chore(script): archive a extract_secret.sh script

archived stack: extract_secret.sh
refactor(playbook): update convention and remove deprecated tag
2026-05-15 09:19:59 +09:00 · 2026-05-15 09:04:51 +09:00 · 2026-05-13 17:12:59 +09:00 · 2026-05-12 08:08:04 +09:00
9 changed files with 30 additions and 19 deletions
@@ -2,7 +2,16 @@

 This homelab project implements single-node On-premise IaaS system. The homelab contains virtual machines which are divided by their roles, such as private firewall, DNS, PKI, LDAP and database, SSO(OIDC). The standard domain is used to implement this system without specific vendors. All components are defined as code and initiated by IaC (Ansible) except hypervisor initial configuration.

-## RTO times
+## RTO and RPO
+
+### RPO
+- Each backup guarantees 24 hours RPO
+    - DB dumps are backed up at 12:00 AM
+    - Stateful data in app vm is backed up at 03:00 AM
+- The maximum inconsistency window between DB dumps and stateful data can be 27 hours.
+    - The different backup time.
+
+### RTO
 - Feb/25/2026 - Reprovisioning Hypervisor and vms
    - RTO: 1 hour 30 min - verified
        - Manual install and set vmm: 20 min
@@ -33,7 +33,6 @@
  tags:
    - "always"
    - "init"
-    - "upgrade"
-    - "update"
+    - "[service_name]"

 # when: "'tags' is not in ansible_run_tags"
@@ -142,8 +142,8 @@
        name: "common"
        tasks_from: "services/set_alloy"
        apply:
-          tags: ["init", "update", "alloy"]
-      tags: ["init", "update", "alloy"]
+          tags: ["init", "alloy"]
+      tags: ["init", "alloy"]

    - name: Set kopia
      ansible.builtin.include_role:
@@ -162,8 +162,8 @@
        name: "fw"
        tasks_from: "services/set_bind"
        apply:
-          tags: ["init", "update", "bind"]
-      tags: ["init", "update", "bind"]
+          tags: ["init", "bind"]
+      tags: ["init", "bind"]

    - name: Set blocky
      ansible.builtin.include_role:
@@ -149,8 +149,8 @@
  loop:
    - image: "docker.io/library/redis:{{ version['containers']['redis'] }}"
      file: "docker.io_library_redis_{{ version['containers']['redis'] }}"
-    - image: "ilnmors.internal/{{ node['name'] }}/paperless-ngx:{{ version['containers']['paperless'] }}"
-      file: "ilnmors.internal_{{ node['name'] }}_paperless-ngx_{{ version['containers']['paperless'] }}"
+    - image: "{{ domain['internal'] }}/{{ node['name'] }}/paperless-ngx:{{ version['containers']['paperless'] }}"
+      file: "{{ domain['internal'] }}_{{ node['name'] }}_paperless-ngx_{{ version['containers']['paperless'] }}"
  loop_control:
    label: "{{ item.file }}"
  register: container_archive_images
@@ -100,20 +100,20 @@

 - name: Check container archive images
  ansible.builtin.stat:
-    path: "{{ node['home_path'] }}/archives/containers/ilnmors.internal_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
+    path: "{{ node['home_path'] }}/archives/containers/{{ domain['internal'] }}_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
  register: container_archive_images

 - name: Save container archive images
  containers.podman.podman_save:
    image:
-      - "ilnmors.internal/{{ node['name'] }}/caddy:{{ version['containers']['caddy'] }}"
-    dest: "{{ node['home_path'] }}/archives/containers/ilnmors.internal_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
+      - "{{ domain['internal'] }}/{{ node['name'] }}/caddy:{{ version['containers']['caddy'] }}"
+    dest: "{{ node['home_path'] }}/archives/containers/{{ domain['internal'] }}_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
    format: "oci-archive"
    force: false
  when: not container_archive_images.stat.exists

 - name: Fetch container archive images
  ansible.builtin.fetch:
-    src: "{{ node['home_path'] }}/archives/containers/ilnmors.internal_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
+    src: "{{ node['home_path'] }}/archives/containers/{{ domain['internal'] }}_{{ node['name'] }}_caddy_{{ version['containers']['caddy'] }}.tar"
    dest: "{{ hostvars['console']['node']['data_path'] }}/images/containers/"
    flat: true
@@ -176,15 +176,17 @@
 - name: Check container archive images
  ansible.builtin.stat:
    path: "{{ node['home_path'] }}/archives/containers/\
-      ilnmors.internal_{{ node['name'] }}_postgres_pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
+      {{ domain['internal'] }}_{{ node['name'] }}_postgres_\
+      pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
  register: container_archive_images

 - name: Save container archive images
  containers.podman.podman_save:
    image:
-      - "ilnmors.internal/{{ node['name'] }}/postgres:pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}"
+      - "{{ domain['internal'] }}/{{ node['name'] }}/postgres:pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}"
    dest: "{{ node['home_path'] }}/archives/containers/\
-      ilnmors.internal_{{ node['name'] }}_postgres_pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
+      {{ domain['internal'] }}_{{ node['name'] }}_postgres_\
+      pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
    format: "oci-archive"
    force: false
  when: not container_archive_images.stat.exists
@@ -192,6 +194,7 @@
 - name: Fetch container archive images
  ansible.builtin.fetch:
    src: "{{ node['home_path'] }}/archives/containers/\
-      ilnmors.internal_{{ node['name'] }}_postgres_pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
+      {{ domain['internal'] }}_{{ node['name'] }}_postgres_\
+      pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}.tar"
    dest: "{{ hostvars['console']['node']['data_path'] }}/images/containers/"
    flat: true
@@ -8,7 +8,7 @@ After=redis_paperless.service
 Wants=redis_paperless.service

 [Container]
-Image=ilnmors.internal/app/paperless-ngx:{{ version['containers']['paperless'] }}
+Image={{ domain['internal'] }}/{{ node['name'] }}/paperless-ngx:{{ version['containers']['paperless'] }}
 ContainerName=paperless
 HostName=paperless
 PublishPort={{ services['paperless']['ports']['http'] }}:8000/tcp
@@ -148,4 +148,4 @@ if [ "$TYPE" == "ENV" ]; then
        log "error" "SOPS extract error"
        exit 1
    fi
-fi
+fi
Author	SHA1	Message	Date
il	a7e2320b21	chore(script): archive a extract_secret.sh script archived stack: extract_secret.sh	2026-05-15 09:19:59 +09:00
il	24c83029e9	refactor(playbook): update convention and remove deprecated tag update notes: - remove tags 'update', 'upgrade' from convention.yaml - remove tags 'update' from playbooks/app/site.yaml	2026-05-15 09:04:51 +09:00
il	ac64b3c04e	docs(readme): add RPO on readme	2026-05-13 17:12:59 +09:00
il	26d696f813	refactor(all): update hardcoded internal domain to ansible variable	2026-05-12 08:08:04 +09:00