Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/cinc-repo/policyfiles/lxd101.rb
Benoit 65be894048 Archive abandoned project
2025-02-15 01:05:58 +09:00

253 lines
5.9 KiB
Ruby
Raw Blame History

name 'lxd101'
###
# Cookbooks location
###
# ESH
default_source :chef_repo, '../cookbooks'
# Community
default_source :supermarket, 'https://supermarket.chef.io'
###
# Run List
###
run_list %w(
esh_system::hostname
esh_system::postfix
esh_wireguard::peer
esh_zfs::package
esh_zfs::pool
esh_zfs::scrub
esh_lxd::setup
esh_lxd::containers
esh_lxd::resolved
esh_zfs::autobackup
esh_borgmatic::setup
)
###
# Attributes
###
###
# esh_system
###
default['esh']['system']['hostname']['fqdn'] = 'lxd101.home.arpa'
###
# esh_wireguard
###
default['esh']['wireguard']['peer']['privkey'] = '='
default['esh']['wireguard']['peer']['pubkey'] = '3HNAZfx02qnpw2Tglrjs7KEnO3lUz1SZ/xUZUYGV6mo='
default['esh']['wireguard']['server']['pubkey'] = '3JJ00aMP/1mPJeUW0sci4dIK4S4XBiTWWaBgZgq+LCQ='
default['esh']['wireguard']['peer']['address'] = '10.10.10.3/24, fdaf:345d:a5fc::3/64'
#default['esh']['wireguard']['peer']['dns'] = '108.61.10.10 2001:19f0:300:1704::6'
default['esh']['wireguard']['peer']['allowedips'] = '0.0.0.0/0, ::0/0'
default['esh']['wireguard']['peer']['endpoint'] = 'gtw.benoit.jp.net:51820'
###
# esh_zfs
###
default['esh']['zfs']['pools'] = {
'nvme': {
'mount_point': 'none',
'ashift': 12,
'autotrim': 'on',
'lz4_compress': 'enabled',
'compression': 'on',
'dedup': 'on',
'target': '/dev/vdb',
},
'hdd': {
'mount_point': 'none',
'ashift': 12,
'autotrim': 'off',
'lz4_compress': 'enabled',
'compression': 'on',
'dedup': 'on',
'target': '/dev/vdc',
},
}
default['esh']['zfs']['scrub']['hc_url'] = 'https://hc-ping.com/'
default['esh']['zfs']['autobackup']['src'] = "#{default['esh']['zfs']['pools'].keys[0]}/custom"
default['esh']['zfs']['autobackup']['dst'] = "#{default['esh']['zfs']['pools'].keys[1]}/custom"
###
# esh_lxd
###
# MTU need to be set to 1340 when using wireguard on the host
# Otherwise, default value of 1500 is fine, no need to set
default['esh']['lxd']['mtu'] = 1340
# mkdocs, need to rename laminar to mkdocs-laminar
default['esh']['lxd']['containers'] = {
'archive': {
'type': 'lxc',
'image': 'alpine/edge',
'volumes': {
'archive-www': {
'pool': 'nvme',
'path': '/var/www',
},
},
},
'git': {
'type': 'lxc',
'cookbook': 'esh_forgejo',
'image': 'ubuntu/jammy',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'git-gitea': {
'pool': 'nvme',
'path': '/var/lib/gitea',
},
'git-mysql': {
'pool': 'nvme',
'path': '/var/lib/mysql',
},
},
},
'kb': {
'type': 'lxc',
'cookbook': 'esh_kanboard',
'image': 'ubuntu/jammy',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'kb-www': {
'pool': 'nvme',
'path': '/var/www',
},
},
},
'pwd': {
'type': 'lxc',
'cookbook': 'esh_vaultwarden',
'image': 'ubuntu/jammy',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'pwd-vaultwarden': {
'pool': 'nvme',
'path': '/var/lib/vaultwarden',
},
},
},
'flux': {
'type': 'lxc',
'cookbook': 'esh_miniflux',
'image': 'ubuntu/jammy',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'flux-postgresql': {
'pool': 'nvme',
'path': '/var/lib/postgresql',
},
},
},
'dns': {
'type': 'lxc',
'cookbook': 'esh_adguard',
'image': 'ubuntu/jammy',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'flux-adguard': {
'pool': 'nvme',
'path': '/var/lib/adguard',
},
},
},
'mkdocs': {
'type': 'lxc',
'cookbook': 'esh_mkdocs',
'image': 'debian/11',
'cinc_flavor': 'debian/11',
'volumes': {
'laminar': {
'pool': 'nvme',
'path': '/var/lib/laminar',
},
},
},
'mail': {
'type': 'vm',
'mem': '4GiB',
'cpu': '4',
'disk': '15GiB',
'cookbook': 'esh_mailcow',
'image': 'ubuntu/jammy/cloud',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'mail-docker': {
'pool': 'nvme',
'path': '/var/lib/docker/volumes',
},
'mail-opt': {
'pool': 'nvme',
'path': '/opt',
},
},
},
'photos': {
'type': 'vm',
'mem': '4GiB',
'cpu': '4',
'disk': '10GiB',
'cookbook': 'esh_photoprism',
'image': 'ubuntu/jammy/cloud',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'photos-originals': {
'pool': 'nvme',
'path': '/var/lib/photos-originals',
},
'photos-storage': {
'pool': 'nvme',
'path': '/var/lib/photos-storage',
},
'photos-mysql': {
'pool': 'nvme',
'path': '/var/lib/mysql',
},
},
},
'ytb': {
'type': 'vm',
'mem': '2GiB',
'cpu': '4',
'disk': '10GiB',
'cookbook': 'esh_piped',
'image': 'ubuntu/jammy/cloud',
'cinc_flavor': 'ubuntu/22.04',
'volumes': {
'ytb-postgresql': {
'pool': 'nvme',
'path': '/var/lib/postgresql',
},
},
},
}
###
# esh_borgmatic
###
default['esh']['borgmatic']['ssh_priv'] = <<~EOT
EOT
default['esh']['borgmatic']['ssh_pub'] = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqqdXPFhbZovVg3iBxBjqp+us461HIbKaduldRs587z borgmatic@lxd101'
default['esh']['borgmatic']['config']['repo_passphrase'] = ''
default['esh']['borgmatic']['config']['repo'] = 'iu7hbr8r@iu7hbr8r.repo.borgbase.com:repo'
default['esh']['borgmatic']['config']['location_src'] = "#{default['esh']['zfs']['pools'].keys[1]}/#{default['esh']['zfs']['pools'].keys[0]}/custom"
default['esh']['borgmatic']['config']['healthchecks'] = 'https://hc-ping.com/'
default['esh']['borgmatic']['config']['before_backup'] = [
'lxc exec photos -- sh -c "docker exec -u 999 -t photoprism-mariadb-1 sh -c \'mysqldump -u photoprism --password= --opt --force --hex-blob photoprism > /var/lib/mysql/photoprism.sql\'"',
'lxc exec ytb -- sh -c "docker exec -u 999 -t postgres sh -c \'pg_dump -U piped piped > /var/lib/postgresql/data/piped.sql\'"',
]
default['esh']['borgmatic']['timer'] = '*-*-* 21:00:00'
Reference in a new issue View git blame Copy permalink