From 087bdf1a6a815de673d97c83ecb000ae80c1dae1 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Tue, 13 Dec 2022 11:42:42 -0800 Subject: config: mount hetzner storagebox via samba --- .../config/roles/debian_init/defaults/main.yaml | 4 +-- jinwei.me/config/roles/debian_init/tasks/main.yaml | 33 +++++++++++++++++----- jinwei.me/infra/samba.tf | 17 +++++++++++ jinwei.me/infra/variables.tf | 18 ++++++++++++ 4 files changed, 63 insertions(+), 9 deletions(-) create mode 100644 jinwei.me/infra/samba.tf diff --git a/jinwei.me/config/roles/debian_init/defaults/main.yaml b/jinwei.me/config/roles/debian_init/defaults/main.yaml index f1cc1f5..f6de880 100644 --- a/jinwei.me/config/roles/debian_init/defaults/main.yaml +++ b/jinwei.me/config/roles/debian_init/defaults/main.yaml @@ -1,2 +1,2 @@ -user_home: /home/clarkzjw -cloudflare_deb_url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb +user_home: /home/admin +samba_mount_point: /mnt/samba diff --git a/jinwei.me/config/roles/debian_init/tasks/main.yaml b/jinwei.me/config/roles/debian_init/tasks/main.yaml index d958cb2..e33f32b 100644 --- a/jinwei.me/config/roles/debian_init/tasks/main.yaml +++ b/jinwei.me/config/roles/debian_init/tasks/main.yaml @@ -11,6 +11,7 @@ - build-essential - ca-certificates - mariadb-client + - cifs-utils - vnstat - lsb-release - python3 @@ -27,13 +28,6 @@ - git update_cache: true -- name: add user - user: - name: clarkzjw - shell: /usr/bin/zsh - home: "{{ user_home }}" - system: true - - name: Add Docker GPG apt Key apt_key: url: https://download.docker.com/linux/debian/gpg @@ -71,3 +65,28 @@ ansible.builtin.apt: autoremove: true purge: true + +- name: Create samba credential (used for fstab entry) + copy: + content: | + username={{ lookup('aws_ssm', '/jinwei-me/hetzner/username') }} + password={{ lookup('aws_ssm', '/jinwei-me/hetzner/password') }} + dest: {{ user_home }}/.credential + mode: 0600 + become: true + become_user: admin + +- name: Create fstab entry for samba + mount: + state: present + fstype: cifs + opts: "credentials={{ user_home }}/.credential,file_mode=0755,dir_mode=0755,user" + src: "//{{ lookup('aws_ssm', '/jinwei-me/hetzner/storagebox') }}" + path: "{{ samba_mount_point }}" + become: true + +- name: Do the actual mount + shell: | + mount "{{ samba_mount_point }}" + become: true + become_user: admin diff --git a/jinwei.me/infra/samba.tf b/jinwei.me/infra/samba.tf new file mode 100644 index 0000000..62fadc1 --- /dev/null +++ b/jinwei.me/infra/samba.tf @@ -0,0 +1,17 @@ +resource "aws_ssm_parameter" "hetzner_username" { + name = "/${local.name}/hetzner/username" + type = "SecureString" + value = var.hetzner_username +} + +resource "aws_ssm_parameter" "hetzner_password" { + name = "/${local.name}/hetzner/password" + type = "SecureString" + value = var.hetzner_password +} + +resource "aws_ssm_parameter" "hetzner_storagebox" { + name = "/${local.name}/hetzner/storagebox" + type = "SecureString" + value = var.hetzner_password +} diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf index 87283cc..04c1331 100644 --- a/jinwei.me/infra/variables.tf +++ b/jinwei.me/infra/variables.tf @@ -70,3 +70,21 @@ variable "cloudflare_account_id" { type = string sensitive = true } + +variable "hetzner_username" { + description = "Hetzner username" + type = string + sensitive = true +} + +variable "hetzner_password" { + description = "Hetzner password" + type = string + sensitive = true +} + +variable "hetzner_storagebox" { + description = "Hetzner storagebox url" + type = string + sensitive = true +} -- cgit v1.2.3