Initial commit

This commit is contained in:
Roxedus 2020-07-21 03:26:02 +02:00
commit f2929e7e61
Signed by: Roxedus
GPG Key ID: 9B4E311961C63639
13 changed files with 208 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.vault_pass
/venv

1
README.md Normal file
View File

@ -0,0 +1 @@
LabSetup

7
ansible.cfg Normal file
View File

@ -0,0 +1,7 @@
[defaults]
#nocows = 1
inventory = ./hosts
vault_password_file = .vault_pass
[privilege_escalation]
#become_ask_pass = True

31
group_vars/all.yml Normal file
View File

@ -0,0 +1,31 @@
---
ansible_become_password: "{{ secret_sudo }}"
main_username: roxedus
main_groupname: "{{ main_username }}"
main_uid: 1000
main_gid: "{{ main_uid }}"
package_list:
- name: bash-completion
- name: curl
- name: git
- name: htop
- name: iftop
- name: lm-sensors
- name: ncdu
- name: net-tools
- name: nmap
- name: openssh-server
- name: open-vm-tools
- name: tmux
- name: wget
ntp_timezone: "Europe/Oslo"
security_ssh_port: 22
security_ssh_password_authentication: "no"
security_ssh_permit_root_login: "no"
security_ssh_usedns: "no"
security_autoupdate_enabled: true
security_fail2ban_enabled: true

17
group_vars/docker.yml Normal file
View File

@ -0,0 +1,17 @@
docker_install_compose: true
docker_users:
- "{{ main_username }}"
appdata_path: /opt/appdata
global_env_vars:
- "PUID={{ main_uid }}"
- "PGID={{ main_gid }}"
- "TZ={{ ntp_timezone }}"
docker_compose_generator_uid: "{{ main_uid }}"
docker_compose_generator_gid: "{{ main_gid }}"
docker_compose_generator_output_path: /home/roxedus
container_config_path: /config
container_data_path: /data
docker_compose_file_mask: 0664
docker_compose_directory_mask: 0775

31
group_vars/edge.yml Normal file
View File

@ -0,0 +1,31 @@
containers:
- service_name: le
active: true
container_name: le
image: linuxserver/letsencrypt
ports:
- 80:80
- 443:443
volumes:
- "{{ appdata_path }}/letsencrypt/config:/config"
restart: always
cap_add:
- NET_ADMIN
include_global_env_vars: true
environment:
- EMAIL={{ secret_cloudflare.email }}
- URL={{ DOMAIN }}
- SUBDOMAINS=wildcard
- ONLY_SUBDOMAINS=true
- DHLEVEL=4096
- VALIDATION=dns
- DNSPLUGIN=cloudflare
- service_name: org
active: false
container_name: org
image: organizr/organizr
include_global_env_vars: true
environment:
- branch=dev
- fpm=true

View File

@ -0,0 +1,2 @@
---
DOMAIN: roxedus.xyz

9
hosts Normal file
View File

@ -0,0 +1,9 @@
[roxedus_xyz]
192.168.2.5
[docker]
192.168.2.5
#10.0.0.36
[edge]
192.168.2.5

6
requirements.yaml Normal file
View File

@ -0,0 +1,6 @@
- src: geerlingguy.docker
- src: geerlingguy.security
- src: geerlingguy.ntp
- src: grog.package
- src: ironicbadger.ansible_role_docker_compose_generator
- src: ironicbadger.ansible_role_nginx_configs

View File

@ -0,0 +1,15 @@
# Ansible managed
---
version: "2"
services:
cfddns:
image: hotio/cloudflare-ddns
container_name: cfddns
environment:
- CF_USER={{ secret_cloudflare.email }}
- CF_APIKEY={{ secret_cloudflare[DOMAIN].apikey }}
- CF_ZONES={{ secret_cloudflare[DOMAIN].zones }}
- CF_HOSTS=ddns.{{ DOMAIN }}
- CF_RECORDTYPES=A
- APPRISE=discord://{{ secret_discord_webook }}
restart: always

View File

@ -0,0 +1,29 @@
- name: Create cfddns directory
file:
path: "{{ appdata_path }}/cfddns"
state: directory
owner: "{{ main_username }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Install cfddns compose file
template:
src: files/docker-compose.yml
dest: "{{ appdata_path }}/cfddns/docker-compose.yml"
mode: "{{ docker_compose_file_mask }}"
owner: "{{ main_username }}"
validate: docker-compose -f %s config
register: compose_file
become: true
- name: Cycle cfddns container
docker_compose:
project_src: "{{ appdata_path }}/cfddns"
pull: true
remove_orphans: true
remove_volumes: true
state: "{{ item }}"
when: compose_file.changed
loop:
- absent
- present

37
run.yml Normal file
View File

@ -0,0 +1,37 @@
---
- hosts: all
become: yes
vars_files:
- "vars/vault.yaml"
roles:
- role: geerlingguy.security
- role: geerlingguy.ntp
- role: grog.package
tasks:
- name: remove ubuntu motd spam
become: true
file:
path: "/etc/update-motd.d/{{ item }}"
state: absent
loop:
- 50-landscape-sysinfo
- 80-livepatch
- 95-hwe-eol
- 10-help-text
- 50-motd-news
when: ansible_distribution == 'Ubuntu'
- hosts: docker
become: yes
vars_files:
- "vars/vault.yaml"
roles:
- role: geerlingguy.docker
- hosts: edge
become: yes
vars_files:
- "vars/vault.yaml"
roles:
- role: ironicbadger.ansible_role_docker_compose_generator
- role: dock-cfddns

21
vars/vault.yaml Normal file
View File

@ -0,0 +1,21 @@
$ANSIBLE_VAULT;1.1;AES256
66383734663630303361626461303332643532336364666666646333643738653634393261663066
6663316433393663646138303839643430663065313362660a633839366337656636623236396465
30666562356566323435646639333637323537353364613961626333343134326630313162353134
3861353064313433610a373037326462353838333634373562323866386635386665383838616639
31643537666336303933633436663237393135653437326334363238313833333032356465646264
30383739356538383961623432326135643365343731643665303131346434393266346362663362
37643265653234306631633135323935383634313932393164343562333933313433383763626362
66636463353930313433336466393332356531656266346236366536383766356365306163333532
37363737316661306332623931366536386366373036346663643135386531313866323566623430
63366261303931666465366563396533623835396536633236646462343564326264303761323833
38326165333532373635303063633266336231643538323238303932346136376534633037383135
34366337346363653438616139623032366163366439313532633932306164633533313735643335
64653636393363646437663232376366373765386465643733633164613661336366613763616532
32643337653566346332356433393833356132333632356135373238306462623432396134386238
31633164613563626666366536613863363334366463366539633939383938353234373865623164
65366639333066383863343333323966343361336664346361353739343164353332663136306362
35626532306537363536346663316366646534306435396536373435336633616538396334336239
34383663303764663637326239396332396131646631393132323930656563343136633561333839
37323662373663666564646131643430353761663363353130306333653764306631636461303438
33623535363566356262