vincent/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

resolv conflict

Browse Source
This commit is contained in:
vincent 2019-04-14 19:52:28 +02:00
commit 218e0f3afa
23 changed files with 289 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,2 @@
*.retry
*.retry
.vaultpassword

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "library/ansible-aur"]
path = library/ansible-aur
url = https://github.com/pigmonkey/ansible-aur.git

52
README.md
View File

@ -3,13 +3,16 @@
## commande ansible
***launch playbook on staging***
`ansible-playbook -i staging site.yml --ask-become-pass`
`ansible-playbook -i staging site.yml --vault-password-file=.vaultpassword`
***init new role architecture***
`ansible-galaxy user_config init `
***launch ansible bootstrap***
` ansible-playbook -i staging bootstrap.yml -u root --ask-pass`
` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass`
***encrypt string***
`ansible-vault encrypt_string`
## Prerequis
@ -35,11 +38,15 @@
- create user
- copy clé RSA
- [ ] autofs role
- [x] samba automount role
- géré les credential en fichier
- initialisé les variable pour les diferent périphérique
- [ ] VM server
- [x] davfs mount
- [x] VM server
- [x] syncthing role
### Workstation roles
@ -50,32 +57,35 @@
- install ansible aur module
- clone ansible repo
- [ ] workstation role
- install wm software
- install worstation software (firefox keepass,pulseaudio,ncmpcc)
- [ ] grubtheme
- [ ] syncthing role
- [x] workstation role
- -need to check for nvidia drver
- [x] cups
- [x] bluetooth et tlp pour laptop
- [x] grubtheme
### Server Roles
- [server role]
- cron
- ssmtp
- controle du reboot
- terminfo
- [ ] rsyncd role
- server role
- [x] cron
- [x] ssmtp
- [ ] backup role?
- [x] rsyncd role
- [ ] ssmtp role
- [x] failtoban role
- [ ] nginx/php role
- install
- config
- [ ] dns role
-slave/primary
- [ ] mariadb role
- install
- config
@ -83,6 +93,7 @@
- [ ] tt-rss role
- depend nginx & madiadb role
- fail2ban jail
- [ ] gitea role
- depend of mariadb role
@ -90,6 +101,11 @@
- [ ] dns role
-slave/primary
- [ ] backup role?
- controle du reboot
#### global improvment
- voir pour compatibiliser debian

2
bootstrap.yml
View File

@ -1,5 +1,5 @@
---
- hosts: nas
- hosts: all
gather_facts: no
roles:
- ansible_bootstrap

6
global.yml Normal file
View File

@ -0,0 +1,6 @@
---
- hosts: all
roles:
- system
- autofs
- syncthing

2
group_vars/all
View File

@ -1,2 +0,0 @@
##ansible_python_interpreter: /usr/bin/python2
username: 'vincent'

8
group_vars/all/all Normal file
View File

@ -0,0 +1,8 @@
##ansible_python_interpreter: /usr/bin/python2
user:
name: vincent
uid: 1024
mail: vincent@ducamps.win
domain:
name: ducamps.win

10
group_vars/all/all_vault Normal file
View File

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
36336139353839303537376234623535363838613761633137633166636261353862643935393563
6363356531376261333364306238343961343435336637380a623134636661326262623635326266
62623433343939353866373365343966656533376230323835313131326130326265316364336537
6332306265643336630a326530656536373662613636353735666164326461333232363534316564
36643333636464663734666364366436366235326136313134393965626636643034396662383261
34363236653530326635303239643166313966363062333534616332383736626430346633396438
61353964643930353731316664393534356366373563326337303964323366333733386134646337
31303736383735366662323637336635656161376337313563386438376136653365656433663336
3530

88
group_vars/server
View File

@ -0,0 +1,88 @@
systemd_mounts:
diskstation_git:
share: 192.168.1.10:/volume1/git
mount: /mnt/diskstation/git
type: nfs
options:
- " "
automount: true
backup_disk:
share: /dev/sda1
mount: /mnt/backup
type: ntfs-3g
options:
- uid=1024
- guid=100
automount: true
systemd_mounts_enabled:
- diskstation_git
- backup_disk
syncthing_address: "{{inventory_hostname}}:8384"
syncthing_gui_user: "{{user.name}}"
syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2
notification_mail: "{{ user.mail }}"
ssmtp_mailhub: smtp.{{ domain.name }}:587
ssmtp_hostname: "{{ domain.name }}"
ssmtp_auth_user: "{{ user.mail }}"
ssmtp_auth_pass: "{{ vault_default_password }}"
rsynclocations:
- name: backup nas
location: /mnt/backup
readonly: "no"
rsynchostalloawed: 192.168.1.10
fail2ban_destmail: "{{ user.mail }}"
fail2ban_sendmail: "{{ user.mail }}"
Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
Gandi_Domain: "{{ domain.name }}"
Gandi_Record: www
nginx_vhosts:
- listen: "80"
server_name: "localhost"
root: "/usr/share/nginx/html/"
error_page: "404 /404/404.html"
filename: "default.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location =/ {
rewrite ^ /starter;
}
location / {
index index.php index.html index.htm ;
default_type text/html;
}
location ~ \.php$ {
# try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 800;
fastcgi_index index.php;
include fastcgi_params;
}
nginx_realIP_Proxy: 192.168.1.10/24
php_extention_enable:
- iconv
- mysqli
- pdo_mysql
- soap

73
group_vars/workstation
View File

@ -4,73 +4,72 @@ systemd_mounts:
mount: /mnt/diskstation/media
type: cifs
options:
- rw
- credentials=/etc/creds/.diskstation_credentials
- uid=1000
- uid=1024
- gid=100
automount: true
diskstation_music:
share: //diskstation/music
mount: /mnt/diskstation/music
type: cifs
options:
- rw
- credentials=/etc/creds/.diskstation_credentials
- uid=1000
- uid=1024
- gid=100
automount: true
diskstation_ebook:
share: //diskstation/ebook
mount: /mnt/diskstation/ebook
diskstation_home:
share: //diskstation/homes/admin
mount: /mnt/diskstation/home
type: cifs
options:
- rw
- credentials=/etc/creds/.diskstation_credentials
- uid=1000
automount: true
- uid=1024
- gid=100
automount: true
diskstation_photo:
share: //diskstation/photo
mount: /mnt/diskstation/photo
type: cifs
options:
-rw
- credentials=/etc/creds/.diskstation_credentials
- uid=1000
- uid=1024
- gid=100
automount: true
diskstation_home:
share: //diskstation/home
mount: /mnt/diskstation/home
diskstation_ebook:
share: //diskstation/ebook
mount: /mnt/diskstation/ebook
type: cifs
options:
- rw
- credentials=/etc/creds/.diskstation_credentials
- uid=1000
- uid=1024
- gid=100
automount: true
diskstation_keepass:
share: https://diskstation.ducamps.win\:5006/home/keepass
davfs_share:
share: https://diskstation.ducamps.win:5006/home/keepass
mount: /mnt/diskstation/keepass
type: davfs
options:
- rw
- uid=1000
automount: true
share_credential_file:
samba_dikstation:
path: /etc/creds/.diskstation_credentials
content:
- username=admin
- password=XiEhusW6
- domain=WORKGROUP
davfs:
path: /etc/creds/.diskstation_credentials
content:
- https://diskstation.ducamps.win:5006/home/keepass admin XiEhusW6
- uid=1024
automount: true
systemd_mounts_enabled:
- diskstation_media
- diskstation_music
- diskstation_ebook
- davfs_share
- diskstation_photo
- diskstation_home
- diskstation_keepass
credentials_files:
1:
type: smb
path: /etc/creds/.diskstation_credentials
username: admin
password: "{{ vault_default_password }}"
2:
type: davfs
path: /etc/davfs2/secrets
adress: https://diskstation.ducamps.win:5006/home/keepass
username: admin
password: "{{ vault_default_password }}"

6
host_vars/fixe-pc
View File

@ -1,2 +1,6 @@
##ansible_python_interpreter: /usr/bin/python2
music_directory: '/mnt/diskstation/music'
music_directory: '/mnt/diskstation/music'
gpu:
nvidia: true
bumblebee: false

6
host_vars/pi2
View File

@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
61393533323364663463346439613732316134373930616464613930383831653263633831303261
6162336166663662373062653038643136376137303336390a616231396334333137313065323635
31616164393831373838376532616532316136306639383832666234666565336330313336313163
3836626539323630620a343036373533306635373032626466333132326635633937343562323461
37343534386430313439356432366134353666633865383838373234373437653965

3
host_vars/zen-pc Normal file
View File

@ -0,0 +1,3 @@
gpu:
nvidia: true
bumblebee: true

1
library/ansible-aur Submodule

@ -0,0 +1 @@
Subproject commit 9761bfd931b2f8abb830ad48a8fefd87c12e723f

2
production
View File

@ -5,3 +5,5 @@ pi2
fixe-pc
zen-pc
[laptop]
zen-pc

5
roles/ssmtp/defaults/main.yml
View File

@ -0,0 +1,5 @@
notification_mail: vincent@ducamps.win
ssmtp_mailhub: smtp.ducamps.win:587
ssmtp_hostname: ducamps.win
ssmtp_auth_user: vincent@ducamps.win
ssmtp_auth_pass: the_mandrill_api_key

35
roles/ssmtp/tasks/main.yml
View File

@ -0,0 +1,35 @@
- name: Install SSMTP
aur: name=ssmtp skip_installed=yes
become_user: aur_builder
- name: Set up ssmtp.conf
template:
src: ssmtp_conf.j2
dest: /etc/ssmtp/ssmtp.conf
owner: root
group: mail
mode: 0640
become: yes
- name: Set up revaliases
template:
src: revaliases.j2
dest: /etc/ssmtp/revaliases
owner: root
group: mail
mode: 0640
become: yes
- name: set right on /usr/sbin/ssmtp
file:
path: /usr/sbin/ssmtp # required. Path to the file being managed.
group: mail # not required. Name of the group that should own the file/directory, as would be fed to I(chown).
mode: 2711 # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).
owner: root # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
become: yes
#sudo chown root:mail /usr/sbin/ssmtp /etc/ssmtp{,/{ssmtp.conf,revaliases}}
#sudo chmod 2711 /usr/sbin/ssmtp
#sudo chmod o-rwx /etc/ssmtp /etc/ssmtp/ssmtp.conf;

3
roles/ssmtp/templates/revaliases.j2 Normal file
View File

@ -0,0 +1,3 @@
root:{{ notification_mail }}:{{ ssmtp_mailhub }}
{{ user.name }}:{{ notification_mail }}:{{ ssmtp_mailhub }}

12
roles/ssmtp/templates/ssmtp_conf.j2 Normal file
View File

@ -0,0 +1,12 @@
# ---- basic config
root={{notification_mail}}
AuthMethod=LOGIN
UseSTARTTLS=Yes
UseTLS=NO
hostname={{ssmtp_hostname}}
FromLineOverride=Yes
AuthUser={{ ssmtp_auth_user }}
mailhub={{ ssmtp_mailhub }}
AuthPass={{ ssmtp_auth_pass }}

19
server.yml
View File

@ -1,10 +1,23 @@
---
- hosts: server
tasks:
- name: install terminfo
pacman:
state: present # not required. choices: absent;latest;present. Desired state of the package.
name:
- termite-terminfo # not required. Name or list of names of the packages to install, upgrade, or remove.
become: yes
roles:
- system
- autofs
- dns
- ssmtp
- cronie
- rsyncd
- gandi-dyn-dns
- fail2ban
- dns
- {role: nginx, become: yes }
- php
- tt-rss
- gitea
- user_config

1
site.yml
View File

@ -1,3 +1,4 @@
---
- import_playbook: global.yml
- import_playbook: server.yml
- import_playbook: workstation.yml

9
staging
View File

@ -1,5 +1,12 @@
---
[workstation]
nas
arch2
debian
[laptop]
arch2
[server]
nas

13
workstation.yml
View File

@ -1,10 +1,17 @@
---
- hosts: workstation
roles:
- system
- user_config
- ansible-manager
- autofs
- mpd
- virt
- workstation
- cups
- grub_themes
- nvidia
- hosts: laptop
roles:
- laptop
- bluetooth
# - Windows_manager
# - Windows_manager