diff --git a/group_vars/nas/vars.yml b/group_vars/nas/vars.yml index 2e0ae05..abc0340 100644 --- a/group_vars/nas/vars.yml +++ b/group_vars/nas/vars.yml @@ -1,8 +1,13 @@ raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978' + lambroek_password: "{{ vault_lambroek_password }}" + s3_access_key_id: "{{ vault_s3_access_key_id }}" s3_secret_access_key: "{{ vault_s3_secret_access_key }}" rclone_obf_pass: "{{ vault_rclone_obf_pass }}" rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}" + lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6' lander_api_key: "{{ vault_lander_api_key }}" + +restic_rest_version: '0.12.1' diff --git a/nas.yml b/nas.yml index 60ef4dc..223de91 100644 --- a/nas.yml +++ b/nas.yml @@ -55,3 +55,10 @@ roles: - lander tags: lander + +- name: Install Restic REST server + hosts: nas + become: yes + roles: + - restic-rest + tags: restic-rest diff --git a/roles/mount-nfs/tasks/main.yml b/roles/mount-nfs/tasks/main.yml deleted file mode 100644 index f5edcef..0000000 --- a/roles/mount-nfs/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Install NFS client. - apt: - name: nfs-common - state: present - -- name: Mount NFS share. - ansible.posix.mount: - src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data - path: /mnt/data - fstype: nfs4 - opts: defaults,user,exec - state: mounted diff --git a/roles/restic-rest/files/restic-rest-server.service b/roles/restic-rest/files/restic-rest-server.service new file mode 100644 index 0000000..4b071a6 --- /dev/null +++ b/roles/restic-rest/files/restic-rest-server.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restic REST server +After=network.target network-online.target +Requires=network-online.target + +[Service] +Type=exec +User=restic +Group=restic +ExecStart=/usr/local/bin/restic-rest-server --path /mnt/data1/restic-rest --no-auth +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/restic-rest/tasks/main.yml b/roles/restic-rest/tasks/main.yml new file mode 100644 index 0000000..9f1ea7d --- /dev/null +++ b/roles/restic-rest/tasks/main.yml @@ -0,0 +1,69 @@ +--- +- name: Ensure download directory is present + ansible.builtin.file: + path: "/home/debian/restic-rest-{{ restic_rest_version }}" + state: directory + mode: '0755' + +- name: Ensure binary is downloaded + ansible.builtin.unarchive: + src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64.tar.gz" + remote_src: true + dest: "/home/debian/restic-rest-{{ restic_rest_version }}" + creates: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server" + include: + - "rest-server_{{ restic_rest_version }}_linux_arm64/rest-server" + register: res + +- name: Ensure binary is copied to correct location + ansible.builtin.copy: + src: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server" + remote_src: true + dest: '/usr/local/bin/restic-rest-server' + owner: 'root' + group: 'root' + mode: '0755' + when: 'res.changed' + +- name: Ensure system group exists + ansible.builtin.group: + name: 'restic' + gid: 202 + system: true + state: present + +- name: Ensure system user exists + ansible.builtin.user: + name: 'restic' + group: 'restic' + uid: 202 + system: true + create_home: false + +- name: Ensure data directory is present + ansible.builtin.file: + path: '/mnt/data1/restic-rest' + state: directory + mode: '0755' + owner: 'restic' + group: 'restic' + +- name: Ensure service file is present + ansible.builtin.copy: + src: 'restic-rest-server.service' + dest: '/lib/systemd/system/restic-rest-server.service' + owner: 'root' + group: 'root' + mode: '0644' + register: res + +- name: systemd-reload + ansible.builtin.systemd_service: + daemon_reload: true + when: 'res.changed' + +- name: Ensure service is enabled + ansible.builtin.service: + name: 'restic-rest-server' + state: started + enabled: true