tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added naruto

Browse Source 
Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
This commit is contained in:
TuDatTr
2023-07-12 00:02:17 +02:00
parent c2b68f7f64
commit ef207c5d64
20 changed files with 282 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/common/tasks/bash.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Copy .bashrc
template:
src: templates/common/bash/bashrc.j2
dest: "/home/{{ user }}/.bashrc"
owner: "{{ user }}"
group: "{{ user }}"
mode: 0644
become: yes
register: sshd

8
roles/common/tasks/aya01_fstab.yml → roles/common/tasks/fstab.yml
View File

@@ -5,11 +5,11 @@
state: present
become: yes
- name: Create folders to mount to
- name: Create mount folders
file:
path: "{{ item.path }}"
state: directory
loop: "{{ fstab_entries }}"
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
- name: Create fstab entries
@@ -19,7 +19,7 @@
fstype: "{{ item.type }}"
state: present
backup: true
loop: "{{ fstab_entries }}"
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
register: fstab
@@ -32,7 +32,7 @@
state: present
backup: true
become: true
loop: "{{ mergerfs_entries }}"
loop: "{{ host.mergerfs if host.mergerfs is iterable else []}}"
register: fstab
- name: Mount all disks

4
roles/common/tasks/main.yml
View File

@@ -1,6 +1,6 @@
---
- include_tasks: time.yml
- include_tasks: essential.yml
- include_tasks: bash.yml
- include_tasks: sshd.yml
- include_tasks: aya01_fstab.yml
when: inventory_hostname == "aya01"
- include_tasks: fstab.yml

8
roles/common/tasks/sshd.yml
View File

@@ -7,6 +7,14 @@
become: yes
register: sshd
- name: Copy pubkey
copy:
content: "{{ pubkey }}"
dest: "/home/{{ user }}/.ssh/authorized_keys"
owner: "{{ user }}"
group: "{{ user }}"
mode: "644"
- name: Restart sshd
service:
name: "sshd"

56
roles/common/templates/common/bash/bashrc.j2 Normal file
View File

@@ -0,0 +1,56 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
case $- in
*i*) ;;
*) return;;
esac
HISTCONTROL=ignoreboth
shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
shopt -s checkwinsize
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
fi
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
. "$HOME/.cargo/env"

4
roles/docker/tasks/aya01_compose.yml
View File

@@ -75,7 +75,3 @@
- include_tasks: grafana.yml
tags:
- grafana
- include_tasks: gitlab.yml
tags:
- gitlab

125
roles/docker/templates/aya01/compose.yaml
View File

@@ -51,57 +51,57 @@ services:
- "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port=80"
db:
image: mariadb
container_name: zoneminder_db
restart: unless-stopped
networks:
- zoneminder
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ zoneminder_db }}:/var/lib/mysql"
environment:
- "MYSQL_DATABASE={{ zoneminder_host }}"
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
- "MYSQL_USER={{ mysql_user }}"
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
- "MAX_LOG_SIZE_BYTES=1000000"
- "MAX_LOG_NUMBER=20"
- "TZ=Europe/Berlin"
zoneminder:
image: ghcr.io/zoneminder-containers/zoneminder-base:latest
container_name: zoneminder
restart: unless-stopped
stop_grace_period: 45s
depends_on:
- db
- traefik
networks:
- zoneminder
- net
ports:
- "{{ zoneminder_port }}:80"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ zoneminder_data }}:/data"
- "{{ zoneminder_config }}:/config"
- "{{ zoneminder_log}}:/log"
- type: tmpfs
target: /dev/shm
tmpfs:
size: 1000000000
environment:
- "MYSQL_DATABASE={{ zoneminder_host }}"
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
- "MYSQL_USER={{ mysql_user }}"
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
- "MAX_LOG_SIZE_BYTES=1000000"
- "MAX_LOG_NUMBER=20"
- "TZ=Europe/Berlin"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
# db:
# image: mariadb
# container_name: zoneminder_db
# restart: unless-stopped
# networks:
# - zoneminder
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_db }}:/var/lib/mysql"
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# zoneminder:
# image: ghcr.io/zoneminder-containers/zoneminder-base:latest
# container_name: zoneminder
# restart: unless-stopped
# stop_grace_period: 45s
# depends_on:
# - db
# - traefik
# networks:
# - zoneminder
# - net
# ports:
# - "{{ zoneminder_port }}:80"
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_data }}:/data"
# - "{{ zoneminder_config }}:/config"
# - "{{ zoneminder_log}}:/log"
# - type: tmpfs
# target: /dev/shm
# tmpfs:
# size: 1000000000
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
# - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
syncthing:
image: syncthing/syncthing
@@ -475,29 +475,6 @@ services:
- "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
{{ gitlab.host }}:
image: gitlab/gitlab-ce:latest
container_name: {{ gitlab.host }}
restart: {{ gitlab.restart }}
depends_on:
- {{ pihole_host }}
networks:
- net
environment:
- TZ={{ timezone }}
volumes:
- {{ gitlab.paths.config }}:/etc/gitlab/
- {{ gitlab.paths.logs}}:/var/log/gitlab/
- {{ gitlab.paths.data}}:/var/opt/gitlab/
ports:
- {{ gitlab.ports.ssh.remote }}:{{ gitlab.ports.ssh.local }}
- {{ gitlab.ports.http.remote }}:{{ gitlab.ports.http.local }}
shm_size: '256m'
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ gitlab.host }}.rule=Host(`{{ gitlab.host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ gitlab.host }}.loadbalancer.server.port={{ gitlab.ports.http.local }}"
networks:
zoneminder:
driver: bridge

14
roles/docker/templates/aya01/prometheus/prometheus.yml.j2
View File

@@ -16,16 +16,17 @@ rule_files:
# - "second_rules.yml"
scrape_configs:
- job_name: 'aya01'
- job_name: 'node'
scrape_interval: 10s
scrape_timeout: 10s
tls_config:
insecure_skip_verify: true
static_configs:
- targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
- targets: ['{{ mii_ip }}:{{node_exporter_port}}']
- targets: ['{{ pi_ip }}:{{node_exporter_port}}']
- job_name: Mikrotik
- targets: ['{{ aya01_ip }}:{{node_exporter.port}}']
- targets: ['{{ mii_ip }}:{{node_exporter.port}}']
- targets: ['{{ pi_ip }}:{{node_exporter.port}}']
- targets: ['{{ naruto_ip }}:{{node_exporter.port}}']
- job_name: 'mikrotik'
static_configs:
- targets:
- {{ snmp_exporter_target }}
@@ -39,6 +40,7 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: {{ aya01_ip }}:{{ snmp_exporter_port }} # The SNMP exporter's real hostname:port.
- job_name: 'smart'
- job_name: 'SMART'
static_configs:
- targets: ['{{ aya01_ip }}:{{smart_exporter.port}}']
- targets: ['{{ naruto_ip }}:{{smart_exporter.port}}']

4
roles/node_exporter/tasks/get_version.yml
View File

@@ -2,7 +2,7 @@
- name: Determine latest GitHub release (local)
delegate_to: localhost
uri:
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter_version }}"
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter.version }}"
body_format: json
register: _github_release
until: _github_release.status == 200
@@ -13,6 +13,6 @@
node_exporter_version: "{{ _github_release.json.tag_name
| regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
- name: Set node_exporter_download_url
- name: Set node_exporter.download_url
set_fact:
node_exporter_download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"

2
roles/node_exporter/tasks/install.yml
View File

@@ -9,7 +9,7 @@
- name: Move node_exporter into path
copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
dest: "{{ node_exporter_bin_path }}"
dest: "{{ node_exporter.bin_path }}"
mode: 755
remote_src: true
become: true

2
roles/node_exporter/templates/node_exporter.service.j2
View File

@@ -4,7 +4,7 @@ Description=NodeExporter
[Service]
TimeoutStartSec=0
User=node_exporter
ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
ExecStart={{ node_exporter.bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter.port }} {{ node_exporter.options }}
[Install]
WantedBy=multi-user.target

4
roles/samba/tasks/config.yaml
View File

@@ -1,7 +1,7 @@
---
- name: Copy "{{ smb_config }}"
- name: Copy "{{ samba.config }}"
template:
src: "{{ smb_config }}"
src: "{{ samba.config }}"
dest: /etc/samba/smb.conf
become: true
register: smbconf

22
roles/samba/tasks/install.yaml
View File

@@ -8,36 +8,36 @@
- name: Install Samba dependencies
apt:
name: "{{ smb_deps }}"
name: "{{ samba.dependencies }}"
state: present
become: true
- name: Add group "{{smb_group}}"
- name: Add group "{{ samba.group }}"
group:
name: "{{smb_group}}"
name: "{{ samba.group }}"
state: present
become: true
- name: Change permission on share
file:
path: "{{ smb_media_dir }}"
group: "{{smb_group}}"
path: "{{ samba.media_dir }}"
group: "{{ samba.group }}"
mode: "2770"
become: true
- name: Add user "{{ smb_user }}"
- name: Add user "{{ samba.user }}"
user:
name: "{{ smb_user }}"
name: "{{ samba.user }}"
shell: "/sbin/nologin"
groups: "{{ smb_group }}"
groups: "{{ samba.group }}"
append: true
become: true
register: new_user
- name: Add password to "{{ smb_user }}"
- name: Add password to "{{ samba.user }}"
shell:
cmd: smbpasswd -a "{{ smb_user }}"
stdin: "{{ vault_smb_user_password }}\n{{ vault_smb_user_password }}"
cmd: smbpasswd -a "{{ samba.user }}"
stdin: "{{ host.samba.password }}\n{{ host.samba.password }}"
become: true
when: new_user.changed

6
roles/samba/templates/smb.conf
View File

@@ -213,10 +213,10 @@
[media]
comment = Media
path = "{{ smb_media_dir }}"
path = "{{ samba.media_dir }}"
writable = yes
guest ok = no
valid users = "@{{smb_group}}"
valid users = "@{{samba.group}}"
force create mode = 770
force directory mode = 770
inherit permissions = yes
inherit permissions = yes