Actually tested this on the live server. It worked! mostly...

ansible/group_vars/all/vars.yml

@@ -1,11 +1,12 @@
 # General variables
-#
 timezone: Europe/Amsterdam
 
 ntp_timezone: "{{ timezone }}"
 
 username: notthebee
 
+ssh_public_key: https://github.com/notthebee.keys
+
 email: [email protected]
 
 guid: "1000"
@@ -16,8 +17,8 @@ docker_dir: /opt/docker/data
 
 dotfiles_repo: https://github.com/notthebee/dotfiles
 
-# SSH (geerlingguy.security)
 
+# SSH (geerlingguy.security)
 security_ssh_port: 69
 
 security_sudoers_passwordless: [ "{{ username }}" ]
@@ -26,6 +27,7 @@ security_autoupdate_reboot: "true"
 
 host: "{{ duckdns_domain }}.duckdns.org"
 
+
 # Docker
 copy_persistent_data: false
 
@@ -51,5 +53,30 @@ enable_swag: true
 
 enable_wireguard: true
 
+
 # Samba
-samba_server_string: "{{ hostname }}"
+samba_server_string: "{{ hostname }}"
+
+
+# Time Machine
+timemachine_root: /mnt/timemachine
+
+timemachine_drive: /dev/disk/by-label/TimeMachine
+
+enable_timemachine: true
+
+
+# Snapraid and MergerFS
+
+mergerfs_root: /mnt/storage
+
+disks:
+  - { name: /mnt/data1, src: /dev/disk/by-label/Data1 }
+  - { name: /mnt/data2, src: /dev/disk/by-label/Data2 }
+
+parity_disks:
+  - { name: /mnt/parity1, src: /dev/disk/by-label/Parity1 }
+
+snapraid_scrub_schedule:
+  hour: 1
+  weekday: 3

ansible/roles/containers/nextcloud/tasks/main.yml

@@ -2,8 +2,9 @@
 - name: Make sure the MariaDB container is created and running
   docker_container:
     name: "mariadb"
-    image: "ghcr.io/linuxserver/mariadb"
+    image: "mariadb:latest"
     pull: yes
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
     state: 'started'
     env:
       "PUID": "{{ guid }}"

ansible/roles/essential/defaults/main.yml

@@ -8,4 +8,5 @@ extra_packages:
   - neovim
   - tmux
   - mosh
-  - lm-sensors
+  - lm-sensors
+  - iotop

ansible/roles/filesystems/mergerfs/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Install required system packages
+  apt: 
+    name: "{{ item }}" 
+    state: latest 
+    update_cache: yes
+  with_items: 
+    - 'mergerfs'
+
+- name: mount drives
+  include: mount.yml 
+  when: disks[0] is defined

ansible/roles/filesystems/mergerfs/tasks/mount.yml

@@ -0,0 +1,32 @@
+- name: create /mnt points for drives
+  file:
+    dest: "{{ item.name }}"
+    state: directory
+    owner: nobody
+    group: nogroup
+    mode: "0777"
+  with_items: "{{ disks }}"
+
+- name: create /mnt point for mount_point
+  file:
+    dest: "{{ mergerfs_root }}"
+    state: directory
+    owner: nobody
+    group: nogroup
+    mode: "0777"
+
+- name: mount drives
+  mount:
+    name: "{{ item.name }}"
+    src: "{{ item.src }}"
+    fstype: xfs
+    state: mounted
+  with_items: "{{ disks }}"
+
+- name: mount mergerfs array
+  mount:
+    name: "{{ mergerfs_root }}"
+    src: /mnt/data*
+    opts: direct_io,defaults,allow_other,minfreespace=50G,fsname=mergerfs
+    fstype: fuse.mergerfs
+    state: mounted

ansible/roles/filesystems/timemachine/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: Install required system packages
+  apt: 
+    name: "{{ item }}" 
+    state: latest 
+    update_cache: yes
+  with_items: 
+    - 'netatalk'
+    - 'avahi-daemon'
+    - 'hfsplus'
+    - 'hfsprogs'
+
+- name: create the mount point for Time Machine
+  file:
+    dest: "{{ timemachine_root }}"
+    state: directory
+    owner: nobody
+    group: nogroup
+    mode: "0777"
+    recurse: yes
+
+- name: Mount the Time Machine drive
+  mount:
+    name: "{{ timemachine_root }}"
+    src: "{{ timemachine_drive }}"
+    fstype: hfsplus
+    opts: defaults,nofail,force
+    state: present
+
+- name: Copy the Netatalk config
+  template:
+    src: afp.conf
+    dest: /etc/netatalk
+  register: netatalk_config
+
+- name: Make sure the Netatalk service is running and enabled
+  service: 
+    name: netatalk 
+    state: started 
+    enabled: yes
+
+- name: Restart Netatalk
+  service:
+    name: netatalk
+    state: restarted
+  when: netatalk_config.changed

ansible/roles/filesystems/timemachine/templates/afp.conf

@@ -0,0 +1,19 @@
+[Global]
+; Global server settings
+dbus daemon = /usr/bin/dbus-daemon
+disconnect time = 3
+sleep time = 2
+log file = /var/log/netatalk.log
+log level = default:info
+uam list = uams_dhx2_passwd.so
+zeroconf = yes
+save password = no
+
+
+[TimeMachine]
+path = "{{ timemachine_root }}"
+time machine = yes
+spotlight = yes
+valid users = "{{ username }}"
+unix priv = yes
+perm = 0770

ansible/run.yml

@@ -26,6 +26,19 @@
       tags: 
         - docker
 
+    - role: filesystems/mergerfs
+      tags:
+      - mergerfs
+
+    - role: filesystems/snapraid
+      tags:
+      - snapraid
+
+    - role: filesystems/timemachine
+      tags:
+        - timemachine
+      when: enable_timemachine | default(False)
+
     - role: containers/watchtower
       tags:
         - watchtower
@@ -49,7 +62,6 @@
         - containers
       when: enable_deluge | default(False)
 
-
     - role: containers/homer
       tags: 
         - homer

ansible/tasks/copy_persistent_data.yml

@@ -6,11 +6,18 @@
   register: persistent_data_local
 
 - name: Check if the persistent data folder exists on the remote machine
-  become: false
   stat:
     path: "{{ docker_dir }}"
   register: persistent_data_remote
 
+- name: Create the persistent data folder on the remote machine
+  file:
+    dest: "{{ docker_dir }}"
+    state: directory
+    owner: notthebee
+    group: notthebee
+    recurse: yes
+  when: persistent_data_remote.stat.exists == false
 
 - name: Sync the persistent docker data to the server 
   synchronize:

ansible/tasks/user.yml

@@ -23,7 +23,7 @@
   authorized_key:
     user: "{{ username }}"
     state: present
-    key: "{{ public_ssh_key }}"
+    key: "{{ ssh_public_key }}"
 
 - name: Create additional users (no login)
   become: yes

cloud-init/user-data

@@ -0,0 +1,5 @@
+ssh_pwauth: true
+disable_root: false
+
+ssh_import_id:
+- gh:notthebee