From a2b6301fad16b29149ac9e42c44d5bc16d6704fe Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 1 Mar 2024 21:30:18 +0100 Subject: [PATCH] Add hosts and move vars into var files --- .gitignore | 1 + datacoop_hosts | 5 ----- group_vars/all/vars.yml | 1 + group_vars/monitoring/vars.yml | 13 ++++++++++++ group_vars/production/vars.yml | 16 +++++++++++++++ group_vars/staging/vars.yml | 16 +++++++++++++++ host_vars/cavall.yml | 5 +++++ host_vars/folald.yml | 6 ++++++ host_vars/hestur.yml | 5 +++++ host_vars/poltre.yml | 6 ++++++ host_vars/varsa.yml | 6 ++++++ inventory.ini | 19 ++++++++++++++++++ playbook.yml | 18 ++--------------- roles/docker/defaults/main.yml | 1 + roles/docker/handlers/main.yml | 1 + roles/docker/tasks/block.yml | 1 + roles/docker/tasks/main.yml | 1 + .../tasks/post_deploy/docker_registry.yml | 1 + roles/docker/tasks/post_deploy/mastodon.yml | 1 + .../tasks/pre_deploy/data_coop_website.yml | 1 + .../tasks/pre_deploy/docker_registry.yml | 1 + roles/docker/tasks/pre_deploy/element.yml | 1 + roles/docker/tasks/pre_deploy/hedgedoc.yml | 1 + roles/docker/tasks/pre_deploy/mailu.yml | 1 + roles/docker/tasks/pre_deploy/mastodon.yml | 1 + roles/docker/tasks/pre_deploy/matrix.yml | 1 + roles/docker/tasks/pre_deploy/nextcloud.yml | 1 + roles/docker/tasks/pre_deploy/nginx_proxy.yml | 1 + roles/docker/tasks/pre_deploy/openldap.yml | 1 + roles/docker/tasks/pre_deploy/postfix.yml | 1 + roles/docker/tasks/pre_deploy/privatebin.yml | 1 + roles/docker/tasks/pre_deploy/rallly.yml | 1 + roles/docker/tasks/pre_deploy/restic.yml | 1 + roles/docker/tasks/pre_deploy/writefreely.yml | 1 + roles/docker/tasks/services.yml | 1 + roles/ubuntu_base/tasks/base.yml | 6 +----- roles/ubuntu_base/tasks/dell-apt-repo.yml | 20 ------------------- roles/ubuntu_base/tasks/firewall.yml | 1 + roles/ubuntu_base/tasks/main.yml | 7 ++----- roles/ubuntu_base/tasks/ssh-port.yml | 1 + roles/ubuntu_base/tasks/upgrade.yml | 1 + roles/ubuntu_base/tasks/users.yml | 1 + uptime.data.coop.yml | 12 +---------- 43 files changed, 126 insertions(+), 62 deletions(-) delete mode 100644 datacoop_hosts create mode 100644 group_vars/monitoring/vars.yml create mode 100644 group_vars/production/vars.yml create mode 100644 group_vars/staging/vars.yml create mode 100644 host_vars/cavall.yml create mode 100644 host_vars/folald.yml create mode 100644 host_vars/hestur.yml create mode 100644 host_vars/poltre.yml create mode 100644 host_vars/varsa.yml create mode 100644 inventory.ini delete mode 100644 roles/ubuntu_base/tasks/dell-apt-repo.yml diff --git a/.gitignore b/.gitignore index f5f456e..7ab9b95 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ .vagrant/ *.log .idea/ +.vscode/ venv/ diff --git a/datacoop_hosts b/datacoop_hosts deleted file mode 100644 index 3892265..0000000 --- a/datacoop_hosts +++ /dev/null @@ -1,5 +0,0 @@ -[production] -hevonen.servers.data.coop ansible_port=19022 - -[monitoring] -uptime.data.coop diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index cbcbb96..46cc885 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- users: - name: graffen diff --git a/group_vars/monitoring/vars.yml b/group_vars/monitoring/vars.yml new file mode 100644 index 0000000..5af63e4 --- /dev/null +++ b/group_vars/monitoring/vars.yml @@ -0,0 +1,13 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +vagrant: "{{ from_vagrant is defined and from_vagrant }}" +letsencrypt_enabled: "{{ not vagrant }}" + +base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" +letsencrypt_email: admin@data.coop + +services_include: + - nginx_proxy + - uptime_kuma + - watchtower diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml new file mode 100644 index 0000000..0b5978f --- /dev/null +++ b/group_vars/production/vars.yml @@ -0,0 +1,16 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ldap_dn: "dc=data,dc=coop" + +vagrant: "{{ from_vagrant is defined and from_vagrant }}" +letsencrypt_enabled: "{{ not vagrant }}" + +base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" +letsencrypt_email: admin@data.coop + +smtp_host: "postfix" +smtp_port: "587" + +services_exclude: + - uptime_kuma diff --git a/group_vars/staging/vars.yml b/group_vars/staging/vars.yml new file mode 100644 index 0000000..522f9f1 --- /dev/null +++ b/group_vars/staging/vars.yml @@ -0,0 +1,16 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ldap_dn: "dc=staging,dc=data,dc=coop" + +vagrant: "{{ from_vagrant is defined and from_vagrant }}" +letsencrypt_enabled: "{{ not vagrant }}" + +base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}" +letsencrypt_email: admin@data.coop + +smtp_host: "postfix" +smtp_port: "587" + +services_exclude: + - uptime_kuma diff --git a/host_vars/cavall.yml b/host_vars/cavall.yml new file mode 100644 index 0000000..63021d8 --- /dev/null +++ b/host_vars/cavall.yml @@ -0,0 +1,5 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ansible_host: 85.209.118.134 +fqdn: cavall.servers.data.coop diff --git a/host_vars/folald.yml b/host_vars/folald.yml new file mode 100644 index 0000000..b7db177 --- /dev/null +++ b/host_vars/folald.yml @@ -0,0 +1,6 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ansible_host: 85.209.118.134 +ansible_port: 19022 +fqdn: folald.vm.cavall.servers.data.coop diff --git a/host_vars/hestur.yml b/host_vars/hestur.yml new file mode 100644 index 0000000..8d25f20 --- /dev/null +++ b/host_vars/hestur.yml @@ -0,0 +1,5 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ansible_host: 159.223.17.241 +fqdn: hestur.servers.data.coop diff --git a/host_vars/poltre.yml b/host_vars/poltre.yml new file mode 100644 index 0000000..7f80a86 --- /dev/null +++ b/host_vars/poltre.yml @@ -0,0 +1,6 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ansible_host: 85.209.118.142 +ansible_port: 19022 +fqdn: poltre.vm.cavall.servers.data.coop diff --git a/host_vars/varsa.yml b/host_vars/varsa.yml new file mode 100644 index 0000000..720189e --- /dev/null +++ b/host_vars/varsa.yml @@ -0,0 +1,6 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +ansible_host: 85.209.118.143 +ansible_port: 19022 +fqdn: varsa.vm.cavall.servers.data.coop diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..29bd7fb --- /dev/null +++ b/inventory.ini @@ -0,0 +1,19 @@ +[proxmox] +cavall + +[monitoring] +hestur + +[production] +poltre + +[staging] +varsa + +[control] +folald + +[virtual:children] +production +staging +control \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index 71b78eb..cdbbb37 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,23 +1,9 @@ # vim: ft=yaml.ansible +# code: language=ansible --- -- hosts: production +- hosts: all gather_facts: true become: true - vars: - ldap_dn: "dc=data,dc=coop" - - vagrant: "{{ from_vagrant is defined and from_vagrant }}" - letsencrypt_enabled: "{{ not vagrant }}" - - base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" - letsencrypt_email: "admin@{{ base_domain }}" - - smtp_host: "postfix" - smtp_port: "587" - - services_exclude: - - uptime_kuma - tasks: - import_role: name: ubuntu_base diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 4ba6a88..259eb69 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- volume_root_folder: "/docker-volumes" volume_website_folder: "{{ volume_root_folder }}/websites" diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index d6c7875..7d1a556 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: restart nginx command: docker compose restart proxy diff --git a/roles/docker/tasks/block.yml b/roles/docker/tasks/block.yml index 14f70dc..9712d4f 100644 --- a/roles/docker/tasks/block.yml +++ b/roles/docker/tasks/block.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create volume folder for service {{ service.name }} file: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 8d297ea..be548c0 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Add Docker PGP key apt_key: diff --git a/roles/docker/tasks/post_deploy/docker_registry.yml b/roles/docker/tasks/post_deploy/docker_registry.yml index 10bc561..584350c 100644 --- a/roles/docker/tasks/post_deploy/docker_registry.yml +++ b/roles/docker/tasks/post_deploy/docker_registry.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Generate htpasswd file shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd diff --git a/roles/docker/tasks/post_deploy/mastodon.yml b/roles/docker/tasks/post_deploy/mastodon.yml index 06c3bdd..2de1f3a 100644 --- a/roles/docker/tasks/post_deploy/mastodon.yml +++ b/roles/docker/tasks/post_deploy/mastodon.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Configure cron job to remove old Mastodon media daily cron: diff --git a/roles/docker/tasks/pre_deploy/data_coop_website.yml b/roles/docker/tasks/pre_deploy/data_coop_website.yml index 6ae6cbf..8a26c6a 100644 --- a/roles/docker/tasks/pre_deploy/data_coop_website.yml +++ b/roles/docker/tasks/pre_deploy/data_coop_website.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Upload vhost config for root domain copy: diff --git a/roles/docker/tasks/pre_deploy/docker_registry.yml b/roles/docker/tasks/pre_deploy/docker_registry.yml index 33fd2ff..8aabe33 100644 --- a/roles/docker/tasks/pre_deploy/docker_registry.yml +++ b/roles/docker/tasks/pre_deploy/docker_registry.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/element.yml b/roles/docker/tasks/pre_deploy/element.yml index 26e3b91..66a204e 100644 --- a/roles/docker/tasks/pre_deploy/element.yml +++ b/roles/docker/tasks/pre_deploy/element.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolder file: diff --git a/roles/docker/tasks/pre_deploy/hedgedoc.yml b/roles/docker/tasks/pre_deploy/hedgedoc.yml index d849ed3..9a908af 100644 --- a/roles/docker/tasks/pre_deploy/hedgedoc.yml +++ b/roles/docker/tasks/pre_deploy/hedgedoc.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/mailu.yml b/roles/docker/tasks/pre_deploy/mailu.yml index 682f501..1892288 100644 --- a/roles/docker/tasks/pre_deploy/mailu.yml +++ b/roles/docker/tasks/pre_deploy/mailu.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/mastodon.yml b/roles/docker/tasks/pre_deploy/mastodon.yml index c32d9e1..1c8e4ad 100644 --- a/roles/docker/tasks/pre_deploy/mastodon.yml +++ b/roles/docker/tasks/pre_deploy/mastodon.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolder for Mastodon data file: diff --git a/roles/docker/tasks/pre_deploy/matrix.yml b/roles/docker/tasks/pre_deploy/matrix.yml index 32ce95e..ab45842 100644 --- a/roles/docker/tasks/pre_deploy/matrix.yml +++ b/roles/docker/tasks/pre_deploy/matrix.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/nextcloud.yml b/roles/docker/tasks/pre_deploy/nextcloud.yml index 5a8e90e..d319cfd 100644 --- a/roles/docker/tasks/pre_deploy/nextcloud.yml +++ b/roles/docker/tasks/pre_deploy/nextcloud.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/nginx_proxy.yml b/roles/docker/tasks/pre_deploy/nginx_proxy.yml index be9e9d2..4de24e5 100644 --- a/roles/docker/tasks/pre_deploy/nginx_proxy.yml +++ b/roles/docker/tasks/pre_deploy/nginx_proxy.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/openldap.yml b/roles/docker/tasks/pre_deploy/openldap.yml index 188c062..e08b63a 100644 --- a/roles/docker/tasks/pre_deploy/openldap.yml +++ b/roles/docker/tasks/pre_deploy/openldap.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/postfix.yml b/roles/docker/tasks/pre_deploy/postfix.yml index e8b41fd..331a5ed 100644 --- a/roles/docker/tasks/pre_deploy/postfix.yml +++ b/roles/docker/tasks/pre_deploy/postfix.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Set up network for Postfix docker_network: diff --git a/roles/docker/tasks/pre_deploy/privatebin.yml b/roles/docker/tasks/pre_deploy/privatebin.yml index 012bd0b..b0b3265 100644 --- a/roles/docker/tasks/pre_deploy/privatebin.yml +++ b/roles/docker/tasks/pre_deploy/privatebin.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolders file: diff --git a/roles/docker/tasks/pre_deploy/rallly.yml b/roles/docker/tasks/pre_deploy/rallly.yml index 3e91f9d..ed75b47 100644 --- a/roles/docker/tasks/pre_deploy/rallly.yml +++ b/roles/docker/tasks/pre_deploy/rallly.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolder file: diff --git a/roles/docker/tasks/pre_deploy/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml index 8a147d7..d30207a 100644 --- a/roles/docker/tasks/pre_deploy/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create SSH directory file: diff --git a/roles/docker/tasks/pre_deploy/writefreely.yml b/roles/docker/tasks/pre_deploy/writefreely.yml index a1f558b..af2f5f5 100644 --- a/roles/docker/tasks/pre_deploy/writefreely.yml +++ b/roles/docker/tasks/pre_deploy/writefreely.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Create subfolder for MariaDB data file: diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 2c7276f..b9ecbd1 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Set up external services network docker_network: diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 733270d..f9be46b 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Install necessary packages via apt apt: @@ -10,8 +11,3 @@ - apparmor - haveged - mosh - -- name: Install Dell OpenManage - apt: - name: srvadmin-all - when: not vagrant and not skip_dell_apt_repo diff --git a/roles/ubuntu_base/tasks/dell-apt-repo.yml b/roles/ubuntu_base/tasks/dell-apt-repo.yml deleted file mode 100644 index 2472e91..0000000 --- a/roles/ubuntu_base/tasks/dell-apt-repo.yml +++ /dev/null @@ -1,20 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Import dell apt signing key - apt_key: - id: "1285491434D8786F" - keyserver: "keyserver.ubuntu.com" - -- name: Configure dell apt repo - apt_repository: - repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main" - state: present - -- name: Restrict dell apt repo" - copy: - dest: "/etc/apt/preferences.d/dell" - content: | - Explanation: Deny all packages from this repo that exist elsewhere - Package: * - Pin: origin "linux.dell.com" - Pin-Priority: 400 diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index 85c359a..59ddfeb 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Setup firewall with UFW community.general.ufw: diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index cc40345..f8c1b29 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -1,12 +1,9 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - import_tasks: ssh-port.yml tags: [change-ssh-port] - when: not do_not_change_ssh_port - -- import_tasks: dell-apt-repo.yml - tags: [setup-dell-apt-repo] - when: not skip_dell_apt_repo and not vagrant + when: ansible_port != 22 - import_tasks: upgrade.yml tags: [do-full-system-upgrade] diff --git a/roles/ubuntu_base/tasks/ssh-port.yml b/roles/ubuntu_base/tasks/ssh-port.yml index e02302b..47a5047 100644 --- a/roles/ubuntu_base/tasks/ssh-port.yml +++ b/roles/ubuntu_base/tasks/ssh-port.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: Change SSH port on host lineinfile: diff --git a/roles/ubuntu_base/tasks/upgrade.yml b/roles/ubuntu_base/tasks/upgrade.yml index 0ccc7d6..f958667 100644 --- a/roles/ubuntu_base/tasks/upgrade.yml +++ b/roles/ubuntu_base/tasks/upgrade.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: update and upgrade system via apt apt: diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml index 2e6d3e2..02693c1 100644 --- a/roles/ubuntu_base/tasks/users.yml +++ b/roles/ubuntu_base/tasks/users.yml @@ -1,4 +1,5 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - name: "Add users" user: diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml index 714d469..6058b91 100644 --- a/uptime.data.coop.yml +++ b/uptime.data.coop.yml @@ -1,20 +1,10 @@ # vim: ft=yaml.ansible +# code: language=ansible --- - hosts: monitoring gather_facts: true become: true vars: - vagrant: false - base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" - letsencrypt_enabled: true - letsencrypt_email: "admin@{{ base_domain }}" - services_include: - - nginx_proxy - - uptime_kuma - - watchtower - do_not_change_ssh_port: true - skip_dell_apt_repo: true - tasks: - import_role: name: ubuntu_base