Compare commits

...

2 commits

Author SHA1 Message Date
Sam A. 3a53634dfa
wip 2024-03-01 21:52:27 +01:00
Sam A. a2b6301fad
Add hosts and move vars into var files 2024-03-01 21:30:18 +01:00
45 changed files with 147 additions and 99 deletions

1
.gitignore vendored
View file

@ -3,4 +3,5 @@
.vagrant/
*.log
.idea/
.vscode/
venv/

View file

@ -1,5 +0,0 @@
[production]
hevonen.servers.data.coop ansible_port=19022
[monitoring]
uptime.data.coop

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
users:
- name: graffen

View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: admin@data.coop
services_include:
- nginx_proxy
- uptime_kuma
- watchtower

View file

@ -0,0 +1,16 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=data,dc=coop"

View file

@ -0,0 +1,16 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=staging,dc=data,dc=coop"

5
host_vars/cavall.yml Normal file
View file

@ -0,0 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
ansible_host: 85.209.118.134
fqdn: cavall.servers.data.coop

6
host_vars/folald.yml Normal file
View file

@ -0,0 +1,6 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
ansible_host: 85.209.118.134
ansible_port: 19022
fqdn: folald.vm.cavall.servers.data.coop

5
host_vars/hestur.yml Normal file
View file

@ -0,0 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
ansible_host: 159.223.17.241
fqdn: hestur.servers.data.coop

6
host_vars/poltre.yml Normal file
View file

@ -0,0 +1,6 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
ansible_host: 85.209.118.142
ansible_port: 19022
fqdn: poltre.vm.cavall.servers.data.coop

6
host_vars/varsa.yml Normal file
View file

@ -0,0 +1,6 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
ansible_host: 85.209.118.143
ansible_port: 19022
fqdn: varsa.vm.cavall.servers.data.coop

19
inventory.ini Normal file
View file

@ -0,0 +1,19 @@
[proxmox]
cavall
[monitoring]
hestur
[production]
poltre
[staging]
varsa
[control]
folald
[virtual:children]
production
staging
control

View file

@ -1,27 +1,13 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- hosts: production
- hosts: all
gather_facts: true
become: true
vars:
ldap_dn: "dc=data,dc=coop"
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: "admin@{{ base_domain }}"
smtp_host: "postfix"
smtp_port: "587"
services_exclude:
- uptime_kuma
tasks:
- import_role:
name: ubuntu_base
roles:
- name: os_base
tags:
- base_only
- import_role:
name: docker
- name: docker
tags:
- docker

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
volume_root_folder: "/docker-volumes"
volume_website_folder: "{{ volume_root_folder }}/websites"

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: restart nginx
command: docker compose restart proxy

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create volume folder for service {{ service.name }}
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add Docker PGP key
apt_key:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Generate htpasswd file
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Configure cron job to remove old Mastodon media daily
cron:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Upload vhost config for root domain
copy:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder for Mastodon data
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set up network for Postfix
docker_network:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create SSH directory
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder for MariaDB data
file:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set up external services network
docker_network:

View file

@ -1,17 +1,13 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Install necessary packages via apt
apt:
ansible.builtin.apt:
name: "{{ packages }}"
vars:
packages:
- aptitude
- python3-pip
- apparmor
- haveged
- mosh
- name: Install Dell OpenManage
apt:
name: srvadmin-all
when: not vagrant and not skip_dell_apt_repo
- ufw
- vim

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Setup firewall with UFW
community.general.ufw:
@ -21,3 +22,4 @@
- port: 587 # Email
- port: 993 # Email
- port: 19022 # SSH
when: inventory_hostname in groups['virtual']

View file

@ -0,0 +1,15 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- ansible.builtin.import_tasks: ssh-port.yml
tags: [change-ssh-port]
when: ansible_port != 22
- ansible.builtin.import_tasks: base.yml
tags: [install-base-packages]
- ansible.builtin.import_tasks: users.yml
tags: [setup-users]
- ansible.builtin.import_tasks: firewall.yml
tags: [setup-firewall]

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Change SSH port on host
lineinfile:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: update and upgrade system via apt
apt:

View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: "Add users"
user:

View file

@ -1,20 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Import dell apt signing key
apt_key:
id: "1285491434D8786F"
keyserver: "keyserver.ubuntu.com"
- name: Configure dell apt repo
apt_repository:
repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
state: present
- name: Restrict dell apt repo"
copy:
dest: "/etc/apt/preferences.d/dell"
content: |
Explanation: Deny all packages from this repo that exist elsewhere
Package: *
Pin: origin "linux.dell.com"
Pin-Priority: 400

View file

@ -1,21 +0,0 @@
# vim: ft=yaml.ansible
---
- import_tasks: ssh-port.yml
tags: [change-ssh-port]
when: not do_not_change_ssh_port
- import_tasks: dell-apt-repo.yml
tags: [setup-dell-apt-repo]
when: not skip_dell_apt_repo and not vagrant
- import_tasks: upgrade.yml
tags: [do-full-system-upgrade]
- import_tasks: base.yml
tags: [install-base-packages]
- import_tasks: users.yml
tags: [setup-users]
- import_tasks: firewall.yml
tags: [setup-firewall]

View file

@ -1,24 +0,0 @@
# vim: ft=yaml.ansible
---
- hosts: monitoring
gather_facts: true
become: true
vars:
vagrant: false
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_enabled: true
letsencrypt_email: "admin@{{ base_domain }}"
services_include:
- nginx_proxy
- uptime_kuma
- watchtower
do_not_change_ssh_port: true
skip_dell_apt_repo: true
tasks:
- import_role:
name: ubuntu_base
tags:
- base_only
- import_role:
name: docker