diff --git a/roles/mgrote_todoist_backup/defaults/main.yml b/roles/mgrote_todoist_backup/defaults/main.yml deleted file mode 100644 index b1dc2fc1..00000000 --- a/roles/mgrote_todoist_backup/defaults/main.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Docs in config.yml and https://0xerr0r.github.io/blocky/configuration/ - -blocky_user: blocky -blocky_group: blocky -blocky_version: v0.22 -blocky_arch: x86_64 -blocky_download_url: "https://github.com/0xERR0R/blocky/releases/download/{{ blocky_version }}/blocky_{{ blocky_version }}_Linux_{{ blocky_arch }}.tar.gz" -blocky_conf_dir: /etc/blocky -blocky_block_type: zeroIp -blocky_block_ttl: 1m -blocky_blacklists_strategy: failOnError -blocky_local_upstream: 192.168.2.1 -blocky_prometheus: false -blocky_fqdn_only: false -blocky_port_dns: 53 -blocky_log_level: info -blocky_dns_upstream: - - 9.9.9.9 - - 1.1.1.1 - - 8.8.8.8 - - 5.9.164.112 -blocky_dns_blocklists: - - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt - - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - - http://sysctl.org/cameleon/hosts - - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -#blocky_custom_lookups: # optional -# # Internet -# - name: wiki.mgrote.net -# ip: 192.168.2.43 -# - name: audio.mgrote.net -# ip: 192.168.2.43 -# - name: auth.mgrote.net -# ip: 192.168.2.43 -# - name: ci.mgrote.net -# ip: 192.168.2.43 -# - name: git.mgrote.net -# ip: 192.168.2.43 -# - name: miniflux.mgrote.net -# ip: 192.168.2.43 -# - name: nextcloud.mgrote.net -# ip: 192.168.2.43 -# - name: registry.mgrote.net -# ip: 192.168.2.43 -# # Intern -# - name: ads2700w.mgrote.net -# ip: 192.168.2.147 -# - name: crs305.mgrote.net -# ip: 192.168.2.225 -# - name: hex.mgrote.net -# ip: 192.168.3.144 -# - name: pbs-test.mgrote.net -# ip: 192.168.2.18 -# - name: pbs.mgrote.net -# ip: 192.168.3.239 -# - name: pve5-test.mgrote.net -# ip: 192.168.2.17 -# - name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky ;-) -# ip: 192.168.2.16 -# - name: rb5009.mgrote.net -# ip: 192.168.2.1 -# - name: fritz.box -# ip: 192.168.5.1 -#blocky_conditional_mapping: # optional -# - domain: mgrote.net -# resolver: 192.168.2.1 -# diff --git a/roles/mgrote_todoist_backup/handlers/main.yml b/roles/mgrote_todoist_backup/handlers/main.yml index 861be7e3..ab3f5feb 100644 --- a/roles/mgrote_todoist_backup/handlers/main.yml +++ b/roles/mgrote_todoist_backup/handlers/main.yml @@ -1,17 +1,5 @@ --- - -- name: set cap_net_bind_service # noqa no-changed-when - become: true - ansible.builtin.command: setcap 'cap_net_bind_service=+ep' /usr/local/bin/blocky - - name: systemctl daemon-reload become: true ansible.builtin.systemd: daemon_reload: true - -- name: restart service unit - become: true - ansible.builtin.systemd: - name: blocky.service - state: restarted - enabled: true diff --git a/roles/mgrote_todoist_backup/tasks/main.yml b/roles/mgrote_todoist_backup/tasks/main.yml index c6289335..b8ecb67d 100644 --- a/roles/mgrote_todoist_backup/tasks/main.yml +++ b/roles/mgrote_todoist_backup/tasks/main.yml @@ -1,61 +1,43 @@ --- -- name: ensure group exists - become: true - ansible.builtin.group: - name: "{{ blocky_group }}" - state: present -- name: ensure user exists - become: true - ansible.builtin.user: - name: "{{ blocky_user }}" - state: present - create_home: false +- name: 'Clone "full-offline-backup-for-todoist"' + ansible.builtin.git: + repo: 'https://github.com/joanbm/full-offline-backup-for-todoist' + dest: /shares_backup/full-offline-backup-for-todoist -- name: ensure binaries are installed - become: true - ansible.builtin.unarchive: - src: "{{ blocky_download_url }}" - dest: /usr/local/bin - remote_src: true - owner: "{{ blocky_user }}" - group: "{{ blocky_group }}" - mode: "0755" - exclude: - - LICENSE - - README.md - notify: - - set cap_net_bind_service - - restart service unit - -- name: ensure conf dir exists - become: true - ansible.builtin.file: - path: "{{ blocky_conf_dir }}" - state: directory - owner: "{{ blocky_user }}" - group: "{{ blocky_group }}" - mode: "0755" - -- name: template configuration +- name: Ensure services are present become: true ansible.builtin.template: - src: "config.yml.j2" - dest: "{{ blocky_conf_dir }}/config.yml" - owner: "{{ blocky_user }}" - group: "{{ blocky_group }}" - mode: "0600" - notify: - - restart service unit - -- name: template service - become: true - ansible.builtin.template: - src: "blocky.service.j2" - dest: /etc/systemd/system/blocky.service + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" owner: root group: root mode: "0644" notify: - systemctl daemon-reload - - restart service unit + loop: + - todoist_backup.service + - todoist_backup.timer + - todoist_backup_mail.service +# TODO das auch bei yutubedl so machern + +- name: Ensure timer unit is enabled + become: true + ansible.builtin.systemd: + name: todoist_backup.timer + enabled: true + masked: false + state: started + notify: + - systemctl daemon-reload + +- name: Ensure service units are enabled + become: true + ansible.builtin.systemd: + name: "{{ item }}" + masked: false + enabled: true + loop: + - todoist_backup.service + - todoist_backup.timer + - todoist_backup_mail.service diff --git a/roles/mgrote_todoist_backup/templates/blocky.service.j2 b/roles/mgrote_todoist_backup/templates/blocky.service.j2 deleted file mode 100644 index 656fe94c..00000000 --- a/roles/mgrote_todoist_backup/templates/blocky.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{{ file_header | default () }} - -[Unit] -Description=Blocky is a DNS proxy and ad-blocker for the local network written in Go. -Requires=network.target -Wants=nss-lookup.target -Before=nss-lookup.target -After=network.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/blocky --config {{ blocky_conf_dir }}/config.yml - -[Install] -WantedBy=multi-user.target diff --git a/roles/mgrote_todoist_backup/templates/config.yml.j2 b/roles/mgrote_todoist_backup/templates/config.yml.j2 deleted file mode 100644 index da1402de..00000000 --- a/roles/mgrote_todoist_backup/templates/config.yml.j2 +++ /dev/null @@ -1,196 +0,0 @@ -{{ file_header | default () }} -upstreams: - init: - # Configure startup behavior. - # accepted: blocking, failOnError, fast - # default: blocking - strategy: fast - groups: - default: -{% for item in blocky_dns_upstream %} - - {{ item }} -{% endfor %} - strategy: parallel_best - timeout: 2s - -# optional: Determines how blocky will create outgoing connections. This impacts both upstreams, and lists. -# accepted: dual, v4, v6 -# default: dual -connectIPVersion: v4 - - -# optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.) -blocking: - # definition of blacklist groups. Can be external link (http/https) or local file - blackLists: - ads: -{% for item in blocky_dns_blocklists %} - - {{ item }} -{% endfor %} - # which response will be sent, if query is blocked: - # zeroIp: 0.0.0.0 will be returned (default) - # nxDomain: return NXDOMAIN as return code - # comma separated list of destination IP addresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page. - blockType: {{ blocky_block_type | default ("zeroIp") }} - # optional: TTL for answers to blocked domains - # default: 6h - blockTTL: {{ blocky_block_ttl | default ("6h") }} - clientGroupsBlock: - # default will be used, if no special definition for a client name exists - default: - - ads # siehe blocking.blacklists.ads - # optional: Configure how lists, AKA sources, are loaded - loading: - # optional: list refresh period in duration format. - # Set to a value <= 0 to disable. - # default: 4h - refreshPeriod: 4h - # optional: Applies only to lists that are downloaded (HTTP URLs). - downloads: - # optional: timeout for list download (each url). Use large values for big lists or slow internet connections - # default: 5s - timeout: 60s - # optional: Maximum download attempts - # default: 3 - attempts: 5 - # optional: Time between the download attempts - # default: 500ms - cooldown: 10s - # optional: Maximum number of lists to process in parallel. - # default: 4 - concurrency: 16 - # Configure startup behavior. - # accepted: blocking, failOnError, fast - # default: blocking - strategy: {{ blocky_blacklists_strategy | default ("blocking") }} - # Number of errors allowed in a list before it is considered invalid. - # A value of -1 disables the limit. - # default: 5 - maxErrorsPerSource: 5 - -{% if blocky_conditional_mapping is defined %} - -# optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by a comma -# Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name -conditional: - # optional: if false (default), return empty result if after rewrite, the mapped resolver returned an empty answer. If true, the original query will be sent to the upstream resolver - # Example: The query "blog.example.com" will be rewritten to "blog.fritz.box" and also redirected to the resolver at 192.168.178.1. If not found and if `fallbackUpstream` was set to `true`, the original query "blog.example.com" will be sent upstream. - # Usage: One usecase when having split DNS for internal and external (internet facing) users, but not all subdomains are listed in the internal domain. - fallbackUpstream: false - mapping: -{% for item in blocky_conditional_mapping %} - {{ item.domain }}: {{ item.resolver }} -{% endfor %} -{% endif %} - - -{% if blocky_custom_lookups is defined %} -# optional: custom IP address(es) for domain name (with all sub-domains). Multiple addresses must be separated by a comma -# example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3 -customDNS: - customTTL: 1h - # optional: if true (default), return empty result for unmapped query types (for example TXT, MX or AAAA if only IPv4 address is defined). - # if false, queries with unmapped types will be forwarded to the upstream resolver - filterUnmappedTypes: true - # optional: replace domain in the query with other domain before resolver lookup in the mapping - # rewrite: - # example.com: printer.lan - mapping: -{% for item in blocky_custom_lookups %} - {{ item.name }}: {{ item.ip }} -{% endfor %} -{% endif %} - -# optional: configuration for caching of DNS responses -caching: - # duration how long a response must be cached (min value). - # If <=0, use response's TTL, if >0 use this value, if TTL is smaller - # Default: 0 - minTime: 0 - # duration how long a response must be cached (max value). - # If <0, do not cache responses - # If 0, use TTL - # If > 0, use this value, if TTL is greater - # Default: 0 - maxTime: 0 - # Max number of cache entries (responses) to be kept in cache (soft limit). Useful on systems with limited amount of RAM. - # Default (0): unlimited - maxItemsCount: 0 - # if true, will preload DNS results for often used queries (default: names queried more than 5 times in a 2-hour time window) - # this improves the response time for often used queries, but significantly increases external traffic - # default: false - prefetching: true - # prefetch track time window (in duration format) - # default: 120 - prefetchExpires: 2h - # name queries threshold for prefetch - # default: 5 - prefetchThreshold: 5 - # Max number of domains to be kept in cache for prefetching (soft limit). Useful on systems with limited amount of RAM. - # Default (0): unlimited - prefetchMaxItemsCount: 0 - # Time how long negative results (NXDOMAIN response or empty result) are cached. A value of -1 will disable caching for negative results. - # Default: 30m - cacheTimeNegative: -1 - -# optional: configuration of client name resolution -clientLookup: - # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router) - upstream: {{ blocky_local_upstream | default ("192.168.2.1") }} - # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used. - # Example: take second name if present, if not take first name - # singleNameOrder: - # - 2 - # - 1 - - -# optional: configuration for prometheus metrics endpoint -prometheus: - # enabled if true - enable: {{ blocky_prometheus | default ("false") }} - # url path, optional (default '/metrics') - path: /metrics - - -# optional: Mininal TLS version that the DoH and DoT server will use -# minTlsServeVersion: 1.3 - -# if https port > 0: path to cert and key file for SSL encryption. if not set, self-signed certificate will be generated -#certFile: server.crt -#keyFile: server.key - -# optional: use these DNS servers to resolve blacklist urls and upstream DNS servers. It is useful if no system DNS resolver is configured, and/or to encrypt the bootstrap queries. -bootstrapDns: - - tcp+udp:9.9.9.9 - -# optional: drop all queries with following query types. Default: empty -filtering: - queryTypes: - - AAAA - -# optional: return NXDOMAIN for queries that are not FQDNs. -fqdnOnly: - # default: false - enable: {{ blocky_fqdn_only | default ("false") }} - -# optional: ports configuration -ports: - # optional: DNS listener port(s) and bind ip address(es), default 53 (UDP and TCP). Example: 53, :53, "127.0.0.1:5353,[::1]:5353" - dns: {{ blocky_port_dns | default ("53") }} - # optional: Port(s) and bind ip address(es) for DoT (DNS-over-TLS) listener. Example: 853, 127.0.0.1:853 - # tls: 853 - # optional: Port(s) and optional bind ip address(es) to serve HTTPS used for prometheus metrics, pprof, REST API, DoH... If you wish to specify a specific IP, you can do so such as 192.168.0.1:443. Example: 443, :443, 127.0.0.1:443,[::1]:443 - # https: 443 - # optional: Port(s) and optional bind ip address(es) to serve HTTP used for prometheus metrics, pprof, REST API, DoH... If you wish to specify a specific IP, you can do so such as 192.168.0.1:4000. Example: 4000, :4000, 127.0.0.1:4000,[::1]:4000 - http: 4000 - -# optional: logging configuration -log: - # optional: Log level (one from debug, info, warn, error). Default: info - level: {{ blocky_log_level | default ("info") }} - # optional: Log format (text or json). Default: text - format: text - # optional: log timestamps. Default: true - timestamp: true - # optional: obfuscate log output (replace all alphanumeric characters with *) for user sensitive data like request domains or responses to increase privacy. Default: false - privacy: false diff --git a/roles/mgrote_todoist_backup/templates/sanoid_mail.service.j2 b/roles/mgrote_todoist_backup/templates/sanoid_mail.service.j2 new file mode 100644 index 00000000..3c3a9727 --- /dev/null +++ b/roles/mgrote_todoist_backup/templates/sanoid_mail.service.j2 @@ -0,0 +1,8 @@ +{{ file_header | default () }} + +[Unit] +Description=Send a Mail in case of an error in sanoid.service. + +[Service] +Type=oneshot +ExecStart=/bin/bash -c '/bin/systemctl status sanoid.service | mail -aFROM:sanoid@mgrote.net -s "[ERROR] sanoid - %H" {{ my_mail }}' diff --git a/roles/mgrote_todoist_backup/templates/syncoid.service.j2 b/roles/mgrote_todoist_backup/templates/syncoid.service.j2 new file mode 100644 index 00000000..af61c7f5 --- /dev/null +++ b/roles/mgrote_todoist_backup/templates/syncoid.service.j2 @@ -0,0 +1,10 @@ +{{ file_header | default () }} + +[Unit] +Description=Send zfs snapshots with sanoid/syncoid. +OnFailure=syncoid_mail.service +OnSuccess=syncoid_mail.service + +[Service] +Type=simple +ExecStart=/usr/bin/syncoid.sh diff --git a/roles/mgrote_todoist_backup/templates/syncoid.timer.j2 b/roles/mgrote_todoist_backup/templates/syncoid.timer.j2 new file mode 100644 index 00000000..16438ec7 --- /dev/null +++ b/roles/mgrote_todoist_backup/templates/syncoid.timer.j2 @@ -0,0 +1,9 @@ +{{ file_header | default () }} +[Unit] +Description=Timer for syncoid. + +[Timer] +OnCalendar={{ sanoid_syncoid_timer }} + +[Install] +WantedBy=timers.target multi-user.target zfs.target