diff options
-rw-r--r-- | jinwei.me/config/roles/debian_init/defaults/main.yaml | 4 | ||||
-rw-r--r-- | jinwei.me/config/roles/debian_init/tasks/main.yaml | 33 | ||||
-rw-r--r-- | jinwei.me/infra/samba.tf | 17 | ||||
-rw-r--r-- | jinwei.me/infra/variables.tf | 18 |
4 files changed, 63 insertions, 9 deletions
diff --git a/jinwei.me/config/roles/debian_init/defaults/main.yaml b/jinwei.me/config/roles/debian_init/defaults/main.yaml index f1cc1f5..f6de880 100644 --- a/jinwei.me/config/roles/debian_init/defaults/main.yaml +++ b/jinwei.me/config/roles/debian_init/defaults/main.yaml | |||
@@ -1,2 +1,2 @@ | |||
1 | user_home: /home/clarkzjw | 1 | user_home: /home/admin |
2 | cloudflare_deb_url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb | 2 | samba_mount_point: /mnt/samba |
diff --git a/jinwei.me/config/roles/debian_init/tasks/main.yaml b/jinwei.me/config/roles/debian_init/tasks/main.yaml index d958cb2..e33f32b 100644 --- a/jinwei.me/config/roles/debian_init/tasks/main.yaml +++ b/jinwei.me/config/roles/debian_init/tasks/main.yaml | |||
@@ -11,6 +11,7 @@ | |||
11 | - build-essential | 11 | - build-essential |
12 | - ca-certificates | 12 | - ca-certificates |
13 | - mariadb-client | 13 | - mariadb-client |
14 | - cifs-utils | ||
14 | - vnstat | 15 | - vnstat |
15 | - lsb-release | 16 | - lsb-release |
16 | - python3 | 17 | - python3 |
@@ -27,13 +28,6 @@ | |||
27 | - git | 28 | - git |
28 | update_cache: true | 29 | update_cache: true |
29 | 30 | ||
30 | - name: add user | ||
31 | user: | ||
32 | name: clarkzjw | ||
33 | shell: /usr/bin/zsh | ||
34 | home: "{{ user_home }}" | ||
35 | system: true | ||
36 | |||
37 | - name: Add Docker GPG apt Key | 31 | - name: Add Docker GPG apt Key |
38 | apt_key: | 32 | apt_key: |
39 | url: https://download.docker.com/linux/debian/gpg | 33 | url: https://download.docker.com/linux/debian/gpg |
@@ -71,3 +65,28 @@ | |||
71 | ansible.builtin.apt: | 65 | ansible.builtin.apt: |
72 | autoremove: true | 66 | autoremove: true |
73 | purge: true | 67 | purge: true |
68 | |||
69 | - name: Create samba credential (used for fstab entry) | ||
70 | copy: | ||
71 | content: | | ||
72 | username={{ lookup('aws_ssm', '/jinwei-me/hetzner/username') }} | ||
73 | password={{ lookup('aws_ssm', '/jinwei-me/hetzner/password') }} | ||
74 | dest: {{ user_home }}/.credential | ||
75 | mode: 0600 | ||
76 | become: true | ||
77 | become_user: admin | ||
78 | |||
79 | - name: Create fstab entry for samba | ||
80 | mount: | ||
81 | state: present | ||
82 | fstype: cifs | ||
83 | opts: "credentials={{ user_home }}/.credential,file_mode=0755,dir_mode=0755,user" | ||
84 | src: "//{{ lookup('aws_ssm', '/jinwei-me/hetzner/storagebox') }}" | ||
85 | path: "{{ samba_mount_point }}" | ||
86 | become: true | ||
87 | |||
88 | - name: Do the actual mount | ||
89 | shell: | | ||
90 | mount "{{ samba_mount_point }}" | ||
91 | become: true | ||
92 | become_user: admin | ||
diff --git a/jinwei.me/infra/samba.tf b/jinwei.me/infra/samba.tf new file mode 100644 index 0000000..62fadc1 --- /dev/null +++ b/jinwei.me/infra/samba.tf | |||
@@ -0,0 +1,17 @@ | |||
1 | resource "aws_ssm_parameter" "hetzner_username" { | ||
2 | name = "/${local.name}/hetzner/username" | ||
3 | type = "SecureString" | ||
4 | value = var.hetzner_username | ||
5 | } | ||
6 | |||
7 | resource "aws_ssm_parameter" "hetzner_password" { | ||
8 | name = "/${local.name}/hetzner/password" | ||
9 | type = "SecureString" | ||
10 | value = var.hetzner_password | ||
11 | } | ||
12 | |||
13 | resource "aws_ssm_parameter" "hetzner_storagebox" { | ||
14 | name = "/${local.name}/hetzner/storagebox" | ||
15 | type = "SecureString" | ||
16 | value = var.hetzner_password | ||
17 | } | ||
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf index 87283cc..04c1331 100644 --- a/jinwei.me/infra/variables.tf +++ b/jinwei.me/infra/variables.tf | |||
@@ -70,3 +70,21 @@ variable "cloudflare_account_id" { | |||
70 | type = string | 70 | type = string |
71 | sensitive = true | 71 | sensitive = true |
72 | } | 72 | } |
73 | |||
74 | variable "hetzner_username" { | ||
75 | description = "Hetzner username" | ||
76 | type = string | ||
77 | sensitive = true | ||
78 | } | ||
79 | |||
80 | variable "hetzner_password" { | ||
81 | description = "Hetzner password" | ||
82 | type = string | ||
83 | sensitive = true | ||
84 | } | ||
85 | |||
86 | variable "hetzner_storagebox" { | ||
87 | description = "Hetzner storagebox url" | ||
88 | type = string | ||
89 | sensitive = true | ||
90 | } | ||