Compare commits
2 commits
1b68766cd6
...
3a53634dfa
Author | SHA1 | Date | |
---|---|---|---|
Sam A. | 3a53634dfa | ||
Sam A. | a2b6301fad |
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -3,4 +3,5 @@
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
.idea/
|
.idea/
|
||||||
|
.vscode/
|
||||||
venv/
|
venv/
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
[production]
|
|
||||||
hevonen.servers.data.coop ansible_port=19022
|
|
||||||
|
|
||||||
[monitoring]
|
|
||||||
uptime.data.coop
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
users:
|
users:
|
||||||
- name: graffen
|
- name: graffen
|
||||||
|
|
13
group_vars/monitoring/vars.yml
Normal file
13
group_vars/monitoring/vars.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
|
services_include:
|
||||||
|
- nginx_proxy
|
||||||
|
- uptime_kuma
|
||||||
|
- watchtower
|
16
group_vars/production/vars.yml
Normal file
16
group_vars/production/vars.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
|
services_exclude:
|
||||||
|
- uptime_kuma
|
||||||
|
|
||||||
|
smtp_host: "postfix"
|
||||||
|
smtp_port: "587"
|
||||||
|
|
||||||
|
ldap_dn: "dc=data,dc=coop"
|
16
group_vars/staging/vars.yml
Normal file
16
group_vars/staging/vars.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
|
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
|
||||||
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
|
services_exclude:
|
||||||
|
- uptime_kuma
|
||||||
|
|
||||||
|
smtp_host: "postfix"
|
||||||
|
smtp_port: "587"
|
||||||
|
|
||||||
|
ldap_dn: "dc=staging,dc=data,dc=coop"
|
5
host_vars/cavall.yml
Normal file
5
host_vars/cavall.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
ansible_host: 85.209.118.134
|
||||||
|
fqdn: cavall.servers.data.coop
|
6
host_vars/folald.yml
Normal file
6
host_vars/folald.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
ansible_host: 85.209.118.134
|
||||||
|
ansible_port: 19022
|
||||||
|
fqdn: folald.vm.cavall.servers.data.coop
|
5
host_vars/hestur.yml
Normal file
5
host_vars/hestur.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
ansible_host: 159.223.17.241
|
||||||
|
fqdn: hestur.servers.data.coop
|
6
host_vars/poltre.yml
Normal file
6
host_vars/poltre.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
ansible_host: 85.209.118.142
|
||||||
|
ansible_port: 19022
|
||||||
|
fqdn: poltre.vm.cavall.servers.data.coop
|
6
host_vars/varsa.yml
Normal file
6
host_vars/varsa.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
ansible_host: 85.209.118.143
|
||||||
|
ansible_port: 19022
|
||||||
|
fqdn: varsa.vm.cavall.servers.data.coop
|
19
inventory.ini
Normal file
19
inventory.ini
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
[proxmox]
|
||||||
|
cavall
|
||||||
|
|
||||||
|
[monitoring]
|
||||||
|
hestur
|
||||||
|
|
||||||
|
[production]
|
||||||
|
poltre
|
||||||
|
|
||||||
|
[staging]
|
||||||
|
varsa
|
||||||
|
|
||||||
|
[control]
|
||||||
|
folald
|
||||||
|
|
||||||
|
[virtual:children]
|
||||||
|
production
|
||||||
|
staging
|
||||||
|
control
|
28
playbook.yml
28
playbook.yml
|
@ -1,27 +1,13 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- hosts: production
|
- hosts: all
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
vars:
|
roles:
|
||||||
ldap_dn: "dc=data,dc=coop"
|
- name: os_base
|
||||||
|
|
||||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
|
||||||
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
|
||||||
letsencrypt_email: "admin@{{ base_domain }}"
|
|
||||||
|
|
||||||
smtp_host: "postfix"
|
|
||||||
smtp_port: "587"
|
|
||||||
|
|
||||||
services_exclude:
|
|
||||||
- uptime_kuma
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- import_role:
|
|
||||||
name: ubuntu_base
|
|
||||||
tags:
|
tags:
|
||||||
- base_only
|
- base_only
|
||||||
- import_role:
|
- name: docker
|
||||||
name: docker
|
tags:
|
||||||
|
- docker
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
volume_website_folder: "{{ volume_root_folder }}/websites"
|
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: restart nginx
|
- name: restart nginx
|
||||||
command: docker compose restart proxy
|
command: docker compose restart proxy
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create volume folder for service {{ service.name }}
|
- name: Create volume folder for service {{ service.name }}
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Add Docker PGP key
|
- name: Add Docker PGP key
|
||||||
apt_key:
|
apt_key:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Generate htpasswd file
|
- name: Generate htpasswd file
|
||||||
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Configure cron job to remove old Mastodon media daily
|
- name: Configure cron job to remove old Mastodon media daily
|
||||||
cron:
|
cron:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Upload vhost config for root domain
|
- name: Upload vhost config for root domain
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolder
|
- name: Create subfolder
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolder for Mastodon data
|
- name: Create subfolder for Mastodon data
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Set up network for Postfix
|
- name: Set up network for Postfix
|
||||||
docker_network:
|
docker_network:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolders
|
- name: Create subfolders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolder
|
- name: Create subfolder
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create SSH directory
|
- name: Create SSH directory
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create subfolder for MariaDB data
|
- name: Create subfolder for MariaDB data
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Set up external services network
|
- name: Set up external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
|
|
|
@ -1,17 +1,13 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Install necessary packages via apt
|
- name: Install necessary packages via apt
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
name: "{{ packages }}"
|
name: "{{ packages }}"
|
||||||
vars:
|
vars:
|
||||||
packages:
|
packages:
|
||||||
- aptitude
|
|
||||||
- python3-pip
|
|
||||||
- apparmor
|
- apparmor
|
||||||
- haveged
|
- haveged
|
||||||
- mosh
|
- mosh
|
||||||
|
- ufw
|
||||||
- name: Install Dell OpenManage
|
- vim
|
||||||
apt:
|
|
||||||
name: srvadmin-all
|
|
||||||
when: not vagrant and not skip_dell_apt_repo
|
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Setup firewall with UFW
|
- name: Setup firewall with UFW
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
|
@ -21,3 +22,4 @@
|
||||||
- port: 587 # Email
|
- port: 587 # Email
|
||||||
- port: 993 # Email
|
- port: 993 # Email
|
||||||
- port: 19022 # SSH
|
- port: 19022 # SSH
|
||||||
|
when: inventory_hostname in groups['virtual']
|
15
roles/os_base/tasks/main.yml
Normal file
15
roles/os_base/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
- ansible.builtin.import_tasks: ssh-port.yml
|
||||||
|
tags: [change-ssh-port]
|
||||||
|
when: ansible_port != 22
|
||||||
|
|
||||||
|
- ansible.builtin.import_tasks: base.yml
|
||||||
|
tags: [install-base-packages]
|
||||||
|
|
||||||
|
- ansible.builtin.import_tasks: users.yml
|
||||||
|
tags: [setup-users]
|
||||||
|
|
||||||
|
- ansible.builtin.import_tasks: firewall.yml
|
||||||
|
tags: [setup-firewall]
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Change SSH port on host
|
- name: Change SSH port on host
|
||||||
lineinfile:
|
lineinfile:
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: update and upgrade system via apt
|
- name: update and upgrade system via apt
|
||||||
apt:
|
apt:
|
|
@ -1,4 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: "Add users"
|
- name: "Add users"
|
||||||
user:
|
user:
|
|
@ -1,20 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Import dell apt signing key
|
|
||||||
apt_key:
|
|
||||||
id: "1285491434D8786F"
|
|
||||||
keyserver: "keyserver.ubuntu.com"
|
|
||||||
|
|
||||||
- name: Configure dell apt repo
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Restrict dell apt repo"
|
|
||||||
copy:
|
|
||||||
dest: "/etc/apt/preferences.d/dell"
|
|
||||||
content: |
|
|
||||||
Explanation: Deny all packages from this repo that exist elsewhere
|
|
||||||
Package: *
|
|
||||||
Pin: origin "linux.dell.com"
|
|
||||||
Pin-Priority: 400
|
|
|
@ -1,21 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- import_tasks: ssh-port.yml
|
|
||||||
tags: [change-ssh-port]
|
|
||||||
when: not do_not_change_ssh_port
|
|
||||||
|
|
||||||
- import_tasks: dell-apt-repo.yml
|
|
||||||
tags: [setup-dell-apt-repo]
|
|
||||||
when: not skip_dell_apt_repo and not vagrant
|
|
||||||
|
|
||||||
- import_tasks: upgrade.yml
|
|
||||||
tags: [do-full-system-upgrade]
|
|
||||||
|
|
||||||
- import_tasks: base.yml
|
|
||||||
tags: [install-base-packages]
|
|
||||||
|
|
||||||
- import_tasks: users.yml
|
|
||||||
tags: [setup-users]
|
|
||||||
|
|
||||||
- import_tasks: firewall.yml
|
|
||||||
tags: [setup-firewall]
|
|
|
@ -1,24 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- hosts: monitoring
|
|
||||||
gather_facts: true
|
|
||||||
become: true
|
|
||||||
vars:
|
|
||||||
vagrant: false
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
|
||||||
letsencrypt_enabled: true
|
|
||||||
letsencrypt_email: "admin@{{ base_domain }}"
|
|
||||||
services_include:
|
|
||||||
- nginx_proxy
|
|
||||||
- uptime_kuma
|
|
||||||
- watchtower
|
|
||||||
do_not_change_ssh_port: true
|
|
||||||
skip_dell_apt_repo: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- import_role:
|
|
||||||
name: ubuntu_base
|
|
||||||
tags:
|
|
||||||
- base_only
|
|
||||||
- import_role:
|
|
||||||
name: docker
|
|
Loading…
Reference in a new issue