Add Minor Fixes and Updates

.config/ansible-lint-ignore.txt

@@ -43,6 +43,11 @@ roles/nginx/tasks/main.yaml syntax-check[unknown-module]
 # GitHub Action for ansible-lint, so the checks fail as the community.general
 # package is not installed.
 
+roles/pacman/tasks/main.yaml syntax-check[unknown-module]
+# Ignore the unknown-module issue as Ansible Galaxy is not supported in the
+# GitHub Action for ansible-lint, so the checks fail as the community.general
+# package is not installed.
+
 roles/pacman/handlers/main.yaml syntax-check[unknown-module]
 # Ignore the unknown-module issue as Ansible Galaxy is not supported in the
 # GitHub Action for ansible-lint, so the checks fail as the community.general
@@ -67,3 +72,8 @@ roles/secure_boot/tasks/main.yaml syntax-check[unknown-module]
 # Ignore the unknown-module issue as Ansible Galaxy is not supported in the
 # GitHub Action for ansible-lint, so the checks fail as the community.general
 # package is not installed.
+
+roles/k3s/tasks/main.yaml syntax-check[unknown-module]
+# Ignore the unknown-module issue as Ansible Galaxy is not supported in the
+# GitHub Action for ansible-lint, so the checks fail as the community.general
+# package is not installed.

Taskfile.yaml

@@ -232,6 +232,19 @@ tasks:
             --limit {{ .limit }} \
             --forks 3
 
+  cache:
+    desc: Deploy configurations for caching proxy
+    silent: true
+    cmds:
+      - cmd: |-
+          ansible-playbook \
+            --syntax-check plays/cache.yaml
+      - cmd: |-
+          ansible-playbook \
+            --ask-become-pass plays/cache.yaml \
+            --limit {{ .limit }} \
+            --forks 3 --check --diff
+
   netdata:
     desc: Deploy the Netdata configurations for parents and children
     silent: true

inventory.yaml

@@ -6,19 +6,16 @@ all:
         node-01.s.cym-south-1.kub3.uk:
         netdata-01.s.cym-south-1.kub3.uk:
         cache-01.s.cym-south-1.kub3.uk:
-        vault-01.p.cym-south-1.kub3.uk:
 
     production:
       hosts:
         node-[01:06].p.cym-south-1.kub3.uk:
         netdata-01.p.cym-south-1.kub3.uk:
-        vault-[01:03].p.cym-south-1.kub3.uk:
 
     development:
       hosts:
         node-01.d.cym-south-1.kub3.uk:
         netdata-01.d.cym-south-1.kub3.uk:
-        vault-[01:03].d.cym-south-1.kub3.uk:
 
     testing:
       hosts:
@@ -62,9 +59,3 @@ all:
         node-[01:06].p.cym-south-1.kub3.uk:
         node-01.d.cym-south-1.kub3.uk:
         node-01.s.cym-south-1.kub3.uk:
-
-    vault:
-      hosts:
-        vault-[01:03].p.cym-south-1.kub3.uk:
-        vault-[01:03].d.cym-south-1.kub3.uk:
-        vault-01.s.cym-south-1.kub3.uk:

plays/baseline.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Baseline all hosts
-  hosts: all:!remote
+  hosts: all
   become: true
   become_user: root
   roles:

plays/group_vars/physical.yaml

@@ -124,7 +124,7 @@ systemd_networkd_ethernet_name: enp86s0
 systemd_networkd_access_vlan: 32
 
 systemd_system_watchdog_enabled: true
-systemd_journald_max_size: 165M
+systemd_journald_max_use: 165M
 systemd_timesyncd_fallback_ntp:
   - ntp0.zen.co.uk
   - ntp1.zen.co.uk

plays/group_vars/virtual.yaml

@@ -89,4 +89,4 @@ kernels_mkinitcpio_modules:
 systemd_networkd_ethernet_name: enp3s0
 
 systemd_system_watchdog_enabled: true
-systemd_journald_max_size: 165M
+systemd_journald_max_use: 165M

plays/testing.yaml

@@ -2,9 +2,8 @@
 # Configure the caching service for Arch Linux repositories
 
 - name: Configure the host for a single-node Kubernetes deployment
-  hosts: minikube
+  hosts: testing
   become: true
   become_user: root
   roles:
-    # - role: bird
     - role: k3s

roles/cache/defaults/main.yaml

@@ -7,7 +7,7 @@ cache_vhost_names:
   - 2.cache.s.cym-south-1.kub3.uk
   - 3.cache.s.cym-south-1.kub3.uk
 
-cache_volume_size: 450G
+cache_volume_size: 64G
 
 cache_repos:
   - name: core

roles/cache/templates/cache.conf.jinja

@@ -7,7 +7,7 @@
 proxy_cache_path
   /srv/http/cache/repositories
   levels=1:2 keys_zone=repositories:60m
-  inactive=90d max_size=32g;
+  inactive=90d max_size=60g;
 proxy_temp_path /srv/http/cache/tmp 1 2;
 
 server {

roles/kernels/tasks/bootctl.yaml

@@ -63,7 +63,7 @@
     dest: "{{ bootstrap_mount_base | default('') }}/efi/loader/loader.conf"
     owner: root
     group: root
-    mode: u=rw,g=r,o=r
+    mode: u=rwx,g=rx,o=rx
   tags:
     - kernel
     - systemd-boot

roles/kernels/tasks/kernel-virtual.yaml

@@ -7,7 +7,7 @@
     dest: "{{ bootstrap_mount_base | default('') }}/efi/loader/entries/{{ kernel }}.conf"
     owner: root
     group: root
-    mode: u=rw,g=r,o=r
+    mode: u=rwx,g=rx,o=rx
   tags:
     - kernel
     - systemd-boot

roles/libvirtd/tasks/filesystem.yaml

@@ -38,7 +38,7 @@
     path: /var/lib/libvirt/qemu
     owner: libvirt-qemu
     group: libvirt-qemu
-    mode: u=rwx,g=rx,o=
+    mode: u=rwx,g=rx,o=x
     state: directory
   notify:
     - Restart libvirtd

roles/systemd_networkd/templates/bridge.netdev.jinja

@@ -3,3 +3,5 @@
 [NetDev]
 Name=bri{{ '%02d' | format(item.0) }}
 Kind=bridge
+
+MACAddress={{ ('02' + ((env_name + "-" + ansible_hostname + "-bri" + ('%02d' | format(item.0))) | hash("sha256") | truncate(10, true, ""))) | ansible.utils.hwaddr('unix') }}

roles/systemd_networkd/templates/bridge.network.jinja

@@ -3,9 +3,6 @@
 [Match]
 Name=bri{{ '%02d' | format(item.0) }}
 
-[Link]
-MACAddress={{ ('02' + ((env_name + "-" + ansible_hostname + "-bri" + ('%02d' | format(item.0))) | hash("sha256") | truncate(10, true, ""))) | ansible.utils.hwaddr('unix') }}
-
 [Network]
 DHCP=no
 IPForward=yes