Merge branch 'main' into watchtower

This commit is contained in:
Sam A. 2022-11-25 22:12:47 +01:00
commit 44b5f91eef
Signed by untrusted user: samsapti
GPG key ID: CBBBE7371E81C4EA
11 changed files with 91 additions and 45 deletions

47
Vagrantfile vendored
View file

@ -1,24 +1,35 @@
Vagrant.require_version ">= 1.7.0"
Vagrant.require_version ">= 2.0.0"
PORT = 19022
def provisioned?(vm="default", provider="virtualbox")
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
end
Vagrant.configure(2) do |config|
config.vm.network :private_network, ip: "192.168.56.10"
config.vm.network :forwarded_port, guest: PORT, host: PORT
config.vm.define "datacoop" do |datacoop|
datacoop.vm.box = "ubuntu/bionic64"
datacoop.vm.hostname = "datacoop"
datacoop.vm.provider "virtualbox" do |v|
v.memory = 4096
end
datacoop.vm.network "private_network", ip: "192.168.0.42"
datacoop.vm.provision "ansible" do |ansible|
ansible.verbose = "v"
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.host_vars = {
"datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"}
}
ansible.groups = {
"all" => ["datacoop"]
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "datacoop"
config.vm.provider :virtualbox do |v|
v.memory = 4096
end
config.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.verbose = "v"
ansible.extra_vars = {
base_domain: "datacoop.devel"
}
# If the VM is already provisioned, we need to use the new port
if provisioned?
config.ssh.guest_port = PORT
ansible.extra_vars = {
ansible_port: PORT
}
end
end

View file

@ -1,22 +1,28 @@
---
- hosts: all
gather_facts: False
gather_facts: true
become: true
vars:
base_domain: data.coop
letsencrypt_email: admin@data.coop
ldap_dn: "dc=data,dc=coop"
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
letsencrypt_enabled: "{{ not vagrant }}"
services:
- nginx-proxy
- postfix
- openldap
- keycloak
- restic-backup
- nextcloud
- passit
- gitea
- postfix
- matrix_riot
- privatebin
- codimd
- hedgedoc
- netdata
- docker_registry
- drone
@ -36,6 +42,6 @@
- import_role:
name: ubuntu_base
tags:
- base_only
- base_only
- import_role:
name: docker

View file

@ -30,6 +30,6 @@
- name: log in to registry
docker_login:
registry: "{{ docker_registry.domain }}"
registry: "docker.data.coop"
username: "docker"
password: "{{ docker_password }}"

View file

@ -28,7 +28,7 @@
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
state: hard
force: yes
when: letsencrypt_enabled
- name: hard link to Let's Encrypt TLS key
file:
@ -36,6 +36,7 @@
dest: "{{ mailu.volume_folder }}/certs/key.pem"
state: hard
force: yes
when: letsencrypt_enabled
- name: run mail server containers
docker_compose:

View file

@ -8,7 +8,7 @@
version: "3"
services:
backend:
image: docker.data.coop/member.data.coop:latest
image: docker.data.coop/membersystem:latest
restart: always
user: $UID:$GID
tty: true

View file

@ -44,4 +44,5 @@
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
NGINX_PROXY_CONTAINER: nginx-proxy
when: letsencrypt_enabled

View file

@ -1,8 +1,9 @@
---
- name: setup restic backup
- name: Setup restic backup
when: not vagrant
docker_compose:
project_name: restic_backup
pull: yes
pull: true
definition:
version: '3.6'
services:
@ -27,7 +28,7 @@
TZ: Europe/Copenhagen
volumes:
- /docker-volumes:/mnt/volumes:ro
restic-prune:
image: "mazzolino/restic:1.6.0"
environment:

View file

@ -4,13 +4,16 @@
name: "{{ packages }}"
vars:
packages:
- aptitude
- python3-pip
- apparmor
- haveged
- mosh
- ufw
- srvadmin-all # Dell OpenManage
- aptitude
- python3-pip
- apparmor
- haveged
- mosh
- name: Install Dell OpenManage
apt:
name: srvadmin-all
when: not vagrant
- name: Install necessary packages via pip
pip:

View file

@ -1,15 +1,15 @@
---
- name: import dell apt signing key
- name: Import dell apt signing key
apt_key:
id: "1285491434D8786F"
keyserver: "keyserver.ubuntu.com"
- name: "configure dell apt repo"
- name: Configure dell apt repo
apt_repository:
repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
state: "present"
state: present
- name: "restrict dell apt repo"
- name: Restrict dell apt repo"
copy:
dest: "/etc/apt/preferences.d/dell"
content: |
@ -17,7 +17,3 @@
Package: *
Pin: origin "linux.dell.com"
Pin-Priority: 400
- name: update apt cache
apt:
update_cache: yes

View file

@ -1,12 +1,19 @@
---
- import_tasks: custom-apt-repos.yml
tags: [setup-custom-apt]
- import_tasks: ssh-port.yml
tags: [change-ssh-port]
- import_tasks: dell-apt-repo.yml
tags: [setup-dell-apt-repo]
when: not vagrant
- import_tasks: upgrade.yml
tags: [do-full-system-upgrade]
- import_tasks: base.yml
tags: [install-base-packages]
- import_tasks: users.yml
tags: [setup-users]
- import_tasks: firewall.yml
tags: [setup-firewall]

View file

@ -0,0 +1,20 @@
---
- name: Change SSH port on host
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^#?Port "
line: "Port 19022"
register: ssh_changed
- name: Restart sshd
service:
name: sshd
state: restarted
when: ssh_changed is defined and
ssh_changed.changed
- name: Change Ansible port to 19022
set_fact:
ansible_port: 19022
when: ssh_changed is defined and
ssh_changed.changed