From f2929e7e6155eb8cbc28eacf9664e0a9eaa4d36f Mon Sep 17 00:00:00 2001 From: Roxedus Date: Tue, 21 Jul 2020 03:26:02 +0200 Subject: [PATCH] Initial commit --- .gitignore | 2 ++ README.md | 1 + ansible.cfg | 7 ++++ group_vars/all.yml | 31 ++++++++++++++++++ group_vars/docker.yml | 17 ++++++++++ group_vars/edge.yml | 31 ++++++++++++++++++ group_vars/roxedus_xyz.yml | 2 ++ hosts | 9 ++++++ requirements.yaml | 6 ++++ roles/dock-cfddns/files/docker-compose.yml | 15 +++++++++ roles/dock-cfddns/tasks/main.yml | 29 +++++++++++++++++ run.yml | 37 ++++++++++++++++++++++ vars/vault.yaml | 21 ++++++++++++ 13 files changed, 208 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 group_vars/all.yml create mode 100644 group_vars/docker.yml create mode 100644 group_vars/edge.yml create mode 100644 group_vars/roxedus_xyz.yml create mode 100644 hosts create mode 100644 requirements.yaml create mode 100644 roles/dock-cfddns/files/docker-compose.yml create mode 100644 roles/dock-cfddns/tasks/main.yml create mode 100644 run.yml create mode 100644 vars/vault.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ea0c7e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.vault_pass +/venv diff --git a/README.md b/README.md new file mode 100644 index 0000000..a7c3920 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +LabSetup diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..87d4ba4 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,7 @@ +[defaults] +#nocows = 1 +inventory = ./hosts +vault_password_file = .vault_pass + +[privilege_escalation] +#become_ask_pass = True \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..f978e55 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,31 @@ +--- +ansible_become_password: "{{ secret_sudo }}" + +main_username: roxedus +main_groupname: "{{ main_username }}" +main_uid: 1000 +main_gid: "{{ main_uid }}" + +package_list: + - name: bash-completion + - name: curl + - name: git + - name: htop + - name: iftop + - name: lm-sensors + - name: ncdu + - name: net-tools + - name: nmap + - name: openssh-server + - name: open-vm-tools + - name: tmux + - name: wget + +ntp_timezone: "Europe/Oslo" + +security_ssh_port: 22 +security_ssh_password_authentication: "no" +security_ssh_permit_root_login: "no" +security_ssh_usedns: "no" +security_autoupdate_enabled: true +security_fail2ban_enabled: true diff --git a/group_vars/docker.yml b/group_vars/docker.yml new file mode 100644 index 0000000..4fd4917 --- /dev/null +++ b/group_vars/docker.yml @@ -0,0 +1,17 @@ +docker_install_compose: true +docker_users: + - "{{ main_username }}" + +appdata_path: /opt/appdata +global_env_vars: + - "PUID={{ main_uid }}" + - "PGID={{ main_gid }}" + - "TZ={{ ntp_timezone }}" +docker_compose_generator_uid: "{{ main_uid }}" +docker_compose_generator_gid: "{{ main_gid }}" +docker_compose_generator_output_path: /home/roxedus +container_config_path: /config +container_data_path: /data + +docker_compose_file_mask: 0664 +docker_compose_directory_mask: 0775 \ No newline at end of file diff --git a/group_vars/edge.yml b/group_vars/edge.yml new file mode 100644 index 0000000..a2363d9 --- /dev/null +++ b/group_vars/edge.yml @@ -0,0 +1,31 @@ +containers: + - service_name: le + active: true + container_name: le + image: linuxserver/letsencrypt + ports: + - 80:80 + - 443:443 + volumes: + - "{{ appdata_path }}/letsencrypt/config:/config" + restart: always + cap_add: + - NET_ADMIN + include_global_env_vars: true + environment: + - EMAIL={{ secret_cloudflare.email }} + - URL={{ DOMAIN }} + - SUBDOMAINS=wildcard + - ONLY_SUBDOMAINS=true + - DHLEVEL=4096 + - VALIDATION=dns + - DNSPLUGIN=cloudflare + + - service_name: org + active: false + container_name: org + image: organizr/organizr + include_global_env_vars: true + environment: + - branch=dev + - fpm=true diff --git a/group_vars/roxedus_xyz.yml b/group_vars/roxedus_xyz.yml new file mode 100644 index 0000000..ac00e42 --- /dev/null +++ b/group_vars/roxedus_xyz.yml @@ -0,0 +1,2 @@ +--- +DOMAIN: roxedus.xyz diff --git a/hosts b/hosts new file mode 100644 index 0000000..c72f19c --- /dev/null +++ b/hosts @@ -0,0 +1,9 @@ +[roxedus_xyz] +192.168.2.5 + +[docker] +192.168.2.5 +#10.0.0.36 + +[edge] +192.168.2.5 diff --git a/requirements.yaml b/requirements.yaml new file mode 100644 index 0000000..7289fbd --- /dev/null +++ b/requirements.yaml @@ -0,0 +1,6 @@ +- src: geerlingguy.docker +- src: geerlingguy.security +- src: geerlingguy.ntp +- src: grog.package +- src: ironicbadger.ansible_role_docker_compose_generator +- src: ironicbadger.ansible_role_nginx_configs \ No newline at end of file diff --git a/roles/dock-cfddns/files/docker-compose.yml b/roles/dock-cfddns/files/docker-compose.yml new file mode 100644 index 0000000..e617daf --- /dev/null +++ b/roles/dock-cfddns/files/docker-compose.yml @@ -0,0 +1,15 @@ +# Ansible managed +--- +version: "2" +services: + cfddns: + image: hotio/cloudflare-ddns + container_name: cfddns + environment: + - CF_USER={{ secret_cloudflare.email }} + - CF_APIKEY={{ secret_cloudflare[DOMAIN].apikey }} + - CF_ZONES={{ secret_cloudflare[DOMAIN].zones }} + - CF_HOSTS=ddns.{{ DOMAIN }} + - CF_RECORDTYPES=A + - APPRISE=discord://{{ secret_discord_webook }} + restart: always diff --git a/roles/dock-cfddns/tasks/main.yml b/roles/dock-cfddns/tasks/main.yml new file mode 100644 index 0000000..5a61ad5 --- /dev/null +++ b/roles/dock-cfddns/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Create cfddns directory + file: + path: "{{ appdata_path }}/cfddns" + state: directory + owner: "{{ main_username }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install cfddns compose file + template: + src: files/docker-compose.yml + dest: "{{ appdata_path }}/cfddns/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ main_username }}" + validate: docker-compose -f %s config + register: compose_file + become: true + +- name: Cycle cfddns container + docker_compose: + project_src: "{{ appdata_path }}/cfddns" + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed + loop: + - absent + - present \ No newline at end of file diff --git a/run.yml b/run.yml new file mode 100644 index 0000000..ae54bdc --- /dev/null +++ b/run.yml @@ -0,0 +1,37 @@ +--- +- hosts: all + become: yes + vars_files: + - "vars/vault.yaml" + roles: + - role: geerlingguy.security + - role: geerlingguy.ntp + - role: grog.package + tasks: + - name: remove ubuntu motd spam + become: true + file: + path: "/etc/update-motd.d/{{ item }}" + state: absent + loop: + - 50-landscape-sysinfo + - 80-livepatch + - 95-hwe-eol + - 10-help-text + - 50-motd-news + when: ansible_distribution == 'Ubuntu' + +- hosts: docker + become: yes + vars_files: + - "vars/vault.yaml" + roles: + - role: geerlingguy.docker + +- hosts: edge + become: yes + vars_files: + - "vars/vault.yaml" + roles: + - role: ironicbadger.ansible_role_docker_compose_generator + - role: dock-cfddns diff --git a/vars/vault.yaml b/vars/vault.yaml new file mode 100644 index 0000000..cd661e1 --- /dev/null +++ b/vars/vault.yaml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.1;AES256 +66383734663630303361626461303332643532336364666666646333643738653634393261663066 +6663316433393663646138303839643430663065313362660a633839366337656636623236396465 +30666562356566323435646639333637323537353364613961626333343134326630313162353134 +3861353064313433610a373037326462353838333634373562323866386635386665383838616639 +31643537666336303933633436663237393135653437326334363238313833333032356465646264 +30383739356538383961623432326135643365343731643665303131346434393266346362663362 +37643265653234306631633135323935383634313932393164343562333933313433383763626362 +66636463353930313433336466393332356531656266346236366536383766356365306163333532 +37363737316661306332623931366536386366373036346663643135386531313866323566623430 +63366261303931666465366563396533623835396536633236646462343564326264303761323833 +38326165333532373635303063633266336231643538323238303932346136376534633037383135 +34366337346363653438616139623032366163366439313532633932306164633533313735643335 +64653636393363646437663232376366373765386465643733633164613661336366613763616532 +32643337653566346332356433393833356132333632356135373238306462623432396134386238 +31633164613563626666366536613863363334366463366539633939383938353234373865623164 +65366639333066383863343333323966343361336664346361353739343164353332663136306362 +35626532306537363536346663316366646534306435396536373435336633616538396334336239 +34383663303764663637326239396332396131646631393132323930656563343136633561333839 +37323662373663666564646131643430353761663363353130306333653764306631636461303438 +33623535363566356262