homeserver/host_vars/pbs.mgrote.net.yml

---
# pbs_*
pbs_datastores:
  - name: zfs_backup
    path: /backup/pbs_data
    gc_schedule: "sat 19:00"

pbs_prune_jobs:
  - name: standard
    schedule: "sat 18:15"
    store: zfs_backup
    keep_last: 1
    keep_hourly: 3
    keep_daily: 3

pbs_permissions:
  - user: user_pve5@pbs
    datastore: zfs_backup
    role: DatastoreBackup

pbs_users:
  - name: user_pve5
    password: "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}"
    realm: pbs
# rpool ist unverschlüsselt als Boot-Medium
# entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a  -l

## backup
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH

# mgrote.zfs_manage_datasets
### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet
  # rpool - System-Datasets
  - dataset: rpool
    state: present
    compression: zstd
    sync: disabled
    xattr: sa
    dnodesize: auto
    atime: on # noqa yaml[truthy]
    snapdir: hidden
    reservation: 1G
    refreservation: 10G
    acltype: posix
  - dataset: rpool/ROOT
    state: present
    refreservation: 10G
  - dataset: rpool/ROOT/pbs-1
    state: present
    refreservation: 10G
    acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
  # backup-pool
  - dataset: backup/pbs_data
    state: present
    quota: 1TB
  - dataset: backup/pve5
    state: present
    canmount: off # noqa yaml[truthy]
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_extra_arc_max_size: "4294967296" # 4GB in Bytes
zfs_extra_zfs_pools:
  - name: "rpool"
    systemd_timer_schedule: "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals
  - name: "backup"
    systemd_timer_schedule: "*-01,04,07,10-01 23:00"

### mgrote_zfs_sanoid
sanoid_snaps_enable: true
## syncoid
sanoid_syncoid_destination_host: true
sanoid_syncoid_ssh_privkey: "{{ lookup('viczem.keepass.keepass', 'sanoid_syncoid_private_key', 'notes') }}"
sanoid_syncoid_timer: '*-*-* *:00:00' # jede Stunde
sanoid_syncoid_bwlimit: 50M # 30MB/s
sanoid_syncoid_datasets_sync:
  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/pve_backup
    source_dataset: hdd_data/pve_backup

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/videos
    source_dataset: hdd_data/videos

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/music
    source_dataset: hdd_data/music

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/tmp
    source_dataset: hdd_data/tmp

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/archiv
    source_dataset: hdd_data/archiv

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/bilder
    source_dataset: hdd_data/bilder

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/scans
    source_dataset: hdd_data/scans

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/restic
    source_dataset: hdd_data/restic

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/backup
    source_dataset: hdd_data/backup

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/buecher
    source_dataset: hdd_data/buecher

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/programme
    source_dataset: hdd_data/programme

  - source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann
    destination_mount_check: backup
    destination_dataset: backup/pve5/vm
    source_dataset: hdd_data/vm

# sanoid
sanoid_datasets:
  ### rpool
  - path: rpool
    recursive: 'no'
    snapshots: true
    template: 'pve3tage'
  - path: rpool/ROOT
    recursive: 'no'
    snapshots: true
    template: 'pve3tage'
  - path: rpool/ROOT/pbs-1
    recursive: 'no'
    snapshots: true
    template: 'pve3tage'
  ### backup
  - path: backup/pbs_data
    recursive: 'no'
    snapshots: true
    template: '3tage'
neuer Backup-Server (pbs) (#538) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/538 2023-06-23 16:04:19 +02:00			`---`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`# pbs_*`
			`pbs_datastores:`
			`- name: zfs_backup`
			`path: /backup/pbs_data`
			`gc_schedule: "sat 19:00"`

			`pbs_prune_jobs:`
			`- name: standard`
			`schedule: "sat 18:15"`
			`store: zfs_backup`
			`keep_last: 1`
			`keep_hourly: 3`
			`keep_daily: 3`

			`pbs_permissions:`
			`- user: user_pve5@pbs`
			`datastore: zfs_backup`
			`role: DatastoreBackup`

			`pbs_users:`
			`- name: user_pve5`
ci: deploy config on merge or push (#127) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/127 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ci: testing deployment (#128) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/128 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ci: test ci: enable deployment ci: set ssh-key for deployment ci: debug ci: deactivate ansible-lint temporarily ci: deactivate ansible-galaxy temporarily ci: debug ssh-key shell redirect ci: base64 ci: debug ci: debug ci: fix output Revert "ci: deactivate ansible-lint temporarily" This reverts commit 6729342f26d39d66a732d3d75b88369e8887896d. ci: fix vault-pass secret pbs_integration: enable no_log ci: debug ansible-vault ci: debug ci: ansible-vault + move to viczem.keepass (#130) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/130 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ff plugin umbennennugn ff 2024-07-09 17:35:56 +02:00			`password: "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}"`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`realm: pbs`
			`# rpool ist unverschlüsselt als Boot-Medium`
			`# entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a -l`

			`## backup`
			`### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH`

			`# mgrote.zfs_manage_datasets`
housekeeping: comments (#619) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/619 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 21:15:50 +01:00			`### mgrote_zfs_extra`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*`
			`zfs_datasets: # DatenPools werden hier nicht verwaltet`
			`# rpool - System-Datasets`
			`- dataset: rpool`
			`state: present`
			`compression: zstd`
			`sync: disabled`
			`xattr: sa`
			`dnodesize: auto`
			`atime: on # noqa yaml[truthy]`
			`snapdir: hidden`
			`reservation: 1G`
			`refreservation: 10G`
zfs: set acltype (#626) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/626 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-12-04 14:48:02 +01:00			`acltype: posix`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`- dataset: rpool/ROOT`
			`state: present`
			`refreservation: 10G`
			`- dataset: rpool/ROOT/pbs-1`
			`state: present`
			`refreservation: 10G`
user-setup (dotfiles usw.) neu gedacht... (#624) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/624 2023-12-04 14:43:04 +01:00			`acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`# backup-pool`
			`- dataset: backup/pbs_data`
			`state: present`
			`quota: 1TB`
			`- dataset: backup/pve5`
			`state: present`
			`canmount: off # noqa yaml[truthy]`
			`# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*`
			`zfs_extra_arc_max_size: "4294967296" # 4GB in Bytes`
			`zfs_extra_zfs_pools:`
			`- name: "rpool"`
			`systemd_timer_schedule: "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals`
			`- name: "backup"`
			`systemd_timer_schedule: "*-01,04,07,10-01 23:00"`

housekeeping: comments (#619) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/619 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-29 21:15:50 +01:00			`### mgrote_zfs_sanoid`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`sanoid_snaps_enable: true`
			`## syncoid`
			`sanoid_syncoid_destination_host: true`
ci: deploy config on merge or push (#127) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/127 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ci: testing deployment (#128) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/128 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ci: test ci: enable deployment ci: set ssh-key for deployment ci: debug ci: deactivate ansible-lint temporarily ci: deactivate ansible-galaxy temporarily ci: debug ssh-key shell redirect ci: base64 ci: debug ci: debug ci: fix output Revert "ci: deactivate ansible-lint temporarily" This reverts commit 6729342f26d39d66a732d3d75b88369e8887896d. ci: fix vault-pass secret pbs_integration: enable no_log ci: debug ansible-vault ci: debug ci: ansible-vault + move to viczem.keepass (#130) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/130 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> ff plugin umbennennugn ff 2024-07-09 17:35:56 +02:00			`sanoid_syncoid_ssh_privkey: "{{ lookup('viczem.keepass.keepass', 'sanoid_syncoid_private_key', 'notes') }}"`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`sanoid_syncoid_timer: '--* *:00:00' # jede Stunde`
			`sanoid_syncoid_bwlimit: 50M # 30MB/s`
			`sanoid_syncoid_datasets_sync:`
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/pve_backup`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/pve_backup`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/videos`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/videos`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/music`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/music`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/tmp`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/tmp`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/archiv`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/archiv`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/bilder`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/bilder`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/scans`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/scans`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/restic`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/restic`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/backup`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/backup`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/buecher`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/buecher`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/programme`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/programme`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`- source_host: 192.168.2.16 # pve5, weil pbs den fqdn nicht auflösen kann`
			`destination_mount_check: backup`
			`destination_dataset: backup/pve5/vm`
rename zfs-pool: hdd_data_raidz --> hdd_data (#622) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/622 2023-11-29 22:24:57 +01:00			`source_dataset: hdd_data/vm`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00
			`# sanoid`
			`sanoid_datasets:`
			`### rpool`
			`- path: rpool`
			`recursive: 'no'`
			`snapshots: true`
			`template: 'pve3tage'`
			`- path: rpool/ROOT`
			`recursive: 'no'`
			`snapshots: true`
			`template: 'pve3tage'`
			`- path: rpool/ROOT/pbs-1`
			`recursive: 'no'`
			`snapshots: true`
			`template: 'pve3tage'`
			`### backup`
			`- path: backup/pbs_data`
			`recursive: 'no'`
			`snapshots: true`
			`template: '3tage'`