From 2eda1a3bd16665117a4a9194f90e243568faae29 Mon Sep 17 00:00:00 2001 From: VC Date: Fri, 5 Jul 2024 11:53:28 +0200 Subject: [PATCH] feat: add garage roles and servers --- garage.yml | 6 ++++++ group_vars/garageservers.yml | 12 +++++++++++ production.yml | 9 ++++++++ roles/garage/defaults/main.yml | 6 ++++++ roles/garage/handlers/main.yml | 8 +++++++ roles/garage/tasks/main.yml | 21 +++++++++++++++++++ roles/garage/templates/garage.service.j2 | 15 +++++++++++++ roles/garage/templates/garage.toml.j2 | 15 +++++++++++++ roles/garage/vars/main.yml | 4 ++++ .../templates/vhosts/garage.mateu.be.conf.j2 | 16 ++++++++++++++ site.yml | 1 + 11 files changed, 113 insertions(+) create mode 100644 garage.yml create mode 100644 group_vars/garageservers.yml create mode 100644 roles/garage/defaults/main.yml create mode 100644 roles/garage/handlers/main.yml create mode 100644 roles/garage/tasks/main.yml create mode 100644 roles/garage/templates/garage.service.j2 create mode 100644 roles/garage/templates/garage.toml.j2 create mode 100644 roles/garage/vars/main.yml create mode 100644 roles/nginx/templates/vhosts/garage.mateu.be.conf.j2 diff --git a/garage.yml b/garage.yml new file mode 100644 index 0000000..5d2973a --- /dev/null +++ b/garage.yml @@ -0,0 +1,6 @@ +--- + +- hosts: garageservers + diff: true + roles: + - garage diff --git a/group_vars/garageservers.yml b/group_vars/garageservers.yml new file mode 100644 index 0000000..926b6e3 --- /dev/null +++ b/group_vars/garageservers.yml @@ -0,0 +1,12 @@ +--- + +garage_rpc_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32333730663466323761393665316263316565393964323664306633316137333831666239646230 + 3034373435356334313237366130663566353536623732310a653263343538666332333666663661 + 38326633633036633630633166326437383864376665316137336461616665666665343639666462 + 3731646134616562320a356530346166616137643465613636643232376138623436666233613836 + 35393731313835383334313335393462383238343738313539663631356635373032643735623261 + 39663439303466613337376162646131373863666632626638653837386432633339326235376634 + 34303565306134316464363931633933336139323933613133346665313836356634663139353061 + 66386436626362316531 diff --git a/production.yml b/production.yml index 909d63e..3e3f970 100644 --- a/production.yml +++ b/production.yml @@ -75,6 +75,12 @@ borg_client: - /usr/local borg_backup_excluded_path: - /srv/docker/nupes.social/public + garage1.dmz.mateu.be: + - /var/lib/private/garage + +garageservers: + hosts: + garage1.dmz.mateu.be: nut: children: @@ -96,6 +102,9 @@ webservers: - sonarr.mateu.be - bt.mateu.be - btf.mateu.be + garage1.dmz.mateu.be: + web_hostname: + - garage.mateu.be web1.dmz.mateu.be: web_hostname: - fav.libertus.eu diff --git a/roles/garage/defaults/main.yml b/roles/garage/defaults/main.yml new file mode 100644 index 0000000..13cfdea --- /dev/null +++ b/roles/garage/defaults/main.yml @@ -0,0 +1,6 @@ +--- + +garage_version: v0.8.0 +garage_arch: x86_64 + +garage_replication_mode: 1 diff --git a/roles/garage/handlers/main.yml b/roles/garage/handlers/main.yml new file mode 100644 index 0000000..624a75f --- /dev/null +++ b/roles/garage/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: restart garage + systemd: + name: garage + enabled: true + daemon_reload: true + state: restarted diff --git a/roles/garage/tasks/main.yml b/roles/garage/tasks/main.yml new file mode 100644 index 0000000..35c5947 --- /dev/null +++ b/roles/garage/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: install garage + get_url: + url: "{{ garage_url }}" + dest: "{{ garage_bin }}" + owner: root + group: root + mode: 0755 + +- name: install garage systemd file + template: + src: garage.service.j2 + dest: /etc/systemd/system/garage.service + +- name: put garage.toml conf file + template: + src: garage.toml.j2 + dest: /etc/garage.toml + notify: + - restart garage diff --git a/roles/garage/templates/garage.service.j2 b/roles/garage/templates/garage.service.j2 new file mode 100644 index 0000000..ce7ac48 --- /dev/null +++ b/roles/garage/templates/garage.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Garage Data Store +After=network-online.target +Wants=network-online.target + +[Service] +Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1' +ExecStart=/usr/local/bin/garage server +StateDirectory=garage +DynamicUser=true +ProtectHome=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/garage/templates/garage.toml.j2 b/roles/garage/templates/garage.toml.j2 new file mode 100644 index 0000000..f70516d --- /dev/null +++ b/roles/garage/templates/garage.toml.j2 @@ -0,0 +1,15 @@ +metadata_dir = "/var/lib/garage/meta" +data_dir = "/var/lib/garage/data" +db_engine = "lmdb" + +replication_mode = "{{ garage_replication_mode }}" + +compression_level = 2 + +rpc_bind_addr = "[::]:3901" +rpc_public_addr = "{{ ansible_facts['fqdn'] }}:3901" +rpc_secret = "{{ garage_rpc_secret }}" + +[s3_api] +s3_region = "garage" +api_bind_addr = "[::1]:3900" diff --git a/roles/garage/vars/main.yml b/roles/garage/vars/main.yml new file mode 100644 index 0000000..ba3f53d --- /dev/null +++ b/roles/garage/vars/main.yml @@ -0,0 +1,4 @@ +--- + +garage_url: "https://garagehq.deuxfleurs.fr/_releases/{{ garage_version }}/{{ garage_arch }}-unknown-linux-musl/garage" +garage_bin: "/usr/local/bin/garage" diff --git a/roles/nginx/templates/vhosts/garage.mateu.be.conf.j2 b/roles/nginx/templates/vhosts/garage.mateu.be.conf.j2 new file mode 100644 index 0000000..948e661 --- /dev/null +++ b/roles/nginx/templates/vhosts/garage.mateu.be.conf.j2 @@ -0,0 +1,16 @@ +server { +{% include './templates/header.conf.j2' %} + + location / { + proxy_pass http://s3_backend; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + # Disable buffering to a temporary file. + proxy_max_temp_file_size 0; + } +} + +upstream s3_backend { + # If you have a garage instance locally. + server [::1]:3900; +} diff --git a/site.yml b/site.yml index 964381a..4df14e1 100644 --- a/site.yml +++ b/site.yml @@ -21,3 +21,4 @@ - import_playbook: munin.yml - import_playbook: unifi.yml - import_playbook: ftp.yml +- import_playbook: garage.yml