Initial commit

2020-07-21 03:26:02 +02:00 · 2020-07-21 03:26:02 +02:00 · f2929e7e61
commit f2929e7e61
13 changed files with 208 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .vault_pass
 /venv
--- a/README.md
+++ b/README.md
@ -0,0 +1 @@
 LabSetup
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,7 @@
 [defaults]
 #nocows = 1
 inventory = ./hosts
 vault_password_file = .vault_pass
 [privilege_escalation]
 #become_ask_pass = True
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -0,0 +1,31 @@
 ---
 ansible_become_password: "{{ secret_sudo }}"
 main_username: roxedus
 main_groupname: "{{ main_username }}"
 main_uid: 1000
 main_gid: "{{ main_uid }}"
 package_list:
    - name: bash-completion
    - name: curl
    - name: git
    - name: htop
    - name: iftop
    - name: lm-sensors
    - name: ncdu
    - name: net-tools
    - name: nmap
    - name: openssh-server
    - name: open-vm-tools
    - name: tmux
    - name: wget
 ntp_timezone: "Europe/Oslo"
 security_ssh_port: 22
 security_ssh_password_authentication: "no"
 security_ssh_permit_root_login: "no"
 security_ssh_usedns: "no"
 security_autoupdate_enabled: true
 security_fail2ban_enabled: true
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -0,0 +1,17 @@
 docker_install_compose: true
 docker_users:
    - "{{ main_username }}"
 appdata_path: /opt/appdata
 global_env_vars:
    - "PUID={{ main_uid }}"
    - "PGID={{ main_gid }}"
    - "TZ={{ ntp_timezone }}"
 docker_compose_generator_uid: "{{ main_uid }}"
 docker_compose_generator_gid: "{{ main_gid }}"
 docker_compose_generator_output_path: /home/roxedus
 container_config_path: /config
 container_data_path: /data
 docker_compose_file_mask: 0664
 docker_compose_directory_mask: 0775
--- a/group_vars/edge.yml
+++ b/group_vars/edge.yml
@ -0,0 +1,31 @@
 containers:
  - service_name: le
    active: true
    container_name: le
    image: linuxserver/letsencrypt
    ports:
      - 80:80
      - 443:443
    volumes:
      - "{{ appdata_path }}/letsencrypt/config:/config"
    restart: always
    cap_add:
      - NET_ADMIN
    include_global_env_vars: true
    environment:
      - EMAIL={{ secret_cloudflare.email }}
      - URL={{ DOMAIN }}
      - SUBDOMAINS=wildcard
      - ONLY_SUBDOMAINS=true
      - DHLEVEL=4096
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
  - service_name: org
    active: false
    container_name: org
    image: organizr/organizr
    include_global_env_vars: true
    environment:
      - branch=dev
      - fpm=true
--- a/group_vars/roxedus_xyz.yml
+++ b/group_vars/roxedus_xyz.yml
@ -0,0 +1,2 @@
 ---
 DOMAIN: roxedus.xyz
--- a/9
+++ b/9
@ -0,0 +1,9 @@
 [roxedus_xyz]
 192.168.2.5
 [docker]
 192.168.2.5
 #10.0.0.36
 [edge]
 192.168.2.5
--- a/requirements.yaml
+++ b/requirements.yaml
@ -0,0 +1,6 @@
 - src: geerlingguy.docker
 - src: geerlingguy.security
 - src: geerlingguy.ntp
 - src: grog.package
 - src: ironicbadger.ansible_role_docker_compose_generator
 - src: ironicbadger.ansible_role_nginx_configs
--- a/roles/dock-cfddns/files/docker-compose.yml
+++ b/roles/dock-cfddns/files/docker-compose.yml
@ -0,0 +1,15 @@
 # Ansible managed
 ---
 version: "2"
 services:
  cfddns:
    image: hotio/cloudflare-ddns
    container_name: cfddns
    environment:
      - CF_USER={{ secret_cloudflare.email }}
      - CF_APIKEY={{ secret_cloudflare[DOMAIN].apikey }}
      - CF_ZONES={{ secret_cloudflare[DOMAIN].zones }}
      - CF_HOSTS=ddns.{{ DOMAIN }}
      - CF_RECORDTYPES=A
      - APPRISE=discord://{{ secret_discord_webook }}
    restart: always
--- a/roles/dock-cfddns/tasks/main.yml
+++ b/roles/dock-cfddns/tasks/main.yml
@ -0,0 +1,29 @@
 - name: Create cfddns directory
  file:
    path: "{{ appdata_path }}/cfddns"
    state: directory
    owner: "{{ main_username }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install cfddns compose file
  template:
    src: files/docker-compose.yml
    dest: "{{ appdata_path }}/cfddns/docker-compose.yml"
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ main_username }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: Cycle cfddns container
  docker_compose:
    project_src: "{{ appdata_path }}/cfddns"
    pull: true
    remove_orphans: true
    remove_volumes: true
    state: "{{ item }}"
  when: compose_file.changed
  loop:
    - absent
    - present
--- a/run.yml
+++ b/run.yml
@ -0,0 +1,37 @@
 ---
 - hosts: all
  become: yes
  vars_files:
    - "vars/vault.yaml"
  roles:
    - role: geerlingguy.security
    - role: geerlingguy.ntp
    - role: grog.package
  tasks:
    - name: remove ubuntu motd spam
      become: true
      file:
        path: "/etc/update-motd.d/{{ item }}"
        state: absent
      loop:
        - 50-landscape-sysinfo
        - 80-livepatch
        - 95-hwe-eol
        - 10-help-text
        - 50-motd-news
      when: ansible_distribution == 'Ubuntu'
 - hosts: docker
  become: yes
  vars_files:
    - "vars/vault.yaml"
  roles:
    - role: geerlingguy.docker
 - hosts: edge
  become: yes
  vars_files:
    - "vars/vault.yaml"
  roles:
    - role: ironicbadger.ansible_role_docker_compose_generator
    - role: dock-cfddns
--- a/vars/vault.yaml
+++ b/vars/vault.yaml
@ -0,0 +1,21 @@
 $ANSIBLE_VAULT;1.1;AES256
 66383734663630303361626461303332643532336364666666646333643738653634393261663066
 6663316433393663646138303839643430663065313362660a633839366337656636623236396465
 30666562356566323435646639333637323537353364613961626333343134326630313162353134
 3861353064313433610a373037326462353838333634373562323866386635386665383838616639
 31643537666336303933633436663237393135653437326334363238313833333032356465646264
 30383739356538383961623432326135643365343731643665303131346434393266346362663362
 37643265653234306631633135323935383634313932393164343562333933313433383763626362
 66636463353930313433336466393332356531656266346236366536383766356365306163333532
 37363737316661306332623931366536386366373036346663643135386531313866323566623430
 63366261303931666465366563396533623835396536633236646462343564326264303761323833
 38326165333532373635303063633266336231643538323238303932346136376534633037383135
 34366337346363653438616139623032366163366439313532633932306164633533313735643335
 64653636393363646437663232376366373765386465643733633164613661336366613763616532
 32643337653566346332356433393833356132333632356135373238306462623432396134386238
 31633164613563626666366536613863363334366463366539633939383938353234373865623164
 65366639333066383863343333323966343361336664346361353739343164353332663136306362
 35626532306537363536346663316366646534306435396536373435336633616538396334336239
 34383663303764663637326239396332396131646631393132323930656563343136633561333839
 37323662373663666564646131643430353761663363353130306333653764306631636461303438
 33623535363566356262