Initial commit
This commit is contained in:
commit
f2929e7e61
GPG Key ID:
9B4E311961C63639
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
.vault_pass
|
||||
/venv
|
||||
7
ansible.cfg
Normal file
7
ansible.cfg
Normal file
@ -0,0 +1,7 @@
|
||||
[defaults]
|
||||
#nocows = 1
|
||||
inventory = ./hosts
|
||||
vault_password_file = .vault_pass
|
||||
|
||||
[privilege_escalation]
|
||||
#become_ask_pass = True
|
||||
31
group_vars/all.yml
Normal file
31
group_vars/all.yml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
ansible_become_password: "{{ secret_sudo }}"
|
||||
|
||||
main_username: roxedus
|
||||
main_groupname: "{{ main_username }}"
|
||||
main_uid: 1000
|
||||
main_gid: "{{ main_uid }}"
|
||||
|
||||
package_list:
|
||||
- name: bash-completion
|
||||
- name: curl
|
||||
- name: git
|
||||
- name: htop
|
||||
- name: iftop
|
||||
- name: lm-sensors
|
||||
- name: ncdu
|
||||
- name: net-tools
|
||||
- name: nmap
|
||||
- name: openssh-server
|
||||
- name: open-vm-tools
|
||||
- name: tmux
|
||||
- name: wget
|
||||
|
||||
ntp_timezone: "Europe/Oslo"
|
||||
|
||||
security_ssh_port: 22
|
||||
security_ssh_password_authentication: "no"
|
||||
security_ssh_permit_root_login: "no"
|
||||
security_ssh_usedns: "no"
|
||||
security_autoupdate_enabled: true
|
||||
security_fail2ban_enabled: true
|
||||
17
group_vars/docker.yml
Normal file
17
group_vars/docker.yml
Normal file
@ -0,0 +1,17 @@
|
||||
docker_install_compose: true
|
||||
docker_users:
|
||||
- "{{ main_username }}"
|
||||
|
||||
appdata_path: /opt/appdata
|
||||
global_env_vars:
|
||||
- "PUID={{ main_uid }}"
|
||||
- "PGID={{ main_gid }}"
|
||||
- "TZ={{ ntp_timezone }}"
|
||||
docker_compose_generator_uid: "{{ main_uid }}"
|
||||
docker_compose_generator_gid: "{{ main_gid }}"
|
||||
docker_compose_generator_output_path: /home/roxedus
|
||||
container_config_path: /config
|
||||
container_data_path: /data
|
||||
|
||||
docker_compose_file_mask: 0664
|
||||
docker_compose_directory_mask: 0775
|
||||
31
group_vars/edge.yml
Normal file
31
group_vars/edge.yml
Normal file
@ -0,0 +1,31 @@
|
||||
containers:
|
||||
- service_name: le
|
||||
active: true
|
||||
container_name: le
|
||||
image: linuxserver/letsencrypt
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- "{{ appdata_path }}/letsencrypt/config:/config"
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
include_global_env_vars: true
|
||||
environment:
|
||||
- EMAIL={{ secret_cloudflare.email }}
|
||||
- URL={{ DOMAIN }}
|
||||
- SUBDOMAINS=wildcard
|
||||
- ONLY_SUBDOMAINS=true
|
||||
- DHLEVEL=4096
|
||||
- VALIDATION=dns
|
||||
- DNSPLUGIN=cloudflare
|
||||
|
||||
- service_name: org
|
||||
active: false
|
||||
container_name: org
|
||||
image: organizr/organizr
|
||||
include_global_env_vars: true
|
||||
environment:
|
||||
- branch=dev
|
||||
- fpm=true
|
||||
2
group_vars/roxedus_xyz.yml
Normal file
2
group_vars/roxedus_xyz.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
DOMAIN: roxedus.xyz
|
||||
9
hosts
Normal file
9
hosts
Normal file
@ -0,0 +1,9 @@
|
||||
[roxedus_xyz]
|
||||
192.168.2.5
|
||||
|
||||
[docker]
|
||||
192.168.2.5
|
||||
#10.0.0.36
|
||||
|
||||
[edge]
|
||||
192.168.2.5
|
||||
6
requirements.yaml
Normal file
6
requirements.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
- src: geerlingguy.docker
|
||||
- src: geerlingguy.security
|
||||
- src: geerlingguy.ntp
|
||||
- src: grog.package
|
||||
- src: ironicbadger.ansible_role_docker_compose_generator
|
||||
- src: ironicbadger.ansible_role_nginx_configs
|
||||
15
roles/dock-cfddns/files/docker-compose.yml
Normal file
15
roles/dock-cfddns/files/docker-compose.yml
Normal file
@ -0,0 +1,15 @@
|
||||
# Ansible managed
|
||||
---
|
||||
version: "2"
|
||||
services:
|
||||
cfddns:
|
||||
image: hotio/cloudflare-ddns
|
||||
container_name: cfddns
|
||||
environment:
|
||||
- CF_USER={{ secret_cloudflare.email }}
|
||||
- CF_APIKEY={{ secret_cloudflare[DOMAIN].apikey }}
|
||||
- CF_ZONES={{ secret_cloudflare[DOMAIN].zones }}
|
||||
- CF_HOSTS=ddns.{{ DOMAIN }}
|
||||
- CF_RECORDTYPES=A
|
||||
- APPRISE=discord://{{ secret_discord_webook }}
|
||||
restart: always
|
||||
29
roles/dock-cfddns/tasks/main.yml
Normal file
29
roles/dock-cfddns/tasks/main.yml
Normal file
@ -0,0 +1,29 @@
|
||||
- name: Create cfddns directory
|
||||
file:
|
||||
path: "{{ appdata_path }}/cfddns"
|
||||
state: directory
|
||||
owner: "{{ main_username }}"
|
||||
mode: "{{ docker_compose_directory_mask }}"
|
||||
become: true
|
||||
|
||||
- name: Install cfddns compose file
|
||||
template:
|
||||
src: files/docker-compose.yml
|
||||
dest: "{{ appdata_path }}/cfddns/docker-compose.yml"
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ main_username }}"
|
||||
validate: docker-compose -f %s config
|
||||
register: compose_file
|
||||
become: true
|
||||
|
||||
- name: Cycle cfddns container
|
||||
docker_compose:
|
||||
project_src: "{{ appdata_path }}/cfddns"
|
||||
pull: true
|
||||
remove_orphans: true
|
||||
remove_volumes: true
|
||||
state: "{{ item }}"
|
||||
when: compose_file.changed
|
||||
loop:
|
||||
- absent
|
||||
- present
|
||||
37
run.yml
Normal file
37
run.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- hosts: all
|
||||
become: yes
|
||||
vars_files:
|
||||
- "vars/vault.yaml"
|
||||
roles:
|
||||
- role: geerlingguy.security
|
||||
- role: geerlingguy.ntp
|
||||
- role: grog.package
|
||||
tasks:
|
||||
- name: remove ubuntu motd spam
|
||||
become: true
|
||||
file:
|
||||
path: "/etc/update-motd.d/{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- 50-landscape-sysinfo
|
||||
- 80-livepatch
|
||||
- 95-hwe-eol
|
||||
- 10-help-text
|
||||
- 50-motd-news
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- hosts: docker
|
||||
become: yes
|
||||
vars_files:
|
||||
- "vars/vault.yaml"
|
||||
roles:
|
||||
- role: geerlingguy.docker
|
||||
|
||||
- hosts: edge
|
||||
become: yes
|
||||
vars_files:
|
||||
- "vars/vault.yaml"
|
||||
roles:
|
||||
- role: ironicbadger.ansible_role_docker_compose_generator
|
||||
- role: dock-cfddns
|
||||
21
vars/vault.yaml
Normal file
21
vars/vault.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66383734663630303361626461303332643532336364666666646333643738653634393261663066
|
||||
6663316433393663646138303839643430663065313362660a633839366337656636623236396465
|
||||
30666562356566323435646639333637323537353364613961626333343134326630313162353134
|
||||
3861353064313433610a373037326462353838333634373562323866386635386665383838616639
|
||||
31643537666336303933633436663237393135653437326334363238313833333032356465646264
|
||||
30383739356538383961623432326135643365343731643665303131346434393266346362663362
|
||||
37643265653234306631633135323935383634313932393164343562333933313433383763626362
|
||||
66636463353930313433336466393332356531656266346236366536383766356365306163333532
|
||||
37363737316661306332623931366536386366373036346663643135386531313866323566623430
|
||||
63366261303931666465366563396533623835396536633236646462343564326264303761323833
|
||||
38326165333532373635303063633266336231643538323238303932346136376534633037383135
|
||||
34366337346363653438616139623032366163366439313532633932306164633533313735643335
|
||||
64653636393363646437663232376366373765386465643733633164613661336366613763616532
|
||||
32643337653566346332356433393833356132333632356135373238306462623432396134386238
|
||||
31633164613563626666366536613863363334366463366539633939383938353234373865623164
|
||||
65366639333066383863343333323966343361336664346361353739343164353332663136306362
|
||||
35626532306537363536346663316366646534306435396536373435336633616538396334336239
|
||||
34383663303764663637326239396332396131646631393132323930656563343136633561333839
|
||||
37323662373663666564646131643430353761663363353130306333653764306631636461303438
|
||||
33623535363566356262
|
||||
Loading…
Reference in New Issue
Block a user