Added naruto

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2023-07-12 00:02:17 +02:00
parent c2b68f7f64
commit ef207c5d64
20 changed files with 282 additions and 167 deletions

View File

@ -4,6 +4,15 @@
It is expected that a user with sudo privilages is on the target, for me the users name is "tudattr"
you can add such user with the following command `useradd -m -g sudo -s /bin/bash tudattr`
Don't forget to set a password for the new user with `passwd tudattr`
## sudo
Install sudo on the target machine, with debian its
```sh
su root
apt install sudo
usermod -a -G sudo tudattr
```
## Backups
Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
but first of all we need to create the buckets and provide ansible with the needed information.

View File

@ -7,6 +7,8 @@ rclone_config: "/root/.config/rclone/"
puid: "1000"
pgid: "1000"
pk_path: "/mnt/veracrypt1/genesis"
pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20"
local_domain: borg.land
local_subdomains: "@"
@ -14,7 +16,33 @@ remote_domain: tudattr.dev
remote_subdomains: "www,plex,status,tautulli"
backup_domain: seyshiro.de
backup_subdomains: "hass,qbit,zm,"
#
#
# aya01
#
aya01_host: "aya01"
aya01_ip: "192.168.20.12"
#
# mii
#
mii_host: "mii"
mii_ip: "192.168.200.2"
#
# naruto
#
naruto_host: "naruto"
naruto_ip: "192.168.20.13"
#
# pi
#
pi_host: "pi"
pi_ip: "192.168.20.11"
#
# Used to download for git releases
@ -95,20 +123,6 @@ docker_data_dir: /media/docker/data # only available on aya01
mysql_user: user
#
# aya01
#
aya01_host: "aya01"
aya01_ip: "192.168.20.12"
#
# mii
#
mii_host: "mii"
mii_ip: "192.168.200.2"
#
# ZoneMinder
#
@ -154,13 +168,6 @@ kuma_host: "status"
kuma_port: "3001"
kuma_config: "{{ docker_dir }}/kuma/"
#
# pi
#
pi_host: "pi"
pi_ip: "192.168.20.11"
#
# Traefik
#
@ -214,15 +221,15 @@ pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
#
# samba
#
smb_deps:
samba:
dependencies:
- "samba"
- "smbclient"
- "cifs-utils"
smb_config: "templates/smb.conf"
smb_media_dir: "/media"
smb_group: "smbshare"
smb_user: "smbuser"
user: "smbuser"
group: "smbshare"
config: "templates/smb.conf"
media_dir: "/media"
#
@ -386,12 +393,13 @@ gluetun_config: "{{ docker_dir }}/{{ gluetun_host }}/config"
# NodeExporter
#
node_exporter_port: 9100
node_exporter_host: 'node'
node_exporter_version: 'latest'
node_exporter_serve: 'localhost'
node_exporter_options: ''
node_exporter_bin_path: /usr/local/bin/node_exporter
node_exporter:
port: 9100
host: 'node'
version: 'latest'
serve: 'localhost'
options: ''
bin_path: /usr/local/bin/node_exporter
#
# Prometheus
@ -425,30 +433,10 @@ snmp_exporter_target: "192.168.20.1"
snmp_exporter_config: "{{ docker_dir }}/snmp_exporter/"
snmp_exporter_host: "snmp_exporter"
#
# Gitlab
#
gitlab:
host: "gitlab"
restart: "unless-stopped"
puid: 998
pgid: 998
paths:
config: "{{ docker_dir }}/gitlab/config/"
logs: "{{ docker_data_dir }}/gitlab/logs/"
data: "{{ docker_data_dir }}/gitlab/data/"
ports:
ssh:
local: 22
remote: 23232
http:
local: 80
remote: 8084
#
# SMART Exporter
#
smart_exporter:
port: 9633
version: 'latest'

View File

@ -15,3 +15,31 @@ host:
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
- name: "config"
path: "/opt"
type: "ext4"
uuid: "cad60133-dd84-4a2a-8db4-2881c608addf"
- name: "media0"
path: "/mnt/media0"
type: "ext4"
uuid: "c4c724ec-4fe3-4665-adf4-acd31d6b7f95"
- name: "media1"
path: "/mnt/media1"
type: "ext4"
uuid: "8d66d395-1e35-4f5a-a5a7-d181d6642ebf"
mergerfs:
- name: "media"
path: "/media"
branches:
- "/mnt/media0"
- "/mnt/media1"
opts:
- "use_ino"
- "allow_other"
- "cache.files=partial"
- "dropcacheonclose=true"
- "category.create=mfs"
type: "fuse.mergerfs"
samba:
password: "{{ vault.aya01.samba.password }}"

21
host_vars/naruto.yml Normal file
View File

@ -0,0 +1,21 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.13
ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault.naruto.sudo }}'
host:
ip: "{{ ansible_host }}"
backblaze:
account: "{{ vault.naruto.backblaze.account }}"
key: "{{ vault.naruto.backblaze.key }}"
remote: "remote:naruto-tudattr-dev"
# password: "{{}}"
# password2: "{{}}"
# paths:
# - "{{}}"
# - "{{}}"
fstab:
mergerfs:
samba:
password: "{{ vault.aya01.samba.password }}"

17
naruto.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Set up Servers
hosts: nas
gather_facts: yes
roles:
- role: common
tags:
- common
- role: samba
tags:
- samba
- role: node_exporter
tags:
- node_exporter
- role: smart_exporter
tags:
- smart_exporter

View File

@ -6,3 +6,6 @@ pi
[vps]
mii
[nas]
naruto

View File

@ -0,0 +1,10 @@
---
- name: Copy .bashrc
template:
src: templates/common/bash/bashrc.j2
dest: "/home/{{ user }}/.bashrc"
owner: "{{ user }}"
group: "{{ user }}"
mode: 0644
become: yes
register: sshd

View File

@ -5,11 +5,11 @@
state: present
become: yes
- name: Create folders to mount to
- name: Create mount folders
file:
path: "{{ item.path }}"
state: directory
loop: "{{ fstab_entries }}"
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
- name: Create fstab entries
@ -19,7 +19,7 @@
fstype: "{{ item.type }}"
state: present
backup: true
loop: "{{ fstab_entries }}"
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
register: fstab
@ -32,7 +32,7 @@
state: present
backup: true
become: true
loop: "{{ mergerfs_entries }}"
loop: "{{ host.mergerfs if host.mergerfs is iterable else []}}"
register: fstab
- name: Mount all disks

View File

@ -1,6 +1,6 @@
---
- include_tasks: time.yml
- include_tasks: essential.yml
- include_tasks: bash.yml
- include_tasks: sshd.yml
- include_tasks: aya01_fstab.yml
when: inventory_hostname == "aya01"
- include_tasks: fstab.yml

View File

@ -7,6 +7,14 @@
become: yes
register: sshd
- name: Copy pubkey
copy:
content: "{{ pubkey }}"
dest: "/home/{{ user }}/.ssh/authorized_keys"
owner: "{{ user }}"
group: "{{ user }}"
mode: "644"
- name: Restart sshd
service:
name: "sshd"

View File

@ -0,0 +1,56 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
case $- in
*i*) ;;
*) return;;
esac
HISTCONTROL=ignoreboth
shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
shopt -s checkwinsize
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
fi
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
. "$HOME/.cargo/env"

View File

@ -75,7 +75,3 @@
- include_tasks: grafana.yml
tags:
- grafana
- include_tasks: gitlab.yml
tags:
- gitlab

View File

@ -51,57 +51,57 @@ services:
- "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port=80"
db:
image: mariadb
container_name: zoneminder_db
restart: unless-stopped
networks:
- zoneminder
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ zoneminder_db }}:/var/lib/mysql"
environment:
- "MYSQL_DATABASE={{ zoneminder_host }}"
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
- "MYSQL_USER={{ mysql_user }}"
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
- "MAX_LOG_SIZE_BYTES=1000000"
- "MAX_LOG_NUMBER=20"
- "TZ=Europe/Berlin"
zoneminder:
image: ghcr.io/zoneminder-containers/zoneminder-base:latest
container_name: zoneminder
restart: unless-stopped
stop_grace_period: 45s
depends_on:
- db
- traefik
networks:
- zoneminder
- net
ports:
- "{{ zoneminder_port }}:80"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ zoneminder_data }}:/data"
- "{{ zoneminder_config }}:/config"
- "{{ zoneminder_log}}:/log"
- type: tmpfs
target: /dev/shm
tmpfs:
size: 1000000000
environment:
- "MYSQL_DATABASE={{ zoneminder_host }}"
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
- "MYSQL_USER={{ mysql_user }}"
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
- "MAX_LOG_SIZE_BYTES=1000000"
- "MAX_LOG_NUMBER=20"
- "TZ=Europe/Berlin"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
# db:
# image: mariadb
# container_name: zoneminder_db
# restart: unless-stopped
# networks:
# - zoneminder
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_db }}:/var/lib/mysql"
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# zoneminder:
# image: ghcr.io/zoneminder-containers/zoneminder-base:latest
# container_name: zoneminder
# restart: unless-stopped
# stop_grace_period: 45s
# depends_on:
# - db
# - traefik
# networks:
# - zoneminder
# - net
# ports:
# - "{{ zoneminder_port }}:80"
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_data }}:/data"
# - "{{ zoneminder_config }}:/config"
# - "{{ zoneminder_log}}:/log"
# - type: tmpfs
# target: /dev/shm
# tmpfs:
# size: 1000000000
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
# - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
syncthing:
image: syncthing/syncthing
@ -475,29 +475,6 @@ services:
- "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
{{ gitlab.host }}:
image: gitlab/gitlab-ce:latest
container_name: {{ gitlab.host }}
restart: {{ gitlab.restart }}
depends_on:
- {{ pihole_host }}
networks:
- net
environment:
- TZ={{ timezone }}
volumes:
- {{ gitlab.paths.config }}:/etc/gitlab/
- {{ gitlab.paths.logs}}:/var/log/gitlab/
- {{ gitlab.paths.data}}:/var/opt/gitlab/
ports:
- {{ gitlab.ports.ssh.remote }}:{{ gitlab.ports.ssh.local }}
- {{ gitlab.ports.http.remote }}:{{ gitlab.ports.http.local }}
shm_size: '256m'
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ gitlab.host }}.rule=Host(`{{ gitlab.host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ gitlab.host }}.loadbalancer.server.port={{ gitlab.ports.http.local }}"
networks:
zoneminder:
driver: bridge

View File

@ -16,16 +16,17 @@ rule_files:
# - "second_rules.yml"
scrape_configs:
- job_name: 'aya01'
- job_name: 'node'
scrape_interval: 10s
scrape_timeout: 10s
tls_config:
insecure_skip_verify: true
static_configs:
- targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
- targets: ['{{ mii_ip }}:{{node_exporter_port}}']
- targets: ['{{ pi_ip }}:{{node_exporter_port}}']
- job_name: Mikrotik
- targets: ['{{ aya01_ip }}:{{node_exporter.port}}']
- targets: ['{{ mii_ip }}:{{node_exporter.port}}']
- targets: ['{{ pi_ip }}:{{node_exporter.port}}']
- targets: ['{{ naruto_ip }}:{{node_exporter.port}}']
- job_name: 'mikrotik'
static_configs:
- targets:
- {{ snmp_exporter_target }}
@ -39,6 +40,7 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: {{ aya01_ip }}:{{ snmp_exporter_port }} # The SNMP exporter's real hostname:port.
- job_name: 'smart'
- job_name: 'SMART'
static_configs:
- targets: ['{{ aya01_ip }}:{{smart_exporter.port}}']
- targets: ['{{ naruto_ip }}:{{smart_exporter.port}}']

View File

@ -2,7 +2,7 @@
- name: Determine latest GitHub release (local)
delegate_to: localhost
uri:
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter_version }}"
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter.version }}"
body_format: json
register: _github_release
until: _github_release.status == 200
@ -13,6 +13,6 @@
node_exporter_version: "{{ _github_release.json.tag_name
| regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
- name: Set node_exporter_download_url
- name: Set node_exporter.download_url
set_fact:
node_exporter_download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"

View File

@ -9,7 +9,7 @@
- name: Move node_exporter into path
copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
dest: "{{ node_exporter_bin_path }}"
dest: "{{ node_exporter.bin_path }}"
mode: 755
remote_src: true
become: true

View File

@ -4,7 +4,7 @@ Description=NodeExporter
[Service]
TimeoutStartSec=0
User=node_exporter
ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
ExecStart={{ node_exporter.bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter.port }} {{ node_exporter.options }}
[Install]
WantedBy=multi-user.target

View File

@ -1,7 +1,7 @@
---
- name: Copy "{{ smb_config }}"
- name: Copy "{{ samba.config }}"
template:
src: "{{ smb_config }}"
src: "{{ samba.config }}"
dest: /etc/samba/smb.conf
become: true
register: smbconf

View File

@ -8,36 +8,36 @@
- name: Install Samba dependencies
apt:
name: "{{ smb_deps }}"
name: "{{ samba.dependencies }}"
state: present
become: true
- name: Add group "{{smb_group}}"
- name: Add group "{{ samba.group }}"
group:
name: "{{smb_group}}"
name: "{{ samba.group }}"
state: present
become: true
- name: Change permission on share
file:
path: "{{ smb_media_dir }}"
group: "{{smb_group}}"
path: "{{ samba.media_dir }}"
group: "{{ samba.group }}"
mode: "2770"
become: true
- name: Add user "{{ smb_user }}"
- name: Add user "{{ samba.user }}"
user:
name: "{{ smb_user }}"
name: "{{ samba.user }}"
shell: "/sbin/nologin"
groups: "{{ smb_group }}"
groups: "{{ samba.group }}"
append: true
become: true
register: new_user
- name: Add password to "{{ smb_user }}"
- name: Add password to "{{ samba.user }}"
shell:
cmd: smbpasswd -a "{{ smb_user }}"
stdin: "{{ vault_smb_user_password }}\n{{ vault_smb_user_password }}"
cmd: smbpasswd -a "{{ samba.user }}"
stdin: "{{ host.samba.password }}\n{{ host.samba.password }}"
become: true
when: new_user.changed

View File

@ -213,10 +213,10 @@
[media]
comment = Media
path = "{{ smb_media_dir }}"
path = "{{ samba.media_dir }}"
writable = yes
guest ok = no
valid users = "@{{smb_group}}"
valid users = "@{{samba.group}}"
force create mode = 770
force directory mode = 770
inherit permissions = yes