allow discards

lbu commit doesn't need a full role
pikvm has some quirks due to it's read-only nature
2022-10-19 18:28:50 +02:00 · 2022-10-19 18:09:08 +02:00 · 2022-10-19 18:00:01 +02:00 · 2022-10-19 17:58:33 +02:00 · 2022-10-19 15:29:16 +02:00
13 changed files with 107 additions and 44 deletions
--- a/deploy.yml
+++ b/deploy.yml
@ -15,7 +15,7 @@
    - narwhal
    - snitch
    - suricata
-    - pikvm
+    # - pikvm
  become: true
  roles:
    - basic
@ -95,7 +95,7 @@
    - caladan
    - fugu
    - narwhal
-      pikvm
+    # - pikvm
  roles:
    - gopass

@ -120,8 +120,11 @@
    - snitch
    - suricata
  become: true
-  roles:
-    - lbu_commit
+  post_tasks:
+    - name: lbu commit
+      lbu:
+        commit: true
+      when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]

 - name: mount ro
  hosts:
--- a/hosts.yml
+++ b/hosts.yml
@ -17,7 +17,7 @@ all:
      ansible_port: 22
      ansible_python_interpreter: /usr/bin/python3
      ansible_become_method: doas
-      use_lbu: true
+      alpine_mode: diskless
      alpine_version: v3.16
      alpine_repos:
        - main
@ -28,42 +28,73 @@ all:
      ansible_port: 22
      ansible_python_interpreter: /usr/bin/python3
      ansible_become_method: doas
-      use_lbu: true
+      alpine_mode: data
      alpine_version: v3.16
      alpine_repos:
        - main
        - community
-      mounts:
-        - path: "/media/mmcblk0p1"
-          src: "0EB4-4BBF"
-          fstype: "vfat"
-          opts: "noauto,defaults"
-          passno: "0"
-        - path: "/boot"
-          src: "/media/mmcblk0p1/boot"
-          fstype: "none"
-          opts: "defaults,bind"
-          passno: "0"
-        - path: "/media/mmcblk0p2"
-          src: "UUID=75d4943d-2a1a-4f76-9f60-cff99b4d2e1f"
-          fstype: "ext4"
-          opts: "defaults"
-          passno: "0"
-        - path: "/var/lib/builder/src"
-          src: "/media/mmcblk0p2/src"
-          fstype: "none"
-          opts: "bind"
-          passno: "0"
-      rpi_cfg:
-        - "enable_uart=1"
-        - "otg_mode=1"
+
      dmcrypt_targets:
        - name: "WDC WDS400T1R0A"
          target: "disk0"
          source_uuid: "202c924c-ee53-4321-9efd-1f776e939702"
+          key: "/luks_key.asc:gpg"
+          remdev: "/dev/mmcblk0p2"
+          options: "--allow-discards"
        - name: "Samsung SSD 870"
          target: "disk1"
-          source_uuid: "a243ac31-094c-4fe2-bced-6e4311a16487"
+          source_uuid: "247ea237-54ce-45d2-9974-04344c06aba4"
+          key: "/luks_key.asc:gpg"
+          remdev: "/dev/mmcblk0p2"
+          options: "--allow-discards"
+
+      mounts:
+
+        - src: "/dev/mmcblk0p1"
+          path: "/media/mmcblk0p1"
+          fstype: "vfat"
+          opts: "noauto,defaults"
+          passno: "0"
+
+        - src: "/media/mmcblk0p1/boot"
+          path: "/boot"
+          fstype: "none"
+          opts: "defaults,bind"
+          passno: "0"
+
+        - src: "/dev/mmcblk0p2"
+          path: "/media/mmcblk0p2"
+          fstype: "ext4"
+          opts: "defaults"
+          passno: "0"
+
+        - src: "/dev/mapper/disk0"
+          path: "/mnt/btr_pool"
+          fstype: "btrfs"
+          opts: "subvolid=5,noatime"
+          passno: "0"
+
+        - src: "/dev/mapper/disk0"
+          path: "/var/log"
+          fstype: "btrfs"
+          opts: "subvol=logs,noatime"
+          passno: "0"
+
+        - src: "/dev/mapper/disk0"
+          path: "/home"
+          fstype: "btrfs"
+          opts: "subvol=home,noatime"
+          passno: "0"
+
+        - src: "/dev/mapper/disk0"
+          path: "/var/lib/builder/src"
+          fstype: "btrfs"
+          opts: "subvol=src,noatime"
+          passno: "0"
+
+      rpi_cfg:
+        - "enable_uart=1"
+        - "otg_mode=1"

    caladan:
      ansible_host: caladan
@ -71,7 +102,7 @@ all:
      ansible_port: 22
      ansible_python_interpreter: /usr/bin/python3
      ansible_become_method: doas
-      use_lbu: false
+      alpine_mode: system
      alpine_version: v3.16
      alpine_repos:
        - main
--- a/roles/cryptoraid/files/btrfs-scan
+++ b/roles/cryptoraid/files/btrfs-scan
@ -0,0 +1,11 @@
+#!/sbin/openrc-run
+
+name="btrfs-scan"
+
+depend() {
+  before localmount
+}
+
+start() {
+  /sbin/btrfs device scan
+}
--- a/roles/cryptoraid/tasks/alpine.yml
+++ b/roles/cryptoraid/tasks/alpine.yml
@ -31,3 +31,20 @@
    name: dmcrypt
    enabled: true
    runlevel: boot
+
+- name: copy btrfs-scan init script
+  copy:
+    dest: /etc/init.d/btrfs-scan
+    src: btrfs-scan
+    mode: '0755'
+
+- name: add btrfs-scan init script to lbu
+  lbu:
+    include: /etc/init.d/btrfs-scan
+  when: alpine_mode in ["diskless", "data"]
+
+- name: enable btrfs-scan at boot
+  service:
+    name: btrfs-scan
+    enabled: true
+    runlevel: boot
--- a/roles/cryptoraid/templates/dmcrypt_block.j2
+++ b/roles/cryptoraid/templates/dmcrypt_block.j2
@ -3,5 +3,11 @@
 # {{ entry.name }}
 target='{{ entry.target }}'
 source='/dev/disk/by-uuid/{{ entry.source_uuid }}'
+{% if entry.key is defined %}key='{{ entry.key }}'
+{% endif %}
+{% if entry.remdev is defined %}remdev='{{ entry.remdev }}'
+{% endif %}
+{% if entry.options is defined %}options='{{ entry.options }}'
+{% endif %}

 {% endfor %}
--- a/roles/lbu_commit/tasks/main.yml
+++ b/roles/lbu_commit/tasks/main.yml
@ -1,5 +0,0 @@
---
- name: lbu commit
-  lbu:
-    commit: true
-  when: ansible_distribution == "Alpine" and use_lbu
--- a/roles/pi_fan_hwpwm/tasks/alpine.yml
+++ b/roles/pi_fan_hwpwm/tasks/alpine.yml
@ -49,7 +49,7 @@
    include:
      - /usr/local/sbin/pi_fan_hwpwm
      - /etc/init.d/pi_fan_hwpwm
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]

 - name: add iomem=relaxed to cmdline.txt
  replace:
--- a/roles/quality_of_life/tasks/main.yml
+++ b/roles/quality_of_life/tasks/main.yml
@ -94,4 +94,4 @@
    exclude:
      - /home/rilla/.local/share/nvim
      - /home/rilla/.cache
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode == "diskless"
--- a/roles/users/tasks/ansible.yml
+++ b/roles/users/tasks/ansible.yml
@ -30,4 +30,4 @@
    exclude:
      - /var/lib/ansible/.ansible
      - /var/lib/ansible/.ash_history
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
--- a/roles/users/tasks/builder.yml
+++ b/roles/users/tasks/builder.yml
@ -34,4 +34,4 @@
    exclude:
      - /var/lib/builder/.ash_history
      - /var/lib/builder/src
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
--- a/roles/users/tasks/gopass.yml
+++ b/roles/users/tasks/gopass.yml
@ -26,4 +26,4 @@
      - /var/lib/gopass
    exclude:
      - /var/lib/gopass/.ash_history
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
--- a/roles/users/tasks/rilla.yml
+++ b/roles/users/tasks/rilla.yml
@ -38,4 +38,4 @@
      - /home/rilla
    exclude:
      - /home/rilla/.ash_history
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode == "diskless"
--- a/roles/users/tasks/woodpecker.yml
+++ b/roles/users/tasks/woodpecker.yml
@ -38,4 +38,4 @@
      - /var/lib/woodpecker
    exclude:
      - /var/lib/woodpecker/.ash_history
-  when: ansible_distribution == "Alpine" and use_lbu
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
Author	SHA1	Message	Date
Ricard Illa	252ec87fe3	allow discards	2022-10-19 18:28:50 +02:00
Ricard Illa	a8e2e7dece	lbu commit doesn't need a full role	2022-10-19 18:09:08 +02:00
Ricard Illa	430d330021	pikvm has some quirks due to it's read-only nature	2022-10-19 18:00:01 +02:00
Ricard Illa	a6192a2c03	handle data mode alpine installs	2022-10-19 17:58:33 +02:00
Ricard Illa	7825adce0b	some progress on disk encryption and btrfs	2022-10-19 15:29:16 +02:00