| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 |
- ---
- - hosts: nas
- gather_facts: true
- become: true
- roles:
- - snapraid
- - mergerfs
- - linux-system-roles.firewall
- - linux-system-roles.selinux
- - vladgh.samba.server
- vars_files:
- - "{{ inventory_dir }}/vars/vault.yaml"
- vars:
- # don't allow playbook to auto reboot server when changes are made to mountpoints
- ALLOW_REBOOT_ON_STORAGE_CHANGE: False
- samba_guest_account: "{{ vaulted_media_user }}"
- samba_map_to_guest: bad user
- samba_netbios_name: "{{ ansible_hostname }}"
- samba_load_printers: false
- samba_mitigate_cve_2017_7494: false # enabling this breaks share browsing plus this is already mitigated by SELinux
- samba_shares_root: /mergerfs
- samba_users:
- - name: "{{ vaulted_media_user }}"
- password: "{{ vaulted_media_password }}"
- samba_shares:
- - name: Data
- path: /mergerfs/public
- force_create_mode: '0664'
- force_directory_mode: '0775'
- guest_ok: "yes"
- writable: "yes"
- public: "yes"
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - name: private
- path: /mergerfs/private
- force_create_mode: '0664'
- force_directory_mode: '0775'
- valid_users: "{{ vaulted_media_user }}"
- write_list: "{{ vaulted_media_user }}"
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- snapraid_parity_disks:
- - path: /mnt/parity1
- parity: parity
- disk: /dev/mapper/luks-parity1
- crypted_disk: /dev/disk/by-id/ata-WDC_WD140EFGX-68B0GN0_9LJB0KBG
- opts: _netdev
- - path: /mnt/parity2
- parity: 2-parity
- disk: /dev/mapper/luks-parity2
- crypted_disk: /dev/disk/by-id/ata-WDC_WD161KFGX-68AFPN0_3HH7TZHN
- opts: _netdev
- snapraid_data_disks:
- - path: /mnt/disk1
- disk: /dev/mapper/luks-disk1
- crypted_disk: /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VCJW0TDP
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/disk2
- disk: /dev/mapper/luks-disk2
- crypted_disk: /dev/disk/by-id/ata-WDC_WD101EFAX-68LDBN0_VCG6YNSN
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/disk3
- disk: /dev/mapper/luks-disk3
- crypted_disk: /dev/disk/by-id/ata-WDC_WD101EFAX-68LDBN0_VCG6VGPN
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/disk4
- disk: /dev/mapper/luks-disk4
- crypted_disk: /dev/disk/by-id/ata-WDC_WD140EFGX-68B0GN0_9LJ4N5JG
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/disk5
- disk: /dev/mapper/luks-disk5
- crypted_disk: /dev/disk/by-id/ata-WDC_WD101EFAX-68LDBN0_VCG7HUBN
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/disk6
- disk: /dev/mapper/luks-disk6
- crypted_disk: /dev/disk/by-id/ata-WDC_WD101EFAX-68LDBN0_VCG6YXAN
- opts: _netdev
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- mergerfs_disks: "{{ snapraid_data_disks }}"
- mergerfs_fstab:
- - path: /mergerfs
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- source: /mnt/disk*
- opts:
- - allow_other
- - minfreespace=10G
- - category.create=mfs
- - use_ino
- - func.getattr=newest
- - fsname=mergerfs
- - _netdev
- - nonempty
- selinux_booleans:
- - name: samba_share_fusefs
- state: on
- persistent: yes
- firewall:
- - service: samba
- state: enabled
- - service: netbios-ns
- state: enabled
- server_notifications_topic: "{{ vaulted_server_notifications_topic }}"
- pre_tasks:
- - name: Create Media Group
- group:
- name: "{{ vaulted_media_group }}"
- gid: "{{ vaulted_media_gid }}"
- - name: Create Media User
- user:
- name: "{{ vaulted_media_user }}"
- uid: "{{ vaulted_media_uid }}"
- groups: "{{ vaulted_media_group }}"
- append: yes
- shell: /bin/bash
- - name: Ensure disks are configured in /etc/crypttab
- lineinfile:
- path: /etc/crypttab
- regexp: '^{{ item.disk | split("/") | last }}'
- line: '{{ item.disk | split("/") | last }} {{ item.crypted_disk }} none {{ item.opts }}'
- with_items:
- - "{{ snapraid_parity_disks }}"
- - "{{ snapraid_data_disks }}"
- notify:
- - Reboot
- - name: Ensure disks are configured in /etc/fstab
- mount:
- path: "{{ item.path }}"
- src: "{{ item.disk }}"
- fstype: xfs
- opts: "{{ item.opts }}"
- state: present
- with_items:
- - "{{ snapraid_parity_disks }}"
- - "{{ snapraid_data_disks }}"
- notify:
- - Reboot
- - name: Ensure mountpoints exist
- file:
- path: "{{ item.path }}"
- state: directory
- with_items:
- - "{{ snapraid_parity_disks }}"
- - "{{ snapraid_data_disks }}"
- notify:
- - Reboot
- - meta: flush_handlers
-
- handlers:
- - name: Reboot
- reboot:
- post_reboot_delay: 120 # wait 2 minutes for disks to fully decrypt and mount themselves
- when:
- - ALLOW_REBOOT_ON_STORAGE_CHANGE == True
|
