Feat: add network share to nas

This commit is contained in:
Bertrand Benjamin 2022-06-02 15:31:12 +02:00
parent 8f96cf6028
commit 9221790ca0
12 changed files with 96 additions and 30 deletions

View File

@ -12,31 +12,31 @@
update_cache: true
upgrade: true
- name: Install core admin tools
include_role:
name: core
# - name: Install core admin tools
# include_role:
# name: core
- name: Include user
include_role:
name: "user"
loop:
- "{{ admin }}"
loop_control:
loop_var: user
# - name: Include user
# include_role:
# name: "user"
# loop:
# - "{{ admin }}"
# loop_control:
# loop_var: user
- name: Remove firstboot user
ansible.builtin.user:
name: foo
state: absent
remove: yes
# - name: Remove firstboot user
# ansible.builtin.user:
# name: foo
# state: absent
# remove: yes
- name: Secure ssh
include_role:
name: ssh
# - name: Secure ssh
# include_role:
# name: ssh
- name: Set up nfs network shares server
debug:
msg: Todo
include_role:
name: nfs_server
- name: Set up samba network shares
debug:
@ -81,4 +81,3 @@
- name: Set up collectd
include_role:
name: collectd

View File

@ -0,0 +1,7 @@
---
# defaults file for nfs_server
shares:
- mount_point: /media/nfs/default
server: test.lan
export: /test
options: defaults

View File

@ -0,0 +1,4 @@
---
# handlers file for nfs_server
- name: reload nfs
command: 'exportfs -ra'

View File

@ -0,0 +1,7 @@
---
- name: Debian - Install nfs
apt:
name:
- nfs-common
- nfs-kernel-server
state: present

View File

@ -0,0 +1,23 @@
---
# tasks file for nfs_server
- name: Install os-specific packages
include_tasks: "{{ ansible_os_family | lower }}.yml"
- name: Ensure directories to export exist
file: # noqa 208
path: "{{ item.src }}"
state: directory
with_items: "{{ nfs_exports }}"
- name: Copy exports file.
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: reload nfs
- name: Ensure nfs is running.
service: "name=nfs-kernel-server state=started enabled=yes"
when: nfs_exports|length

View File

@ -0,0 +1,13 @@
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% for export in nfs_exports %}
{{ export.src }} {{ export.allowedIP }}({{ export.options }})
{% endfor %}

View File

@ -0,0 +1,2 @@
localhost

View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- nfs_server

View File

@ -0,0 +1,2 @@
---
# vars file for nfs_server

View File

@ -12,11 +12,6 @@ nfs_shares:
server: nas.lan
export: /mnt/DocNas/Commun
options: defaults,_netdev,rsize=8192,wsize=8192
- mount_point: /mnt/jails
server: nas.lan
export: /mnt/DocNas/iocage/jails
options: defaults,_netdev,rsize=8192,wsize=8192
borgmatic_name: on_start
borg_source_directories: "{{ nfs_shares | map(attribute='mount_point') }}"

View File

@ -3,3 +3,16 @@ collectd_network_server: 192.168.2.240
collectd_network_port: 25826
ssh_publickey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7aeBuq7TC8bRATkXa3QY4icPSz9apd2ZSVfnMZD+ta waha@Combava-2022-03-23"
#ansible_become_pass: "{{ lookup('passwordstore', 'home/nas/admin')}}"
nfs_exports:
- src: '/mnt/DocNas/Benjamin'
allowedIP: '192.168.2.0/24'
options: 'rw,sync,no_root_squash'
- src: '/mnt/DocNas/Commun'
allowedIP: '192.168.2.0/24'
options: 'rw,sync,no_root_squash'
- src: '/mnt/DocNas/Margot'
allowedIP: '192.168.2.0/24'
options: 'rw,sync,no_root_squash'

View File

@ -1,5 +1 @@
---
nfs_exports:
- "/media/docNas/commun *(rw,sync,no_root_squash)"
- "/media/docNas/benjamin *(rw,sync,no_root_squash)"
- "/media/docNas/margot *(rw,sync,no_root_squash)"