node 'dixie.bcn.int.pdp7.net' { class {'dns_dhcp':} class {'dns_dhcp::opennic':} file {'/etc/dnsmasq.d/static.conf': content => "host-record=router,router.bcn.int.pdp7.net,192.168.76.1 host-record=archerc7,archerc7.bcn.int.pdp7.net,192.168.76.6 host-record=dixie.bcn.int.pdp7.net,dixie,192.168.76.2 host-record=router4g.bcn.int.pdp7.net,router4g,192.168.76.3 ", notify => Service["dnsmasq"], } class {'backups': sanoid_config => "", } file {'/usr/local/sbin/zfs_receive_h2': content => @(EOT) #!/bin/bash set -ue run_backups_remote() { host=$1 shift sudo -u backups sh -c "export KRB5CCNAME=KEYRING:persistent:1284000004 && kinit -k -t /home/backups/.keytab backups && ssh $host $*" } get_last_remote_snapshot() { host=$1 fs=$2 run_backups_remote $host /sbin/zfs list -H -t snapshot $fs | tail -1 | cut -f 1 | cut -d @ -f 2 } get_last_local_snapshot() { zfs list -H -t snapshot $1 | tail -1 | cut -f 1 | cut -d @ -f 2 } replicate() { host=$1 remote=$2 local=$3 last_local=$(get_last_local_snapshot $local) last_remote=$(get_last_remote_snapshot $host $remote) if test $last_local != $last_remote ; then run_backups_remote $host /sbin/zfs send -w -i @$last_local $remote@$last_remote | zfs receive $local fi } replicate case.ces.int.pdp7.net rpool/user/backed/cesar cesar_hdd_red_2/cesar replicate case.ces.int.pdp7.net rpool/user/backed/filer cesar_hdd_red_2/filer sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-204-disk-1 rpool/user/backed/pg-h1-int-pg --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-207-disk-1 rpool/user/backed/ws --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-208-disk-1 rpool/user/backed/nextcloud_new --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-211-disk-1 rpool/user/backed/gitolite --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-214-disk-1 rpool/user/backed/weed --quiet sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-215-disk-1 rpool/user/backed/vaultwarden --quiet | EOT , owner => root, group => root, mode => '744', } file {'/etc/cron.hourly/zfs_receive_h2': ensure => link, target => '/usr/local/sbin/zfs_receive_h2', } class {'jellyfin':} class {'debian::backports':} # basically to get emacs package {'nfs-kernel-server':} -> file {"/etc/exports": content => @(EOT) # /etc/exports: the access control list for filesystems which may be exported # to NFS clients. See exports(5). # # Example for NFSv2 and NFSv3: # /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) # # Example for NFSv4: # /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) # /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) # # insecure for Kodi /srv/filer 192.168.76.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,insecure) 10.34.10.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,insecure) /srv/filer LibreELEC.bcn.int.pdp7.net(rw,sync,fsid=0,crossmnt,no_subtree_check,no_root_squash) | EOT , } ~> service {"nfs-kernel-server": ensure => running, enable => true, } }