🚀: new NAS

roles/munin_client/tasks/main.yml

@@ -111,6 +111,10 @@
   ansible.builtin.include_tasks: hypervisors.yml
   when: "'hypervisors' in group_names"
 
+# - name: Execute specific ZFS commands
+#   ansible.builtin.include_tasks: zfs.yml
+#   when: "'zfsservers' in group_names"
+
 # Specific LXC commands
 - name: Execute specific LXC commands
   ansible.builtin.include_tasks: lxc.yml
@@ -119,7 +123,7 @@
 # Specific garage commands
 - name: Execute specific garage commands
   ansible.builtin.include_tasks: garage.yml
-  when: "'garage1' in inventory_hostname"
+  when: "'garageservers' in group_names"
 
 # Specific nsd commands
 - name: Execute specific nsd commands

roles/nfs/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Restart NFS
+  ansible.builtin.service:
+    name: nfs-server
+    enabled: true
+    state: restarted

roles/nfs/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Install NFS
+  ansible.builtin.package:
+    name: nfs-kernel-server
+    state: present
+
+- name: Export FS
+  ansible.builtin.template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: "0o640"
+  notify: Restart NFS
+
+- name: Ensure NFS is started & enabled
+  ansible.builtin.service:
+    name: nfs-server
+    state: started
+    enabled: true

roles/nfs/templates/exports.j2

@@ -0,0 +1,4 @@
+"/mnt/tank/nfs"\
+	*(sec=sys,rw,insecure,no_subtree_check)
+"/mnt/tank/proxmox"\
+	10.233.212.59(sec=sys,rw,insecure,no_subtree_check)

roles/restic/defaults/main.yml

@@ -1,11 +1,4 @@
 ---
-restic_path: "/usr/local/bin/restic"
-restic_script_path: "/usr/local/bin/resticbackup.sh"
-restic_cache_dir: ""
-
-# use in cases when cron is not available
-restic_external_scheduler: false
-
 restic_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           62333166623737363731663766353330633335306532306366356536376232396664376430613434
@@ -17,4 +10,3 @@ restic_backup_path: ["/srv", "/home", "/etc"]
 restic_backup_excluded_path: ["/srv/NOBACKUP"]
 restic_backup_hour: 6
 restic_backup_minute: 0
-restic_exe_group: "root"

roles/restic/tasks/install.yml

@@ -16,13 +16,4 @@
     path: "{{ restic_path }}"
     mode: "0o755"
     owner: root
-    group: "{{ restic_exe_group }}"
-
-- name: Create cache dir
-  ansible.builtin.file:
-    name: "{{ restic_cache_dir }}"
-    state: directory
-    owner: root
-    group: "{{ restic_exe_group }}"
-    mode: "0o700"
-  when: restic_cache_dir | length > 0
+    group: root

roles/restic/tasks/main.yml

@@ -8,7 +8,7 @@
     src: resticbackup.sh.j2
     dest: "{{ restic_script_path }}"
     owner: root
-    group: "{{ restic_exe_group }}"
+    group: root
     mode: "0o750"
 
 - name: Cron backup script

roles/restic/templates/resticbackup.sh.j2

@@ -7,7 +7,7 @@ export AWS_ACCESS_KEY_ID="{{ restic_aws_access_key_id }}"
 export AWS_SECRET_ACCESS_KEY="{{ restic_aws_secret_access_key }}"
 
 ## lancement de la sauvegarde
-{{ restic_path }} backup {% if restic_cache_dir | length > 0 %}--cache-dir {{ restic_cache_dir }}{% endif %} --exclude-caches {% for i in restic_backup_excluded_path %} -e {{ i }} {% endfor %} {% for i in restic_backup_path %}{{ i }} {% endfor %}
+{{ restic_path }} backup --exclude-caches {% for i in restic_backup_excluded_path %} -e {{ i }} {% endfor %} {% for i in restic_backup_path %}{{ i }} {% endfor %}
 
 ## récupération de l'espace
 {{ restic_path }} forget --prune -d 7 -w 4 -m 3 -y 1

roles/restic/vars/main.yml

@@ -1,4 +1,6 @@
 ---
+restic_path: "/usr/local/bin/restic"
+restic_script_path: "/usr/local/bin/resticbackup.sh"
 restic_version: "0.17.1"
 restic_architecture: "amd64"
 restic_system: "{{ ansible_facts['system'] | lower }}"

roles/spamassassin/files/local.cf

@@ -7,6 +7,9 @@ ok_locales      fr
 score   UNWANTED_LANGUAGE_BODY  5
 score	HTML_IMAGE_RATIO_02		3
 
+rawbody		LOCAL_partenaire_HM		/partenaire HM/i
+score		LOCAL_partenaire_HM		20.0
+
 rawbody		LOCAL_Cbd_Gummies	/Cbd Gummies/i
 score		LOCAL_Cbd_Gummies	20.0
 
@@ -265,6 +268,7 @@ whitelist_from *@chichiclothing.com
 whitelist_from dmarcreport@microsoft.com
 
 # Blacklist manuel
+blacklist_from *@supportprogram.fr
 blacklist_from *@spotly.jp
 blacklist_from *@itstales.de
 blacklist_from *@*.store

roles/webapps/tasks/freshrss.yml

@@ -13,7 +13,8 @@
     mode: "0o644"
 
 - name: Enable FreshRSS timer
-  ansible.builtin.service:
-    name: freshrss
+  ansible.builtin.systemd_service:
+    name: freshrss.timer
+    daemon_reload: true
     enabled: true
     state: started

roles/zfs/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Install Backports
+  ansible.builtin.template:
+    src: "backports.list.j2"
+    dest: "/etc/apt/sources.list.d/{{ ansible_distribution_release }}-backports.list"
+    owner: root
+    group: root
+    mode: "0o640"
+
+- name: Pin ZFS
+  ansible.builtin.template:
+    src: "90_zfs.j2"
+    dest: "/etc/apt/preferences.d/90_zfs"
+    owner: root
+    group: root
+    mode: "0o640"
+
+- name: Install ZFS
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop:
+    - dpkg-dev
+    - linux-headers-generic
+    - linux-image-generic
+    - zfs-dkms
+    - zfsutils-linux

roles/zfs/templates/90_zfs.j2

@@ -0,0 +1,3 @@
+Package: src:zfs-linux
+Pin: release n={{ ansible_distribution_release }}-backports
+Pin-Priority: 990

roles/zfs/templates/backports.list.j2

@@ -0,0 +1,2 @@
+deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main contrib
+deb-src http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main contrib