+ add mueller-nas

Author: langchr86

ansible/group_vars/all

@@ -7,9 +7,11 @@ cert_authority: "acme-v02.api.letsencrypt.org-directory"
 hostname_main: "lang-main"
 hostname_backup: "lang-backup"
 hostname_claudia: "claudia-server"
+hostname_kevin: "mueller-nas"
 
 ip_address_main: "192.168.0.6"
 ip_address_backup: "192.168.0.5"
 ip_address_claudia: "192.168.0.124"
+ip_address_kevin: "192.168.0.121"
 
 deploy_examples: false

ansible/passwords.yml

@@ -32,6 +32,14 @@ claudia: !vault |
   3531623461623539360a386436306130346662613063626563653032393336393361303338626464
   6566
 
+kevin: !vault |
+  $ANSIBLE_VAULT;1.2;AES256;infra
+  38336537656364663330616531613065666266623165326563393836303964323134336238303538
+  3635646632363666643635333031363533653837323966300a393439336335333639363862376638
+  30383166353563616635396664306138336166393736313037613966343836343135663163313232
+  6164396264636337640a666264646336303138306130653832383132363666336637376636653134
+  3939
+
 myjd: !vault |
   $ANSIBLE_VAULT;1.2;AES256;infra
   39353164616530613863663433623232366337343162663265613261623061303766333837363263

ansible/playbook_kevin.yml

@@ -0,0 +1,105 @@
+- hosts: all
+
+  pre_tasks:
+    - ansible.builtin.include_vars:
+        file: passwords.yml
+        name: passwords
+      no_log: true
+    - ansible.builtin.set_fact:
+        main_user: "kevin"
+        main_password: "{{ passwords.kevin }}"
+        kevin_main_disk: "/dev/sdb"
+        kevin_backup_disk: "/dev/sda1"
+
+    - ansible.builtin.import_tasks: tasks/ubuntu_apt.yml
+    - ansible.builtin.import_tasks: tasks/basic_setup.yml
+
+  roles:
+    - role: users
+      vars:
+        users:
+          - { name: "{{ main_user }}", password: "{{ main_password }}" }
+
+    - role: ssh
+      vars:
+        ssh_evaluate_host_aliases: false
+        ssh_host_aliases: []
+
+    - role: git-tools
+      vars:
+        git_graphical_tools: false
+        git_aliases: true
+        git_rerere: true
+        git_editor_nano: true
+        git_prompt: true
+
+    - role: bash
+    - role: tmux
+
+    - role: btrfs
+      vars:
+        volumes:
+          - label: "pool-main"
+            mount_path: "/mnt/pool-main"
+            mkfs_options: "--data raid0 --metadata dup"
+            status_log_path: "/mnt/pool-main/subvolumes/daten"
+            devices:
+              - "{{ kevin_main_disk }}"
+            subvolumes:
+              - "daten"
+
+    - role: filesystem
+      vars:
+        filesystems:
+          - label: "backup"
+            device: "{{ kevin_backup_disk }}"
+            type: "ntfs"
+            mount_path: "/mnt/backup"
+
+    - role: ansible-collection-vladgh-samba
+      become: true
+      vars:
+        samba_mitigate_cve_2017_7494: false
+        samba_global_include: "samba-global-include.conf"
+        samba_users:
+          - name: "{{ main_user }}"
+            password: "{{ main_password }}"
+        samba_shares:
+          - name: "daten"
+            path: "/mnt/pool-main/subvolumes/daten"
+            browseable: true
+            owner: "{{ main_user }}"
+            group: "users"
+            write_list: "{{ main_user }}"
+          - name: "backup"
+            path: "/mnt/backup"
+            browseable: true
+            owner: "{{ main_user }}"
+            group: "users"
+
+    - role: disk-monitoring
+      vars:
+        disk_monitoring_status_log_path: "/mnt/pool-main/subvolumes/daten"
+        disk_monitoring_devices:
+          - path: '/dev/sda'
+          - path: '/dev/sdb'
+
+    - role: rsync
+      vars:
+        rsync_jobs:
+          - name: "backups-{{ hostname_kevin }}"
+            user: "{{ main_user }}"
+            timer_OnCalendar: "*-*-* 03:00:00"
+            pre_sleep_seconds: 1
+            steps:
+              - {src: "/mnt/pool-main/subvolumes/daten", dest: "/mnt/backup"}
+
+    - role: rsync-daemon
+      vars:
+        rsyncd_destination_modules_path: "/mnt/pool-main/subvolumes/daten/Backups"
+        rsyncd_destination_modules:
+          - user_name: "{{ main_user }}"
+            user_password: "{{ main_password }}"
+            subfolders:
+              - 'kevin'
+              - 'tanja'

docs/mueller-nas.md

@@ -0,0 +1,68 @@
+mueller-nas
+===========
+
+
+## Prepare backup HDD
+
+* Format on Windows PC with NTFS.
+* Use the label `backup`
+
+
+## Install armbian
+
+* Download LTS ubuntu 24.04 noble from [Armbian - Odroid XU4 / HCx](https://www.armbian.com/odroid-xu4/)
+* Flash SD-Card
+* Boot and watch LEDs on Ethernet port. Left one is 100MBit and right one is 1000MBit.
+  Blue LED static shows bootloader active and blinking running kernel.
+* Search the device with an IP scanner e.g: Angry IP Scanner.  Initial credentials: `root:1234` (armbian)
+* The first login will prompt you to create new root password
+* Now you will be prompted to create the normal user: `kevin`
+
+
+## Update system
+
+~~~
+apt update
+apt upgrade -y
+apt autoremove -y
+~~~
+
+
+## armbian-config
+
+Use config tool to setup basic settings.
+
+~~~
+armbian-config
+~~~
+
+* Network -> IP: 192.168.1.9
+* Personal -> Timezone
+* Personal -> Locales: en_US.UTF-8
+* Personal -> Hostname: `mueller-nas`
+* System -> DTB
+* System -> Governor
+
+
+## Move System to SATA drive
+
+This has not been done because we use a QVO SSD as storage drive.
+
+
+## Run ansible playbook
+
+Ensure to use the real end-user `kevin` for this step.
+First we make login easier by deploying SSH public key: `ssh-copy-id [email protected]`
+
+If the samba role fails to create the user do it manually:
+
+
+## Configure Samba shares on host
+
+* `\\mueller-nas\daten`
+* `\\mueller-nas\backup`
+
+
+## Configure RSync backups on host
+
+See: [rsync-daemon role](rsync-daemon.md)

kevin.sh

@@ -0,0 +1,12 @@
+#! /bin/sh
+
+SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
+
+ansible-galaxy install -r ${SCRIPT_DIR}/ansible/requirements.yml
+
+ansible-playbook \
+  --inventory [email protected], \
+  --vault-id infra@${SCRIPT_DIR}/infra_pw \
+  --ask-become-pass \
+  --extra-vars 'ansible_python_interpreter=/usr/bin/python3' \
+  ${SCRIPT_DIR}/ansible/playbook_kevin.yml

linting/lint.sh

@@ -12,4 +12,5 @@ docker run \
   ansible-lint --exclude /root/.cache \
     /ansible/playbook_backup.yml \
     /ansible/playbook_claudia.yml \
+    /ansible/playbook_kevin.yml \
     /ansible/playbook_main.yml