset
|
|
|
|
- name: create zfs receive user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: zfs-recv
|
|
shell: /bin/bash
|
|
state: present
|
|
create_home: yes
|
|
|
|
- name: add ssh directory for zfs receive user
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /home/zfs-recv/.ssh
|
|
state: directory
|
|
owner: zfs-recv
|
|
group: zfs-recv
|
|
mode: 0755
|
|
|
|
- name: add authorized key for zfs receive user
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: zfs-recv_authorized_keys
|
|
dest: /home/zfs-recv/.ssh/authorized_keys
|
|
owner: zfs-recv
|
|
group: zfs-recv
|
|
mode: 0644
|
|
|
|
- name: add zfs delegated permission for zfs-recv user
|
|
become: true
|
|
community.general.zfs_delegate_admin:
|
|
name: "{{ zfs_backup_dataset }}"
|
|
local: yes
|
|
descendents: yes
|
|
state: present
|
|
users:
|
|
- zfs-recv
|
|
permissions:
|
|
- compression
|
|
- mountpoint
|
|
- create
|
|
- mount
|
|
- receive
|
|
- rollback
|
|
- recordsize
|
|
|
|
# Adjust offset from 1H to 1D in zfs-scrub-monthly@{{ zfs-pool }}.timer
|
|
|
|
# TODO enable/start zfs-scrub-monthly@{{ zfs-pool }}.timer
|
|
|
|
# TODO configure /etc/zfs/zed.d/zed.rc
|
|
|
|
# TODO enable/start zfs-zed.service
|
|
|
|
# TODO possible configure /etc/conf.d/smartdargs
|
|
|
|
# TODO configure /etc/smartd.conf
|
|
|
|
# TODO enable/start smartd.service |