Merge branch 'master' into fetlab

doc/fetlab.md

@@ -0,0 +1,75 @@
+# fetlab
+## Unlock and start after boot
+```shell
+zfs_mount.sh mount
+mkdir /var/run/motioneye && chown motion /var/run/motioneye/ && service motioneye restart && service motioneye status
+```
+
+## Update and reboot
+```shell
+apt update && apt list --upgradable
+apt dist-upgrade && apt autoremove
+service motioneye stop
+zfs_mount.sh reboot
+```
+
+## Debian Installation
+Boot Image Debian Netinstall on USB stick, Advanced Options->Expert Install
+Language: English, Location: other->Europe->Austria
+Locale: en_US.UTF-8, Additional Locale: de_AT.UTF-8, System Locale: en_US.UTF-8
+Keyboard: German
+Detect and mount CD-ROM, Load installer components: no extra
+Detect network hardware, Configure Network: Hostname: fetlabserv, IP 128.131.95.223/24 domain htu.tuwien.ac.at
+Setup Users and Passwords: shadow, allow root login, no normal user
+Configure the clock: NTP Server: tutimea.tuwien.ac.at,tutimeb.tuwien.ac.at,tutimec.tuwien.ac.at,
+Detect disks, partition disks: manual
+msdos table, 32GB primary for RAID
+RAID: Create MD device RAID1
+part LVM in raid1
+LVM: volume group root on /dev/md0, logical volume sys 24GB, swap 6GB
+root-roo btrfs for /
+root-swap as swap
+Generic Kernel
+Mirror, no nonfree, contrib, allow backported
+install with ssh server and standard sys utilities
+Install Grub on /dev/sda(to removable media path)
+Install Grub on /dev/sdb(to removable media path)
+reboot, log in as root
+edit /etc/ssh/sshd_config set PermitRootlogin to yes
+service sshd reload
+ssh-copy-id root@fetlabserv from client
+edit /etc/ssh/sshd_config set PermitRootlogin to prohibit-password
+## Setup ZFS
+```shell
+for i in a b c d e f g h i; do echo -n "/dev/sd$i: "; hdparm -I /dev/sd$i | awk '/Serial Number/ {print $3}'; done
+lsblk
+sgdisk -n1:0:0 -t1:BF01 /dev/sda
+sgdisk -n1:0:0 -t1:BF01 /dev/sdb
+cryptsetup luksFormat /dev/disk/by-id/ata-ST4000VN008-2DR166_ZDH35RRA-part1
+cryptsetup luksFormat /dev/disk/by-id/ata-ST4000VN008-2DR166_ZDH469JD-part1
+zfs_mount.sh mount
+zpool create -o ashift=12 -o autoexpand=on -o autoreplace=on -O atime=off -O compression=lz4 -O acltype=posixacl -O xattr=sa lab mirror /dev/mapper/ata-ST4000VN008-2DR166_ZDH35RRA-part1 /dev/mapper/ata-ST4000VN008-2DR166_ZDH469JD-part1
+/sbin/zpool scrub lab
+zfs create lab/rec
+mkdir /var/lib/motioneye
+zfs create -o mountpoint=/var/lib/motioneye lab/rec/motion
+```
+## Get video input resolutions
+```shell
+ffmpeg -f video4linux2 -list_formats all -i /dev/video0
+```
+## Formats and File sizes
+96x72 1.9K
+640x480 55K
+Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '3_2017-01-01_02-23-38.mp4':
+  Metadata:
+    major_brand     : isom
+    minor_version   : 512
+    compatible_brands: isomiso2avc1mp41
+    encoder         : Lavf56.25.101
+  Duration: 00:15:01.96, start: 0.000000, bitrate: 203 kb/s
+    Stream #0:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p, 640x480, 202 kb/s, 9.99 fps, 25 tbr, 16k tbn, 2k tbc (default)
+    Metadata:
+      handler_name    : VideoHandler
+
+## Mainboad DP965LT

group_vars/fet_lxc_debian

@@ -2,7 +2,6 @@
 common_basic_packages:
   - cron-apt
   - curl
-  - emacs-nox
   - ncurses-term
   - etckeeper
   - git

host_vars/ariane

@@ -94,6 +94,24 @@ lxc:
       - lxc.network.link = br1
       - lxc.network.flags = up
 
+  - name: alekse
+    revision: "01"
+    template: debian
+    config:
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:21:01
+      - lxc.network.link = br1
+      - lxc.network.flags = up
+
+  - name: wostok
+    revision: "01"
+    template: debian
+    config:
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:22:01
+      - lxc.network.link = br1
+      - lxc.network.flags = up
+
   - name: fetsite
     revision: "01"
     template: debian
@@ -115,3 +133,46 @@ lxc:
       - lxc.mount.entry = /zv1/andis /var/lib/lxc/lxc-fetsite-02/rootfs/srv/ none bind,create=dir 0 0
 
 common_zfs: True
+
+common_snapper: False
+
+borgbackup_install_from_repo: False
+
+borgbackup_encryption_mode: "none"
+
+borgbackup_client_backup_server: fetlabserv.htu.tuwien.ac.at
+borgbackup_server_pool: "/lab/backup"
+
+borgbackup_create_jobs:
+  - name: system
+    options: "--lock-wait 1800"
+    day: 1
+    hour: 1                                                     # default value = 1
+    minute: 0                                                   # default value = 0
+    random_minute: 59                                           # default value : ignore randomization
+    directories:
+      - "/zv1/daten"
+      - "/zv1/fotos"
+      - "/zv1/homes"
+    excludes: []
+
+borgbackup_prune_enabled: yes
+borgbackup_prune_jobs:
+  - name: system
+    prune_options: "--lock-wait 1800 --keep-daily=750 --keep-weekly=52 --keep-monthly=24 --keep-yearly=-1"
+    day: "*"
+    hour: 12                                                     # default value = 1
+    minute: 0                                                    # default value = 0
+    random_hour: 5                                               # default value : ignore randomization
+    random_minute: 59                                            # default value : ignore randomization
+
+borgbackup_check_enabled: yes
+borgbackup_check_jobs:
+  - name: system
+    check_options: "--lock-wait 28800"
+    day: 1
+    hour: 12                                                     # default value = 1
+    minute: 0                                                    # default value = 0
+    random_hour: 5                                               # default value : ignore randomization
+    random_minute: 59                                            # default value : ignore randomization
+    random_day: 27                                               # default value : ignore randomization

host_vars/fetlab

@@ -0,0 +1,19 @@
+---
+inventory_hostname: fetlab.fet.htu.tuwien.ac.at
+inventory_hostname_short: fetlab
+
+common_iptables_v4: "iptables_fetlab_v4.j2"
+common_iptables_v6: "iptables_fetlab_v6.j2"
+
+common_resolvconf_nameservers: ["128.130.4.3", "128.131.4.3"]
+common_openssh_keys_root:
+  - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzkK6ENya4mKcoG9iuMaodMpifeCgZK56zVF1zxyZhLtUyBx//qsLCXEdBNiGJY57Yp4l0PJKk9B4hpCFKuz6H622l84SOHzXhmFQUXWe/L6x4kRfQJvhBCNMi9brfR0n6AwX59RNRsbUeUjb7RuhCrzpbW0iWYjv/H9rjeyfY5Ne9dUUeBQDcsM1O7XfZJWwA5nxEGjbDB7l4/K43DoqaqzHOEOoETmHGfugO7A5QwhRmblu90pLD4+DOPv/4LGBRNpS8FyRzYrEJm7yUyF7nDzR+0xlLCapU4pKhmIFfSv4afsuBFvLb6Rgln5wUt2KIPh/qnqSP9jZGovYOadC0yb70dec7nnfwXTmqwzdwXtBlo3UzbPwt0iJG9fhYCw83Bkt/GpOsIW2fcxZhJ8CUeBw3Ox71lkeozb49oRMeHzUpYckrFt1FGxUWuHHykCrOXcxso0MRfKjl9RPUc+O5oQDG1KAoTd9doB3jygVr68wYVc/4kTTsXUlMIBMOUiek8XygQ7sV6Et6FpzvLvdf/iL1FMXAluRgUWJvKqe4IBPyWu2KyDF+2ZDMse3WhQYlYgNRqGCwfxOJGWtkvVO0L4YGJrLXKhY4yw2H+pQOHaugfGO8IYPV/vbPi+dB9OV89Zonu2iVjjDFFXI0xE7WSXCV3RQyed26Bq9BBO9DDQ== damadmai@fet.at"
+
+common_zfs: True
+common_snapper: False
+
+borgbackup_install_from_repo: False
+borgbackup_binary: "/usr/bin/borg"
+
+borgbackup_encryption_mode: "none"
+borgbackup_server_pool: "/lab/backup"

hosts/production

@@ -3,6 +3,7 @@ all:
     fet_hosts:
       hosts:
         ariane:
+        fetlab:
     fet_lxc_debian:
       hosts:
         betam:

roles/fetlab/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+fetlab_zfs: True
+fetlab_motion: True

roles/fetlab/files/motion.conf

@@ -0,0 +1,17 @@
+# @enabled on
+# @show_advanced on
+# @normal_password da559fac89e576192f868ff898652ec74cb7b4d6
+# @admin_username admin
+# @admin_password da559fac89e576192f868ff898652ec74cb7b4d6
+# @normal_username user
+
+
+webcontrol_html_output on
+webcontrol_port 7999
+setup_mode off
+webcontrol_parms 2
+webcontrol_localhost on
+
+thread thread-1.conf
+thread thread-2.conf
+thread thread-3.conf

roles/fetlab/files/motioneye.conf

@@ -0,0 +1,97 @@
+
+# path to the configuration directory (must be writable by motionEye)
+conf_path /etc/motioneye
+
+# path to the directory where pid files go (must be writable by motionEye)
+run_path /var/run/motioneye
+
+# path to the directory where log files go (must be writable by motionEye)
+log_path /var/log/motioneye
+
+# default output path for media files (must be writable by motionEye)
+media_path /var/lib/motioneye
+
+# the log level (use quiet, error, warning, info or debug)
+log_level info
+
+# the IP address to listen on
+# (0.0.0.0 for all interfaces, 127.0.0.1 for localhost)
+listen 127.0.0.1
+
+# the TCP port to listen on
+port 8765
+
+# path to the motion binary to use (automatically detected if commented)
+#motion_binary /usr/bin/motion
+
+# whether motion HTTP control interface listens on
+# localhost or on all interfaces
+motion_control_localhost true
+
+# the TCP port that motion HTTP control interface listens on
+motion_control_port 7999
+
+# interval in seconds at which motionEye checks if motion is running
+motion_check_interval 10
+
+# whether to restart the motion daemon when an error occurs while communicating with it
+motion_restart_on_errors false
+
+# interval in seconds at which motionEye checks the SMB mounts
+mount_check_interval 300
+
+# interval in seconds at which the janitor is called
+# to remove old pictures and movies
+cleanup_interval 43200
+
+# timeout in seconds to wait for response from a remote motionEye server
+remote_request_timeout 10
+
+# timeout in seconds to wait for mjpg data from the motion daemon
+mjpg_client_timeout 10
+
+# timeout in seconds after which an idle mjpg client is removed
+# (set to 0 to disable)
+mjpg_client_idle_timeout 10
+
+# enable SMB shares (requires motionEye to run as root)
+smb_shares false
+
+# the directory where the SMB mount points will be created
+smb_mount_root /media
+
+# path to the wpa_supplicant.conf file
+# (enable this to configure wifi settings from the UI)
+#wpa_supplicant_conf /etc/wpa_supplicant.conf
+
+# path to the localtime file
+# (enable this to configure the system time zone from the UI)
+#local_time_file /etc/localtime
+
+# enables shutdown and rebooting after changing system settings
+# (such as wifi settings or time zone)
+enable_reboot false
+
+# timeout in seconds to use when talking to the SMTP server
+smtp_timeout 60
+
+# timeout in seconds to wait for media files list
+list_media_timeout 120
+
+# timeout in seconds to wait for media files list, when sending emails
+list_media_timeout_email 10
+
+# timeout in seconds to wait for zip file creation
+zip_timeout 500
+
+# timeout in seconds to wait for timelapse creation
+timelapse_timeout 500
+
+# enable adding and removing cameras from UI
+add_remove_cameras true
+
+# enables HTTP basic authentication scheme (in addition to, not instead of the signature mechanism)
+http_basic_auth false
+
+# overrides the hostname (useful if motionEye runs behind a reverse proxy)
+server_name lab.fet.at

roles/fetlab/files/motioneye.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=motionEye Server
+
+[Service]
+ExecStart=/usr/local/bin/meyectl startserver -c /etc/motioneye/motioneye.conf
+Restart=on-abort
+User=motion
+
+[Install]
+WantedBy=multi-user.target

roles/fetlab/files/thread-1.conf

@@ -0,0 +1,82 @@
+# @webcam_resolution 100
+# @upload_subfolders on
+# @upload_server 
+# @enabled on
+# @network_server 
+# @upload_username 
+# @motion_detection on
+# @upload_port 
+# @upload_location 
+# @preserve_movies 93
+# @network_username 
+# @upload_movie on
+# @id 1
+# @manual_record off
+# @upload_password 
+# @upload_method post
+# @upload_picture on
+# @working_schedule_type outside
+# @network_password 
+# @upload_service ftp
+# @name Camera1
+# @preserve_pictures 365
+# @storage_device custom-path
+# @manual_snapshots on
+# @network_share_name 
+# @upload_enabled off
+# @webcam_server_resize off
+# @working_schedule 
+
+
+ffmpeg_output_movies on
+height 576
+stream_quality 85
+threshold 6220
+quality 85
+noise_level 31
+ffmpeg_output_debug_movies off
+pre_capture 1
+noise_tune on
+smart_mask_speed 0
+stream_maxrate 5
+output_pictures on
+hue 0
+saturation 0
+stream_localhost on
+ffmpeg_variable_bitrate 75
+ffmpeg_video_codec mp4
+text_changes off
+movie_filename %Y-%m-%d/%H-%M-%S
+auto_brightness off
+stream_port 8081
+rotate 180
+brightness 0
+lightswitch 0
+framerate 2
+emulate_motion off
+snapshot_filename %Y-%m-%d/%H-%M-%S
+despeckle_filter 
+snapshot_interval 0
+stream_auth_method 0
+stream_motion off
+target_dir /var/lib/motioneye/Camera1
+text_double on
+post_capture 1
+stream_authentication user:da559fac89e576192f868ff898652ec74cb7b4d6
+output_debug_pictures off
+on_picture_save /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" picture_save %t %f
+on_movie_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" movie_end %t %f
+text_left Camera1
+picture_filename %Y-%m-%d/%H-%M-%S
+locate_motion_style redbox
+locate_motion_mode off
+contrast 0
+videodevice /dev/video0
+max_movie_time 0
+on_event_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" stop %t
+text_right %Y-%m-%d\n%T
+on_event_start /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" start %t
+event_gap 30
+minimum_motion_frames 20
+mask_file 
+width 720

roles/fetlab/files/thread-2.conf

@@ -0,0 +1,82 @@
+# @webcam_resolution 100
+# @upload_subfolders on
+# @upload_server 
+# @enabled on
+# @network_server 
+# @upload_username 
+# @motion_detection on
+# @upload_port 
+# @upload_location 
+# @preserve_movies 93
+# @network_username 
+# @upload_movie on
+# @id 2
+# @manual_record off
+# @upload_password 
+# @upload_method post
+# @upload_picture on
+# @working_schedule_type outside
+# @network_password 
+# @upload_service ftp
+# @name Camera2
+# @preserve_pictures 365
+# @storage_device custom-path
+# @manual_snapshots on
+# @network_share_name 
+# @upload_enabled off
+# @webcam_server_resize off
+# @working_schedule 
+
+
+ffmpeg_output_movies on
+height 576
+stream_quality 85
+threshold 6220
+quality 85
+noise_level 31
+ffmpeg_output_debug_movies off
+pre_capture 1
+noise_tune on
+smart_mask_speed 0
+stream_maxrate 5
+output_pictures on
+hue 0
+saturation 0
+stream_localhost on
+ffmpeg_variable_bitrate 75
+ffmpeg_video_codec mp4
+text_changes off
+movie_filename %Y-%m-%d/%H-%M-%S
+auto_brightness off
+stream_port 8082
+rotate 180
+brightness 0
+lightswitch 0
+framerate 2
+emulate_motion off
+snapshot_filename %Y-%m-%d/%H-%M-%S
+despeckle_filter 
+snapshot_interval 0
+stream_auth_method 0
+stream_motion off
+target_dir /var/lib/motioneye/Camera2
+text_double on
+post_capture 1
+stream_authentication user:da559fac89e576192f868ff898652ec74cb7b4d6
+output_debug_pictures off
+on_picture_save /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" picture_save %t %f
+on_movie_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" movie_end %t %f
+text_left Camera2
+picture_filename %Y-%m-%d/%H-%M-%S
+locate_motion_style redbox
+locate_motion_mode off
+contrast 0
+videodevice /dev/video1
+max_movie_time 0
+on_event_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" stop %t
+text_right %Y-%m-%d\n%T
+on_event_start /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" start %t
+event_gap 30
+minimum_motion_frames 20
+mask_file 
+width 720

roles/fetlab/files/thread-3.conf

@@ -0,0 +1,82 @@
+# @webcam_resolution 100
+# @upload_subfolders on
+# @upload_server 
+# @enabled on
+# @network_server 
+# @upload_username 
+# @motion_detection on
+# @upload_port 
+# @upload_location 
+# @preserve_movies 93
+# @network_username 
+# @upload_movie on
+# @id 3
+# @manual_record off
+# @upload_password 
+# @upload_method post
+# @upload_picture on
+# @working_schedule_type outside
+# @network_password 
+# @upload_service ftp
+# @name Camera3
+# @preserve_pictures 365
+# @storage_device custom-path
+# @manual_snapshots on
+# @network_share_name 
+# @upload_enabled off
+# @webcam_server_resize off
+# @working_schedule 
+
+
+ffmpeg_output_movies on
+height 576
+stream_quality 85
+threshold 6220
+quality 85
+noise_level 31
+ffmpeg_output_debug_movies off
+pre_capture 1
+noise_tune on
+smart_mask_speed 0
+stream_maxrate 5
+output_pictures on
+hue 0
+saturation 0
+stream_localhost on
+ffmpeg_variable_bitrate 75
+ffmpeg_video_codec mp4
+text_changes off
+movie_filename %Y-%m-%d/%H-%M-%S
+auto_brightness off
+stream_port 8083
+rotate 180
+brightness 0
+lightswitch 0
+framerate 2
+emulate_motion off
+snapshot_filename %Y-%m-%d/%H-%M-%S
+despeckle_filter 
+snapshot_interval 0
+stream_auth_method 0
+stream_motion off
+target_dir /var/lib/motioneye/Camera3
+text_double on
+post_capture 1
+stream_authentication user:da559fac89e576192f868ff898652ec74cb7b4d6
+output_debug_pictures off
+on_picture_save /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" picture_save %t %f
+on_movie_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" movie_end %t %f
+text_left Camera3
+picture_filename %Y-%m-%d/%H-%M-%S
+locate_motion_style redbox
+locate_motion_mode off
+contrast 0
+videodevice /dev/video2
+max_movie_time 0
+on_event_end /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" stop %t
+text_right %Y-%m-%d\n%T
+on_event_start /usr/local/lib/python2.7/dist-packages/motioneye/scripts/relayevent.sh "/etc/motioneye/motioneye.conf" start %t
+event_gap 30
+minimum_motion_frames 20
+mask_file 
+width 720

roles/fetlab/files/zfs_mount_settings.sh

@@ -0,0 +1,11 @@
+#list our zpools to be mounted, one per line, no delimiter
+pools=(
+	"lab"
+)
+#list all devs and their aliases to be used with luksOpen
+declare -A devs=(
+	["/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDH35RRA-part1"]="ata-ST4000VN008-2DR166_ZDH35RRA-part1"
+	["/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDH469JD-part1"]="ata-ST4000VN008-2DR166_ZDH469JD-part1"
+)
+#set your log file name
+LOG=/var/log/zfs_mount

roles/fetlab/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: restart motion
+  service: name=motion state=restarted
+
+- name: restart motioneye systemd
+  systemd: daemon_reload=yes
+  listen: restart motioneye
+
+- name: restart motioneye service
+  service: name=motioneye state=restarted
+  listen: restart motioneye

roles/fetlab/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- import_tasks: zfs.yml
+  when: fetlab_zfs
+  tags: ['fetlab_zfs', 'zfs']
+
+- import_tasks: motion.yml
+  when: fetlab_motion
+  tags: ['fetlab_motion', 'motion']

roles/fetlab/tasks/motion.yml

@@ -0,0 +1,60 @@
+---
+- name: motion - install motion
+  package: name=motion
+
+#- name: motion - /etc/default/motion
+#  replace:
+#    path: /etc/default/motion
+#    regexp: "^start_motion_daemon=.*"
+#    replace: "start_motion_daemon=yes"
+#  notify: restart motion
+
+- name: motion - install motioneye packages
+  package: "name={{ item }}"
+  with_items:
+  - python-pip
+  - python-dev
+  - python-setuptools
+  - curl
+  - libssl-dev
+  - libcurl4-openssl-dev
+  - libjpeg-dev
+  - libz-dev
+  - ffmpeg
+  - v4l-utils
+
+- name: motion - install motioneye
+  pip: name=motioneye state=latest executable=pip
+  notify: restart motioneye
+
+- name: motion - setup storage
+  file: "path={{ item }} owner=motion group=adm mode=755 state=directory"
+  with_items:
+  - /var/lib/motioneye/
+  - /var/log/motioneye/
+  - /var/run/motioneye/
+  - /etc/motioneye/
+
+- name: motion - configure motioneye
+  copy: "src={{ item }} dest=/etc/motioneye/{{ item }} owner=motion group=adm mode=0644"
+  with_items:
+  - motion.conf
+  - motioneye.conf
+  - thread-1.conf
+  - thread-2.conf
+  - thread-3.conf
+  notify: restart motioneye
+
+- name: motion - remove logo
+  lineinfile:
+    dest: /usr/local/lib/python2.7/dist-packages/motioneye/templates/main.html
+    regexp: "{{ item }}"
+    state: absent
+  with_items:
+  - '<span class="logo">motionEye</span>'
+  - '<div class="copyright-note">copyright &copy; Calin Crisan</div>'
+
+- name: motion - copy service file
+  copy: src=motioneye.service dest=/etc/systemd/system/motioneye.service
+  notify: restart motioneye
+

roles/fetlab/tasks/zfs.yml

@@ -0,0 +1,20 @@
+---
+- name : zfs - zfs_mount_settings.sh
+  copy: src=zfs_mount_settings.sh dest=/etc/ owner=root group=root mode=0755
+
+- name: zfs - set quota
+  zfs:
+    name: "{{ item.name }}"
+    state: present
+    extra_zfs_properties:
+      quota: "{{ item.quota }}"
+  with_items:
+  - { name: lab/rec, quota: "2T" }
+
+- name: zfs - pool scrub cronjob for lab
+  cron:
+    name: zfs scrub lab
+    minute: 5
+    hour: 2
+    weekday: 1
+    job: "/sbin/zpool scrub lab"

site.yml

@@ -24,6 +24,7 @@
 - hosts: ariane
   roles:
   - ariane
+  - borg_client
 #  - rvm1-ansible
 
 - hosts: sputnik
@@ -52,6 +53,11 @@
   roles:
   - borg_client
 
+- hosts: fetlab
+  roles:
+  - fetlab
+  - borg_server
+
 - hosts: buran
   roles:
   - borg_client

templates/iptables_fetlab_v4.j2

@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -j REJECT --reject-with tcp-reset
+-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -j REJECT --reject-with icmp-proto-unreachable
+COMMIT

templates/iptables_fetlab_v6.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp --syn -j DROP
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT