Onboard backup.unruhig.eu
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
2eee8be473
commit
33fd71beee
GPG Key ID:
9164B527694A0709
|
|
@ -13,5 +13,6 @@ labels:
|
|||
- [ ] Add host to ansible inventory
|
||||
- [ ] Add machine ssh-key to Backup Storagebox
|
||||
- [ ] `touch /etc/setup_complete` if no restore is needed
|
||||
- [ ] Update known_hosts `ansible-playbook regenerate-known-hosts.yaml`
|
||||
- [ ] Run `ansible-playbook --tags setup playbook.yaml`
|
||||
- [ ] Update known_hosts `summon ansible-playbook regenerate-known-hosts.yaml`
|
||||
- [ ] Generate new ansible ssh key `summon ansible-playbook --inventory=inventory.yaml tasks/create_ssh_keys.yaml`
|
||||
- [ ] Run `summon ansible-playbook --tags setup playbook.yaml`
|
||||
|
|
|
|||
|
|
@ -20,6 +20,11 @@ all:
|
|||
network_interface: ens3
|
||||
network_ipv6_addr: "2a03:4000:9:176::1"
|
||||
wg_addr: 10.1.0.4
|
||||
backup.unruhig.eu:
|
||||
ansible_user: core
|
||||
network_interface: ens3
|
||||
network_ipv6_addr: "2a03:4000:56:e17::1"
|
||||
wg_addr: 10.1.0.5
|
||||
# localhost:
|
||||
# ansible_interpreter_python: ./ENV/bin/python
|
||||
# ansible_connection: local
|
||||
|
|
@ -46,3 +51,4 @@ all:
|
|||
host.nc.chaoswg.org: null
|
||||
mon1.hel1.chaoswg.org: null
|
||||
infra.unruhig.eu: null
|
||||
backup.unruhig.eu: null
|
||||
|
|
|
|||
|
|
@ -1,9 +1,11 @@
|
|||
backup.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxa8vbJ70oM2PlEKegPu3/SUO7oXz2lM6PvR74Ad+RYjjAQZr/j3WMpeDn15ugexlYmYoHgxgeT0xA6E/ZAM/0=
|
||||
backup.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlm4q3UBK2ChZCujrc9nv45tnntj6E+80UOOzZ6EEFWeUkJ0R+o4z4bnLsWBfFxfwgMDUvFCUCuS7R7xo2pE6vlRhPeD6eTitqNmRMfgmMZLJCdWD5eechg2FNSIht+wB61KEwMBuARXX45nmvIknWiRBK0qAGMLgy46hAx60hf/2uzSuyF6cxQdRqH7TNKZ/06aC7fCo9MCvHbiWvOSKbRx+jYSw8L27DW8WbPTqTGhywidij3nQEjwCFof/IN/hdp7NLpF/8qAoxW9iLWHh7ghESSwHxDF+QC1NjyA1g9QvyX+4p/hzR71wvQ2OVT/R9qx45jJiEi4dVQtsPGbcMzY9gQNbzyzl898cvnp2OuS50kGxuJZaJLMOj2UClbpW+lTrrkKvBZKkAF85v+C6Xcx/waY01eH0PaDBpoo40Y+vS9nWLmnKcvz5iDC6DVL8gUyDxuQj6/qMQuVsr5GL7GnvqIF/jjz6rNqES5Lr88c18ZyWeaupAHNnSgxaGV8=
|
||||
host.nc.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE+xbsYUu5fNjUZuJMER9VMx7aPCPCVcZvBpnNjxySRrkUSOgLV6n2IYj+aTfrxT3sCJFzkXzNS8R25Fyqw53WE=
|
||||
host.nc.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfZWpJz8JiM6F5zXcUg9K7OsCx0UbrK4z9sijpmUn3F
|
||||
host.nc.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiVZ57grUnL7JNyUTlU2LVVCS5cfC4dasBGvdQDlN36VNGxo3HDzu9ppichlXUO2KNT5J86sgh6o9KeAmu/mqIasNm2JQC+FIRc1xKQU1xufLVHm9LZqUfk18olHm8tTIxE3yOpcPYJRRlBe+l66OYary9huJfQZPvHik5umQ4fWg+l1VBd8p6IMOQHNA8AyGlb/VKg79c1Qk9fxzKxqkSAc0LCIwrNPSQNF8BzjiBXaw1AuHwvPDmMFjb3cFv4I8GwNSH/A1xRHXg2ymqE818A9eXim/RHDHNiyEf7HPC0kuT95x5ii9pd8WRqa5GXULSHMz1vajAMtgfnGawz8pvY+MnfOFqF2i5WLcaPSqK9IdFst6lFp2ThBCAijW2Wa8o8gQeazr3twhC9Dd5C3+HkNq2MpEYM8ck0yZUFhAkRPUc3laX+8y9KsiqDMbfg1aErEbrezlSb6h19oWVAhFy+d8xVUX53a/9C9uF3P8hFwy4o76lTHVwmB8rTD8DXT8=
|
||||
infra.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcuxMyUl5L/gs1+hqrtz1ywzWo4DiuwUGaPyMgCSZbReAFZ6LVmmMwllKJyF6IhEDhvMckNxraMtLQHLA7kyDY=
|
||||
infra.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAdD0VzFKRzUJ9lZQ7viRY3jJKB6LTUdLintKDHzvdjG
|
||||
infra.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0l2SDWE+RROnCgR2kIWr58ozcSHfS0jKH90Lr+w5Gd6ddiz1oRPPlTA3drQb6LRQo+TfPxeajzJdpxXHDKOtD6C7aSg0YbXAWu9D2t5PwAlCLfslpD7W3O6NKjfuT7rgtp+W15CYhWGOMxJZt0EORZFvpV9kf5XFADRJymay9MEU7LL4HDoEO0chqsodW1aYZMcZxSwPh4XmKEpS6fraCUMulsmkka4RtVysOhl/qvOWut+KckERKMg2RFLPpfqRUAG6oZbRLksni7TYPULJqaucHUmtiK2RP4D4woISz4orC5cIbDOpZP7lcovFSVlD2rbSiLbCfjIt8pQVShFnDEOZkRGyhS9/0F4/vFQXhX/zpCasUlIL+TpCUBUfX5d0QX7/yBQPogMQDo4sxXe5Eq3eR2Qgv61yrxQpbkWQHb/7WFCBorlroD6YWp1aR0VkJ9s31TjPhSVAoVRVbKUh65QgiAXh6VUbw22+AyVZ9hHYobSrYItoULNPBNtxoRVk=
|
||||
infra.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGpspDDbmZt71/g8R4K+jn3A4n7z+8lO3unv8Pm8xLKhr3mDD0MErbRrP/ucYtsBRauMc+IOmBsDtM2Ayp/0zio=
|
||||
infra.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dLUAnoazcq9Tl2zeLP0Ed8QlMs6226raruQhP/0y8
|
||||
infra.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0cOVaDYrycZ89VpBoysO2f5ihYGpz4Fxw2tpOSW16JztwGA7mksI9sSJUus69RtsFwgzxW9XNfKA1V63yVc5lE2f8PJg4zTTLtHRJk6V6mjWgIKQV6Ro9lxVW1g+bxVnRmkC2JC7OPE/k4qQcVKF7JMsCD8oG6uV4ghGaisDBifmixyGAwtsJ+Ev9M92HvWLvRRVLgMXozLgWfJUZJvz4p/xgKqrfS1WmjCRRqQT+FeI3BqWoA6l1jgY5xa/qeie5SYEClEp3K30wfI9bLBCSZiKYOHBnhrWtPcNw8z0G2pdLIbWpH6nM78nZ60UiK5yHjbR4XcxDxaZ695SKolyOjDazkt8yjuLM2kz//C+Tj/+1/rrUkEn8bT6zdJmmFzz++d+o6sYAPczcsmc40rs9+DHp7lFcgv7/RSVryXkdK71plhb4Uj/xpf2VlriiUe8+FzxMHu8NH5B3NlZAKLyhEQVPIHxsY0/7MjKdF2igGNgJZ7UA8BNYfTZ+9+Wx7cs=
|
||||
mon1.hel1.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGUIZFzyXd6QAA4Xn+SikYIdfZ+c2R4aFXCY6/Gh2oZGjpq4xtHLw7AFyadnC1UGVNNINNJY1FLfgbavIkeh6M=
|
||||
mon1.hel1.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsSgW6MyvR0YJWn61UZLG8hgj/ewvlRqiHIZDAkYDtV
|
||||
mon1.hel1.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl6bzWEhtuyKLLOUjRv0mxkmzpnjGzzdkc2DFZU+ueiMG4cTxCpwO5cXOST8RXC5WU49HtEpW0ZX4oCWxdEKhFeUXpij1Ins9Hvx31nHMot7sTLa745QcR0feQGYFl9DXfK1OADvstzWBL4n/UO70psK2Ir6aoBV1CM18w2Gk+DVSh5coLsMRczPczzG08ALIvhWa/1l3ObX7tULjs2y5Pf0F6Ukns8wcfxarUfUihdgnRwHdyc4yxaLHBvizAs3bl1G7zXdOh4SMOjw219J1ORbO/+n9fTSwhs78jU0IQCSZgI86Tp+EaLk+6RmA9SIGhI0+s3qk6UfwqMFM6VPxbiCUMbUeAhGcOo8UD3PMlLeTHWBwADHl2ee/mUmXBUh6Smyr9YlpbSCfcTNgXX2enkByidIgy+tEhJzaTub9vFRt8q0nj7fEimqQ63NecMzMZXPTGxnCma5Y3/TSLeBPE1aUNLGea6MFwUevCamdn9qB/KTAmMoyRTRR8pREsdfs=
|
||||
|
|
|
|||
|
|
@ -4,3 +4,4 @@ SSH_KEY_thonkpad_ka_chaoswg_org: !var:file machine/thonkpad.ka.chaoswg.org/ssh_k
|
|||
SSH_KEY_host_nc_chaoswg_org: !var:file machine/host.nc.chaoswg.org/ssh_key
|
||||
SSH_KEY_mon1_hel1_chaoswg_org: !var:file machine/mon1.hel1.chaoswg.org/ssh_key
|
||||
SSH_KEY_infra_unruhig_eu: !var:file machine/infra.unruhig.eu/ssh_key
|
||||
SSH_KEY_backup_unruhig_eu: !var:file machine/backup.unruhig.eu/ssh_key
|
||||
|
|
|
|||
|
|
@ -0,0 +1,115 @@
|
|||
---
|
||||
variant: fcos
|
||||
version: 1.4.0
|
||||
systemd:
|
||||
units:
|
||||
# Installing vim as a layered package with rpm-ostree
|
||||
- name: rpm-ostree-install-pkg.service
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Layer packages with rpm-ostree
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
# We run before `zincati.service` to avoid conflicting rpm-ostree
|
||||
# transactions.
|
||||
Before=zincati.service
|
||||
# Otherwise vagrant will try to run the playbook before we got python
|
||||
Before=sshd.service
|
||||
ConditionPathExists=!/var/lib/%N.stamp
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
# `--allow-inactive` ensures that rpm-ostree does not return an error
|
||||
# if the package is already installed. This is useful if the package is
|
||||
# added to the root image in a future Fedora CoreOS release as it will
|
||||
# prevent the service from failing.
|
||||
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
|
||||
ExecStart=/bin/touch /var/lib/%N.stamp
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
# Make sure docker is actually starting without a call to the socket.
|
||||
- name: docker.service
|
||||
enabled: true
|
||||
- name: borgbackup.service
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Run Backup of /var/lib/docker
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/bash /root/backup.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- name: borgbackup.timer
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Daily backup
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
storage:
|
||||
disks:
|
||||
- device: /dev/disk/by-id/coreos-boot-disk
|
||||
wipe_table: false
|
||||
partitions:
|
||||
- number: 4
|
||||
label: root
|
||||
size_mib: 4096
|
||||
resize: true
|
||||
- label: swap
|
||||
size_mib: 3072
|
||||
- label: var # not specifying "number", so this will go after the root partition
|
||||
size_mib: 0 # means "use the rest of the space on the disk"
|
||||
filesystems:
|
||||
- path: /var
|
||||
device: /dev/disk/by-partlabel/var
|
||||
format: xfs
|
||||
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
|
||||
with_mount_unit: true # mount this filesystem in the real root
|
||||
- device: /dev/disk/by-partlabel/swap
|
||||
format: swap
|
||||
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
|
||||
with_mount_unit: true # mount this filesystem in the real root
|
||||
files:
|
||||
# Set vim as default editor
|
||||
# We use `zz-` as prefix to make sure this is processed last in order to
|
||||
# override any previously set defaults.
|
||||
- path: /etc/profile.d/zz-default-editor.sh
|
||||
overwrite: true
|
||||
contents:
|
||||
inline: |
|
||||
export EDITOR=vim
|
||||
- path: /etc/hostname
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: backup.unruhig.eu
|
||||
- path: /etc/zincati/config.d/55-updates-strategy.toml
|
||||
contents:
|
||||
inline: |
|
||||
[updates]
|
||||
strategy = "periodic"
|
||||
[[updates.periodic.window]]
|
||||
days = [ "Tue" ]
|
||||
start_time = "12:00"
|
||||
length_minutes = 60
|
||||
links:
|
||||
- path: /etc/localtime
|
||||
target: /usr/share/zoneinfo/Europe/Berlin
|
||||
passwd:
|
||||
users:
|
||||
- name: core
|
||||
groups:
|
||||
- docker
|
||||
ssh_authorized_keys:
|
||||
- ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL72XuF23TEDahZtoYsOXGVc9HDuuUeVJI5EjD5Y8JJoIN5wOQdDUg92cde4pcMCgQUzjDTg7hzjxb3117ElzIM+A3yhNEoEYJksPHkiXuTgR6ZTSnLM9OhGa80+qtV09g== openpgp:0x694A0709
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
|
||||
...
|
||||
# vim: ft=yaml.butane
|
||||
|
|
@ -7,6 +7,8 @@ module "dns-unruhig-eu" {
|
|||
records = [
|
||||
{ type = "A", name = "infra", value = "37.221.198.143" },
|
||||
{ type = "AAAA", name = "infra", value = "2a03:4000:9:176::1" },
|
||||
{ type = "A", name = "backup", value = "202.61.225.46" },
|
||||
{ type = "AAAA", name = "backup", value = "2a03:4000:56:e17::1" },
|
||||
{ type = "CNAME", name = "@", value = "web.tobiasmanske.de" },
|
||||
{ type = "CNAME", name = "www", value = "unruhig.eu" },
|
||||
{ type = "CNAME", name = "s3", value = "web.tobiasmanske.de" },
|
||||
|
|
|
|||
Loading…
Reference in New Issue