Branch lxd.local

2021-03-20 09:38:57 +09:00 · 2021-03-20 09:38:57 +09:00 · 1eaf6359b3
commit 1eaf6359b3
parent d4f81fa689
6 changed files with 38 additions and 168 deletions
--- a/group_data/all.py
+++ b/group_data/all.py
@ -9,9 +9,9 @@ def get_secret(crypted_value):
 b_borg_passphrase = get_secret(b'1$2$o9juQh0wvpWhOsXHhh-xyimKIpWAUOk9MgLeSHiM_NA=$Z0FBQUFBQmdGb3U0RmNfaDdYYkVfU1pvdW9SbXFJMC1GN2FsSXJoTVpkVENaRlN1V2ZiOVNpalk2Z28zS3R5bFRWMkh3VnQ4cFhIZVhtWVphWDhwQi00ejJsWS1pMkZMSGhvTnlVTi15aTBLejdTTHVjdGZLYUtqRUY0Wm9Lc19ISTZ3Wkc1SHJFLWNIMUNtekFXMzFBV1BMN1hNZlludG5xMU9WdkNPM3lwaDZfWFpESExaVHdFPQ==')
 borg_passphrase = b_borg_passphrase.decode('utf-8')

-b_borg_healthchecks = get_secret(b'1$2$AbHQ2WFelnJfIi5SjEtgAugd3xHSJDfikh0RBV3QY80=$Z0FBQUFBQmdGOWdKZnp1d3B0YUJUck9kOVNBVWxTRjJZZnpubUZmNmV0cmlCUm9kLUhYNndqWkhMOG5WQU44ZUVMQ2lEdW1jLUhSOTJub0VMZWFWdHBBb0JKdVptanNCQ2xyQXQ2cEdfMjBaUy00Y2dlcnJzc1ViaE5sQ0RUUS1idkViQ0hOOWdRWUlqZElQSlAzYmpjSUl5bjNuTDhDLTNBPT0=')
+b_borg_healthchecks = get_secret(b'1$2$qCFfK9b1A2D-xf3oEJ5uwOt1r3QOm0DJGsi_hKKjk0Q=$Z0FBQUFBQmdVeFFnZ0c1SUhhSzNBQ3h3MzRxLXd1b1luSjl6NjcxdzdxdjBFU3pncG1jSVYySFNlV0dZdU5VaU0wRVkxSEJveU01RU9Oby1uU1U5dXExQXlKNG9xNmxMeDRfNW9tUXprSzVFaWFYdWlya0V0TmlWQ1ZDdk5JRUhrdVFXdW5LOFh4ODNnak1RcGJIOVI5SDFtN3g1T1pWMkh3PT0=')
 borg_healthchecks = b_borg_healthchecks.decode('utf-8')

-b_zfs_healthchecks = get_secret(b'1$2$dsh3T6POjU9RvOqr_Itg1paAckP4K2cIRN8L22OsGVo=$Z0FBQUFBQmdIa21UYUtGeVdmLWNvbGhYUDNfNzdTd0gwN21ISHRTV3B6SDBrTFA4aTRCaF84bWY5UlhYV3RSOUxsekRyTVd4REhqczZTTW00WHhzSjJSV2JuNjZ5NXdGWmtrQjFkWjNNdmZYTm4xMXUxOHlYNlpJb0pGQmoyb0JTajRjanQwMHlEUzhUSTNjRFlXenBwdDRTMzA5c2NzeFJBPT0=')
+b_zfs_healthchecks = get_secret(b'1$2$Km9O6WZsSvCsvwcPxl0v27FXK6ZiI05OOThCLGmp0iI=$Z0FBQUFBQmdVVmRQS1F4SllzWWxkLU9UYjNQMXBaYmZIUFAxN0Q2dmh6S2M0ZHQwMUxra1R2aTZEbWVqeG9jRGZYeUtla1FncEFMMFc0VHg1ZXZoeDl6WWgzdUFMMHNiQ3J5Y1hmTzFXTlg4bVFGQjVUVndyNWt3VUZ2ZUI5OGU1UzlVQkhaSlFhc2pna3dCLTNzT051cGw0a1MyNWRqM1Z3PT0=')
 zfs_healthchecks = b_zfs_healthchecks.decode('utf-8')

--- a/inventory.py
+++ b/inventory.py
@ -1 +1 @@
-my_hosts = ['lxd10.benpro.fr']
+my_hosts = ['lxd.local']
--- a/setup-backup.py
+++ b/setup-backup.py
@ -20,13 +20,13 @@ files.directory(
 if not host.fact.command('zfs list | grep exports || true'):
    server.shell(
        name='Create ZFS volume exports',
-        commands=['zfs create local/exports -o mountpoint=/var/backups/lxd']
+        commands=['zfs create backup/exports -o mountpoint=/var/backups/lxd']
    )

 if not host.fact.command('mount | grep exports || true'):
    server.shell(
-        name='Mount local/exports',
-        commands=['zfs mount local/exports'],
+        name='Mount backup/exports',
+        commands=['zfs mount backup/exports || true'],
    )

 files.directory(
@ -40,13 +40,13 @@ files.directory(
 if not host.fact.command('zfs list | grep databases || true'):
    server.shell(
        name='Create ZFS volume databases',
-        commands=['zfs create local/databases -o mountpoint=/var/backups/databases']
+        commands=['zfs create backup/databases -o mountpoint=/var/backups/databases']
    )

 if not host.fact.command('mount | grep databases || true'):
    server.shell(
-        name='Mount local/databases',
-        commands=['zfs mount local/databases'],
+        name='Mount backup/databases',
+        commands=['zfs mount backup/databases || true'],
    )

 files.template(
--- a/setup-base.py
+++ b/setup-base.py
@ -14,7 +14,7 @@ server.user(

 server.hostname(
   name='Set the hostname',
-   hostname='lxd10.benpro.fr',
+   hostname='lxd.local',
 )

 apt.update(
@ -33,7 +33,7 @@ apt.packages(

 server.shell(
    name='Add ufw rules',
-    commands=['ufw limit 22', 'ufw limit 28', 'ufw allow 80', 'ufw allow 443'],
+    commands=['ufw limit 22'],
 )

 server.shell(
@ -41,19 +41,6 @@ server.shell(
    commands=['yes | ufw enable'],
 )

-files.line(
-    name='Set port 28 for SSH',
-    path='/etc/ssh/sshd_config',
-    line=r'Port .*',
-    replace='Port 28',
-)
-
-systemd.service(
-    name='Reload sshd',
-    service='ssh.service',
-    reloaded=True,
-)
-
 apt.packages(
    name='Install packages',
    packages=['manpages', 'man', 'snapd', 'vim', 'file',
@ -62,31 +49,31 @@ apt.packages(
    update=False,
 )

-files.line(
-    name='Enable postfix relays to mail.benpro.fr',
-    path='/etc/postfix/main.cf',
-    line=r'relayhost = .*',
-    replace='relayhost = 10.0.0.2',
-)
-
-files.line(
-    name='Set root aliases',
-    path='/etc/aliases',
-    line='root: lxd10@benpro.fr',
-)
-
-server.shell(
-    name='Load aliases table',
-    commands=['newaliases'],
-)
-
-systemd.service(
-    name='Restart and enable postfix service',
-    service='postfix.service',
-    running=True,
-    restarted=True,
-    enabled=True,
-)
+#files.line(
+#    name='Enable postfix relays to mail.benpro.fr',
+#    path='/etc/postfix/main.cf',
+#    line=r'relayhost = .*',
+#    replace='relayhost = 10.0.0.2',
+#)
+#
+#files.line(
+#    name='Set root aliases',
+#    path='/etc/aliases',
+#    line='root: lxd10@benpro.fr',
+#)
+#
+#server.shell(
+#    name='Load aliases table',
+#    commands=['newaliases'],
+#)
+#
+#systemd.service(
+#    name='Restart and enable postfix service',
+#    service='postfix.service',
+#    running=True,
+#    restarted=True,
+#    enabled=True,
+#)

 if not host.fact.directory('/var/snap/lxd'):
    server.shell(
@ -94,65 +81,6 @@ if not host.fact.directory('/var/snap/lxd'):
        commands=['snap install lxd'],
    )

-if not host.fact.command('file -s /dev/sdc1 | grep swap || true'):
-    server.shell(
-        name='Create swap',
-        commands=['wipefs -a /dev/sdc1', 'mkswap /dev/sdc1'],
-    )
-
-files.line(
-    name='Add swap to /etc/fstab',
-    path='/etc/fstab',
-    line='/dev/sdc1 none swap defaults 0 0',
-)
-
-server.shell(
-    name='Enable swap',
-    commands=['swapon -a'],
-)
-
-files.line(
-    name='Disable intel_pstate',
-    path='/etc/default/grub',
-    line='GRUB_CMDLINE_LINUX="intel_pstate=disable"',
-)
-
-server.shell(
-    name='Reload grub',
-    commands=['update-grub'],
-)
-
-files.put(
-    name='Install set-cpufreq-performance',
-    src='files/set-cpufreq-performance',
-    dest='/lib/systemd/set-cpufreq-performance',
-    user='root',
-    group='root',
-    mode='755',
-)
-
-files.put(
-    name='Override systemd ondemand.service',
-    src='files/ondemand.service',
-    dest='/etc/systemd/system/ondemand.service',
-    user='root',
-    group='root',
-    mode='644',
-)
-
-systemd.daemon_reload(
-    name='Reload systemd',
-    user_mode=False,
-)
-
-systemd.service(
-    name='Restart and enable ondemand service',
-    service='ondemand.service',
-    running=True,
-    restarted=True,
-    enabled=True,
-)
-
 files.put(
    name='Add lxd-containers-upgrade.sh',
    src='files/lxd-containers-upgrade.sh',
--- a/setup-zfs-and-lxd.py
+++ b/setup-zfs-and-lxd.py
@ -3,76 +3,18 @@ from pyinfra.operations import server, files, systemd, apt

 SUDO = True

-# This suppose you have:
-# sda       8:0    0   2.7T  0 disk  
-# ├─sda1    8:1    0   512M  0 part  
-# │ └─md0   9:0    0   511M  0 raid1 /boot
-# ├─sda2    8:2    0    40G  0 part  
-# │ └─md1   9:1    0    40G  0 raid1 /
-# └─sda3    8:3    0     1M  0 part  
-# sdb       8:16   0   2.7T  0 disk  
-# ├─sdb1    8:17   0   512M  0 part  
-# │ └─md0   9:0    0   511M  0 raid1 /boot
-# ├─sdb2    8:18   0    40G  0 part  
-# │ └─md1   9:1    0    40G  0 raid1 /
-# └─sdb3    8:19   0     1M  0 part  
-# sdc       8:32   0 223.6G  0 disk  
-# └─sdc1    8:33   0    24G  0 part
-
 apt.packages(
    name='Install packages',
    packages=['zfsutils-linux'],
    update=True,
 )

-if not host.fact.command('lsblk | grep sda4 || true'):
-    server.shell(
-        name='Create sda4 for zpool',
-        commands=['sgdisk -n4:0:0 -t4:BF00 /dev/sda', 'partprobe']
-    )
-
-if not host.fact.command('lsblk | grep sdb4 || true'):
-    server.shell(
-        name='Create sdb4 for zpool',
-        commands=['sgdisk -n4:0:0 -t4:BF00 /dev/sdb', 'partprobe']
-    )
-
-if not host.fact.command('lsblk | grep sdc2 || true'):
-    server.shell(
-        name='Create sdc2 for ZFS cache L2ARC',
-        commands=['sgdisk -n2:0:0 -t2:FD00 /dev/sdc', 'partprobe']
-    )
-
-# zfs.key is not stored on GIT, but on KeePassXC
-# When using new server be sure to set right disk ID
 if not host.fact.command('zpool list local | grep local || true'):
    server.shell(
        name='Create ZFS pool',
-        commands=['zpool create -o ashift=12 -o autotrim=on -O encryption=aes-256-gcm -O keylocation=file:///etc/zfs.key -O keyformat=passphrase -O acltype=posixacl -O canmount=off -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa local mirror /dev/disk/by-id/ata-ST33000650NS_Z290FDG2-part4 /dev/disk/by-id/ata-ST33000650NS_Z290FEJQ-part4 cache /dev/disk/by-id/ata-INTEL_SSDSC2CW240A3_CVCV306301L3240CGN-part2']
+        commands=['zpool create -o ashift=12 -o autotrim=on -O acltype=posixacl -O canmount=off -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa local /dev/vdb']
    )

-files.put(
-    name='Upload systemd zfs-load-key service',
-    src='files/zfs-load-key.service',
-    dest='/etc/systemd/system/zfs-load-key.service',
-    user='root',
-    group='root',
-    mode='644',
-)
-
-systemd.daemon_reload(
-    name='Reload systemd',
-    user_mode=False,
-)
-
-systemd.service(
-    name='Enable zfs-load-key service',
-    service='zfs-load-key.service',
-    enabled=True,
-    restarted=False,
-    running=False,
-)
-
 files.put(
    name='Upload LXD config',
    src='files/lxd.yml',
--- a/templates/borgmatic.yaml.j2
+++ b/templates/borgmatic.yaml.j2
@ -4,7 +4,7 @@ location:

    one_file_system: false
    repositories:
-        - r0t85632@r0t85632.repo.borgbase.com:repo
+        - quv7z6k8@quv7z6k8.repo.borgbase.com:repo

    exclude_patterns:
        - ~/*/.cache