tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up variable organization (wip), better backup/node_exporter for mii, aya01, pi 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2023-05-12 11:58:02 +02:00
parent f456c516b3
commit 8b1acb4eb7
16 changed files with 100 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -7,6 +7,14 @@ Don't forget to set a password for the new user with `passwd tudattr`
## Backups ## Backups
Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
but first of all we need to create the buckets and provide ansible with the needed information. but first of all we need to create the buckets and provide ansible with the needed information.
When creating your own rclone config the `password` and `password2` entries have to be passed though `rclone obscure` like this:
``` sh
echo "$PASSWORD" | rclone obscure -
```
`
## Vault ## Vault
- Create vault with: `ansible-vault create secrets.yml` - Create vault with: `ansible-vault create secrets.yml`
- Create entry in vault with: `ansible-vault edit secrets.yml` - Create entry in vault with: `ansible-vault edit secrets.yml`

21
group_vars/all/vars.yml
View File

@ -87,6 +87,12 @@ mysql_user: user
aya01_host: "aya01" aya01_host: "aya01"
aya01_ip: "192.168.20.12" aya01_ip: "192.168.20.12"
#
# mii
#
mii_host: "mii"
mii_ip: "192.168.200.2"
# #
# ZoneMinder # ZoneMinder
# #
@ -180,13 +186,14 @@ pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
# #
# Directories that will be backupped to backblaze # Directories that will be backupped to backblaze
backblaze_paths: # MOVED TO HOSTVARS
aya01: # backblaze_paths:
- "{{ docker_compose_dir }}" # aya01:
- "{{ docker_dir }}" # - "{{ docker_compose_dir }}"
pi: # - "{{ docker_dir }}"
- "{{ docker_compose_dir }}" # pi:
- "{{ docker_dir }}" # - "{{ docker_compose_dir }}"
# - "{{ docker_dir }}"
# #
# samba # samba

14
host_vars/aya01.yml
View File

@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
ansible_host: 192.168.20.12 ansible_host: 192.168.20.12
ansible_port: 22 ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}' ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault_aya01_tudattr_password }}' ansible_become_pass: '{{ vault.aya01.sudo }}'
host:
ip: "{{ ansible_host }}"
backblaze:
account: "{{ vault.aya01.backblaze.account }}"
key: "{{ vault.aya01.backblaze.key }}"
remote: "remote:aya01-tudattr-dev"
password: "{{ vault.aya01.rclone.password }}"
password2: "{{ vault.aya01.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"

14
host_vars/mii.yml
View File

@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
ansible_host: 202.61.207.139 ansible_host: 202.61.207.139
ansible_port: 22 ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}' ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault_mii_tudattr_password }}' ansible_become_pass: '{{ vault.mii.sudo }}'
host:
ip: "192.168.200.2"
backblaze:
account: "{{ vault.mii.backblaze.account }}"
key: "{{ vault.mii.backblaze.key }}"
remote: "remote:mii-tudattr-dev"
password: "{{ vault.mii.rclone.password }}"
password2: "{{ vault.mii.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"

14
host_vars/pi.yml
View File

@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
ansible_host: 192.168.20.11 ansible_host: 192.168.20.11
ansible_port: 22 ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}' ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault_pi_tudattr_password }}' ansible_become_pass: '{{ vault.pi.sudo }}'
host:
ip: "{{ ansible_host }}"
backblaze:
account: "{{ vault.pi.backblaze.account }}"
key: "{{ vault.pi.backblaze.key }}"
remote: "remote:pi-tudattr-dev"
password: "{{ vault.pi.rclone.password }}"
password2: "{{ vault.pi.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"

2
host_vars/vagrant.yml
View File

@ -2,3 +2,5 @@ ansible_user: vagrant
ansible_host: 127.0.0.1 ansible_host: 127.0.0.1
ansible_port: 2222 ansible_port: 2222
ansible_ssh_private_key_file: .vagrant/machines/vagrant/virtualbox/private_key ansible_ssh_private_key_file: .vagrant/machines/vagrant/virtualbox/private_key
ost_ip: "{{ ansible_host }}"

6
mii.yml
View File

@ -6,6 +6,12 @@
- role: common - role: common
tags: tags:
- common - common
- role: backblaze
tags:
- backblaze
- role: node_exporter
tags:
- node_exporter
- role: docker - role: docker
tags: tags:
- docker - docker

6
pi.yml
View File

@ -8,8 +8,10 @@
- common - common
- role: backblaze - role: backblaze
tags: tags:
- backup - backblaze
- role: node_exporter
tags:
- node_exporter
- role: docker - role: docker
tags: tags:
- docker - docker

19
roles/backblaze/tasks/backup.yml
View File

@ -1,17 +1,18 @@
--- ---
- name: Shut down docker - name: Shut down docker
shell: systemd:
cmd: "docker compose down --remove-orphans" name: docker
chdir: "{{ docker_compose_dir }}" state: stopped
become: true
- name: Backing up for "{{ inventory_hostname }}" - name: Backing up for "{{ inventory_hostname }}"
shell: shell:
cmd: "rclone sync {{ item.1 }} secret:{{ item.1 }}" cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16"
when: item.0.key == inventory_hostname loop: "{{ host.backblaze.paths }}"
loop: "{{ backblaze_paths | dict2items | subelements('value') }}"
become: true become: true
- name: Restart docker - name: Restart docker
shell: systemd:
cmd: "docker compose up -d" name: docker
chdir: "{{ docker_compose_dir }}" state: started
become: true

6
roles/backblaze/tasks/config.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: Create rclone config folder at "{{ rclone_config }}" - name: Create rclone config folder
file: file:
path: "{{ rclone_config }}" path: "{{ rclone_config }}"
owner: '0' owner: '0'
@ -8,9 +8,9 @@
state: directory state: directory
become: true become: true
- name: Copy "templates/{{ inventory_hostname }}/rclone.conf" config to "{{ inventory_hostname }}":"{{ rclone_config }}/rclone.conf" - name: Copy "rclone.conf"
template: template:
src: "templates/{{ inventory_hostname }}/rclone.conf" src: "rclone.conf.j2"
dest: "{{ rclone_config }}/rclone.conf" dest: "{{ rclone_config }}/rclone.conf"
owner: '0' owner: '0'
group: '0' group: '0'

2
roles/backblaze/tasks/main.yml
View File

@ -3,5 +3,3 @@
- include_tasks: install.yml - include_tasks: install.yml
- include_tasks: config.yml - include_tasks: config.yml
- include_tasks: backup.yml - include_tasks: backup.yml
tags:
- backup

10
roles/backblaze/templates/aya01/rclone.conf
View File

@ -1,10 +0,0 @@
[remote]
type = b2
account = {{ vault_backblaze_aya01_account }}
key = {{ vault_backblaze_aya01_key }}
[secret]
type = crypt
remote = remote:aya01-tudattr-dev
password = {{ vault_rclone_aya01_password }}
password2 = {{ vault_rclone_aya01_password2 }}

10
roles/backblaze/templates/pi/rclone.conf
View File

@ -1,10 +0,0 @@
[remote]
type = b2
account = {{ vault_backblaze_pi_account }}
key = {{ vault_backblaze_pi_key }}
[secret]
type = crypt
remote = remote:pi-tudattr-dev
password = {{ vault_rclone_pi_password }}
password2 = {{ vault_rclone_pi_password2 }}

10
roles/backblaze/templates/rclone.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
[remote]
type = b2
account = {{ host.backblaze.account }}
key = {{ host.backblaze.key }}
[secret]
type = crypt
remote = {{ host.backblaze.remote }}
password = {{ host.backblaze.password }}
password2 = {{ host.backblaze.password2 }}

4
roles/docker/templates/aya01/prometheus/prometheus.yml.j2
View File

@ -16,13 +16,15 @@ rule_files:
# - "second_rules.yml" # - "second_rules.yml"
scrape_configs: scrape_configs:
- job_name: 'node' - job_name: 'aya01'
scrape_interval: 10s scrape_interval: 10s
scrape_timeout: 10s scrape_timeout: 10s
tls_config: tls_config:
insecure_skip_verify: true insecure_skip_verify: true
static_configs: static_configs:
- targets: ['{{ aya01_ip }}:{{node_exporter_port}}'] - targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
- targets: ['{{ mii_ip }}:{{node_exporter_port}}']
- targets: ['{{ pi_ip }}:{{node_exporter_port}}']
- job_name: Mikrotik - job_name: Mikrotik
static_configs: static_configs:
- targets: - targets:

2
roles/node_exporter/templates/node_exporter.service.j2
View File

@ -4,7 +4,7 @@ Description=NodeExporter
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
User=node_exporter User=node_exporter
ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ aya01_ip }}:{{ node_exporter_port }} {{ node_exporter_options }} ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target