comparing e7f93585dfda66b5ce5712e0e3e96cfd84d48c91 and main on hyperreal.bsky.moonshadow.dev/ansible-homelab

-18

debian-update.yml

···

       12
        
             ansible.builtin.apt:

     

       13
        
               upgrade: dist

     

       14
        
       

     

       15
       -
           - name: Check if backports are enabled in sources.list

     

       16
       -
             ansible.builtin.lineinfile:

     

       17
       -
               path: /etc/apt/sources.list

     

       18
       -
               regex: "backports"

     

       19
       -
               state: absent

     

       20
       -
             changed_when: false

     

       21
       -
             check_mode: true

     

       22
       -
             register: backports

     

       23
       -
       

     

       24
       -
           - name: Perform a dist-upgrade from Debian backports

     

       25
       -
             ansible.builtin.apt:

     

       26
       -
               default_release: bookworm-backports

     

       27
       -
               update_cache: true

     

       28
       -
               upgrade: dist

     

       29
       -
             when:

     

       30
       -
               - ansible_distribution == 'Debian'

     

       31
       -
               - backports.found == 1

     

       32
       -
       

     

       33
        
           - name: Check if reboot is required

     

       34
        
             ansible.builtin.stat:

     

       35
        
               path: /var/run/reboot-required

···

       12
        
             ansible.builtin.apt:

     

       13
        
               upgrade: dist

     

       14
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       15
        
           - name: Check if reboot is required

     

       16
        
             ansible.builtin.stat:

     

       17
        
               path: /var/run/reboot-required

-8

freebsd-update.yml

···

       1
       -
       ---

     

       2
        
       - hosts: freebsd_servers

     

       3
        
         gather_facts: true

     

       4
        
         become: true

     

       5
       -
       

     

       6
        
         tasks:

     

       7
        
           - name: Update all installed packages

     

       8
        
             community.general.pkgng:

     

       9
        
               name: "*"

     

       10
        
               state: latest

     

       11
       -
       

     

       12
        
           - name: Update the base system

     

       13
        
             ansible.builtin.shell: freebsd-update fetch install --not-running-from-cron

     

       14
       -
       

     

       15
        
           - name: Get currently running FreeBSD kernel version in memory

     

       16
        
             ansible.builtin.shell: freebsd-version -r

     

       17
        
             register: running_kv

     

       18
       -
       

     

       19
        
           - name: Get newly installed kernel version

     

       20
        
             ansible.builtin.shell: freebsd-version -k

     

       21
        
             register: installed_kv

     

       22
       -
       

     

       23
        
           - name: Check for kernel version mismatch

     

       24
        
             set_fact:

     

       25
        
               reboot_required: "{{ running_kv.stdout != installed_kv.stdout }}"

     

       26
       -
       

     

       27
        
           - name: Display reboot status

     

       28
        
             ansible.builtin.debug:

     

       29
        
               msg: "Reboot required: {{ reboot_required }}"

     

       30
       -
       

     

       31
        
           - name: Reboot the FreeBSD server if needed

     

       32
        
             ansible.builtin.reboot:

     

       33
        
               reboot_timeout: 3600

···

       0
        
       
     

       1
        
       - hosts: freebsd_servers

     

       2
        
         gather_facts: true

     

       3
        
         become: true

     

       0
        
       
     

       4
        
         tasks:

     

       5
        
           - name: Update all installed packages

     

       6
        
             community.general.pkgng:

     

       7
        
               name: "*"

     

       8
        
               state: latest

     

       0
        
       
     

       9
        
           - name: Update the base system

     

       10
        
             ansible.builtin.shell: freebsd-update fetch install --not-running-from-cron

     

       0
        
       
     

       11
        
           - name: Get currently running FreeBSD kernel version in memory

     

       12
        
             ansible.builtin.shell: freebsd-version -r

     

       13
        
             register: running_kv

     

       0
        
       
     

       14
        
           - name: Get newly installed kernel version

     

       15
        
             ansible.builtin.shell: freebsd-version -k

     

       16
        
             register: installed_kv

     

       0
        
       
     

       17
        
           - name: Check for kernel version mismatch

     

       18
        
             set_fact:

     

       19
        
               reboot_required: "{{ running_kv.stdout != installed_kv.stdout }}"

     

       0
        
       
     

       20
        
           - name: Display reboot status

     

       21
        
             ansible.builtin.debug:

     

       22
        
               msg: "Reboot required: {{ reboot_required }}"

     

       0
        
       
     

       23
        
           - name: Reboot the FreeBSD server if needed

     

       24
        
             ansible.builtin.reboot:

     

       25
        
               reboot_timeout: 3600

+12 -54

inventory.yml

···

       1
       -
       alma_servers:

     

       2
       -
         hosts:

     

       3
       -
           hyperreal.coffee:

     

       4
       -
             ansible_user: jas

     

       5
       -
             ansible_host: hyperreal.headscale.moonshadow.dev

     

       6
       -
             ansible_python_interpreter: /usr/bin/python3

     

       7
       -
       

     

       8
        
       borgmatic_hosts:

     

       9
        
         hosts:

     

       10
        
           desktop:

     

       11
        
             ansible_user: jas

     

       12
       -
             ansible_host: localhost

     

       13
       -
             ansible_python_interpreter: /usr/bin/python3

     

       14
       -
           hyperreal.coffee:

     

       15
       -
             ansible_user: jas

     

       16
       -
             ansible_host: hyperreal.headscale.moonshadow.dev

     

       17
        
             ansible_python_interpreter: /usr/bin/python3

     

       18
        
           nas:

     

       19
        
             ansible_user: jas

     

       20
       -
             ansible_host: nas.headscale.moonshadow.dev

     

       21
       -
             ansible_python_interpreter: /usr/local/bin/python3

     

       22
       -
           moonshadow:

     

       23
       -
             ansible_user: jas

     

       24
       -
             ansible_host: moonshadow.headscale.moonshadow.dev

     

       25
       -
             ansible_python_interpreter: /usr/local/bin/python3

     

       26
       -
       

     

       27
        
       debian_servers:

     

       28
        
         hosts:

     

       29
       -
           headscale:

     

       30
        
             ansible_user: jas

     

       31
       -
             ansible_host: headscale.headscale.moonshadow.dev

     

       32
       -
             ansible_python_interpreter: /usr/bin/python3

     

       33
       -
           rpi400:

     

       34
       -
             ansible_user: root

     

       35
       -
             ansible_host: rpi400.headscale.moonshadow.dev

     

       36
       -
             ansible_python_interpreter: /usr/bin/python3

     

       37
       -
           tor:

     

       38
       -
             ansible_user: root

     

       39
       -
             ansible_host: 202.61.244.44

     

       40
        
             ansible_python_interpreter: /usr/bin/python3

     

       41
       -
       

     

       42
        
       freebsd_servers:

     

       43
        
         hosts:

     

       44
        
           nas:

     

       45
       -
             ansible_user: jas

     

       46
       -
             ansible_host: nas.headscale.moonshadow.dev

     

       47
       -
             ansible_python_interpreter: /usr/local/bin/python3

     

       48
       -
           moonshadow:

     

       49
       -
             ansible_user: jas

     

       50
       -
             ansible_host: moonshadow.headscale.moonshadow.dev

     

       51
       -
             ansible_python_interpreter: /usr/local/bin/python3

     

       52
       -
       

     

       53
       -
       prom_servers:

     

       54
       -
         hosts:

     

       55
       -
           desktop:

     

       56
       -
             ansible_user: jas

     

       57
       -
             ansible_host: localhost

     

       58
       -
             ansible_python_interpreter: /usr/bin/python3

     

       59
       -
       

     

       60
       -
       prom_clients:

     

       61
       -
         children:

     

       62
       -
           alma_servers:

     

       63
       -
           debian_servers:

     

       64
       -
           freebsd_servers:

     

       65
       -
       

     

       66
       -
       zfs_hosts:

     

       67
       -
         children:

     

       68
       -
           freebsd_servers:

···

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1
        
       borgmatic_hosts:

     

       2
        
         hosts:

     

       3
        
           desktop:

     

       4
        
             ansible_user: jas

     

       5
       +
             ansible_host: desktop.carp-wyvern.ts.net

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       6
        
             ansible_python_interpreter: /usr/bin/python3

     

       7
        
           nas:

     

       8
        
             ansible_user: jas

     

       9
       +
             ansible_host: nas.carp-wyvern.ts.net

     

       10
       +
             ansible_python_interpreter: /usr/local/bin/python3.11

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
       debian_servers:

     

       12
        
         hosts:

     

       13
       +
           moonshadow:

     

       14
        
             ansible_user: jas

     

       15
       +
             ansible_host: moonshadow.carp-wyvern.ts.net

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       16
        
             ansible_python_interpreter: /usr/bin/python3

     

       0
        
       
     

       17
        
       freebsd_servers:

     

       18
        
         hosts:

     

       19
        
           nas:

     

       20
       +
             ansible_user: root

     

       21
       +
             ansible_host: nas.carp-wyvern.ts.net

     

       22
       +
             ansible_python_interpreter: /usr/local/bin/python3.11

     

       23
       +
           tornode:

     

       24
       +
             ansible_user: root

     

       25
       +
             ansible_host: tornode

     

       26
       +
             ansible_python_interpreter: /usr/local/bin/python3.11

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

+5 -15

remote-logging-setup.yml

···

       1
       -
       ---

     

       2
       -
       - hosts: alma_servers,debian_servers,freebsd_servers

     

       3
        
         gather_facts: true

     

       4
        
         become: true

     

       5
       -
       

     

       6
        
         tasks:

     

       7
        
           - name: Ensure rsyslog is installed

     

       8
        
             ansible.builtin.package:

     

       9
        
               name: rsyslog

     

       10
        
               state: latest

     

       11
        
             when: ansible_system == "Linux"

     

       12
       -
       

     

       13
        
           - name: Ensure rsyslog is enabled

     

       14
        
             ansible.builtin.systemd_service:

     

       15
        
               name: rsyslog

     

       16
        
               enabled: true

     

       17
        
               state: started

     

       18
        
             when: ansible_service_mgr == "systemd"

     

       19
       -
       

     

       20
        
           - name: Remove any forwarding file if exists

     

       21
        
             ansible.builtin.file:

     

       22
        
               path: /etc/rsyslog.d/forward.conf

     

       23
        
               state: absent

     

       24
        
             when: ansible_system == "Linux"

     

       25
       -
       

     

       26
       -
           - name: Get control node headnet IP address

     

       27
       -
             ansible.builtin.shell: tailscale status | grep "desktop" | awk '{print $1}'

     

       28
        
             register: ctrl_headnet_ip_addr

     

       29
        
             changed_when: false

     

       30
       -
             delegate_to: 127.0.0.1

     

       31
        
             failed_when: ctrl_headnet_ip_addr.rc != 0

     

       32
       -
       

     

       33
        
           - name: Configure log forwarding

     

       34
        
             ansible.builtin.blockinfile:

     

       35
        
               path: /etc/rsyslog.d/forward.conf

     
···

       38
        
               group: root

     

       39
        
               mode: 0644

     

       40
        
               block: |

     

       41
       -
                 # Forward to desktop.headscale.moonshadow.dev ({{ctrl_headnet_ip_addr.stdout}})

     

       42
        
                 *.* action(type="omfwd" target="{{ctrl_headnet_ip_addr.stdout}}" port="514" protocol="tcp"

     

       43
        
                     action.resumeRetryCount="100"

     

       44
        
                     queue.type="linkedList" queue.size="10000")

     

       45
        
             when: ansible_system == "Linux"

     

       46
       -
       

     

       47
        
           - name: Restart rsyslog

     

       48
        
             ansible.builtin.systemd_service:

     

       49
        
               name: rsyslog

     

       50
        
               enabled: true

     

       51
        
               state: restarted

     

       52
        
             when: ansible_service_mgr == "systemd"

     

       53
       -
       

     

       54
        
           - name: Set syslog flags for remote logging on FreeBSD

     

       55
        
             ansible.builtin.shell: sysrc syslog_flags="-s -v -v"

     

       56
        
             register: set_syslog_flags

     

       57
        
             changed_when: '"syslog_flags:  -> YES" in set_syslog_flags.stdout'

     

       58
        
             when: ansible_service_mgr == "bsdinit"

     

       59
       -
       

     

       60
        
           - name: Set log forwarding on FreeBSD

     

       61
        
             ansible.builtin.lineinfile:

     

       62
        
               path: /etc/syslog.conf

     

       0
        
       
     

       63
        
               line: "*.* @{{ctrl_headnet_ip_addr.stdout}}"

     

       64
        
               owner: root

     

       65
        
               group: wheel

     

       66
        
               mode: 0644

     

       67
        
             when: ansible_system == "FreeBSD"

     

       68
       -
       

     

       69
        
           - name: Restart syslogd

     

       70
        
             ansible.builtin.service:

     

       71
        
               name: syslogd

···

       1
       +
       - hosts: remote_logging_clients

     

       0
        
       
     

       2
        
         gather_facts: true

     

       3
        
         become: true

     

       0
        
       
     

       4
        
         tasks:

     

       5
        
           - name: Ensure rsyslog is installed

     

       6
        
             ansible.builtin.package:

     

       7
        
               name: rsyslog

     

       8
        
               state: latest

     

       9
        
             when: ansible_system == "Linux"

     

       0
        
       
     

       10
        
           - name: Ensure rsyslog is enabled

     

       11
        
             ansible.builtin.systemd_service:

     

       12
        
               name: rsyslog

     

       13
        
               enabled: true

     

       14
        
               state: started

     

       15
        
             when: ansible_service_mgr == "systemd"

     

       0
        
       
     

       16
        
           - name: Remove any forwarding file if exists

     

       17
        
             ansible.builtin.file:

     

       18
        
               path: /etc/rsyslog.d/forward.conf

     

       19
        
               state: absent

     

       20
        
             when: ansible_system == "Linux"

     

       21
       +
           - name: Get remote logging server headnet IP address

     

       22
       +
             ansible.builtin.shell: tailscale status | grep "aux" | awk '{print $1}'

     

       0
        
       
     

       23
        
             register: ctrl_headnet_ip_addr

     

       24
        
             changed_when: false

     

       0
        
       
     

       25
        
             failed_when: ctrl_headnet_ip_addr.rc != 0

     

       0
        
       
     

       26
        
           - name: Configure log forwarding

     

       27
        
             ansible.builtin.blockinfile:

     

       28
        
               path: /etc/rsyslog.d/forward.conf

     
···

       31
        
               group: root

     

       32
        
               mode: 0644

     

       33
        
               block: |

     

       34
       +
                 # Forward to aux.carp-wyvern.ts.net ({{ctrl_headnet_ip_addr.stdout}})

     

       35
        
                 *.* action(type="omfwd" target="{{ctrl_headnet_ip_addr.stdout}}" port="514" protocol="tcp"

     

       36
        
                     action.resumeRetryCount="100"

     

       37
        
                     queue.type="linkedList" queue.size="10000")

     

       38
        
             when: ansible_system == "Linux"

     

       0
        
       
     

       39
        
           - name: Restart rsyslog

     

       40
        
             ansible.builtin.systemd_service:

     

       41
        
               name: rsyslog

     

       42
        
               enabled: true

     

       43
        
               state: restarted

     

       44
        
             when: ansible_service_mgr == "systemd"

     

       0
        
       
     

       45
        
           - name: Set syslog flags for remote logging on FreeBSD

     

       46
        
             ansible.builtin.shell: sysrc syslog_flags="-s -v -v"

     

       47
        
             register: set_syslog_flags

     

       48
        
             changed_when: '"syslog_flags:  -> YES" in set_syslog_flags.stdout'

     

       49
        
             when: ansible_service_mgr == "bsdinit"

     

       0
        
       
     

       50
        
           - name: Set log forwarding on FreeBSD

     

       51
        
             ansible.builtin.lineinfile:

     

       52
        
               path: /etc/syslog.conf

     

       53
       +
               regexp: '^\*\.\*'

     

       54
        
               line: "*.* @{{ctrl_headnet_ip_addr.stdout}}"

     

       55
        
               owner: root

     

       56
        
               group: wheel

     

       57
        
               mode: 0644

     

       58
        
             when: ansible_system == "FreeBSD"

     

       0
        
       
     

       59
        
           - name: Restart syslogd

     

       60
        
             ansible.builtin.service:

     

       61
        
               name: syslogd

+1 -1

zfs-log-compress.yml

···

       1
        
       # Based on https://github.com/FreeBSDFoundation/blog/blob/main/zfs-log-compression-on-freebsd/zfs_log_compress.yml

     

       2
        
       ---

     

       3
        
       - name: Remove log compression on FreeBSD host, add timestamps to rotated logs

     

       4
       -
         hosts: zfs_hosts

     

       5
        
         gather_facts: true

     

       6
        
         become: true

     

       7
        
         tasks:

···

       1
        
       # Based on https://github.com/FreeBSDFoundation/blog/blob/main/zfs-log-compression-on-freebsd/zfs_log_compress.yml

     

       2
        
       ---

     

       3
        
       - name: Remove log compression on FreeBSD host, add timestamps to rotated logs

     

       4
       +
         hosts: freebsd_servers

     

       5
        
         gather_facts: true

     

       6
        
         become: true

     

       7
        
         tasks:

Compare changes