diff --git a/home.yml b/home.yml index ccf7d2c..94a9583 100644 --- a/home.yml +++ b/home.yml @@ -12,31 +12,31 @@ update_cache: true upgrade: true - - name: Install core admin tools - include_role: - name: core + # - name: Install core admin tools + # include_role: + # name: core - - name: Include user - include_role: - name: "user" - loop: - - "{{ admin }}" - loop_control: - loop_var: user + # - name: Include user + # include_role: + # name: "user" + # loop: + # - "{{ admin }}" + # loop_control: + # loop_var: user - - name: Remove firstboot user - ansible.builtin.user: - name: foo - state: absent - remove: yes + # - name: Remove firstboot user + # ansible.builtin.user: + # name: foo + # state: absent + # remove: yes - - name: Secure ssh - include_role: - name: ssh + # - name: Secure ssh + # include_role: + # name: ssh - name: Set up nfs network shares server - debug: - msg: Todo + include_role: + name: nfs_server - name: Set up samba network shares debug: @@ -81,4 +81,3 @@ - name: Set up collectd include_role: name: collectd - diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml new file mode 100644 index 0000000..9401fdc --- /dev/null +++ b/roles/nfs_server/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for nfs_server +shares: + - mount_point: /media/nfs/default + server: test.lan + export: /test + options: defaults diff --git a/roles/nfs_server/handlers/main.yml b/roles/nfs_server/handlers/main.yml new file mode 100644 index 0000000..3fdc09f --- /dev/null +++ b/roles/nfs_server/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for nfs_server +- name: reload nfs + command: 'exportfs -ra' diff --git a/roles/nfs_server/tasks/debian.yml b/roles/nfs_server/tasks/debian.yml new file mode 100644 index 0000000..8b20bd2 --- /dev/null +++ b/roles/nfs_server/tasks/debian.yml @@ -0,0 +1,7 @@ +--- +- name: Debian - Install nfs + apt: + name: + - nfs-common + - nfs-kernel-server + state: present diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml new file mode 100644 index 0000000..5a61bb0 --- /dev/null +++ b/roles/nfs_server/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# tasks file for nfs_server +- name: Install os-specific packages + include_tasks: "{{ ansible_os_family | lower }}.yml" + +- name: Ensure directories to export exist + file: # noqa 208 + path: "{{ item.src }}" + state: directory + with_items: "{{ nfs_exports }}" + +- name: Copy exports file. + template: + src: exports.j2 + dest: /etc/exports + owner: root + group: root + mode: 0644 + notify: reload nfs + +- name: Ensure nfs is running. + service: "name=nfs-kernel-server state=started enabled=yes" + when: nfs_exports|length diff --git a/roles/nfs_server/templates/exports.j2 b/roles/nfs_server/templates/exports.j2 new file mode 100644 index 0000000..2ac24b4 --- /dev/null +++ b/roles/nfs_server/templates/exports.j2 @@ -0,0 +1,13 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +{% for export in nfs_exports %} +{{ export.src }} {{ export.allowedIP }}({{ export.options }}) +{% endfor %} diff --git a/roles/nfs_server/tests/inventory b/roles/nfs_server/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/nfs_server/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/nfs_server/tests/test.yml b/roles/nfs_server/tests/test.yml new file mode 100644 index 0000000..a0fb5b4 --- /dev/null +++ b/roles/nfs_server/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - nfs_server diff --git a/roles/nfs_server/vars/main.yml b/roles/nfs_server/vars/main.yml new file mode 100644 index 0000000..feb94ea --- /dev/null +++ b/roles/nfs_server/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for nfs_server diff --git a/vars/backup.yml b/vars/backup.yml index 33278be..ed6d92d 100644 --- a/vars/backup.yml +++ b/vars/backup.yml @@ -12,11 +12,6 @@ nfs_shares: server: nas.lan export: /mnt/DocNas/Commun options: defaults,_netdev,rsize=8192,wsize=8192 - - mount_point: /mnt/jails - server: nas.lan - export: /mnt/DocNas/iocage/jails - options: defaults,_netdev,rsize=8192,wsize=8192 - borgmatic_name: on_start borg_source_directories: "{{ nfs_shares | map(attribute='mount_point') }}" diff --git a/vars/home.yml b/vars/home.yml index 896d000..31d983c 100644 --- a/vars/home.yml +++ b/vars/home.yml @@ -3,3 +3,16 @@ collectd_network_server: 192.168.2.240 collectd_network_port: 25826 ssh_publickey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7aeBuq7TC8bRATkXa3QY4icPSz9apd2ZSVfnMZD+ta waha@Combava-2022-03-23" + + #ansible_become_pass: "{{ lookup('passwordstore', 'home/nas/admin')}}" + +nfs_exports: + - src: '/mnt/DocNas/Benjamin' + allowedIP: '192.168.2.0/24' + options: 'rw,sync,no_root_squash' + - src: '/mnt/DocNas/Commun' + allowedIP: '192.168.2.0/24' + options: 'rw,sync,no_root_squash' + - src: '/mnt/DocNas/Margot' + allowedIP: '192.168.2.0/24' + options: 'rw,sync,no_root_squash' diff --git a/vars/nas.yml b/vars/nas.yml index 09f663e..ed97d53 100644 --- a/vars/nas.yml +++ b/vars/nas.yml @@ -1,5 +1 @@ --- -nfs_exports: - - "/media/docNas/commun *(rw,sync,no_root_squash)" - - "/media/docNas/benjamin *(rw,sync,no_root_squash)" - - "/media/docNas/margot *(rw,sync,no_root_squash)"