Replace docker rclone volumes with native cifs volumes

2026-01-25 12:22:18 +01:00 · 2026-01-25 12:22:18 +01:00 · 635a0c4da8
commit 635a0c4da8
parent 85568c8278
12 changed files with 19 additions and 106 deletions
--- a/modules/infrastructure/hcloud.tf
+++ b/modules/infrastructure/hcloud.tf
@ -149,7 +149,7 @@ resource "hcloud_storage_box_subaccount" "service_accounts" {
  access_settings = {
    reachable_externally = true
-    webdav_enabled = true
+    samba_enabled = true
  }
  description = each.key
--- a/playbooks/roles/backup/files/hooks/immich_upload
+++ b/playbooks/roles/backup/files/hooks/immich_upload
@ -1,12 +0,0 @@
 #!/usr/bin/env bash
 backup_path="$1"
 stage="$2"
 if [ "$stage" == "before" ]; then
 	rclone mount --config /opt/services/backup/rclone.conf --daemon immich_upload: "$backup_path"
 fi
 if [ "$stage" == "after" ]; then
 	unmount "$backup_path"
 fi
--- a/playbooks/roles/backup/tasks/main.yml
+++ b/playbooks/roles/backup/tasks/main.yml
@ -25,12 +25,6 @@
        content: '{{ backup_yml_all | to_nice_yaml }}'
        mode: "0644"
    - name: Create rclone.conf
      ansible.builtin.copy:
        dest: "{{ (service_path, 'rclone.conf') | path_join }}"
        content: '{{ vault_backup.rclone }}'
        mode: "0600"
    - name: Import tasks specific to the hooks scripts
      ansible.builtin.import_tasks: hooks.yml
    - name: Import tasks specific to the recovery scripts
--- a/playbooks/roles/calibre_web/defaults/main.yml
+++ b/playbooks/roles/calibre_web/defaults/main.yml
@ -15,9 +15,12 @@ calibre_web_compose:
  image: lscr.io/linuxserver/calibre-web:latest
  volumes:
    - config:/config
-    - calibre_web_data:/data
+    - data:/data
  file:
    volumes:
      config:
-      calibre_web_data:
+      data:
-        external: true
+        driver_opts:
          type: cifs
          o: "username={{ opentofu.hcloud_storage_box_accounts.calibre_web.user }},password={{ opentofu.hcloud_storage_box_accounts.calibre_web.pass }}"
          device: "//{{ opentofu.hcloud_storage_box_accounts.calibre_web.host }}/{{ opentofu.hcloud_storage_box_accounts.calibre_web.user }}"
--- a/playbooks/roles/calibre_web/tasks/main.yml
+++ b/playbooks/roles/calibre_web/tasks/main.yml
@ -8,10 +8,5 @@
    env: "{{ calibre_web_env }}"
    compose: "{{ calibre_web_compose }}"
  block:
    - name: Import tasks to create docker rclone volume
      ansible.builtin.import_tasks: tasks/create-docker-rclone-volume.yml
      vars:
        task_volume: calibre_web_data
        task_rclone: "{{ opentofu.hcloud_storage_box_accounts.calibre_web }}"
    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/playbooks/roles/immich/defaults/main.yml
+++ b/playbooks/roles/immich/defaults/main.yml
@ -29,7 +29,7 @@ immich_compose:
  watchtower: monitor
  image: ghcr.io/immich-app/immich-server:{{ immich_docker_tag }}
  volumes:
-    - immich_upload:/usr/src/app/upload
+    - upload:/usr/src/app/upload
  file:
    services:
      app:
@ -50,7 +50,7 @@ immich_compose:
        cpus: 1.0
        mem_limit: 1g
        volumes:
-          - immich_upload:/usr/src/app/upload
+          - upload:/usr/src/app/upload
        restart: always
        networks:
          default:
@ -96,7 +96,10 @@ immich_compose:
          default:
    volumes:
-      immich_upload:
+      upload:
-        external: true
+        driver_opts:
          type: cifs
          o: "username={{ opentofu.hcloud_storage_box_accounts.immich.user }},password={{ opentofu.hcloud_storage_box_accounts.immich.pass }}"
          device: "//{{ opentofu.hcloud_storage_box_accounts.immich.host }}/{{ opentofu.hcloud_storage_box_accounts.immich.user }}"
      pgdata:
      model-cache:
--- a/playbooks/roles/immich/tasks/main.yml
+++ b/playbooks/roles/immich/tasks/main.yml
@ -8,10 +8,5 @@
    env: "{{ immich_env }}"
    compose: "{{ immich_compose }}"
  block:
    - name: Import tasks to create docker rclone volume
      ansible.builtin.import_tasks: tasks/create-docker-rclone-volume.yml
      vars:
        task_volume: immich_upload
        task_rclone: "{{ opentofu.hcloud_storage_box_accounts.immich }}"
    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/playbooks/roles/immich_worker/defaults/main.yml
+++ b/playbooks/roles/immich_worker/defaults/main.yml
@ -47,15 +47,9 @@ immich_worker_compose:
    volumes:
      upload:
        driver: rclone
        driver_opts:
-          type: sftp
+          type: cifs
-          sftp_host: "{{ opentofu.hcloud_storage_box_accounts.immich.host }}"
+          o: "username={{ opentofu.hcloud_storage_box_accounts.immich.user }},password={{ opentofu.hcloud_storage_box_accounts.immich.pass }}"
-          sftp_port: 23
+          device: "//{{ opentofu.hcloud_storage_box_accounts.immich.host }}/{{ opentofu.hcloud_storage_box_accounts.immich.user }}"
          sftp_user: "{{ opentofu.hcloud_storage_box_accounts.immich.user }}"
          sftp_pass: "{{ opentofu.hcloud_storage_box_accounts.immich.pass_obscure }}"
          allow_other: 'true'
          vfs_cache_mode: minimal
          poll_interval: 0
      pgdata:
      model-cache:
--- a/playbooks/roles/software/tasks/docker-rclone-plugin.yml
+++ b/playbooks/roles/software/tasks/docker-rclone-plugin.yml
@ -1,29 +0,0 @@
 - name: Install fuse system packages
  ansible.builtin.apt:
    pkg:
      - fuse
    state: present
    update_cache: true
  become: true
 - name: Create the rclone plugin config dir
  ansible.builtin.file:
    path: "/var/lib/docker-plugins/rclone/config"
    state: directory
    mode: "0755"
  become: true
 - name: Create the rclone plugin cache dir
  ansible.builtin.file:
    path: "/var/lib/docker-plugins/rclone/cache"
    state: directory
    mode: "0755"
  become: true
 - name: Install rclone plugin
  community.docker.docker_plugin:
    alias: rclone
    plugin_name: rclone/docker-volume-rclone:amd64
    plugin_options:
      args: "-v"
    state: enable
--- a/playbooks/roles/software/tasks/main.yml
+++ b/playbooks/roles/software/tasks/main.yml
@ -3,7 +3,6 @@
    pkg:
      - bzip2
      - jq
      - rclone
      - zsh
    state: present
    update_cache: true
@ -11,8 +10,6 @@
 - name: Install docker
  ansible.builtin.import_tasks: docker.yml
 - name: Install docker rclone plugin
  ansible.builtin.import_tasks: docker-rclone-plugin.yml
 - name: Install (auto-)restic
  ansible.builtin.import_tasks: restic.yml
 - name: Install systemd-resolved
--- a/playbooks/tasks/create-docker-rclone-volume.yml
+++ b/playbooks/tasks/create-docker-rclone-volume.yml
@ -1,27 +0,0 @@
 - name: Get infos on volume
  community.docker.docker_volume_info:
    name: "{{ task_volume }}"
  register: res_docker_volume
 - name: Create volume (block)
  when: not res_docker_volume.exists
  block:
    - name: Obscure rclone password
      ansible.builtin.command:
        cmd: rclone obscure -
        stdin: "{{ task_rclone.pass }}"
      register: res_rclone_pass
      delegate_to: localhost
      changed_when: true
    - name: Create volume
      community.docker.docker_volume:
        name: "{{ task_volume }}"
        driver: rclone
        driver_options:
          type: webdav
          webdav_url: "https://{{ task_rclone.host }}"
          webdav_user: "{{ task_rclone.user }}"
          webdav_pass: "{{ res_rclone_pass.stdout }}"
          vfs_cache_mode: minimal
          allow_other: 'true'
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -93,7 +93,7 @@ services = {
      },
      {
        name = "calibre_web_data"
-        type = "hook"
+        type = "docker"
      }
    ]
    monitoring = {
@ -307,7 +307,7 @@ services = {
    backup = [
      {
        name = "immich_upload"
-        type = "hook"
+        type = "docker"
      },
      {
        name = "immich_database"