Compare commits
2 commits
1b68766cd6
...
3a53634dfa
Author | SHA1 | Date | |
---|---|---|---|
Sam A. | 3a53634dfa | ||
Sam A. | a2b6301fad |
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -3,4 +3,5 @@
|
|||
.vagrant/
|
||||
*.log
|
||||
.idea/
|
||||
.vscode/
|
||||
venv/
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
[production]
|
||||
hevonen.servers.data.coop ansible_port=19022
|
||||
|
||||
[monitoring]
|
||||
uptime.data.coop
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
users:
|
||||
- name: graffen
|
||||
|
|
13
group_vars/monitoring/vars.yml
Normal file
13
group_vars/monitoring/vars.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_include:
|
||||
- nginx_proxy
|
||||
- uptime_kuma
|
||||
- watchtower
|
16
group_vars/production/vars.yml
Normal file
16
group_vars/production/vars.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_exclude:
|
||||
- uptime_kuma
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
ldap_dn: "dc=data,dc=coop"
|
16
group_vars/staging/vars.yml
Normal file
16
group_vars/staging/vars.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_exclude:
|
||||
- uptime_kuma
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
ldap_dn: "dc=staging,dc=data,dc=coop"
|
5
host_vars/cavall.yml
Normal file
5
host_vars/cavall.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 85.209.118.134
|
||||
fqdn: cavall.servers.data.coop
|
6
host_vars/folald.yml
Normal file
6
host_vars/folald.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 85.209.118.134
|
||||
ansible_port: 19022
|
||||
fqdn: folald.vm.cavall.servers.data.coop
|
5
host_vars/hestur.yml
Normal file
5
host_vars/hestur.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 159.223.17.241
|
||||
fqdn: hestur.servers.data.coop
|
6
host_vars/poltre.yml
Normal file
6
host_vars/poltre.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 85.209.118.142
|
||||
ansible_port: 19022
|
||||
fqdn: poltre.vm.cavall.servers.data.coop
|
6
host_vars/varsa.yml
Normal file
6
host_vars/varsa.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 85.209.118.143
|
||||
ansible_port: 19022
|
||||
fqdn: varsa.vm.cavall.servers.data.coop
|
19
inventory.ini
Normal file
19
inventory.ini
Normal file
|
@ -0,0 +1,19 @@
|
|||
[proxmox]
|
||||
cavall
|
||||
|
||||
[monitoring]
|
||||
hestur
|
||||
|
||||
[production]
|
||||
poltre
|
||||
|
||||
[staging]
|
||||
varsa
|
||||
|
||||
[control]
|
||||
folald
|
||||
|
||||
[virtual:children]
|
||||
production
|
||||
staging
|
||||
control
|
28
playbook.yml
28
playbook.yml
|
@ -1,27 +1,13 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- hosts: production
|
||||
- hosts: all
|
||||
gather_facts: true
|
||||
become: true
|
||||
vars:
|
||||
ldap_dn: "dc=data,dc=coop"
|
||||
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
letsencrypt_email: "admin@{{ base_domain }}"
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
services_exclude:
|
||||
- uptime_kuma
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
name: ubuntu_base
|
||||
roles:
|
||||
- name: os_base
|
||||
tags:
|
||||
- base_only
|
||||
- import_role:
|
||||
name: docker
|
||||
- name: docker
|
||||
tags:
|
||||
- docker
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
volume_root_folder: "/docker-volumes"
|
||||
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: restart nginx
|
||||
command: docker compose restart proxy
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create volume folder for service {{ service.name }}
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Add Docker PGP key
|
||||
apt_key:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Generate htpasswd file
|
||||
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Configure cron job to remove old Mastodon media daily
|
||||
cron:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Upload vhost config for root domain
|
||||
copy:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolder
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolder for Mastodon data
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Set up network for Postfix
|
||||
docker_network:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolder
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create SSH directory
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create subfolder for MariaDB data
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Set up external services network
|
||||
docker_network:
|
||||
|
|
|
@ -1,17 +1,13 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Install necessary packages via apt
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
vars:
|
||||
packages:
|
||||
- aptitude
|
||||
- python3-pip
|
||||
- apparmor
|
||||
- haveged
|
||||
- mosh
|
||||
|
||||
- name: Install Dell OpenManage
|
||||
apt:
|
||||
name: srvadmin-all
|
||||
when: not vagrant and not skip_dell_apt_repo
|
||||
- ufw
|
||||
- vim
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Setup firewall with UFW
|
||||
community.general.ufw:
|
||||
|
@ -21,3 +22,4 @@
|
|||
- port: 587 # Email
|
||||
- port: 993 # Email
|
||||
- port: 19022 # SSH
|
||||
when: inventory_hostname in groups['virtual']
|
15
roles/os_base/tasks/main.yml
Normal file
15
roles/os_base/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- ansible.builtin.import_tasks: ssh-port.yml
|
||||
tags: [change-ssh-port]
|
||||
when: ansible_port != 22
|
||||
|
||||
- ansible.builtin.import_tasks: base.yml
|
||||
tags: [install-base-packages]
|
||||
|
||||
- ansible.builtin.import_tasks: users.yml
|
||||
tags: [setup-users]
|
||||
|
||||
- ansible.builtin.import_tasks: firewall.yml
|
||||
tags: [setup-firewall]
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Change SSH port on host
|
||||
lineinfile:
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: update and upgrade system via apt
|
||||
apt:
|
|
@ -1,4 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: "Add users"
|
||||
user:
|
|
@ -1,20 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Import dell apt signing key
|
||||
apt_key:
|
||||
id: "1285491434D8786F"
|
||||
keyserver: "keyserver.ubuntu.com"
|
||||
|
||||
- name: Configure dell apt repo
|
||||
apt_repository:
|
||||
repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
|
||||
state: present
|
||||
|
||||
- name: Restrict dell apt repo"
|
||||
copy:
|
||||
dest: "/etc/apt/preferences.d/dell"
|
||||
content: |
|
||||
Explanation: Deny all packages from this repo that exist elsewhere
|
||||
Package: *
|
||||
Pin: origin "linux.dell.com"
|
||||
Pin-Priority: 400
|
|
@ -1,21 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- import_tasks: ssh-port.yml
|
||||
tags: [change-ssh-port]
|
||||
when: not do_not_change_ssh_port
|
||||
|
||||
- import_tasks: dell-apt-repo.yml
|
||||
tags: [setup-dell-apt-repo]
|
||||
when: not skip_dell_apt_repo and not vagrant
|
||||
|
||||
- import_tasks: upgrade.yml
|
||||
tags: [do-full-system-upgrade]
|
||||
|
||||
- import_tasks: base.yml
|
||||
tags: [install-base-packages]
|
||||
|
||||
- import_tasks: users.yml
|
||||
tags: [setup-users]
|
||||
|
||||
- import_tasks: firewall.yml
|
||||
tags: [setup-firewall]
|
|
@ -1,24 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- hosts: monitoring
|
||||
gather_facts: true
|
||||
become: true
|
||||
vars:
|
||||
vagrant: false
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
letsencrypt_enabled: true
|
||||
letsencrypt_email: "admin@{{ base_domain }}"
|
||||
services_include:
|
||||
- nginx_proxy
|
||||
- uptime_kuma
|
||||
- watchtower
|
||||
do_not_change_ssh_port: true
|
||||
skip_dell_apt_repo: true
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
name: ubuntu_base
|
||||
tags:
|
||||
- base_only
|
||||
- import_role:
|
||||
name: docker
|
Loading…
Reference in a new issue