From 477c574e499496fd34ef37df414087fe6656d74f Mon Sep 17 00:00:00 2001 From: Roxedus Date: Sat, 13 Feb 2021 15:39:14 +0100 Subject: [PATCH] Updates --- ansible/group_vars/docker.yml | 3 + ansible/group_vars/kube.yml | 1 + ansible/hosts | 10 ++ .../pi_dnsmasq/templates/02-custom.conf.j2 | 15 ++- .../pi_dnsmasq/templates/hosts.custom.j2 | 5 + ansible/run.yml | 111 +++++++++++++++++- ansible/vars/vault.yml | 40 +++---- 7 files changed, 156 insertions(+), 29 deletions(-) create mode 100644 ansible/group_vars/docker.yml create mode 100644 ansible/group_vars/kube.yml diff --git a/ansible/group_vars/docker.yml b/ansible/group_vars/docker.yml new file mode 100644 index 0000000..8248cb0 --- /dev/null +++ b/ansible/group_vars/docker.yml @@ -0,0 +1,3 @@ +docker_install_compose: false +docker_users: + - "{{ users.0.username }}" diff --git a/ansible/group_vars/kube.yml b/ansible/group_vars/kube.yml new file mode 100644 index 0000000..0083dbd --- /dev/null +++ b/ansible/group_vars/kube.yml @@ -0,0 +1 @@ +kube_ver: 1.19.4-00 diff --git a/ansible/hosts b/ansible/hosts index 4949047..5b4c451 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,2 +1,12 @@ [piholes] pihole set_hostname=pihole."{{ secret_local_domain }}" + +;[docker] +;10.0.0.40 +;10.0.0.41 +;10.0.0.42 + +;[kube] +;10.0.0.40 set_hostname=kube."{{ secret_local_domain }}" +;10.0.0.41 set_hostname=kube-node1."{{ secret_local_domain }}" +;10.0.0.42 set_hostname=kube-node2."{{ secret_local_domain }}" diff --git a/ansible/roles/pi_dnsmasq/templates/02-custom.conf.j2 b/ansible/roles/pi_dnsmasq/templates/02-custom.conf.j2 index 5f6a6e2..ca7e7ba 100644 --- a/ansible/roles/pi_dnsmasq/templates/02-custom.conf.j2 +++ b/ansible/roles/pi_dnsmasq/templates/02-custom.conf.j2 @@ -1,8 +1,17 @@ {{ ansible_managed | comment}} +# http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html addn-hosts=/etc/hosts.custom address=/.{{ secret_wan_domain }}/10.0.0.29 -#rev-server=10.0.2.1/26,10.0.2.1 -#server=/man.{{ dmasq_local_domain }}/10.0.2.1 -#server=/2.0.10.in-addr.arpa/10.0.2.1 +rev-server=10.0.0.0/24,10.0.0.1 +server=/{{ dmasq_local_domain }}/10.0.0.1 + +rev-server=10.253.0.0/24,10.253.0.1 +server=/wg.{{ dmasq_local_domain }}/10.253.0.1 + +server=/2.0.10.in-addr.arpa/10.0.2.65 +server=/vm.{{ dmasq_local_domain }}/10.0.2.65 + +server=/2.0.10.in-addr.arpa/10.0.2.0 +server=/man.{{ dmasq_local_domain }}/10.0.2.1 \ No newline at end of file diff --git a/ansible/roles/pi_dnsmasq/templates/hosts.custom.j2 b/ansible/roles/pi_dnsmasq/templates/hosts.custom.j2 index 39ac709..4ac4155 100644 --- a/ansible/roles/pi_dnsmasq/templates/hosts.custom.j2 +++ b/ansible/roles/pi_dnsmasq/templates/hosts.custom.j2 @@ -2,3 +2,8 @@ 10.0.0.29 {{ secret_wan_domain }} 10.0.0.30 {{ secret_unraid_uuid }}.unraid.net + +10.0.2.3 vcenter.man.{{ dmasq_local_domain }} +10.0.2.5 9010.esxi.man.{{ dmasq_local_domain }} +10.0.2.6 r710.esxi.man.{{ dmasq_local_domain }} +10.0.2.16 r710.man.{{ dmasq_local_domain }} \ No newline at end of file diff --git a/ansible/run.yml b/ansible/run.yml index cdc17c1..3ac815d 100644 --- a/ansible/run.yml +++ b/ansible/run.yml @@ -6,14 +6,19 @@ collections: - ansible.builtin.apt + - ansible.builtin.apt_key - ansible.builtin.git - ansible.builtin.group - ansible.builtin.hostname + - ansible.builtin.lineinfile + - ansible.builtin.pip - ansible.builtin.reboot - ansible.builtin.user - ansible.posix.authorized_key - - ansible.builtin.lineinfile - - ansible.builtin.git + - ansible.posix.mount + - ansible.builtin.command + - ansible.builtin.apt_repository + - ansible.builtin.dpkg_selections pre_tasks: - name: Ensure groups exists @@ -78,17 +83,84 @@ with_items: - "{{package_list}}" +- hosts: docker + become: yes + tags: [never, init, docker] + vars_files: + - "vars/vault.yml" + post_tasks: + - name: Install pip packages + ansible.builtin.pip: + name: + - docker + - docker-compose + roles: + - role: geerlingguy.docker + +- hosts: kube + become: yes + tags: [never, init, kube] + vars_files: + - "vars/vault.yml" + tasks: + - name: Disable SWAP + # ansible.builtin.comman + command: swapoff -a + + - name: Remove swapfile from /etc/fstab + ansible.posix.mount: + name: "{{ item }}" + fstype: swap + state: absent + with_items: + - swap + + - name: Add Apt signing key Google + ansible.builtin.apt_key: + url: "{{ item }}" + state: present + loop: + - https://packages.cloud.google.com/apt/doc/apt-key.gpg + + - name: Add repo for kubernetes + ansible.builtin.apt_repository: + filename: kubernetes + repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main" + mode: "0666" + update_cache: yes + + - name: Install packages + ansible.builtin.apt: + name: "{{ item }}={{ kube_ver }}" + state: present + with_items: + - kubelet + - kubeadm + - kubectl + + - name: Hold kubernetes version + become: yes + ansible.builtin.dpkg_selections: + name: "{{ item }}" + selection: "hold" + with_items: + - kubelet + - kubeadm + - kubectl + - hosts: piholes vars_files: - "vars/vault.yml" pre_tasks: - name: Checkout pihole tags: [never, init, pihole] + become: yes ansible.builtin.git: repo: "https://github.com/pi-hole/pi-hole.git" clone: yes - dest: "/home/{{ users.0.username }}/pihole" + dest: "/etc/.pihole" depth: 1 + umask: "022" - name: Checkout pihole_updatelist tags: [never, init, pihole] @@ -104,17 +176,35 @@ ansible.builtin.apt: name: [ + "cron", + "curl", + "dhcpcd5", "dns-root-data", + "dns-root-data", + "dnsutils", + "git", "idn2", + "idn2", + "iputils-ping", + "libcap2-bin", + "libcap2", "lighttpd", + "lsof", + "netcat", "php-cgi", "php-cli", "php-curl", "php-intl", "php-sqlite3", + "php-sqlite3", "php-xml", + "psmisc", "sqlite3", + "sudo", "unzip", + "unzip", + "wget", + "whiptail", ] state: latest @@ -122,6 +212,7 @@ - role: pi_updatelist tags: [update] - role: pi_dnsmasq + tags: [update] - hosts: all become: yes @@ -133,10 +224,10 @@ # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/ - name: Update packages ansible.builtin.apt: - update_cache: yes - force_apt_get: yes + update_cache: true + force_apt_get: true cache_valid_time: 3600 - upgrade: yes + upgrade: true - name: Remove ubuntu motd spam ansible.builtin.file: @@ -150,6 +241,14 @@ - 95-hwe-eol when: ansible_distribution == 'Ubuntu' + - name: Update PiHole + when: inventory_hostname in groups['piholes'] + become: true + ansible.builtin.command: + argv: + - pihole + - -up + - name: Check if a reboot is needed for Debian and Ubuntu boxes register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 4af8d23..7986b5e 100644 --- a/ansible/vars/vault.yml +++ b/ansible/vars/vault.yml @@ -1,21 +1,21 @@ $ANSIBLE_VAULT;1.1;AES256 -63613666633537303031393636363930316663373334333131313233663033366634313934366665 -6166373661616530626361306338383262376661313161380a313536313462326165323636303163 -33663431326665353630366337356634663837306564616436303831616137626238613337616238 -6638323363376330650a643163613131346537613966356433666364653239633333643265626339 -32353339353966316636656139616262376135396237316162383230633438366434366566373737 -39366339333061393564353739373463336537303162353630303239303238643934646639383366 -61643537343834613063306131623265363933323835313034393761393637313662623163396364 -64656630343131613366343238643836396365616336663330366461396537373966316261383861 -38386138333561383831323530643235333636313338633462616163366134643634363131663530 -61303761306336373739346162303466303664336563303634326639343138303938363638373237 -61303733353237613234343165363233393762616661623233653430323538626135333833616337 -36333264616130633364303663653831343562643537623236653632656131353137613730393530 -62383733323534623064656233306638643236613766396635313436356665653663353137613964 -31346534613662336235316566636464306165323933636365636464633762303135616433383234 -37303633313932643439396435373438363039306136336334666436393166363934363436303365 -35613462656230653339383533303737313364386266366134633964633937383333316238323861 -34383237376432303164316431313565653666316130363931373365356634343966613737613162 -37373533613134353362623965316537373463303365323034336464313562613734316436346536 -33646335356330643034653862626531663063613230646432353761623365373332373738643931 -63316236343038393266 +34373738623761326237666631646431663163613066306164316230616336643265333763316662 +3337656665626235323662366130663434636366353737340a313261316466343938656639303938 +66346665333933343964393337326665643339393765343365393431626566663166303532333062 +6362626134346338370a353066623565353664626533626537663632646632633333386262323634 +65653463633262313562386233306533356532613534306662643333623231663963326433373337 +37363366646632373266636663643830343538623530343365653638656536313463346437616633 +31633762393862646338626530656636643665306633353634353565643733616336653030343664 +30373166376534323966633534396533616634353630396130306637393038343833626535336131 +36323332323862643763666432623362323534303263333362353936613331643565663930346566 +62366464396638343465316566306564373230366365323435353362323238636661353830336235 +35643137393130613334636165376664633933663837363932306365633734636432343133666462 +39363239393337656632326539316531366661366439663866663431353766636337323938366663 +33376433363865363132316632663336383130616332633661373634366338646334373432343366 +64303737383135623066343735646530393833613034626137386430303330343539336239303465 +37386234323363383135373832313162613562313761386166393563636236656665626564356566 +66373930336166366135666132636564393861383539663064353830346363643966356462316663 +39656631336438663435626337373162323531633835373666343336383736316566623937323832 +32316465353033386464326335386664323862626437656561356266663132333132323266663736 +31376363653530626139393236633065623632666133646666306230633962376631653735353738 +63623836666338653835