From 087bdf1a6a815de673d97c83ecb000ae80c1dae1 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Tue, 13 Dec 2022 11:42:42 -0800
Subject: config: mount hetzner storagebox via samba

---
 .../config/roles/debian_init/defaults/main.yaml    |  4 +--
 jinwei.me/config/roles/debian_init/tasks/main.yaml | 33 +++++++++++++++++-----
 jinwei.me/infra/samba.tf                           | 17 +++++++++++
 jinwei.me/infra/variables.tf                       | 18 ++++++++++++
 4 files changed, 63 insertions(+), 9 deletions(-)
 create mode 100644 jinwei.me/infra/samba.tf

diff --git a/jinwei.me/config/roles/debian_init/defaults/main.yaml b/jinwei.me/config/roles/debian_init/defaults/main.yaml
index f1cc1f5..f6de880 100644
--- a/jinwei.me/config/roles/debian_init/defaults/main.yaml
+++ b/jinwei.me/config/roles/debian_init/defaults/main.yaml
@@ -1,2 +1,2 @@
-user_home: /home/clarkzjw
-cloudflare_deb_url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
+user_home: /home/admin
+samba_mount_point: /mnt/samba
diff --git a/jinwei.me/config/roles/debian_init/tasks/main.yaml b/jinwei.me/config/roles/debian_init/tasks/main.yaml
index d958cb2..e33f32b 100644
--- a/jinwei.me/config/roles/debian_init/tasks/main.yaml
+++ b/jinwei.me/config/roles/debian_init/tasks/main.yaml
@@ -11,6 +11,7 @@
       - build-essential
       - ca-certificates
       - mariadb-client
+      - cifs-utils
       - vnstat
       - lsb-release
       - python3
@@ -27,13 +28,6 @@
       - git
     update_cache: true
 
-- name: add user
-  user:
-    name: clarkzjw
-    shell: /usr/bin/zsh
-    home: "{{ user_home }}"
-    system: true
-
 - name: Add Docker GPG apt Key
   apt_key:
     url: https://download.docker.com/linux/debian/gpg
@@ -71,3 +65,28 @@
   ansible.builtin.apt:
     autoremove: true
     purge: true
+
+- name: Create samba credential (used for fstab entry)
+  copy:
+    content: |
+      username={{ lookup('aws_ssm', '/jinwei-me/hetzner/username') }}
+      password={{ lookup('aws_ssm', '/jinwei-me/hetzner/password') }}
+    dest: {{ user_home }}/.credential
+    mode: 0600
+  become: true
+  become_user: admin
+
+- name: Create fstab entry for samba
+  mount:
+    state: present
+    fstype: cifs
+    opts: "credentials={{ user_home }}/.credential,file_mode=0755,dir_mode=0755,user"
+    src: "//{{ lookup('aws_ssm', '/jinwei-me/hetzner/storagebox') }}"
+    path: "{{ samba_mount_point }}"
+  become: true
+
+- name: Do the actual mount
+  shell: |
+    mount "{{ samba_mount_point }}"
+  become: true
+  become_user: admin
diff --git a/jinwei.me/infra/samba.tf b/jinwei.me/infra/samba.tf
new file mode 100644
index 0000000..62fadc1
--- /dev/null
+++ b/jinwei.me/infra/samba.tf
@@ -0,0 +1,17 @@
+resource "aws_ssm_parameter" "hetzner_username" {
+  name  = "/${local.name}/hetzner/username"
+  type  = "SecureString"
+  value = var.hetzner_username
+}
+
+resource "aws_ssm_parameter" "hetzner_password" {
+  name  = "/${local.name}/hetzner/password"
+  type  = "SecureString"
+  value = var.hetzner_password
+}
+
+resource "aws_ssm_parameter" "hetzner_storagebox" {
+  name  = "/${local.name}/hetzner/storagebox"
+  type  = "SecureString"
+  value = var.hetzner_password
+}
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf
index 87283cc..04c1331 100644
--- a/jinwei.me/infra/variables.tf
+++ b/jinwei.me/infra/variables.tf
@@ -70,3 +70,21 @@ variable "cloudflare_account_id" {
   type        = string
   sensitive   = true
 }
+
+variable "hetzner_username" {
+  description = "Hetzner username"
+  type        = string
+  sensitive   = true
+}
+
+variable "hetzner_password" {
+  description = "Hetzner password"
+  type        = string
+  sensitive   = true
+}
+
+variable "hetzner_storagebox" {
+  description = "Hetzner storagebox url"
+  type        = string
+  sensitive   = true
+}
-- 
cgit v1.2.3