diff --git a/host_vars/lalilulelo.yml b/host_vars/lalilulelo.yml new file mode 100644 index 000000000..1b331fd --- /dev/null +++ b/host_vars/lalilulelo.yml @@ -0,0 +1,23 @@ +--- +tuned_base_profile: "network-latency" +tuned_custom_profile: + name: tweaks + sections: + - name: main + params: + - option: summary + value: "Boosts RAID and iGPU speeds, managed by Ansible" + - option: include + value: "{{ tuned_base_profile }}" + - name: sysctl + params: + - option: dev.raid.speed_limit_min + value: "1000000" + - option: dev.raid.speed_limit_max + value: "9500000" + - option: net.core.somaxconn + value: "16384" + - name: sysfs + params: + - option: /sys/class/drm/*/device/power_dpm_force_performance_level + value: highest diff --git a/host_vars/workstation.yml b/host_vars/workstation.yml new file mode 100644 index 000000000..1cb70f8 --- /dev/null +++ b/host_vars/workstation.yml @@ -0,0 +1,43 @@ +--- +tuned_base_profile: "network-latency" +tuned_custom_profile: + name: tweaks + sections: + - name: main + params: + - option: summary + value: "Ansible-managed/customized profile" + - option: include + value: "{{ tuned_base_profile }}" + - name: virtsched + params: + - option: type + value: "disk" + - option: devices_udev_regex + value: "(ID_MODEL=QEMU_HARDDISK)|(ID_VENDOR=HC)" + - option: elevator + value: "mq-deadline" + - name: ssdnosched + params: + - option: type + value: "disk" + - option: devices_udev_regex + value: "(ID_ATA_ROTATION_RATE_RPM=0)" + - option: elevator + value: "none" + - name: sysctl + params: + # - option: net.core.default_qdisc + # value: "fq" + # - option: net.ipv4.tcp_congestion_control + # value: "bbr" + # - option: net.core.rmem_max + # value: "4194304" + # - option: net.core.wmem_max + # value: "1048576" + - option: dev.raid.speed_limit_min + value: "600000" + - option: dev.raid.speed_limit_max + value: "9000000" + - option: net.core.somaxconn + value: "8192" diff --git a/play.yml b/play.yml index a265658..8f11c6f 100644 --- a/play.yml +++ b/play.yml @@ -3,57 +3,15 @@ gather_facts: yes vars: # auto_update: "true" # would configure dnf-automatic - hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance +# hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance URL_PUBKEYS: "https://github.com/joshlay.keys" # https://github.com/user.keys - tuned_base_profile: "network-latency" - tuned_custom_profile: - name: tweaks - sections: - - name: main - params: - - option: summary - value: "Custom tuned profile created by jlay - virt. IO scheduler, TCP, etc" - - option: include - value: "{{ tuned_base_profile }}" - - name: virtsched - params: - - option: type - value: "disk" - - option: devices_udev_regex - value: "(ID_MODEL=QEMU_HARDDISK)|(ID_VENDOR=HC)" - - option: elevator - value: "mq-deadline" - - name: ssdnosched - params: - - option: type - value: "disk" - - option: devices_udev_regex - value: "(ID_ATA_ROTATION_RATE_RPM=0)" - - option: elevator - value: "none" - - name: sysctl - params: - - option: net.core.default_qdisc - value: "fq" - - option: net.ipv4.tcp_congestion_control - value: "bbr" - - option: net.core.rmem_max - value: "4194304" - - option: net.core.wmem_max - value: "1048576" - - option: dev.raid.speed_limit_min - value: "600000" - - option: dev.raid.speed_limit_max - value: "9000000" - - option: net.core.somaxconn - value: "8192" roles: -# - {role: btrfs} # sets up scrubbing + - {role: btrfs} # sets up scrubbing - {role: bootstrap} - {role: tuned} - {role: install-packages} - {role: update-packages} # depends on 'is_atomic' in bootstrap - {role: fedora-upgrade} # consider renaming to dist-upgrade / supporting more than fedora - - {role: create-user} + - {role: create-user} # this should always follow packages; they often provide groups the user may want to join - {role: hardening} - {role: docker} diff --git a/roles/btrfs/files/btrfs-scrub@.service b/roles/btrfs/files/btrfs-scrub@.service new file mode 100644 index 000000000..ac2e16d --- /dev/null +++ b/roles/btrfs/files/btrfs-scrub@.service @@ -0,0 +1,10 @@ +[Unit] +Description=Btrfs scrub on %f +ConditionPathIsMountPoint=%f +RequiresMountsFor=%f + +[Service] +Nice=19 +IOSchedulingClass=idle +KillSignal=SIGINT +ExecStart=/usr/bin/btrfs scrub start -B %f diff --git a/roles/btrfs/files/btrfs-scrub@.timer b/roles/btrfs/files/btrfs-scrub@.timer new file mode 100644 index 000000000..7ee54a5 --- /dev/null +++ b/roles/btrfs/files/btrfs-scrub@.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Monthly Btrfs scrub on %f + +[Timer] +OnCalendar=monthly +AccuracySec=1d +RandomizedDelaySec=1w +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/roles/btrfs/handlers/main.yml b/roles/btrfs/handlers/main.yml new file mode 100644 index 000000000..3a9edbe --- /dev/null +++ b/roles/btrfs/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Reload systemd + ansible.builtin.systemd: + daemon_reload: true + become: true + listen: daemon_reload diff --git a/roles/btrfs/tasks/main.yml b/roles/btrfs/tasks/main.yml new file mode 100644 index 000000000..47218e1 --- /dev/null +++ b/roles/btrfs/tasks/main.yml @@ -0,0 +1,32 @@ +- name: Setup scrub units + ansible.builtin.copy: + src: "{{ item }}" + dest: /etc/systemd/system/ + mode: "0644" + owner: root + group: root + with_items: + - 'btrfs-scrub@.service' + - 'btrfs-scrub@.timer' + notify: daemon_reload + become: true + +- name: Run pending handlers + ansible.builtin.meta: flush_handlers + +- name: Determine btrfs mounts + ansible.builtin.set_fact: + btrfs_mounts: "{{ ansible_facts['mounts'] | selectattr('fstype', 'equalto', 'btrfs') | map(attribute='mount') | list }}" + +- name: Determine systemd-friendly refs for BTRFS mount points + ansible.builtin.command: "systemd-escape -p -- {{ item }}" + register: sanitized_mounts + loop: "{{ btrfs_mounts }}" + changed_when: false + +- name: Ensure the scrub timer is enabled for discovered BTRFS filesystems + ansible.builtin.systemd: + name: "btrfs-scrub@{{ item.stdout }}.timer" + enabled: true + with_items: "{{ sanitized_mounts.results }}" + become: true