name 'lxd101' ### # Cookbooks location ### # ESH default_source :chef_repo, '../cookbooks' # Community default_source :supermarket, 'https://supermarket.chef.io' ### # Run List ### run_list %w( esh_system::hostname esh_system::postfix esh_wireguard::peer esh_zfs::package esh_zfs::pool esh_zfs::scrub esh_lxd::setup esh_lxd::containers esh_lxd::resolved esh_zfs::autobackup esh_borgmatic::setup ) ### # Attributes ### ### # esh_system ### default['esh']['system']['hostname']['fqdn'] = 'lxd101.home.arpa' ### # esh_wireguard ### default['esh']['wireguard']['peer']['privkey'] = '=' default['esh']['wireguard']['peer']['pubkey'] = '3HNAZfx02qnpw2Tglrjs7KEnO3lUz1SZ/xUZUYGV6mo=' default['esh']['wireguard']['server']['pubkey'] = '3JJ00aMP/1mPJeUW0sci4dIK4S4XBiTWWaBgZgq+LCQ=' default['esh']['wireguard']['peer']['address'] = '10.10.10.3/24, fdaf:345d:a5fc::3/64' #default['esh']['wireguard']['peer']['dns'] = '108.61.10.10 2001:19f0:300:1704::6' default['esh']['wireguard']['peer']['allowedips'] = '0.0.0.0/0, ::0/0' default['esh']['wireguard']['peer']['endpoint'] = 'gtw.benoit.jp.net:51820' ### # esh_zfs ### default['esh']['zfs']['pools'] = { 'nvme': { 'mount_point': 'none', 'ashift': 12, 'autotrim': 'on', 'lz4_compress': 'enabled', 'compression': 'on', 'dedup': 'on', 'target': '/dev/vdb', }, 'hdd': { 'mount_point': 'none', 'ashift': 12, 'autotrim': 'off', 'lz4_compress': 'enabled', 'compression': 'on', 'dedup': 'on', 'target': '/dev/vdc', }, } default['esh']['zfs']['scrub']['hc_url'] = 'https://hc-ping.com/' default['esh']['zfs']['autobackup']['src'] = "#{default['esh']['zfs']['pools'].keys[0]}/custom" default['esh']['zfs']['autobackup']['dst'] = "#{default['esh']['zfs']['pools'].keys[1]}/custom" ### # esh_lxd ### # MTU need to be set to 1340 when using wireguard on the host # Otherwise, default value of 1500 is fine, no need to set default['esh']['lxd']['mtu'] = 1340 # mkdocs, need to rename laminar to mkdocs-laminar default['esh']['lxd']['containers'] = { 'archive': { 'type': 'lxc', 'image': 'alpine/edge', 'volumes': { 'archive-www': { 'pool': 'nvme', 'path': '/var/www', }, }, }, 'git': { 'type': 'lxc', 'cookbook': 'esh_forgejo', 'image': 'ubuntu/jammy', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'git-gitea': { 'pool': 'nvme', 'path': '/var/lib/gitea', }, 'git-mysql': { 'pool': 'nvme', 'path': '/var/lib/mysql', }, }, }, 'kb': { 'type': 'lxc', 'cookbook': 'esh_kanboard', 'image': 'ubuntu/jammy', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'kb-www': { 'pool': 'nvme', 'path': '/var/www', }, }, }, 'pwd': { 'type': 'lxc', 'cookbook': 'esh_vaultwarden', 'image': 'ubuntu/jammy', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'pwd-vaultwarden': { 'pool': 'nvme', 'path': '/var/lib/vaultwarden', }, }, }, 'flux': { 'type': 'lxc', 'cookbook': 'esh_miniflux', 'image': 'ubuntu/jammy', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'flux-postgresql': { 'pool': 'nvme', 'path': '/var/lib/postgresql', }, }, }, 'dns': { 'type': 'lxc', 'cookbook': 'esh_adguard', 'image': 'ubuntu/jammy', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'flux-adguard': { 'pool': 'nvme', 'path': '/var/lib/adguard', }, }, }, 'mkdocs': { 'type': 'lxc', 'cookbook': 'esh_mkdocs', 'image': 'debian/11', 'cinc_flavor': 'debian/11', 'volumes': { 'laminar': { 'pool': 'nvme', 'path': '/var/lib/laminar', }, }, }, 'mail': { 'type': 'vm', 'mem': '4GiB', 'cpu': '4', 'disk': '15GiB', 'cookbook': 'esh_mailcow', 'image': 'ubuntu/jammy/cloud', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'mail-docker': { 'pool': 'nvme', 'path': '/var/lib/docker/volumes', }, 'mail-opt': { 'pool': 'nvme', 'path': '/opt', }, }, }, 'photos': { 'type': 'vm', 'mem': '4GiB', 'cpu': '4', 'disk': '10GiB', 'cookbook': 'esh_photoprism', 'image': 'ubuntu/jammy/cloud', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'photos-originals': { 'pool': 'nvme', 'path': '/var/lib/photos-originals', }, 'photos-storage': { 'pool': 'nvme', 'path': '/var/lib/photos-storage', }, 'photos-mysql': { 'pool': 'nvme', 'path': '/var/lib/mysql', }, }, }, 'ytb': { 'type': 'vm', 'mem': '2GiB', 'cpu': '4', 'disk': '10GiB', 'cookbook': 'esh_piped', 'image': 'ubuntu/jammy/cloud', 'cinc_flavor': 'ubuntu/22.04', 'volumes': { 'ytb-postgresql': { 'pool': 'nvme', 'path': '/var/lib/postgresql', }, }, }, } ### # esh_borgmatic ### default['esh']['borgmatic']['ssh_priv'] = <<~EOT EOT default['esh']['borgmatic']['ssh_pub'] = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqqdXPFhbZovVg3iBxBjqp+us461HIbKaduldRs587z borgmatic@lxd101' default['esh']['borgmatic']['config']['repo_passphrase'] = '' default['esh']['borgmatic']['config']['repo'] = 'iu7hbr8r@iu7hbr8r.repo.borgbase.com:repo' default['esh']['borgmatic']['config']['location_src'] = "#{default['esh']['zfs']['pools'].keys[1]}/#{default['esh']['zfs']['pools'].keys[0]}/custom" default['esh']['borgmatic']['config']['healthchecks'] = 'https://hc-ping.com/' default['esh']['borgmatic']['config']['before_backup'] = [ 'lxc exec photos -- sh -c "docker exec -u 999 -t photoprism-mariadb-1 sh -c \'mysqldump -u photoprism --password= --opt --force --hex-blob photoprism > /var/lib/mysql/photoprism.sql\'"', 'lxc exec ytb -- sh -c "docker exec -u 999 -t postgres sh -c \'pg_dump -U piped piped > /var/lib/postgresql/data/piped.sql\'"', ] default['esh']['borgmatic']['timer'] = '*-*-* 21:00:00'