dns_resolver role, update-dns script, dns-deploy playbook, inventory updates

2026-04-03 19:42:50 +02:00 · 2026-04-03 19:42:50 +02:00 · 1509daad4c
commit 1509daad4c
parent 152edb8345
26 changed files with 780 additions and 176 deletions
--- a/roles/borg/defaults/main.yml
+++ b/roles/borg/defaults/main.yml
@ -1,5 +1,6 @@
 ---
-backup_source: /app-config
+backup_sources:
+  - /app-config
 borg_ssh_key: /root/.ssh/id_borg
 borg_passphrase: "{{ vault_borg_passphrase }}"
 borg_repo: "ssh://storagebox/home/{{ inventory_hostname }}"
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
@ -1,7 +1,9 @@
 ---
- name: Borg installieren
+- name: Borg und borgmatic installieren
  apt:
-    name: borgbackup
+    name:
+      - borgbackup
+      - borgmatic
    state: present
    update_cache: yes

@ -44,24 +46,29 @@
  failed_when: borg_init.rc != 0 and 'already exists' not in borg_init.stderr
  changed_when: borg_init.rc == 0

- name: Passphrase-Datei deployen
-  copy:
-    dest: /root/.borg-passphrase
-    content: "{{ borg_passphrase }}"
-    mode: '0400'
-
- name: Backup-Script deployen
-  template:
-    src: borg-backup.sh.j2
-    dest: /usr/local/bin/borg-backup.sh
+- name: borgmatic Config-Verzeichnis
+  file:
+    path: /etc/borgmatic
+    state: directory
    mode: '0700'

+- name: borgmatic Config deployen
+  template:
+    src: borgmatic.yml.j2
+    dest: /etc/borgmatic/config.yaml
+    mode: '0600'
+
+- name: Altes Backup-Script entfernen
+  file:
+    path: /usr/local/bin/borg-backup.sh
+    state: absent
+
 - name: Systemd Timer Unit
  copy:
    dest: /etc/systemd/system/borg-backup.timer
    content: |
      [Unit]
-      Description=Borg Backup Timer
+      Description=Borgmatic Backup Timer

      [Timer]
      OnCalendar=*-*-* 03:00:00
@ -76,13 +83,13 @@
    dest: /etc/systemd/system/borg-backup.service
    content: |
      [Unit]
-      Description=Borg Backup
+      Description=Borgmatic Backup
      After=network-online.target
      Wants=network-online.target

      [Service]
      Type=oneshot
-      ExecStart=/usr/local/bin/borg-backup.sh
+      ExecStart=/usr/bin/borgmatic --verbosity 1
      Nice=19
      IOSchedulingClass=idle

--- a/roles/dns_resolver/handlers/main.yml
+++ b/roles/dns_resolver/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: update resolvconf
+  command: resolvconf -u
--- a/roles/dns_resolver/tasks/main.yml
+++ b/roles/dns_resolver/tasks/main.yml
@ -0,0 +1,24 @@
+---
+- name: Set DNS resolver (resolvconf)
+  copy:
+    content: |
+      nameserver 10.5.85.5
+      nameserver 1.1.1.1
+    dest: /etc/resolvconf/resolv.conf.d/head
+    mode: '0644'
+  when: ansible_facts.packages is defined and 'resolvconf' in ansible_facts.packages
+  notify: update resolvconf
+
+- name: Set DNS resolver (direct)
+  copy:
+    content: |
+      nameserver 10.5.85.5
+      nameserver 1.1.1.1
+    dest: /etc/resolv.conf
+    mode: '0644'
+  when: ansible_facts.packages is not defined or 'resolvconf' not in ansible_facts.packages
+
+- name: Gather package facts
+  package_facts:
+    manager: auto
+  when: ansible_facts.packages is not defined
--- a/roles/pve_exporter/defaults/main.yml
+++ b/roles/pve_exporter/defaults/main.yml
@ -0,0 +1,4 @@
+---
+pve_exporter_port: 9221
+pve_exporter_user: "{{ vault_pve_exporter_user | default('root@pam') }}"
+pve_exporter_password: "{{ vault_pve_exporter_password | default('') }}"
--- a/roles/pve_exporter/handlers/main.yml
+++ b/roles/pve_exporter/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: pve_exporter neustarten
+  systemd:
+    name: pve-exporter
+    state: restarted
+    daemon_reload: true
--- a/roles/pve_exporter/tasks/main.yml
+++ b/roles/pve_exporter/tasks/main.yml
@ -0,0 +1,49 @@
+---
+- name: pip installieren
+  apt:
+    name: python3-pip
+    state: present
+
+- name: pve_exporter installieren
+  pip:
+    name: prometheus-pve-exporter
+    state: present
+    extra_args: --break-system-packages
+
+- name: Config-Verzeichnis
+  file:
+    path: /etc/pve_exporter
+    state: directory
+    mode: '0700'
+
+- name: Config deployen
+  template:
+    src: pve.yml.j2
+    dest: /etc/pve_exporter/pve.yml
+    mode: '0600'
+  notify: pve_exporter neustarten
+
+- name: Systemd Service
+  copy:
+    dest: /etc/systemd/system/pve-exporter.service
+    content: |
+      [Unit]
+      Description=Prometheus PVE Exporter
+      After=network.target
+
+      [Service]
+      Type=simple
+      ExecStart=/usr/local/bin/pve_exporter --config.file /etc/pve_exporter/pve.yml --web.listen-address 0.0.0.0:{{ pve_exporter_port }}
+      Restart=always
+      RestartSec=5
+
+      [Install]
+      WantedBy=multi-user.target
+  notify: pve_exporter neustarten
+
+- name: Service aktivieren und starten
+  systemd:
+    name: pve-exporter
+    enabled: true
+    state: started
+    daemon_reload: true
--- a/roles/pve_exporter/templates/pve.yml.j2
+++ b/roles/pve_exporter/templates/pve.yml.j2
@ -0,0 +1,4 @@
+default:
+  user: {{ pve_exporter_user }}
+  password: {{ pve_exporter_password }}
+  verify_ssl: false
--- a/roles/sshfs_mount/defaults/main.yml
+++ b/roles/sshfs_mount/defaults/main.yml
@ -0,0 +1,10 @@
+---
+sshfs_mounts: []
+# Beispiel:
+# sshfs_mounts:
+#   - src: "u457772@u457772.your-storagebox.de:immich"
+#     dest: /storagebox
+#     port: 23
+#     identity_file: /root/.ssh/id_borg
+#     uid: 1000
+#     gid: 1000
--- a/roles/sshfs_mount/tasks/main.yml
+++ b/roles/sshfs_mount/tasks/main.yml
@ -0,0 +1,29 @@
+---
+- name: sshfs installieren
+  apt:
+    name: sshfs
+    state: present
+    update_cache: yes
+
+- name: Mount-Verzeichnisse anlegen
+  file:
+    path: "{{ item.dest }}"
+    state: directory
+  loop: "{{ sshfs_mounts }}"
+
+- name: fstab Einträge
+  lineinfile:
+    path: /etc/fstab
+    regexp: ".*{{ item.dest }}.*fuse.sshfs.*"
+    line: "{{ item.src }} {{ item.dest }} fuse.sshfs port={{ item.port }},IdentityFile={{ item.identity_file }},uid={{ item.uid }},gid={{ item.gid }},allow_other,reconnect,ServerAliveInterval=15,ServerAliveCountMax=3,_netdev,noauto,x-systemd.automount 0 0"
+    state: present
+  loop: "{{ sshfs_mounts }}"
+
+- name: systemd reload für automount
+  systemd:
+    daemon_reload: true
+
+- name: Mounts aktivieren
+  shell: "mountpoint -q {{ item.dest }} || mount {{ item.dest }}"
+  loop: "{{ sshfs_mounts }}"
+  changed_when: false
--- a/roles/telegraf/tasks/main.yml
+++ b/roles/telegraf/tasks/main.yml
@ -1,9 +1,11 @@
 ---
 - name: InfluxData GPG Key hinzufuegen
-  get_url:
-    url: https://repos.influxdata.com/influxdata-archive_compat.key
-    dest: /etc/apt/keyrings/influxdata-archive-keyring.gpg
-    mode: "0644"
+  shell: |
+    gpg --keyserver keyserver.ubuntu.com --recv-keys DA61C26A0585BD3B 2>/dev/null
+    gpg --export DA61C26A0585BD3B > /etc/apt/keyrings/influxdata-archive-keyring.gpg
+    chmod 644 /etc/apt/keyrings/influxdata-archive-keyring.gpg
+  args:
+    creates: /etc/apt/keyrings/influxdata-archive-keyring.gpg

 - name: InfluxData Repo hinzufuegen
  copy:
@ -15,7 +17,6 @@
 - name: Apt Cache aktualisieren
  apt:
    update_cache: yes
-  when: influx_repo.changed

 - name: Telegraf installieren
  apt: