1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
node 'dixie.bcn.int.pdp7.net' {
class {'dns_dhcp':}
class {'dns_dhcp::opennic':}
file {'/etc/dnsmasq.d/static.conf':
content => "host-record=router,router.bcn.int.pdp7.net,192.168.76.1
host-record=archerc7,archerc7.bcn.int.pdp7.net,192.168.76.6
host-record=dixie.bcn.int.pdp7.net,dixie,192.168.76.2
host-record=router4g.bcn.int.pdp7.net,router4g,192.168.76.3
",
notify => Service["dnsmasq"],
}
class {'backups':
sanoid_config => "",
}
file {'/usr/local/sbin/zfs_receive_h2':
content => @(EOT)
#!/bin/bash
set -ue
run_backups_remote() {
host=$1
shift
sudo -u backups sh -c "export KRB5CCNAME=KEYRING:persistent:1284000004 && kinit -k -t /home/backups/.keytab backups && ssh $host $*"
}
get_last_remote_snapshot() {
host=$1
fs=$2
run_backups_remote $host /sbin/zfs list -H -t snapshot $fs | tail -1 | cut -f 1 | cut -d @ -f 2
}
get_last_local_snapshot() {
zfs list -H -t snapshot $1 | tail -1 | cut -f 1 | cut -d @ -f 2
}
replicate() {
host=$1
remote=$2
local=$3
last_local=$(get_last_local_snapshot $local)
last_remote=$(get_last_remote_snapshot $host $remote)
if test $last_local != $last_remote ; then
run_backups_remote $host /sbin/zfs send -w -i @$last_local $remote@$last_remote | zfs receive $local
fi
}
replicate case.ces.int.pdp7.net rpool/user/backed/cesar cesar_hdd_red_2/cesar
replicate case.ces.int.pdp7.net rpool/user/backed/filer cesar_hdd_red_2/filer
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-204-disk-1 rpool/user/backed/pg-h1-int-pg --quiet
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-207-disk-1 rpool/user/backed/ws --quiet
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-208-disk-1 rpool/user/backed/nextcloud_new --quiet
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-211-disk-1 rpool/user/backed/gitolite --quiet
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-214-disk-1 rpool/user/backed/weed --quiet
sudo -u backups /usr/sbin/syncoid --no-privilege-elevation --no-sync-snap backups@h1.pdp7.net:rpool/data/subvol-215-disk-1 rpool/user/backed/vaultwarden --quiet
| EOT
,
owner => root,
group => root,
mode => '744',
}
file {'/etc/cron.hourly/zfs_receive_h2':
ensure => link,
target => '/usr/local/sbin/zfs_receive_h2',
}
class {'jellyfin':}
class {'debian::backports':} # basically to get emacs
package {'nfs-kernel-server':}
->
file {"/etc/exports":
content => @(EOT)
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
# insecure for Kodi
/srv/filer 192.168.76.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,insecure) 10.34.10.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,insecure)
/srv/filer LibreELEC.bcn.int.pdp7.net(rw,sync,fsid=0,crossmnt,no_subtree_check,no_root_squash)
| EOT
,
}
~>
service {"nfs-kernel-server":
ensure => running,
enable => true,
}
}
|
