data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

wip

Browse source
This commit is contained in:
Sam A. 2024-03-01 21:52:27 +01:00
parent a2b6301fad
commit 3a53634dfa
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
11 changed files with 21 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
group_vars/production/vars.yml
View file

@ -1,16 +1,16 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
ldap_dn: "dc=data,dc=coop"
vagrant: "{{ from_vagrant is defined and from_vagrant }}" vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}" letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: admin@data.coop letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix" smtp_host: "postfix"
smtp_port: "587" smtp_port: "587"
services_exclude: ldap_dn: "dc=data,dc=coop"
- uptime_kuma

8
group_vars/staging/vars.yml
View file

@ -1,16 +1,16 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
ldap_dn: "dc=staging,dc=data,dc=coop"
vagrant: "{{ from_vagrant is defined and from_vagrant }}" vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}" letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}" base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
letsencrypt_email: admin@data.coop letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix" smtp_host: "postfix"
smtp_port: "587" smtp_port: "587"
services_exclude: ldap_dn: "dc=staging,dc=data,dc=coop"
- uptime_kuma

10
playbook.yml
View file

@ -4,10 +4,10 @@
- hosts: all - hosts: all
gather_facts: true gather_facts: true
become: true become: true
tasks: roles:
- import_role: - name: os_base
name: ubuntu_base
tags: tags:
- base_only - base_only
- import_role: - name: docker
name: docker tags:
- docker

6
roles/ubuntu_base/tasks/base.yml → roles/os_base/tasks/base.yml
View file

@ -2,12 +2,12 @@
# code: language=ansible # code: language=ansible
--- ---
- name: Install necessary packages via apt - name: Install necessary packages via apt
apt: ansible.builtin.apt:
name: "{{ packages }}" name: "{{ packages }}"
vars: vars:
packages: packages:
- aptitude
- python3-pip
- apparmor - apparmor
- haveged - haveged
- mosh - mosh
- ufw
- vim

1
roles/ubuntu_base/tasks/firewall.yml → roles/os_base/tasks/firewall.yml
View file

@ -22,3 +22,4 @@
- port: 587 # Email - port: 587 # Email
- port: 993 # Email - port: 993 # Email
- port: 19022 # SSH - port: 19022 # SSH
when: inventory_hostname in groups['virtual']

11
roles/ubuntu_base/tasks/main.yml → roles/os_base/tasks/main.yml
View file

@ -1,18 +1,15 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
- import_tasks: ssh-port.yml - ansible.builtin.import_tasks: ssh-port.yml
tags: [change-ssh-port] tags: [change-ssh-port]
when: ansible_port != 22 when: ansible_port != 22
- import_tasks: upgrade.yml - ansible.builtin.import_tasks: base.yml
tags: [do-full-system-upgrade]
- import_tasks: base.yml
tags: [install-base-packages] tags: [install-base-packages]
- import_tasks: users.yml - ansible.builtin.import_tasks: users.yml
tags: [setup-users] tags: [setup-users]
- import_tasks: firewall.yml - ansible.builtin.import_tasks: firewall.yml
tags: [setup-firewall] tags: [setup-firewall]

0
roles/ubuntu_base/tasks/ssh-port.yml → roles/os_base/tasks/ssh-port.yml
View file

0
roles/ubuntu_base/tasks/upgrade.yml → roles/os_base/tasks/upgrade.yml
View file

0
roles/ubuntu_base/tasks/users.yml → roles/os_base/tasks/users.yml
View file

14
uptime.data.coop.yml
View file

@ -1,14 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- hosts: monitoring
gather_facts: true
become: true
vars:
tasks:
- import_role:
name: ubuntu_base
tags:
- base_only
- import_role:
name: docker

0
vagrant_host → vagrant.ini
View file