2023-06-23 16:04:19 +02:00
---
2025-01-18 17:20:40 +01:00
# smb, warum smb auf dem Backup-Server?
# Damit der Sync über FFS laufen kann...
### mgrote_fileserver_smb
smb_users :
- name : 'win10'
password : "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}"
- name : 'michaelgrote'
password : "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}"
smb_shares :
- name : 'videos'
path : '/backup/pve5/videos'
users_ro : 'michaelgrote'
users_rw : 'michaelgrote win10'
- name : 'scans'
path : '/backup/pve5/scans'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'backup'
path : '/backup/pve5/backup'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'archiv'
path : '/backup/pve5/archiv'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'musik'
path : '/backup/pve5/music'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'tmp'
path : '/backup/pve5/tmp'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'bilder'
path : '/backup/pve5/bilder'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'restic'
users_ro : 'michaelgrote'
users_rw : 'win10'
users_rw : 'restic win10 michaelgrote'
- name : 'buecher'
users_ro : 'michaelgrote'
users_rw : 'win10'
users_rw : 'michaelgrote win10'
- name : 'programme'
path : '/backup/pve5/programme'
users_ro : 'michaelgrote'
users_rw : 'win10'
- name : 'proxmox'
path : '/backup/pve5/proxmox'
users_ro : 'michaelgrote'
users_rw : 'win10'
2023-10-25 22:26:17 +02:00
# pbs_*
pbs_datastores :
- name : zfs_backup
path : /backup/pbs_data
gc_schedule : "sat 19:00"
pbs_prune_jobs :
- name : standard
schedule : "sat 18:15"
store : zfs_backup
keep_last : 1
keep_hourly : 3
keep_daily : 3
pbs_permissions :
- user : user_pve5@pbs
datastore : zfs_backup
role : DatastoreBackup
pbs_users :
- name : user_pve5
2024-07-09 17:35:56 +02:00
password : "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}"
2023-10-25 22:26:17 +02:00
realm : pbs
# rpool ist unverschlüsselt als Boot-Medium
# entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a -l
## backup
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
# mgrote.zfs_manage_datasets
2023-11-29 21:15:50 +01:00
### mgrote_zfs_extra
2023-10-25 22:26:17 +02:00
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets : # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets
- dataset : rpool
state : present
compression : zstd
sync : disabled
xattr : sa
dnodesize : auto
atime : on # noqa yaml[truthy]
snapdir : hidden
reservation : 1G
refreservation : 10G
2023-12-04 14:48:02 +01:00
acltype : posix
2023-10-25 22:26:17 +02:00
- dataset : rpool/ROOT
state : present
refreservation : 10G
- dataset : rpool/ROOT/pbs-1
state : present
refreservation : 10G
2023-12-04 14:43:04 +01:00
acltype : posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
2023-10-25 22:26:17 +02:00
# backup-pool
- dataset : backup/pbs_data
state : present
quota : 1TB
- dataset : backup/pve5
state : present
canmount : off # noqa yaml[truthy]
2024-10-31 12:01:46 +01:00
compression : zstd
sync : disabled
xattr : sa
dnodesize : auto
atime : on # noqa yaml[truthy]
snapdir : hidden
reservation : 1G
acltype : posix # https:///docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
- dataset : backup/pve5/pve_backup
state : present
recordsize : 1M
- dataset : backup/pve5/videos
state : present
recordsize : 1M
- dataset : backup/pve5/music
state : present
recordsize : 1M
- dataset : backup/pve5/tmp
state : present
- dataset : backup/pve5/archiv
state : present
- dataset : backup/pve5/bilder
state : present
recordsize : 1M
- dataset : backup/pve5/scans
state : present
- dataset : backup/pve5/restic
state : present
- dataset : backup/pve5/backup
state : present
- dataset : backup/pve5/buecher
state : present
- dataset : backup/pve5/programme
state : present
- dataset : backup/pve5/vm
state : absent # todo
2023-10-25 22:26:17 +02:00
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_extra_arc_max_size : "4294967296" # 4GB in Bytes
zfs_extra_zfs_pools :
- name : "rpool"
systemd_timer_schedule : "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals
- name : "backup"
systemd_timer_schedule : "*-01,04,07,10-01 23:00"
2023-11-29 21:15:50 +01:00
### mgrote_zfs_sanoid
2023-10-25 22:26:17 +02:00
sanoid_snaps_enable : true
sanoid_datasets :
### rpool
- path : rpool
recursive : 'no'
snapshots : true
template : 'pve3tage'
- path : rpool/ROOT
recursive : 'no'
snapshots : true
template : 'pve3tage'
- path : rpool/ROOT/pbs-1
recursive : 'no'
snapshots : true
template : 'pve3tage'
### backup
- path : backup/pbs_data
recursive : 'no'
snapshots : true
2024-11-08 12:43:55 +01:00
template : '7tage'
2024-10-31 12:01:46 +01:00
- path : 'backup/pve5/videos'
template : '14tage'
recursive : 'yes'
snapshots : true
- path : 'backup/pve5/music'
template : '14tage'
recursive : 'yes'
snapshots : true
- path : 'backup/pve5/tmp'
template : '14tage'
recursive : 'yes'
snapshots : true
- path : 'backup/pve5/pve_backup'
template : '14tage'
recursive : 'yes'
snapshots : true
- path : 'backup/pve5/archiv'
template : '14tage'
recursive : 'yes'
snapshots : true
- path : backup/pve5/bilder
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
- path : backup/pve5/scans
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
- path : backup/pve5/backup
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
- path : backup/pve5/restic
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
- path : backup/pve5/programme
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
- path : backup/pve5/buecher
recursive : 'no' # noqa yaml[truthy]
snapshots : true
template : '14tage'
### mgrote_rsync
rsync_host_role : destination