# noqa yaml[truthy]---
# rpool ist unverschlüsselt als Boot-Medium
# der Speicherort fur die VMs ist verschlüsselt
# zfs create -o encryption=aes-256-gcm -o keyformat=passphrase rpool/vm
# entschlüsseln nach Boot mit: sudo zpool import -d /dev/disk/by-id/ -a && sudo zfs mount -a -l
## hdd_data
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data mirror /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A27KFJDH /dev/disk/by-id/ata-ST18000NM003D-3DL103_ZVTBSAYS
## hdd_data "neu"
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data /dev/disk/by-id/ata-ST18000NM003D-3DL103_ZVTBSAYS
# mgrote.zfs_manage_datasets
### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets
- dataset: rpool
state: present
compression: zstd
sync: disabled
xattr: sa
dnodesize: auto
atime: on # noqa yaml[truthy]
snapdir: hidden
reservation: 1G
refreservation: 10G
acltype: posix
- dataset: rpool/ROOT
state: present
refreservation: 10G
- dataset: rpool/ROOT/pve-1
state: present
refreservation: 10G
acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
# rpool - Data
- dataset: rpool/data
state: present
# rpool - VMs
- dataset: rpool/vm
state: present
- dataset: rpool/vm/zvol
state: present
- dataset: rpool/vm/lxc
state: present
- dataset: rpool/data
state: present
# hdd_data
- dataset: hdd_data
state: present
compression: zstd
sync: disabled
xattr: sa
dnodesize: auto
atime: on # noqa yaml[truthy]
snapdir: hidden
reservation: 1G
acltype: posix # https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user ; sonst kann die dotfiles-Rolle kein setfacl machen
- dataset: hdd_data/papa_backup
state: present
- dataset: hdd_data/pve_backup
state: present
recordsize: 1M
- dataset: hdd_data/videos
state: present
recordsize: 1M
- dataset: hdd_data/music
state: present
recordsize: 1M
- dataset: hdd_data/tmp
state: present
- dataset: hdd_data/archiv
state: present
- dataset: hdd_data/bilder
state: present
recordsize: 1M
- dataset: hdd_data/scans
state: present
- dataset: hdd_data/restic
state: present
- dataset: hdd_data/backup
state: present
- dataset: hdd_data/buecher
state: present
- dataset: hdd_data/programme
state: present
- dataset: hdd_data/vm
state: present
zfs_extra_arc_max_size: "8589934592" # 8GB in Bytes
zfs_extra_zfs_pools:
- name: "rpool"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" # jeden ersten eines jeden Quartals
- name: "hdd_data"
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote_zfs_sanoid
sanoid_snaps_enable: true
## enable sending snaps
sanoid_syncoid_source_host: true
sanoid_syncoid_ssh_pubkey: "{{ lookup('viczem.keepass.keepass', 'sanoid_syncoid_public_key', 'notes') }}"
sanoid_datasets:
### hdd_data
- path: 'hdd_data/videos'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'hdd_data/music'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'hdd_data/papa_backup'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'hdd_data/tmp'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'hdd_data/pve_backup'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: 'hdd_data/archiv'
template: '14tage'
recursive: 'yes'
snapshots: true
- path: hdd_data/bilder
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: hdd_data/scans
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: hdd_data/backup
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '31tage'
- path: hdd_data/restic
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: hdd_data/programme
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: hdd_data/buecher
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
- path: hdd_data/vm
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: '14tage'
### rpool
- path: rpool
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: 'pve14tage'
- path: rpool/ROOT
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: 'pve14tage'
- path: rpool/ROOT/pve-1
recursive: 'no' # noqa yaml[truthy]
snapshots: true
template: 'pve14tage'
### mgrote_proxmox_bind_mounts
pve_bind_mounts:
### fileserver3
- vmid: 115
mp_nr: 0
mp_path_host: /hdd_data/videos
mp_path_guest: /shares_videos
- vmid: 115
mp_nr: 2
mp_path_host: /hdd_data/pve_backup
mp_path_guest: /shares_pve_backup
- vmid: 115
mp_nr: 3
mp_path_host: /hdd_data/papa_backup
mp_path_guest: /shares_papa_backup
- vmid: 115
mp_nr: 4
mp_path_host: /hdd_data/music
mp_path_guest: /shares_music
- vmid: 115
mp_nr: 5
mp_path_host: /hdd_data/tmp
mp_path_guest: /shares_tmp
- vmid: 115
mp_nr: 6
mp_path_host: /hdd_data/archiv
mp_path_guest: /shares_archiv
- vmid: 115
mp_nr: 7
mp_path_host: /hdd_data/bilder
mp_path_guest: /shares_bilder
- vmid: 115
mp_nr: 9
mp_path_host: /hdd_data/scans
mp_path_guest: /shares_scans
- vmid: 115
mp_nr: 10
mp_path_host: /hdd_data/restic
mp_path_guest: /shares_restic
- vmid: 115
mp_nr: 12
mp_path_host: /hdd_data/backup
mp_path_guest: /shares_backup
- vmid: 115
mp_nr: 14
mp_path_host: /hdd_data/buecher
mp_path_guest: /shares_buecher
- vmid: 115
mp_nr: 15
mp_path_host: /hdd_data/programme
mp_path_guest: /shares_programme
- vmid: 115
mp_nr: 16
mp_path_host: /hdd_data/vm
mp_path_guest: /shares_vm
# mgrote.pbs_pve_integration
pve_pbs_datastore:
- name: pbs
server: pbs.mgrote.net
datastore: zfs_backup
username: user_pve5@pbs
password: "{{ lookup('viczem.keepass.keepass', 'pbs_pve_user', 'password') }}"
fingerprint: "7F:AC:54:75:1C:33:55:84:1E:1E:3A:15:5A:5E:AF:79:33:C9:D4:E1:C0:A0:1C:0D:9E:6A:EA:82:F9:27:57:79"