Added naruto

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>

README.md

@@ -4,6 +4,15 @@
 It is expected that a user with sudo privilages is on the target, for me the users name is "tudattr"
 you can add such user with the following command `useradd -m -g sudo -s /bin/bash tudattr`
 Don't forget to set a password for the new user with `passwd tudattr`
+## sudo
+Install sudo on the target machine, with debian its
+
+```sh
+su root
+apt install sudo
+usermod -a -G sudo tudattr
+```
+
 ## Backups
 Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
 but first of all we need to create the buckets and provide ansible with the needed information.

group_vars/all/vars.yml

@@ -7,6 +7,8 @@ rclone_config: "/root/.config/rclone/"
 puid: "1000"
 pgid: "1000"
 pk_path: "/mnt/veracrypt1/genesis"
+pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20"
+
 
 local_domain: borg.land
 local_subdomains: "@"
@@ -14,7 +16,33 @@ remote_domain: tudattr.dev
 remote_subdomains: "www,plex,status,tautulli"
 backup_domain: seyshiro.de
 backup_subdomains: "hass,qbit,zm,"
+#
+#
+# aya01
+#
 
+aya01_host: "aya01"
+aya01_ip: "192.168.20.12"
+
+#
+# mii
+#
+
+mii_host: "mii"
+mii_ip: "192.168.200.2"
+
+#
+# naruto
+#
+naruto_host: "naruto"
+naruto_ip: "192.168.20.13"
+
+#
+# pi
+#
+
+pi_host: "pi"
+pi_ip: "192.168.20.11"
 
 #
 # Used to download for git releases
@@ -95,20 +123,6 @@ docker_data_dir: /media/docker/data # only available on aya01
 
 mysql_user: user
 
-#
-# aya01
-# 
-
-aya01_host: "aya01"
-aya01_ip: "192.168.20.12"
-
-#
-# mii
-#
-
-mii_host: "mii"
-mii_ip: "192.168.200.2"
-
 #
 # ZoneMinder
 #
@@ -154,13 +168,6 @@ kuma_host: "status"
 kuma_port: "3001"
 kuma_config: "{{ docker_dir }}/kuma/"
 
-#
-# pi
-#
-
-pi_host: "pi"
-pi_ip: "192.168.20.11"
-
 #
 # Traefik
 #
@@ -214,15 +221,15 @@ pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
 #
 # samba
 #
-smb_deps:
-  - "samba"
-  - "smbclient"
-  - "cifs-utils"
-
-smb_config: "templates/smb.conf"
-smb_media_dir: "/media"
-smb_group: "smbshare"
-smb_user: "smbuser"
+samba:
+  dependencies:
+    - "samba"
+    - "smbclient"
+    - "cifs-utils"
+  user: "smbuser"
+  group: "smbshare"
+  config: "templates/smb.conf"
+  media_dir: "/media"
 
 
 #
@@ -386,12 +393,13 @@ gluetun_config: "{{ docker_dir }}/{{ gluetun_host }}/config"
 # NodeExporter
 #
 
-node_exporter_port: 9100
-node_exporter_host: 'node'
-node_exporter_version: 'latest'
-node_exporter_serve: 'localhost'
-node_exporter_options: ''
-node_exporter_bin_path: /usr/local/bin/node_exporter
+node_exporter:
+  port: 9100
+  host: 'node'
+  version: 'latest'
+  serve: 'localhost'
+  options: ''
+  bin_path: /usr/local/bin/node_exporter
 
 #
 # Prometheus
@@ -425,30 +433,10 @@ snmp_exporter_target: "192.168.20.1"
 snmp_exporter_config: "{{ docker_dir }}/snmp_exporter/"
 snmp_exporter_host: "snmp_exporter"
 
-#
-# Gitlab
-#
-
-gitlab:
-  host: "gitlab"
-  restart: "unless-stopped"
-  puid: 998
-  pgid: 998
-  paths:
-    config: "{{ docker_dir }}/gitlab/config/"
-    logs: "{{ docker_data_dir }}/gitlab/logs/"
-    data: "{{ docker_data_dir }}/gitlab/data/"
-  ports:
-    ssh:
-      local: 22
-      remote: 23232
-    http:
-      local: 80
-      remote: 8084
-
 #
 # SMART Exporter
 #
+
 smart_exporter:
   port: 9633
   version: 'latest'

host_vars/aya01.yml

@@ -15,3 +15,31 @@ host:
     paths:
       - "{{ docker_compose_dir }}"
       - "{{ docker_dir }}"
+  fstab:
+    - name: "config"
+      path: "/opt"
+      type: "ext4"
+      uuid: "cad60133-dd84-4a2a-8db4-2881c608addf"
+    - name: "media0"
+      path: "/mnt/media0"
+      type: "ext4"
+      uuid: "c4c724ec-4fe3-4665-adf4-acd31d6b7f95"
+    - name: "media1"
+      path: "/mnt/media1"
+      type: "ext4"
+      uuid: "8d66d395-1e35-4f5a-a5a7-d181d6642ebf"
+  mergerfs:
+  - name: "media"
+    path: "/media"
+    branches:
+      - "/mnt/media0"
+      - "/mnt/media1"
+    opts:
+      - "use_ino"
+      - "allow_other"
+      - "cache.files=partial"
+      - "dropcacheonclose=true"
+      - "category.create=mfs"
+    type: "fuse.mergerfs"
+  samba:
+    password: "{{ vault.aya01.samba.password }}"

host_vars/naruto.yml

@@ -0,0 +1,21 @@
+ansible_user: "{{ user }}"
+ansible_host: 192.168.20.13
+ansible_port: 22
+ansible_ssh_private_key_file: '{{ pk_path }}'
+ansible_become_pass: '{{ vault.naruto.sudo }}'
+
+host:
+  ip: "{{ ansible_host }}"
+  backblaze:
+    account: "{{ vault.naruto.backblaze.account }}"
+    key: "{{ vault.naruto.backblaze.key }}"
+    remote: "remote:naruto-tudattr-dev"
+#    password: "{{}}"
+#    password2: "{{}}"
+#    paths:
+#      - "{{}}"
+#      - "{{}}"
+  fstab:
+  mergerfs:
+  samba:
+    password: "{{ vault.aya01.samba.password }}"

naruto.yml

@@ -0,0 +1,17 @@
+---
+- name: Set up Servers
+  hosts: nas
+  gather_facts: yes
+  roles:
+    - role: common
+      tags:
+        - common
+    - role: samba
+      tags:
+        - samba
+    - role: node_exporter
+      tags:
+        - node_exporter
+    - role: smart_exporter
+      tags:
+        - smart_exporter

production

@@ -6,3 +6,6 @@ pi
 
 [vps]
 mii
+
+[nas]
+naruto

roles/common/tasks/bash.yml

@@ -0,0 +1,10 @@
+---
+- name: Copy .bashrc
+  template:
+    src: templates/common/bash/bashrc.j2
+    dest: "/home/{{ user }}/.bashrc"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: 0644
+  become: yes
+  register: sshd

roles/common/tasks/fstab.yml

@@ -5,11 +5,11 @@
     state: present
   become: yes
 
-- name: Create folders to mount to
+- name: Create mount folders
   file:
     path: "{{ item.path }}"
     state: directory
-  loop: "{{ fstab_entries }}"
+  loop: "{{ host.fstab if host.fstab is iterable else []}}"
   become: true
 
 - name: Create fstab entries
@@ -19,7 +19,7 @@
     fstype: "{{ item.type }}"
     state: present
     backup: true
-  loop: "{{ fstab_entries }}"
+  loop: "{{ host.fstab if host.fstab is iterable else []}}"
   become: true
   register: fstab
 
@@ -32,7 +32,7 @@
     state: present
     backup: true
   become: true
-  loop: "{{ mergerfs_entries }}"
+  loop: "{{ host.mergerfs if host.mergerfs is iterable else []}}"
   register: fstab
 
 - name: Mount all disks

roles/common/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - include_tasks: time.yml
 - include_tasks: essential.yml
+- include_tasks: bash.yml
 - include_tasks: sshd.yml
-- include_tasks: aya01_fstab.yml
-  when: inventory_hostname == "aya01"
+- include_tasks: fstab.yml

roles/common/tasks/sshd.yml

@@ -7,6 +7,14 @@
   become: yes
   register: sshd
 
+- name: Copy pubkey
+  copy:
+    content: "{{ pubkey }}"
+    dest: "/home/{{ user }}/.ssh/authorized_keys"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: "644"
+
 - name: Restart sshd
   service:
     name: "sshd"

roles/common/templates/common/bash/bashrc.j2

@@ -0,0 +1,56 @@
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+HISTCONTROL=ignoreboth
+shopt -s histappend
+HISTSIZE=1000
+HISTFILESIZE=2000
+shopt -s checkwinsize
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+case "$TERM" in
+    xterm-color|*-256color) color_prompt=yes;;
+esac
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+fi
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+
+. "$HOME/.cargo/env"

roles/docker/tasks/aya01_compose.yml

@@ -75,7 +75,3 @@
 - include_tasks: grafana.yml
   tags:
     - grafana
-
-- include_tasks: gitlab.yml
-  tags:
-    - gitlab

roles/docker/templates/aya01/compose.yaml

@@ -51,57 +51,57 @@ services:
       - "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port=80"
 
-  db:
-    image: mariadb
-    container_name: zoneminder_db
-    restart: unless-stopped
-    networks:
-      - zoneminder
-    volumes:
-      - "/etc/localtime:/etc/localtime:ro"
-      - "{{ zoneminder_db }}:/var/lib/mysql"
-    environment:
-      - "MYSQL_DATABASE={{ zoneminder_host }}"
-      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
-      - "MYSQL_USER={{ mysql_user }}"
-      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
-      - "MAX_LOG_SIZE_BYTES=1000000"
-      - "MAX_LOG_NUMBER=20"
-      - "TZ=Europe/Berlin"
-  zoneminder:
-    image: ghcr.io/zoneminder-containers/zoneminder-base:latest
-    container_name: zoneminder
-    restart: unless-stopped
-    stop_grace_period: 45s
-    depends_on:
-      - db
-      - traefik
-    networks:
-      - zoneminder
-      - net
-    ports:
-      - "{{ zoneminder_port }}:80"
-    volumes:
-      - "/etc/localtime:/etc/localtime:ro"
-      - "{{ zoneminder_data }}:/data"
-      - "{{ zoneminder_config }}:/config"
-      - "{{ zoneminder_log}}:/log"
-      - type: tmpfs
-        target: /dev/shm
-        tmpfs:
-          size: 1000000000
-    environment:
-      - "MYSQL_DATABASE={{ zoneminder_host }}"
-      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
-      - "MYSQL_USER={{ mysql_user }}"
-      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
-      - "MAX_LOG_SIZE_BYTES=1000000"
-      - "MAX_LOG_NUMBER=20"
-      - "TZ=Europe/Berlin"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
-      - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
+#  db:
+#    image: mariadb
+#    container_name: zoneminder_db
+#    restart: unless-stopped
+#    networks:
+#      - zoneminder
+#    volumes:
+#      - "/etc/localtime:/etc/localtime:ro"
+#      - "{{ zoneminder_db }}:/var/lib/mysql"
+#    environment:
+#      - "MYSQL_DATABASE={{ zoneminder_host }}"
+#      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
+#      - "MYSQL_USER={{ mysql_user }}"
+#      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
+#      - "MAX_LOG_SIZE_BYTES=1000000"
+#      - "MAX_LOG_NUMBER=20"
+#      - "TZ=Europe/Berlin"
+#  zoneminder:
+#    image: ghcr.io/zoneminder-containers/zoneminder-base:latest
+#    container_name: zoneminder
+#    restart: unless-stopped
+#    stop_grace_period: 45s
+#    depends_on:
+#      - db
+#      - traefik
+#    networks:
+#      - zoneminder
+#      - net
+#    ports:
+#      - "{{ zoneminder_port }}:80"
+#    volumes:
+#      - "/etc/localtime:/etc/localtime:ro"
+#      - "{{ zoneminder_data }}:/data"
+#      - "{{ zoneminder_config }}:/config"
+#      - "{{ zoneminder_log}}:/log"
+#      - type: tmpfs
+#        target: /dev/shm
+#        tmpfs:
+#          size: 1000000000
+#    environment:
+#      - "MYSQL_DATABASE={{ zoneminder_host }}"
+#      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
+#      - "MYSQL_USER={{ mysql_user }}"
+#      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
+#      - "MAX_LOG_SIZE_BYTES=1000000"
+#      - "MAX_LOG_NUMBER=20"
+#      - "TZ=Europe/Berlin"
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
+#      - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
 
   syncthing:
     image: syncthing/syncthing
@@ -475,29 +475,6 @@ services:
       - "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
 
-  {{ gitlab.host }}:
-    image: gitlab/gitlab-ce:latest
-    container_name: {{ gitlab.host }}
-    restart: {{ gitlab.restart }}
-    depends_on:
-      - {{ pihole_host }}
-    networks:
-      - net
-    environment:
-      - TZ={{ timezone }}
-    volumes:
-      - {{ gitlab.paths.config }}:/etc/gitlab/
-      - {{ gitlab.paths.logs}}:/var/log/gitlab/
-      - {{ gitlab.paths.data}}:/var/opt/gitlab/
-    ports:
-      - {{ gitlab.ports.ssh.remote }}:{{ gitlab.ports.ssh.local }}
-      - {{ gitlab.ports.http.remote }}:{{ gitlab.ports.http.local }}
-    shm_size: '256m'
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.{{ gitlab.host }}.rule=Host(`{{ gitlab.host }}.{{ aya01_host }}.{{ local_domain }}`)"
-      - "traefik.http.services.{{ gitlab.host }}.loadbalancer.server.port={{ gitlab.ports.http.local }}"
-
 networks:
   zoneminder:
     driver: bridge

roles/docker/templates/aya01/prometheus/prometheus.yml.j2

@@ -16,16 +16,17 @@ rule_files:
   # - "second_rules.yml"
 
 scrape_configs:
-  - job_name: 'aya01'
+  - job_name: 'node'
     scrape_interval: 10s
     scrape_timeout: 10s
     tls_config:
       insecure_skip_verify: true
     static_configs:
-    - targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
-    - targets: ['{{ mii_ip }}:{{node_exporter_port}}']
-    - targets: ['{{ pi_ip }}:{{node_exporter_port}}']
-  - job_name: Mikrotik
+    - targets: ['{{ aya01_ip }}:{{node_exporter.port}}']
+    - targets: ['{{ mii_ip }}:{{node_exporter.port}}']
+    - targets: ['{{ pi_ip }}:{{node_exporter.port}}']
+    - targets: ['{{ naruto_ip }}:{{node_exporter.port}}']
+  - job_name: 'mikrotik'
     static_configs:
       - targets:
         - {{ snmp_exporter_target }}
@@ -39,6 +40,7 @@ scrape_configs:
         target_label: instance
       - target_label: __address__
         replacement: {{ aya01_ip }}:{{ snmp_exporter_port }} # The SNMP exporter's real hostname:port.
-  - job_name: 'smart'
+  - job_name: 'SMART'
     static_configs:
     - targets: ['{{ aya01_ip }}:{{smart_exporter.port}}']
+    - targets: ['{{ naruto_ip }}:{{smart_exporter.port}}']

roles/node_exporter/tasks/get_version.yml

@@ -2,7 +2,7 @@
 - name: Determine latest GitHub release (local)
   delegate_to: localhost
   uri:
-    url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter_version }}"
+    url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter.version }}"
     body_format: json
   register: _github_release
   until: _github_release.status == 200
@@ -13,6 +13,6 @@
     node_exporter_version: "{{ _github_release.json.tag_name
       | regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
 
-- name: Set node_exporter_download_url
+- name: Set node_exporter.download_url
   set_fact:
     node_exporter_download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"

roles/node_exporter/tasks/install.yml

@@ -9,7 +9,7 @@
 - name: Move node_exporter into path
   copy:
     src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
-    dest: "{{ node_exporter_bin_path }}"
+    dest: "{{ node_exporter.bin_path }}"
     mode: 755
     remote_src: true
   become: true

roles/node_exporter/templates/node_exporter.service.j2

@@ -4,7 +4,7 @@ Description=NodeExporter
 [Service]
 TimeoutStartSec=0
 User=node_exporter
-ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
+ExecStart={{ node_exporter.bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter.port }} {{ node_exporter.options }}
 
 [Install]
 WantedBy=multi-user.target

roles/samba/tasks/config.yaml

@@ -1,7 +1,7 @@
 ---
-- name: Copy "{{ smb_config }}"
+- name: Copy "{{ samba.config }}"
   template:
-    src: "{{ smb_config }}"
+    src: "{{ samba.config }}"
     dest: /etc/samba/smb.conf
   become: true
   register: smbconf

roles/samba/tasks/install.yaml

@@ -8,36 +8,36 @@
 
 - name: Install Samba dependencies
   apt:
-    name: "{{ smb_deps }}"
+    name: "{{ samba.dependencies }}"
     state: present
   become: true
 
-- name: Add group "{{smb_group}}"
+- name: Add group "{{ samba.group }}"
   group:
-    name: "{{smb_group}}"
+    name: "{{ samba.group }}"
     state: present
   become: true
 
 - name: Change permission on share
   file:
-    path: "{{ smb_media_dir }}"
-    group: "{{smb_group}}"
+    path: "{{ samba.media_dir }}"
+    group: "{{ samba.group }}"
     mode: "2770"
   become: true
 
-- name: Add user "{{ smb_user }}"
+- name: Add user "{{ samba.user }}"
   user:
-    name: "{{ smb_user }}"
+    name: "{{ samba.user }}"
     shell: "/sbin/nologin"
-    groups: "{{ smb_group }}"
+    groups: "{{ samba.group }}"
     append: true
   become: true
   register: new_user
 
-- name: Add password to "{{ smb_user }}"
+- name: Add password to "{{ samba.user }}"
   shell:
-    cmd: smbpasswd -a "{{ smb_user }}"
-    stdin: "{{ vault_smb_user_password }}\n{{ vault_smb_user_password }}"
+    cmd: smbpasswd -a "{{ samba.user }}"
+    stdin: "{{ host.samba.password }}\n{{ host.samba.password }}"
   become: true
   when: new_user.changed
     

roles/samba/templates/smb.conf

@@ -213,10 +213,10 @@
 
 [media]
     comment = Media
-    path = "{{ smb_media_dir }}"
+    path = "{{ samba.media_dir }}"
     writable = yes
     guest ok = no
-    valid users = "@{{smb_group}}"
+    valid users = "@{{samba.group}}"
     force create mode = 770
     force directory mode = 770
     inherit permissions = yes