homeserver/host_vars/pbs.mgrote.net.yml

229 lines
6.2 KiB
YAML
Raw Normal View History

---
2025-01-18 17:20:40 +01:00
# smb, warum smb auf dem Backup-Server?
# Damit der Sync über FFS laufen kann...
### mgrote_fileserver_smb
smb_users:
- name: 'win10'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}"
- name: 'michaelgrote'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}"
smb_shares:
- name: 'videos'
path: '/backup/pve5/videos'
users_ro: 'michaelgrote'
users_rw: 'michaelgrote win10'
- name: 'scans'
path: '/backup/pve5/scans'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'backup'
path: '/backup/pve5/backup'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'archiv'
path: '/backup/pve5/archiv'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'musik'
path: '/backup/pve5/music'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'tmp'
path: '/backup/pve5/tmp'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'bilder'
path: '/backup/pve5/bilder'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'restic'
users_ro: 'michaelgrote'
users_rw: 'win10'
users_rw: 'restic win10 michaelgrote'
- name: 'buecher'
users_ro: 'michaelgrote'
users_rw: 'win10'
users_rw: 'michaelgrote win10'
- name: 'programme'
path: '/backup/pve5/programme'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'proxmox'
path: '/backup/pve5/proxmox'
users_ro: 'michaelgrote'
users_rw: 'win10'
# pbs_*
pbs_datastores:
- name: zfs_backup
path: /backup/pbs_data
gc_schedule: "sat 19:00"
pbs_prune_jobs:
- name: standard
schedule: "sat 18:15"
store: zfs_backup
keep_last: 1
keep_hourly: 3
keep_daily: 3
pbs_permissions:
- user: user_pve5@pbs
datastore: zfs_backup
role: DatastoreBackup
pbs_users:
- name: user_pve5
password: "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}"
realm: pbs
# rpool ist unverschlüsselt als Boot-Medium
# entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a -l
## backup
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
# mgrote.zfs_manage_datasets
### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets
- dataset: rpool
state: present
compression: zstd
sync: disabled
xattr: sa
dnodesize: auto
atime: on # noqa yaml[truthy]
snapdir: hidden
reservation: 1G
refreservation: 10G
acltype: posix
- dataset: rpool/ROOT
state: present
refreservation: 10G
- dataset: rpool/ROOT/pbs-1
state: present
refreservation: 10G
acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
# backup-pool
- dataset: backup/pbs_data
state: present
quota: 1TB
- dataset: backup/pve5
state: present
canmount: off # noqa yaml[truthy]
compression: zstd
sync: disabled
xattr: sa
dnodesize: auto
atime: on # noqa yaml[truthy]
snapdir: hidden
reservation: 1G
acltype: posix # https:///docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
- dataset: backup/pve5/pve_backup
state: present
recordsize: 1M
- dataset: backup/pve5/videos
state: present
recordsize: 1M
- dataset: backup/pve5/music
state: present
recordsize: 1M
- dataset: backup/pve5/tmp
state: present
- dataset: backup/pve5/archiv
state: present
- dataset: backup/pve5/bilder
state: present
recordsize: 1M
- dataset: backup/pve5/scans
state: present
- dataset: backup/pve5/restic
state: present
- dataset: backup/pve5/backup
state: present
- dataset: backup/pve5/buecher
state: present
- dataset: backup/pve5/programme
state: present
- dataset: backup/pve5/vm
state: absent # todo
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_extra_arc_max_size: "4294967296" # 4GB in Bytes
zfs_extra_zfs_pools:
- name: "rpool"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals
- name: "backup"
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote_zfs_sanoid
sanoid_snaps_enable: true
sanoid_datasets:
### rpool
- path: rpool
recursive: 'no'
snapshots: true
template: 'pve3tage'
- path: rpool/ROOT
recursive: 'no'
snapshots: true
template: 'pve3tage'
- path: rpool/ROOT/pbs-1
recursive: 'no'
snapshots: true
template: 'pve3tage'
### backup
- path: backup/pbs_data
recursive: 'no'
snapshots: true
2024-11-08 12:43:55 +01:00
template: '7tage'
- path: 'backup/pve5/videos'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'backup/pve5/music'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'backup/pve5/tmp'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'backup/pve5/pve_backup'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'backup/pve5/archiv'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: backup/pve5/bilder
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: backup/pve5/scans
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: backup/pve5/backup
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: backup/pve5/restic
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: backup/pve5/programme
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: backup/pve5/buecher
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
### mgrote_rsync
rsync_host_role: destination