feat: add garage roles and servers

garage.yml

@@ -0,0 +1,6 @@
+---
+
+- hosts: garageservers
+  diff: true
+  roles:
+    - garage

group_vars/garageservers.yml

@@ -0,0 +1,12 @@
+---
+
+garage_rpc_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32333730663466323761393665316263316565393964323664306633316137333831666239646230
+          3034373435356334313237366130663566353536623732310a653263343538666332333666663661
+          38326633633036633630633166326437383864376665316137336461616665666665343639666462
+          3731646134616562320a356530346166616137643465613636643232376138623436666233613836
+          35393731313835383334313335393462383238343738313539663631356635373032643735623261
+          39663439303466613337376162646131373863666632626638653837386432633339326235376634
+          34303565306134316464363931633933336139323933613133346665313836356634663139353061
+          66386436626362316531

production.yml

@@ -75,6 +75,12 @@ borg_client:
         - /usr/local
       borg_backup_excluded_path:
         - /srv/docker/nupes.social/public
+    garage1.dmz.mateu.be:
+      - /var/lib/private/garage
+
+garageservers:
+  hosts:
+    garage1.dmz.mateu.be:
 
 nut:
   children:
@@ -96,6 +102,9 @@ webservers:
         - sonarr.mateu.be
         - bt.mateu.be
         - btf.mateu.be
+    garage1.dmz.mateu.be:
+      web_hostname:
+        - garage.mateu.be
     web1.dmz.mateu.be:
       web_hostname:
         - fav.libertus.eu

roles/garage/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+garage_version: v0.8.0
+garage_arch: x86_64
+
+garage_replication_mode: 1

roles/garage/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: restart garage
+  systemd:
+    name: garage
+    enabled: true
+    daemon_reload: true
+    state: restarted

roles/garage/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+
+- name: install garage
+  get_url:
+    url: "{{ garage_url }}"
+    dest: "{{ garage_bin }}"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: install garage systemd file
+  template:
+    src: garage.service.j2
+    dest: /etc/systemd/system/garage.service
+
+- name: put garage.toml conf file
+  template:
+    src: garage.toml.j2
+    dest: /etc/garage.toml
+  notify:
+    - restart garage

roles/garage/templates/garage.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Garage Data Store
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
+ExecStart=/usr/local/bin/garage server
+StateDirectory=garage
+DynamicUser=true
+ProtectHome=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target

roles/garage/templates/garage.toml.j2

@@ -0,0 +1,15 @@
+metadata_dir = "/var/lib/garage/meta"
+data_dir = "/var/lib/garage/data"
+db_engine = "lmdb"
+
+replication_mode = "{{ garage_replication_mode }}"
+
+compression_level = 2
+
+rpc_bind_addr = "[::]:3901"
+rpc_public_addr = "{{ ansible_facts['fqdn'] }}:3901"
+rpc_secret = "{{ garage_rpc_secret }}"
+
+[s3_api]
+s3_region = "garage"
+api_bind_addr = "[::1]:3900"

roles/garage/vars/main.yml

@@ -0,0 +1,4 @@
+---
+
+garage_url: "https://garagehq.deuxfleurs.fr/_releases/{{ garage_version }}/{{ garage_arch }}-unknown-linux-musl/garage"
+garage_bin: "/usr/local/bin/garage"

roles/nginx/templates/vhosts/garage.mateu.be.conf.j2

@@ -0,0 +1,16 @@
+server {
+{% include './templates/header.conf.j2' %}
+
+  location / {
+    proxy_pass http://s3_backend;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+    # Disable buffering to a temporary file.
+    proxy_max_temp_file_size 0;
+  }
+}
+
+upstream s3_backend {
+  # If you have a garage instance locally.
+  server [::1]:3900;
+}

site.yml

@@ -21,3 +21,4 @@
 - import_playbook: munin.yml
 - import_playbook: unifi.yml
 - import_playbook: ftp.yml
+- import_playbook: garage.yml