--- # smb, warum smb auf dem Backup-Server? # Damit der Sync über FFS laufen kann... ### mgrote_fileserver_smb smb_users: - name: 'win10' password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}" - name: 'michaelgrote' password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}" smb_shares: - name: 'videos' path: '/backup/pve5/videos' users_ro: 'michaelgrote' users_rw: 'michaelgrote win10' - name: 'scans' path: '/backup/pve5/scans' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'backup' path: '/backup/pve5/backup' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'archiv' path: '/backup/pve5/archiv' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'musik' path: '/backup/pve5/music' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'tmp' path: '/backup/pve5/tmp' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'bilder' path: '/backup/pve5/bilder' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'restic' users_ro: 'michaelgrote' users_rw: 'win10' users_rw: 'restic win10 michaelgrote' - name: 'buecher' users_ro: 'michaelgrote' users_rw: 'win10' users_rw: 'michaelgrote win10' - name: 'programme' path: '/backup/pve5/programme' users_ro: 'michaelgrote' users_rw: 'win10' - name: 'proxmox' path: '/backup/pve5/proxmox' users_ro: 'michaelgrote' users_rw: 'win10' # pbs_* pbs_datastores: - name: zfs_backup path: /backup/pbs_data gc_schedule: "sat 19:00" pbs_prune_jobs: - name: standard schedule: "sat 18:15" store: zfs_backup keep_last: 1 keep_hourly: 3 keep_daily: 3 pbs_permissions: - user: user_pve5@pbs datastore: zfs_backup role: DatastoreBackup pbs_users: - name: user_pve5 password: "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}" realm: pbs # rpool ist unverschlüsselt als Boot-Medium # entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a -l ## backup ### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH # mgrote.zfs_manage_datasets ### mgrote_zfs_extra # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* zfs_datasets: # DatenPools werden hier nicht verwaltet # rpool - System-Datasets - dataset: rpool state: present compression: zstd sync: disabled xattr: sa dnodesize: auto atime: on # noqa yaml[truthy] snapdir: hidden reservation: 1G refreservation: 10G acltype: posix - dataset: rpool/ROOT state: present refreservation: 10G - dataset: rpool/ROOT/pbs-1 state: present refreservation: 10G acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen # backup-pool - dataset: backup/pbs_data state: present quota: 1TB - dataset: backup/pve5 state: present canmount: off # noqa yaml[truthy] compression: zstd sync: disabled xattr: sa dnodesize: auto atime: on # noqa yaml[truthy] snapdir: hidden reservation: 1G acltype: posix # https:///docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen - dataset: backup/pve5/pve_backup state: present recordsize: 1M - dataset: backup/pve5/videos state: present recordsize: 1M - dataset: backup/pve5/music state: present recordsize: 1M - dataset: backup/pve5/tmp state: present - dataset: backup/pve5/archiv state: present - dataset: backup/pve5/bilder state: present recordsize: 1M - dataset: backup/pve5/scans state: present - dataset: backup/pve5/restic state: present - dataset: backup/pve5/backup state: present - dataset: backup/pve5/buecher state: present - dataset: backup/pve5/programme state: present - dataset: backup/pve5/vm state: absent # todo # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* zfs_extra_arc_max_size: "4294967296" # 4GB in Bytes zfs_extra_zfs_pools: - name: "rpool" systemd_timer_schedule: "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals - name: "backup" systemd_timer_schedule: "*-01,04,07,10-01 23:00" ### mgrote_zfs_sanoid sanoid_snaps_enable: true sanoid_datasets: ### rpool - path: rpool recursive: 'no' snapshots: true template: 'pve3tage' - path: rpool/ROOT recursive: 'no' snapshots: true template: 'pve3tage' - path: rpool/ROOT/pbs-1 recursive: 'no' snapshots: true template: 'pve3tage' ### backup - path: backup/pbs_data recursive: 'no' snapshots: true template: '7tage' - path: 'backup/pve5/videos' template: '14tage' recursive: 'yes' snapshots: true - path: 'backup/pve5/music' template: '14tage' recursive: 'yes' snapshots: true - path: 'backup/pve5/tmp' template: '14tage' recursive: 'yes' snapshots: true - path: 'backup/pve5/pve_backup' template: '14tage' recursive: 'yes' snapshots: true - path: 'backup/pve5/archiv' template: '14tage' recursive: 'yes' snapshots: true - path: backup/pve5/bilder recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' - path: backup/pve5/scans recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' - path: backup/pve5/backup recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' - path: backup/pve5/restic recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' - path: backup/pve5/programme recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' - path: backup/pve5/buecher recursive: 'no' # noqa yaml[truthy] snapshots: true template: '14tage' ### mgrote_rsync rsync_host_role: destination