config: mount hetzner storagebox via samba

author: clarkzjw <[email protected]> 2022-12-13 11:42:42 -0800
committer: clarkzjw <[email protected]> 2022-12-13 11:42:42 -0800
commit: 087bdf1a6a815de673d97c83ecb000ae80c1dae1 (patch)
tree: f15ef1e15153f5140812d20d714af164f99e0c36
parent: 4a1d681d233e89e11fe02919de5eb6f9b0c020e9 (diff)
download: jinwei.me-087bdf1a6a815de673d97c83ecb000ae80c1dae1.tar.gz
4 files changed, 63 insertions, 9 deletions
diff --git a/jinwei.me/config/roles/debian_init/defaults/main.yaml b/jinwei.me/config/roles/debian_init/defaults/main.yaml
index f1cc1f5..f6de880 100644
--- a/jinwei.me/config/roles/debian_init/defaults/main.yaml
+++ b/jinwei.me/config/roles/debian_init/defaults/main.yaml
@@ -1,2 +1,2 @@
-user_home: /home/clarkzjw
+user_home: /home/admin
-cloudflare_deb_url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
+samba_mount_point: /mnt/samba
diff --git a/jinwei.me/config/roles/debian_init/tasks/main.yaml b/jinwei.me/config/roles/debian_init/tasks/main.yaml
index d958cb2..e33f32b 100644
--- a/jinwei.me/config/roles/debian_init/tasks/main.yaml
+++ b/jinwei.me/config/roles/debian_init/tasks/main.yaml
@@ -11,6 +11,7 @@
      - build-essential
      - ca-certificates
      - mariadb-client
+      - cifs-utils
      - vnstat
      - lsb-release
      - python3
@@ -27,13 +28,6 @@
      - git
    update_cache: true
- name: add user
-  user:
-    name: clarkzjw
-    shell: /usr/bin/zsh
-    home: "{{ user_home }}"
-    system: true
 - name: Add Docker GPG apt Key
  apt_key:
    url: https://download.docker.com/linux/debian/gpg
@@ -71,3 +65,28 @@
  ansible.builtin.apt:
    autoremove: true
    purge: true
+- name: Create samba credential (used for fstab entry)
+  copy:
+    content: |
+      username={{ lookup('aws_ssm', '/jinwei-me/hetzner/username') }}
+      password={{ lookup('aws_ssm', '/jinwei-me/hetzner/password') }}
+    dest: {{ user_home }}/.credential
+    mode: 0600
+  become: true
+  become_user: admin
+- name: Create fstab entry for samba
+  mount:
+    state: present
+    fstype: cifs
+    opts: "credentials={{ user_home }}/.credential,file_mode=0755,dir_mode=0755,user"
+    src: "//{{ lookup('aws_ssm', '/jinwei-me/hetzner/storagebox') }}"
+    path: "{{ samba_mount_point }}"
+  become: true
+- name: Do the actual mount
+  shell: |
+    mount "{{ samba_mount_point }}"
+  become: true
+  become_user: admin
diff --git a/jinwei.me/infra/samba.tf b/jinwei.me/infra/samba.tf
new file mode 100644
index 0000000..62fadc1
--- /dev/null
+++ b/jinwei.me/infra/samba.tf
@@ -0,0 +1,17 @@
+resource "aws_ssm_parameter" "hetzner_username" {
+  name  = "/${local.name}/hetzner/username"
+  type  = "SecureString"
+  value = var.hetzner_username
+}
+resource "aws_ssm_parameter" "hetzner_password" {
+  name  = "/${local.name}/hetzner/password"
+  type  = "SecureString"
+  value = var.hetzner_password
+}
+resource "aws_ssm_parameter" "hetzner_storagebox" {
+  name  = "/${local.name}/hetzner/storagebox"
+  type  = "SecureString"
+  value = var.hetzner_password
+}
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf
index 87283cc..04c1331 100644
--- a/jinwei.me/infra/variables.tf
+++ b/jinwei.me/infra/variables.tf
@@ -70,3 +70,21 @@ variable "cloudflare_account_id" {
  type        = string
  sensitive   = true
 }
+variable "hetzner_username" {
+  description = "Hetzner username"
+  type        = string
+  sensitive   = true
+}
+variable "hetzner_password" {
+  description = "Hetzner password"
+  type        = string
+  sensitive   = true
+}
+variable "hetzner_storagebox" {
+  description = "Hetzner storagebox url"
+  type        = string
+  sensitive   = true
+}
author	clarkzjw <[email protected]>	2022-12-13 11:42:42 -0800
committer	clarkzjw <[email protected]>	2022-12-13 11:42:42 -0800
commit	087bdf1a6a815de673d97c83ecb000ae80c1dae1 (patch)
tree	f15ef1e15153f5140812d20d714af164f99e0c36
parent	4a1d681d233e89e11fe02919de5eb6f9b0c020e9 (diff)
download	jinwei.me-087bdf1a6a815de673d97c83ecb000ae80c1dae1.tar.gz

diff --git a/jinwei.me/config/roles/debian_init/defaults/main.yaml b/jinwei.me/config/roles/debian_init/defaults/main.yaml index f1cc1f5..f6de880 100644 --- a/jinwei.me/config/roles/debian_init/defaults/main.yaml +++ b/jinwei.me/config/roles/debian_init/defaults/main.yaml
@@ -1,2 +1,2 @@
1	user_home: /home/clarkzjw	1	user_home: /home/admin
2	cloudflare_deb_url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb	2	samba_mount_point: /mnt/samba


diff --git a/jinwei.me/config/roles/debian_init/tasks/main.yaml b/jinwei.me/config/roles/debian_init/tasks/main.yaml index d958cb2..e33f32b 100644 --- a/jinwei.me/config/roles/debian_init/tasks/main.yaml +++ b/jinwei.me/config/roles/debian_init/tasks/main.yaml
@@ -11,6 +11,7 @@
11	- build-essential	11	- build-essential
12	- ca-certificates	12	- ca-certificates
13	- mariadb-client	13	- mariadb-client
		14	- cifs-utils
14	- vnstat	15	- vnstat
15	- lsb-release	16	- lsb-release
16	- python3	17	- python3
@@ -27,13 +28,6 @@
27	- git	28	- git
28	update_cache: true	29	update_cache: true
29		30
30	- name: add user
31	user:
32	name: clarkzjw
33	shell: /usr/bin/zsh
34	home: "{{ user_home }}"
35	system: true
36
37	- name: Add Docker GPG apt Key	31	- name: Add Docker GPG apt Key
38	apt_key:	32	apt_key:
39	url: https://download.docker.com/linux/debian/gpg	33	url: https://download.docker.com/linux/debian/gpg
@@ -71,3 +65,28 @@
71	ansible.builtin.apt:	65	ansible.builtin.apt:
72	autoremove: true	66	autoremove: true
73	purge: true	67	purge: true
		68
		69	- name: Create samba credential (used for fstab entry)
		70	copy:
		71	content: \|
		72	username={{ lookup('aws_ssm', '/jinwei-me/hetzner/username') }}
		73	password={{ lookup('aws_ssm', '/jinwei-me/hetzner/password') }}
		74	dest: {{ user_home }}/.credential
		75	mode: 0600
		76	become: true
		77	become_user: admin
		78
		79	- name: Create fstab entry for samba
		80	mount:
		81	state: present
		82	fstype: cifs
		83	opts: "credentials={{ user_home }}/.credential,file_mode=0755,dir_mode=0755,user"
		84	src: "//{{ lookup('aws_ssm', '/jinwei-me/hetzner/storagebox') }}"
		85	path: "{{ samba_mount_point }}"
		86	become: true
		87
		88	- name: Do the actual mount
		89	shell: \|
		90	mount "{{ samba_mount_point }}"
		91	become: true
		92	become_user: admin


diff --git a/jinwei.me/infra/samba.tf b/jinwei.me/infra/samba.tf new file mode 100644 index 0000000..62fadc1 --- /dev/null +++ b/jinwei.me/infra/samba.tf
@@ -0,0 +1,17 @@
		1	resource "aws_ssm_parameter" "hetzner_username" {
		2	name = "/${local.name}/hetzner/username"
		3	type = "SecureString"
		4	value = var.hetzner_username
		5	}
		6
		7	resource "aws_ssm_parameter" "hetzner_password" {
		8	name = "/${local.name}/hetzner/password"
		9	type = "SecureString"
		10	value = var.hetzner_password
		11	}
		12
		13	resource "aws_ssm_parameter" "hetzner_storagebox" {
		14	name = "/${local.name}/hetzner/storagebox"
		15	type = "SecureString"
		16	value = var.hetzner_password
		17	}


diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf index 87283cc..04c1331 100644 --- a/jinwei.me/infra/variables.tf +++ b/jinwei.me/infra/variables.tf
@@ -70,3 +70,21 @@ variable "cloudflare_account_id" {
70	type = string	70	type = string
71	sensitive = true	71	sensitive = true
72	}	72	}
		73
		74	variable "hetzner_username" {
		75	description = "Hetzner username"
		76	type = string
		77	sensitive = true
		78	}
		79
		80	variable "hetzner_password" {
		81	description = "Hetzner password"
		82	type = string
		83	sensitive = true
		84	}
		85
		86	variable "hetzner_storagebox" {
		87	description = "Hetzner storagebox url"
		88	type = string
		89	sensitive = true
		90	}