wip

Add hosts and move vars into var files
2024-03-01 21:52:27 +01:00 · 2024-03-01 21:30:18 +01:00
45 changed files with 147 additions and 99 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,4 +3,5 @@
 .vagrant/
 *.log
 .idea/
+.vscode/
 venv/
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-[production]
-hevonen.servers.data.coop ansible_port=19022
-
-[monitoring]
-uptime.data.coop
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 users:
  - name: graffen
--- a/group_vars/monitoring/vars.yml
+++ b/group_vars/monitoring/vars.yml
@ -0,0 +1,13 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+letsencrypt_enabled: "{{ not vagrant }}"
+
+base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
+letsencrypt_email: admin@data.coop
+
+services_include:
+  - nginx_proxy
+  - uptime_kuma
+  - watchtower
--- a/group_vars/production/vars.yml
+++ b/group_vars/production/vars.yml
@ -0,0 +1,16 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+letsencrypt_enabled: "{{ not vagrant }}"
+
+base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
+letsencrypt_email: admin@data.coop
+
+services_exclude:
+  - uptime_kuma
+
+smtp_host: "postfix"
+smtp_port: "587"
+
+ldap_dn: "dc=data,dc=coop"
--- a/group_vars/staging/vars.yml
+++ b/group_vars/staging/vars.yml
@ -0,0 +1,16 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+letsencrypt_enabled: "{{ not vagrant }}"
+
+base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
+letsencrypt_email: admin@data.coop
+
+services_exclude:
+  - uptime_kuma
+
+smtp_host: "postfix"
+smtp_port: "587"
+
+ldap_dn: "dc=staging,dc=data,dc=coop"
--- a/host_vars/cavall.yml
+++ b/host_vars/cavall.yml
@ -0,0 +1,5 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+ansible_host: 85.209.118.134
+fqdn: cavall.servers.data.coop
--- a/host_vars/folald.yml
+++ b/host_vars/folald.yml
@ -0,0 +1,6 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+ansible_host: 85.209.118.134
+ansible_port: 19022
+fqdn: folald.vm.cavall.servers.data.coop
--- a/host_vars/hestur.yml
+++ b/host_vars/hestur.yml
@ -0,0 +1,5 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+ansible_host: 159.223.17.241
+fqdn: hestur.servers.data.coop
--- a/host_vars/poltre.yml
+++ b/host_vars/poltre.yml
@ -0,0 +1,6 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+ansible_host: 85.209.118.142
+ansible_port: 19022
+fqdn: poltre.vm.cavall.servers.data.coop
--- a/host_vars/varsa.yml
+++ b/host_vars/varsa.yml
@ -0,0 +1,6 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+ansible_host: 85.209.118.143
+ansible_port: 19022
+fqdn: varsa.vm.cavall.servers.data.coop
--- a/inventory.ini
+++ b/inventory.ini
@ -0,0 +1,19 @@
+[proxmox]
+cavall
+
+[monitoring]
+hestur
+
+[production]
+poltre
+
+[staging]
+varsa
+
+[control]
+folald
+
+[virtual:children]
+production
+staging
+control
--- a/playbook.yml
+++ b/playbook.yml
@ -1,27 +1,13 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
- hosts: production
+- hosts: all
  gather_facts: true
  become: true
-  vars:
-    ldap_dn: "dc=data,dc=coop"
-
-    vagrant: "{{ from_vagrant is defined and from_vagrant }}"
-    letsencrypt_enabled: "{{ not vagrant }}"
-
-    base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
-    letsencrypt_email: "admin@{{ base_domain }}"
-
-    smtp_host: "postfix"
-    smtp_port: "587"
-
-    services_exclude:
-      - uptime_kuma
-
-  tasks:
-    - import_role:
-        name: ubuntu_base
+  roles:
+    - name: os_base
      tags:
        - base_only
-    - import_role:
-        name: docker
+    - name: docker
+      tags:
+        - docker
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 volume_root_folder: "/docker-volumes"
 volume_website_folder: "{{ volume_root_folder }}/websites"
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: restart nginx
  command: docker compose restart proxy
--- a/roles/docker/tasks/block.yml
+++ b/roles/docker/tasks/block.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create volume folder for service {{ service.name }}
  file:
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Add Docker PGP key
  apt_key:
--- a/roles/docker/tasks/post_deploy/docker_registry.yml
+++ b/roles/docker/tasks/post_deploy/docker_registry.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Generate htpasswd file
  shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
--- a/roles/docker/tasks/post_deploy/mastodon.yml
+++ b/roles/docker/tasks/post_deploy/mastodon.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Configure cron job to remove old Mastodon media daily
  cron:
--- a/roles/docker/tasks/pre_deploy/data_coop_website.yml
+++ b/roles/docker/tasks/pre_deploy/data_coop_website.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Upload vhost config for root domain
  copy:
--- a/roles/docker/tasks/pre_deploy/docker_registry.yml
+++ b/roles/docker/tasks/pre_deploy/docker_registry.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/element.yml
+++ b/roles/docker/tasks/pre_deploy/element.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolder
  file:
--- a/roles/docker/tasks/pre_deploy/hedgedoc.yml
+++ b/roles/docker/tasks/pre_deploy/hedgedoc.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/mailu.yml
+++ b/roles/docker/tasks/pre_deploy/mailu.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/mastodon.yml
+++ b/roles/docker/tasks/pre_deploy/mastodon.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolder for Mastodon data
  file:
--- a/roles/docker/tasks/pre_deploy/matrix.yml
+++ b/roles/docker/tasks/pre_deploy/matrix.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/nextcloud.yml
+++ b/roles/docker/tasks/pre_deploy/nextcloud.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/nginx_proxy.yml
+++ b/roles/docker/tasks/pre_deploy/nginx_proxy.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/openldap.yml
+++ b/roles/docker/tasks/pre_deploy/openldap.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/postfix.yml
+++ b/roles/docker/tasks/pre_deploy/postfix.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Set up network for Postfix
  docker_network:
--- a/roles/docker/tasks/pre_deploy/privatebin.yml
+++ b/roles/docker/tasks/pre_deploy/privatebin.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolders
  file:
--- a/roles/docker/tasks/pre_deploy/rallly.yml
+++ b/roles/docker/tasks/pre_deploy/rallly.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolder
  file:
--- a/roles/docker/tasks/pre_deploy/restic.yml
+++ b/roles/docker/tasks/pre_deploy/restic.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create SSH directory
  file:
--- a/roles/docker/tasks/pre_deploy/writefreely.yml
+++ b/roles/docker/tasks/pre_deploy/writefreely.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Create subfolder for MariaDB data
  file:
--- a/roles/docker/tasks/services.yml
+++ b/roles/docker/tasks/services.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Set up external services network
  docker_network:
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/ubuntu_base/tasks/base.yml
@ -1,17 +1,13 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Install necessary packages via apt
-  apt:
+  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
-      - aptitude
-      - python3-pip
      - apparmor
      - haveged
      - mosh
-
- name: Install Dell OpenManage
-  apt:
-    name: srvadmin-all
-  when: not vagrant and not skip_dell_apt_repo
+      - ufw
+      - vim
--- a/roles/ubuntu_base/tasks/firewall.yml
+++ b/roles/ubuntu_base/tasks/firewall.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Setup firewall with UFW
  community.general.ufw: 
@ -21,3 +22,4 @@
    - port: 587    # Email
    - port: 993    # Email
    - port: 19022  # SSH
+  when: inventory_hostname in groups['virtual']
--- a/roles/os_base/tasks/main.yml
+++ b/roles/os_base/tasks/main.yml
@ -0,0 +1,15 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- ansible.builtin.import_tasks: ssh-port.yml
+  tags: [change-ssh-port]
+  when: ansible_port != 22
+
+- ansible.builtin.import_tasks: base.yml
+  tags: [install-base-packages]
+
+- ansible.builtin.import_tasks: users.yml
+  tags: [setup-users]
+
+- ansible.builtin.import_tasks: firewall.yml
+  tags: [setup-firewall]
--- a/roles/ubuntu_base/tasks/ssh-port.yml
+++ b/roles/ubuntu_base/tasks/ssh-port.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: Change SSH port on host
  lineinfile:
--- a/roles/ubuntu_base/tasks/upgrade.yml
+++ b/roles/ubuntu_base/tasks/upgrade.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: update and upgrade system via apt
  apt: 
--- a/roles/ubuntu_base/tasks/users.yml
+++ b/roles/ubuntu_base/tasks/users.yml
@ -1,4 +1,5 @@
 # vim: ft=yaml.ansible
+# code: language=ansible
 ---
 - name: "Add users"
  user:
--- a/roles/ubuntu_base/tasks/dell-apt-repo.yml
+++ b/roles/ubuntu_base/tasks/dell-apt-repo.yml
@ -1,20 +0,0 @@
-# vim: ft=yaml.ansible
---
- name: Import dell apt signing key
-  apt_key:
-    id: "1285491434D8786F"
-    keyserver: "keyserver.ubuntu.com"
-
- name: Configure dell apt repo
-  apt_repository:
-    repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
-    state: present
-
- name: Restrict dell apt repo"
-  copy:
-    dest: "/etc/apt/preferences.d/dell"
-    content: |
-      Explanation: Deny all packages from this repo that exist elsewhere
-      Package: *
-      Pin: origin "linux.dell.com"
-      Pin-Priority: 400
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@ -1,21 +0,0 @@
-# vim: ft=yaml.ansible
---
- import_tasks: ssh-port.yml
-  tags: [change-ssh-port]
-  when: not do_not_change_ssh_port
-
- import_tasks: dell-apt-repo.yml
-  tags: [setup-dell-apt-repo]
-  when: not skip_dell_apt_repo and not vagrant
-
- import_tasks: upgrade.yml
-  tags: [do-full-system-upgrade]
-
- import_tasks: base.yml
-  tags: [install-base-packages]
-
- import_tasks: users.yml
-  tags: [setup-users]
-
- import_tasks: firewall.yml
-  tags: [setup-firewall]
--- a/uptime.data.coop.yml
+++ b/uptime.data.coop.yml
@ -1,24 +0,0 @@
-# vim: ft=yaml.ansible
---
- hosts: monitoring
-  gather_facts: true
-  become: true
-  vars:
-    vagrant: false
-    base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
-    letsencrypt_enabled: true
-    letsencrypt_email: "admin@{{ base_domain }}"
-    services_include:
-      - nginx_proxy
-      - uptime_kuma
-      - watchtower
-    do_not_change_ssh_port: true
-    skip_dell_apt_repo: true
-
-  tasks:
-    - import_role:
-        name: ubuntu_base
-      tags:
-        - base_only
-    - import_role:
-        name: docker
--- a/vagrant.ini
+++ b/vagrant.ini
Author	SHA1	Message	Date
Sam A.	3a53634dfa	wip	2024-03-01 21:52:27 +01:00
Sam A.	a2b6301fad	Add hosts and move vars into var files	2024-03-01 21:30:18 +01:00