This commit is contained in:
Sam A. 2024-10-21 01:10:35 +02:00
parent 88595c352f
commit ea5435d894
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
11 changed files with 25 additions and 50 deletions

View file

@ -1,12 +1,12 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vm_host: cavall
vm_type: control
hostname: "{{ inventory_hostname }}" hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}" ansible_host: "{{ fqdn }}"
ansible_port: 19022 ansible_port: 19022
internal_ipv4: 10.2.1.5 internal_ipv4: 10.2.1.5
vm_host: cavall
vm_type: control

View file

@ -1,11 +1,11 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vm_host: cloud
vm_type: uptime
hostname: "{{ inventory_hostname }}" hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}" ansible_host: "{{ fqdn }}"
ansible_port: 22 ansible_port: 22
vm_host: cloud
vm_type: uptime

View file

@ -1,12 +1,12 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vm_host: cavall
vm_type: app
hostname: "{{ inventory_hostname }}" hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}" ansible_host: "{{ fqdn }}"
ansible_port: 19022 ansible_port: 19022
internal_ipv4: 10.2.1.2 internal_ipv4: 10.2.1.2
vm_host: cavall
vm_type: app

View file

@ -1,12 +1,12 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vm_host: cavall
vm_type: app
hostname: "{{ inventory_hostname }}" hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}" ansible_host: 85.209.118.143 # "{{ fqdn }}"
ansible_port: 19022 ansible_port: 19022
internal_ipv4: 10.2.1.3 internal_ipv4: 10.2.1.3
vm_host: cavall
vm_type: app

View file

@ -226,5 +226,7 @@ services:
pre_deploy_tasks: true pre_deploy_tasks: true
version: "latest" version: "latest"
services_exclude: [] services_exclude:
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}" - uptime_kuma
services_include: "{{ services | dict2items | map(attribute='key') | list | community.general.lists_difference(services_exclude) }}"

View file

@ -35,6 +35,7 @@
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard state: hard
force: true force: true
ignore_errors: true
- name: Hard link to Let's Encrypt TLS key - name: Hard link to Let's Encrypt TLS key
file: file:
@ -42,3 +43,4 @@
dest: "{{ services.mailu.volume_folder }}/certs/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard state: hard
force: true force: true
ignore_errors: true

View file

@ -5,8 +5,8 @@
ansible.builtin.apt: ansible.builtin.apt:
name: name:
- apparmor - apparmor
- bind-utils - bind9-utils
- firewalld - gnupg
- haveged - haveged
- htop - htop
- jq - jq
@ -22,5 +22,5 @@
enabled: true enabled: true
state: started state: started
loop: loop:
- firewalld - fstrim.timer
- haveged - haveged

View file

@ -1,23 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Move internal network to zone 'internal'
ansible.posix.firewalld:
zone: internal
source: 10.2.1.0/24
permanent: true
state: enabled
- name: Allow incoming connections to SSH port in zone 'internal'
ansible.posix.firewalld:
zone: internal
port: "{{ ansible_port }}"
permanent: true
state: enabled
# Until control VM is deployed
- name: Allow incoming connections to SSH port in default zone
ansible.posix.firewalld:
port: "{{ ansible_port }}"
permanent: true
state: enabled

View file

@ -10,9 +10,3 @@
ansible.builtin.import_tasks: users.yml ansible.builtin.import_tasks: users.yml
tags: tags:
- setup-users - setup-users
- name: Firewall configuration
ansible.builtin.import_tasks: firewall.yml
notify: Reload firewalld
tags:
- setup-firewall

View file

@ -18,7 +18,7 @@
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ item.ssh_keys | join('\n') }}" key: "{{ item.ssh_keys | join('\n') }}"
exclusive: true exclusive: true
loop: "{{ users }}" loop: "{{ users | selectattr('name', 'ne', 'ansible') }}"
- name: Add SSH keys to Ansible user - name: Add SSH keys to Ansible user
ansible.posix.authorized_key: ansible.posix.authorized_key:

View file

@ -7,8 +7,8 @@
roles: roles:
- name: vm-common - name: vm-common
tags: [base_only] tags: [base_only]
- name: zfs # - name: zfs
tags: [zfs] # tags: [zfs]
- name: docker - name: docker
tags: [docker] tags: [docker]
- name: services - name: services