Merge branch 'master' of arch-git:/srv/git/infrastructure

6085c220 · Giancarlo Razzolini · 5f5c0d56 · eb391730 · 6085c220 · 6085c220
Verified Commit 6085c220 authored Mar 19, 2019 by Giancarlo Razzolini
--- a/group_vars/all/common.yml
+++ b/group_vars/all/common.yml
@@ -5,7 +5,7 @@ configure_firewall: true

 # this is needed to make ansible find the firewalld python
 # module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
+ansible_python_interpreter: /usr/bin/python3

 zabbix_agent_templates:
  - Template OS Linux
--- a/host_vars/apollo.archlinux.org
+++ b/host_vars/apollo.archlinux.org
@@ -37,9 +37,3 @@ zabbix_agent_templates:
 zabbix_agent_host_groups:
  - Linux servers
  - Zabbix servers
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/dragon.archlinux.org
+++ b/host_vars/dragon.archlinux.org
+---
+hostname: "dragon"
+network_interface: "eth2"
+ipv4_address: "195.201.167.210"
+ipv4_netmask: "/26"
+ipv6_address: "2a01:4f8:13a:102a::2"
+ipv6_netmask: "/128"
+ipv4_gateway: "195.201.167.193"
+ipv6_gateway: "fe80::1"
+filesystem: btrfs
+raid_level: raid0
+system_disks:
+  - /dev/nvme0n1
+  - /dev/nvme1n1
+
+archbuild_fs: 'btrfs'
+
+zabbix_agent_templates:
+  - Template OS Linux
--- a/host_vars/ind.mirror.pkgbuild.com
+++ b/host_vars/ind.mirror.pkgbuild.com
@@ -6,9 +6,3 @@ network_interface: "eno2"
 ipv4_address: "169.38.85.99"
 ipv4_netmask: "/26"
 ipv4_gateway: "169.38.85.65"
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/jpn.mirror.pkgbuild.com
+++ b/host_vars/jpn.mirror.pkgbuild.com
@@ -6,9 +6,3 @@ network_interface: "eno2"
 ipv4_address: "161.202.225.107"
 ipv4_netmask: "/26"
 ipv4_gateway: "161.202.225.65"
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/luna.archlinux.org/misc
+++ b/host_vars/luna.archlinux.org/misc
@@ -18,9 +18,3 @@ zabbix_agent_templates:
  - Template App Mailman
  - Template App MySQL
  - Template App Nginx
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/mex.mirror.pkgbuild.com
+++ b/host_vars/mex.mirror.pkgbuild.com
@@ -6,9 +6,3 @@ network_interface: "eno2"
 ipv4_address: "169.57.35.94"
 ipv4_netmask: "/26"
 ipv4_gateway: "169.57.35.65"
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/orion.archlinux.org/misc
+++ b/host_vars/orion.archlinux.org/misc
@@ -21,8 +21,3 @@ zabbix_agent_templates:
  - Template OS Linux
  - Template App Borg Backup
  - Template App Nginx
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/packer-base-image
+++ b/host_vars/packer-base-image
@@ -6,5 +6,3 @@ network_interface: "en*"
 filesystem: btrfs
 system_disks:
  - /dev/sda
-
-ansible_python_interpreter: /usr/bin/python3
--- a/host_vars/sgp.mirror.pkgbuild.com
+++ b/host_vars/sgp.mirror.pkgbuild.com
@@ -7,9 +7,3 @@ network_interface: "eno2"
 ipv4_address: "161.202.204.205"
 ipv4_netmask: "/26"
 ipv4_gateway: "161.202.204.193"
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/soyuz.archlinux.org
+++ b/host_vars/soyuz.archlinux.org
@@ -20,9 +20,3 @@ zabbix_agent_templates:
  - Template App Borg Backup
  - Template App Syncrepo
  - Template App PostgreSQL
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/host_vars/vostok.archlinux.org
+++ b/host_vars/vostok.archlinux.org
@@ -14,9 +14,3 @@ system_disks:

 zabbix_agent_templates:
  - Template OS Linux
-
-configure_firewall: true
-
-# this is needed to make ansible find the firewalld python
-# module when deploying firewalld tasks
-ansible_python_interpreter: /usr/bin/python3.7
--- a/hosts
+++ b/hosts
@@ -4,6 +4,7 @@ vostok.archlinux.org
 apollo.archlinux.org
 soyuz.archlinux.org
 luna.archlinux.org
+dragon.archlinux.org

 [pia]
 ind.mirror.pkgbuild.com
@@ -40,6 +41,7 @@ luna.archlinux.org
 orion.archlinux.org

 [buildservers]
+dragon.archlinux.org
 soyuz.archlinux.org
 sgp.mirror.pkgbuild.com


--- a/playbooks/dragon.yml
+++ b/playbooks/dragon.yml
+---
+
+- name: setup dragon
+  hosts: dragon.archlinux.org
+  remote_user: root
+  roles:
+    - { role: common, tags: ['common'] }
+    - { role: tools, tags: ['tools'] }
+    - { role: sshd, tags: ['sshd'] }
+    - { role: unbound }
+    - { role: root_ssh, tags: ['root_ssh'] }
+    - { role: archusers, tags: ['archusers'] }
+    - { role: sudo, tags: ['sudo', 'archusers'] }
+    - { role: archbuild, tags: ['archbuild'] }
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -9,7 +9,7 @@
  when: "'Hetzner Rescue' not in motd_contents.stdout"

 - name: partition and format the disks (btrfs)
-  command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb
+  command: mkfs.btrfs -f -L rootfs -d {{ raid_level|default(raid1) }} {{ system_disks|join(' ') }}
  when: filesystem == "btrfs" and system_disks|length == 2

 - name: partition and format the disks (btrfs)
@@ -49,11 +49,11 @@

 - name: download bootstrap image
  get_url:
-    url: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2019.02.01-x86_64.tar.gz
+    url: https://mirrors.kernel.org/archlinux/iso/2019.03.01/archlinux-bootstrap-2019.03.01-x86_64.tar.gz
    dest: /tmp/

 - name: extract boostrap image
-  command: tar xf archlinux-bootstrap-2019.02.01-x86_64.tar.gz
+  command: tar xf archlinux-bootstrap-2019.03.01-x86_64.tar.gz
  args:
    chdir: /tmp
    creates: /tmp/root.x86_64
@@ -82,8 +82,16 @@
 - name: populate pacman keyring inside bootstrap chroot
  command: chroot /tmp/root.x86_64 pacman-key --populate archlinux

+- name: install ucode update for Intel
+  set_fact: ucode="intel-ucode"
+  when: "'GenuineIntel' in ansible_facts['processor']"
+
+- name: install ucode update for AMD
+  set_fact: ucode="amd-ucode"
+  when: "'AuthenticAMD' in ansible_facts['processor']"
+
 - name: install arch base from bootstrap chroot
-  command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python creates=/tmp/root.x86_64/mnt/bin
+  command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python {{ ucode }} creates=/tmp/root.x86_64/mnt/bin

 - name: mount /proc to new chroot
  command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime
@@ -148,7 +156,7 @@
    line: 'hosts: files mymachines resolve myhostname'

 - name: enable services inside chroot
-  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved
+  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim

 - set_fact: pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
  register: pubkeys