From 0f57a74c7573d30441b0001439415c74dc2d9cf5 Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 7 Feb 2019 20:31:30 +0100 Subject: [PATCH 01/27] =?UTF-8?q?Mettre=20=C3=A0=20jour=20'README.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 51fd184..fb4952e 100644 --- a/README.md +++ b/README.md @@ -35,10 +35,12 @@ - create user - copy clé RSA -- [ ] autofs role +- [ ] samba automount role - géré les credential en fichier - initialisé les variable pour les diferent périphérique +- - [ ] davfs mount + - [ ] VM server ### Workstation roles From 7cb41fa1056a637ba9adb0fdbe67e08ef19879b9 Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 4 Apr 2019 20:34:15 +0200 Subject: [PATCH 02/27] =?UTF-8?q?Mettre=20=C3=A0=20jour=20'README.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fb4952e..4718d93 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ - géré les credential en fichier - initialisé les variable pour les diferent périphérique -- - [ ] davfs mount +- [ ] davfs mount - [ ] VM server @@ -91,6 +91,8 @@ - [ ] dns role -slave/primary + +- [ ] failtoban role #### global improvment From bce7456502de950cf7b13d7c782f71477bea9944 Mon Sep 17 00:00:00 2001 From: vincent Date: Mon, 8 Apr 2019 23:09:14 +0200 Subject: [PATCH 03/27] complete variable for autofs --- README.md | 10 ++++-- group_vars/workstation | 74 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 76 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 4718d93..230ef19 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ## commande ansible ***launch playbook on staging*** -`ansible-playbook -i staging site.yml --ask-become-pass` +`ansible-playbook -i staging site.yml --ask-become-pass --ask-vault-pass` ***init new role architecture*** `ansible-galaxy user_config init ` @@ -35,11 +35,13 @@ - create user - copy clé RSA -- [ ] samba automount role +- [X] samba automount role - géré les credential en fichier - initialisé les variable pour les diferent périphérique -- [ ] davfs mount +- [X] davfs mount + + - [ ] VM server @@ -53,6 +55,8 @@ - clone ansible repo - [ ] workstation role + - cups + - bluetooth et tlp pour laptop - install wm software - install worstation software (firefox keepass,pulseaudio,ncmpcc) diff --git a/group_vars/workstation b/group_vars/workstation index 9b4aced..235edf8 100644 --- a/group_vars/workstation +++ b/group_vars/workstation @@ -4,20 +4,84 @@ systemd_mounts: mount: /mnt/diskstation/media type: cifs options: - - user=admin - - password= + - credentials=/etc/creds/.diskstation_credentials - uid=1024 + - gid=100 automount: true diskstation_music: share: //diskstation/music mount: /mnt/diskstation/music type: cifs options: - - user=admin - - password=XiEhusW6 + - credentials=/etc/creds/.diskstation_credentials - uid=1024 + - gid=100 automount: true + diskstation_home: + share: //diskstation/homes/admin + mount: /mnt/diskstation/home + type: cifs + options: + - credentials=/etc/creds/.diskstation_credentials + - uid=1024 + - gid=100 + automount: true + diskstation_photo: + share: //diskstation/photo + mount: /mnt/diskstation/photo + type: cifs + options: + - credentials=/etc/creds/.diskstation_credentials + - uid=1024 + - gid=100 + automount: true + diskstation_ebook: + share: //diskstation/ebook + mount: /mnt/diskstation/ebook + type: cifs + options: + - credentials=/etc/creds/.diskstation_credentials + - uid=1024 + - gid=100 + automount: true + davfs_share: + share: https://diskstation.ducamps.win:5006/home/keepass + mount: /mnt/diskstation/keepass + type: davfs + options: + - uid=1024 + automount: true + systemd_mounts_enabled: - diskstation_media - - diskstation_music \ No newline at end of file + - diskstation_music + - diskstation_ebook + - davfs_share + - diskstation_photo + - diskstation_home + +credentials_files: + 1: + type: smb + path: /etc/creds/.diskstation_credentials + username: admin + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30633733333935656635616232623338613638616139303366313330366562323830613032383366 + 3735306661306437626361653035326462633330643362300a366432393730653561363431313930 + 64613130396636656461346164643033353735313363336638663331393532626132633233373330 + 6332616435643530320a636366323634363363636566363665393064376138653666623563326330 + 3536 + 2: + type: davfs + path: /etc/davfs2/secrets + adress: https://diskstation.ducamps.win:5006/home/keepass + username: admin + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30633733333935656635616232623338613638616139303366313330366562323830613032383366 + 3735306661306437626361653035326462633330643362300a366432393730653561363431313930 + 64613130396636656461346164643033353735313363336638663331393532626132633233373330 + 6332616435643530320a636366323634363363636566363665393064376138653666623563326330 + 3536 From 8ecff2dee75f420f9d50f510ac77aaa5d400c6c2 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 16:33:56 +0200 Subject: [PATCH 04/27] add new role skel --- host_vars/zen-pc | 0 roles/vmserver/defaults/main.yml | 2 ++ roles/vmserver/handlers/main.yml | 2 ++ roles/vmserver/meta/main.yml | 60 ++++++++++++++++++++++++++++++++ roles/vmserver/tasks/main.yml | 2 ++ roles/vmserver/vars/main.yml | 2 ++ 6 files changed, 68 insertions(+) create mode 100644 host_vars/zen-pc create mode 100644 roles/vmserver/defaults/main.yml create mode 100644 roles/vmserver/handlers/main.yml create mode 100644 roles/vmserver/meta/main.yml create mode 100644 roles/vmserver/tasks/main.yml create mode 100644 roles/vmserver/vars/main.yml diff --git a/host_vars/zen-pc b/host_vars/zen-pc new file mode 100644 index 0000000..e69de29 diff --git a/roles/vmserver/defaults/main.yml b/roles/vmserver/defaults/main.yml new file mode 100644 index 0000000..f480af5 --- /dev/null +++ b/roles/vmserver/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for vmserver \ No newline at end of file diff --git a/roles/vmserver/handlers/main.yml b/roles/vmserver/handlers/main.yml new file mode 100644 index 0000000..03a39d1 --- /dev/null +++ b/roles/vmserver/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for vmserver \ No newline at end of file diff --git a/roles/vmserver/meta/main.yml b/roles/vmserver/meta/main.yml new file mode 100644 index 0000000..5d50bf4 --- /dev/null +++ b/roles/vmserver/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/roles/vmserver/tasks/main.yml b/roles/vmserver/tasks/main.yml new file mode 100644 index 0000000..b663c0b --- /dev/null +++ b/roles/vmserver/tasks/main.yml @@ -0,0 +1,2 @@ +--- +# tasks file for vmserver \ No newline at end of file diff --git a/roles/vmserver/vars/main.yml b/roles/vmserver/vars/main.yml new file mode 100644 index 0000000..173bb48 --- /dev/null +++ b/roles/vmserver/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for vmserver \ No newline at end of file From 61b62727361db45e6588bb273573092b67c11b74 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 16:34:35 +0200 Subject: [PATCH 05/27] improve bootstrap --- README.md | 11 +++++------ bootstrap.yml | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 230ef19..415d909 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,14 @@ ## commande ansible ***launch playbook on staging*** -`ansible-playbook -i staging site.yml --ask-become-pass --ask-vault-pass` +`ansible-playbook -i staging site.yml --ask-vault-pass` ***init new role architecture*** `ansible-galaxy user_config init ` ***launch ansible bootstrap*** -` ansible-playbook -i staging bootstrap.yml -u root --ask-pass` +` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass` + ## Prerequis @@ -41,10 +42,10 @@ - [X] davfs mount - - - [ ] VM server +- [ ] syncthing role + ### Workstation roles - [x] mpd role @@ -62,8 +63,6 @@ - [ ] grubtheme -- [ ] syncthing role - ### Server Roles diff --git a/bootstrap.yml b/bootstrap.yml index d6e5265..d468bb0 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -1,5 +1,5 @@ --- -- hosts: nas +- hosts: all gather_facts: no roles: - ansible_bootstrap From 97d4d1ed50b5faa0a4fdd8ea575cbad9186464d3 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 16:35:17 +0200 Subject: [PATCH 06/27] litle change --- workstation.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/workstation.yml b/workstation.yml index fa04dbf..5f2a58d 100644 --- a/workstation.yml +++ b/workstation.yml @@ -7,4 +7,8 @@ - autofs - mpd - # - Windows_manager + +- hosts: laptop + roles: + +# - Windows_manager From 0527bfe0522def83e802824ebecfbb39957fae76 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 16:35:41 +0200 Subject: [PATCH 07/27] add server mount varible --- group_vars/server | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/group_vars/server b/group_vars/server index e69de29..86814d1 100644 --- a/group_vars/server +++ b/group_vars/server @@ -0,0 +1,21 @@ +systemd_mounts: + diskstation_git: + share: 192.168.1.10:/volume1/git + mount: /mnt/diskstation/git + type: nfs + options: + - " " + automount: true + backup_disk: + share: /dev/sda1 + mount: /mnt/backup + type: nfs + options: + - uid=1024 + - guid=100 + automount: true + +systemd_mounts_enabled: + - diskstation_git + - backup_disk + \ No newline at end of file From 8f30c78e36ab3a83e90d72d4a07154a445429423 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 16:35:56 +0200 Subject: [PATCH 08/27] modif inventory file --- production | 2 ++ staging | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/production b/production index e2ee712..d0c1c7a 100644 --- a/production +++ b/production @@ -5,3 +5,5 @@ pi2 fixe-pc zen-pc +[laptop] +zen-pc \ No newline at end of file diff --git a/staging b/staging index 28cc320..890b7a2 100644 --- a/staging +++ b/staging @@ -1,5 +1,12 @@ --- [workstation] -nas +arch2 debian +[laptop] +arch2 + +[server] +nas + + From 0c6fa96c36ed393e65783b8ce4b35ed16c07a0a7 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 17:03:13 +0200 Subject: [PATCH 09/27] add global playbook --- global.yml | 5 +++++ server.yml | 2 -- site.yml | 1 + workstation.yml | 2 -- 4 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 global.yml diff --git a/global.yml b/global.yml new file mode 100644 index 0000000..6acfb50 --- /dev/null +++ b/global.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + roles: + - system + - autofs \ No newline at end of file diff --git a/server.yml b/server.yml index 776ef49..4957eb4 100644 --- a/server.yml +++ b/server.yml @@ -1,8 +1,6 @@ --- - hosts: server roles: - - system - - autofs - dns - ssmtp - tt-rss diff --git a/site.yml b/site.yml index f4acb87..e128065 100644 --- a/site.yml +++ b/site.yml @@ -1,3 +1,4 @@ --- +- import_playbook: global.yml - import_playbook: server.yml - import_playbook: workstation.yml \ No newline at end of file diff --git a/workstation.yml b/workstation.yml index 5f2a58d..2268c5e 100644 --- a/workstation.yml +++ b/workstation.yml @@ -1,10 +1,8 @@ --- - hosts: workstation roles: - - system - user_config - ansible-manager - - autofs - mpd From f0e65364a9a47c47a7f3c9d96bf27ef72321acd5 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 17:39:04 +0200 Subject: [PATCH 10/27] add vault file --- .gitignore | 3 ++- README.md | 4 +++- group_vars/{ => all}/all | 0 group_vars/all/all_vault | 7 +++++++ group_vars/workstation | 16 ++-------------- 5 files changed, 14 insertions(+), 16 deletions(-) rename group_vars/{ => all}/all (100%) create mode 100644 group_vars/all/all_vault diff --git a/.gitignore b/.gitignore index 2d50efe..c43575e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -*.retry \ No newline at end of file +*.retry +.vaultpassword \ No newline at end of file diff --git a/README.md b/README.md index 415d909..98653fc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ## commande ansible ***launch playbook on staging*** -`ansible-playbook -i staging site.yml --ask-vault-pass` +`ansible-playbook -i staging site.yml --vault-password-file=.vaultpassword` ***init new role architecture*** `ansible-galaxy user_config init ` @@ -11,6 +11,8 @@ ***launch ansible bootstrap*** ` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass` +*** encrypt string** +` ansible-vault encrypt_string ` ## Prerequis diff --git a/group_vars/all b/group_vars/all/all similarity index 100% rename from group_vars/all rename to group_vars/all/all diff --git a/group_vars/all/all_vault b/group_vars/all/all_vault new file mode 100644 index 0000000..9f3fb6a --- /dev/null +++ b/group_vars/all/all_vault @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +37316536616233313365623539323834623836653839376231383563323639616331386164343832 +3665663937376437323236396237616339616538643635610a643439343365613139623964623831 +66616430623239363436656538306232373339303737613531326463623662383566363662333230 +6338623736373834660a653136373963346265376639663836323537666332393831386662396361 +66396432393131373830666532646530393038353333663936613533363833343264326263326665 +6233323135383039626138656339363739643463373438353234 diff --git a/group_vars/workstation b/group_vars/workstation index 235edf8..dd4dbe5 100644 --- a/group_vars/workstation +++ b/group_vars/workstation @@ -66,22 +66,10 @@ credentials_files: type: smb path: /etc/creds/.diskstation_credentials username: admin - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30633733333935656635616232623338613638616139303366313330366562323830613032383366 - 3735306661306437626361653035326462633330643362300a366432393730653561363431313930 - 64613130396636656461346164643033353735313363336638663331393532626132633233373330 - 6332616435643530320a636366323634363363636566363665393064376138653666623563326330 - 3536 + password: "{{ vault_default_password }}" 2: type: davfs path: /etc/davfs2/secrets adress: https://diskstation.ducamps.win:5006/home/keepass username: admin - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30633733333935656635616232623338613638616139303366313330366562323830613032383366 - 3735306661306437626361653035326462633330643362300a366432393730653561363431313930 - 64613130396636656461346164643033353735313363336638663331393532626132633233373330 - 6332616435643530320a636366323634363363636566363665393064376138653666623563326330 - 3536 + password: "{{ vault_default_password }}" \ No newline at end of file From d6bfc778235e2699240135c1feb4539f3eb1ef88 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 19:42:12 +0200 Subject: [PATCH 11/27] role virt --- README.md | 5 +-- global.yml | 3 +- roles/vmserver/defaults/main.yml | 2 -- roles/vmserver/handlers/main.yml | 2 -- roles/vmserver/meta/main.yml | 60 -------------------------------- roles/vmserver/tasks/main.yml | 2 -- roles/vmserver/vars/main.yml | 2 -- workstation.yml | 2 +- 8 files changed, 6 insertions(+), 72 deletions(-) delete mode 100644 roles/vmserver/defaults/main.yml delete mode 100644 roles/vmserver/handlers/main.yml delete mode 100644 roles/vmserver/meta/main.yml delete mode 100644 roles/vmserver/tasks/main.yml delete mode 100644 roles/vmserver/vars/main.yml diff --git a/README.md b/README.md index 98653fc..bc25535 100644 --- a/README.md +++ b/README.md @@ -58,11 +58,12 @@ - clone ansible repo - [ ] workstation role - - cups - - bluetooth et tlp pour laptop - install wm software - install worstation software (firefox keepass,pulseaudio,ncmpcc) +- [ ] cups +- [ ] bluetooth et tlp pour laptop + - [ ] grubtheme diff --git a/global.yml b/global.yml index 6acfb50..020dcaf 100644 --- a/global.yml +++ b/global.yml @@ -2,4 +2,5 @@ - hosts: all roles: - system - - autofs \ No newline at end of file + - autofs + \ No newline at end of file diff --git a/roles/vmserver/defaults/main.yml b/roles/vmserver/defaults/main.yml deleted file mode 100644 index f480af5..0000000 --- a/roles/vmserver/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for vmserver \ No newline at end of file diff --git a/roles/vmserver/handlers/main.yml b/roles/vmserver/handlers/main.yml deleted file mode 100644 index 03a39d1..0000000 --- a/roles/vmserver/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for vmserver \ No newline at end of file diff --git a/roles/vmserver/meta/main.yml b/roles/vmserver/meta/main.yml deleted file mode 100644 index 5d50bf4..0000000 --- a/roles/vmserver/meta/main.yml +++ /dev/null @@ -1,60 +0,0 @@ -galaxy_info: - author: your name - description: your description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) - - min_ansible_version: 2.4 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. \ No newline at end of file diff --git a/roles/vmserver/tasks/main.yml b/roles/vmserver/tasks/main.yml deleted file mode 100644 index b663c0b..0000000 --- a/roles/vmserver/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# tasks file for vmserver \ No newline at end of file diff --git a/roles/vmserver/vars/main.yml b/roles/vmserver/vars/main.yml deleted file mode 100644 index 173bb48..0000000 --- a/roles/vmserver/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for vmserver \ No newline at end of file diff --git a/workstation.yml b/workstation.yml index 2268c5e..e344e7b 100644 --- a/workstation.yml +++ b/workstation.yml @@ -4,7 +4,7 @@ - user_config - ansible-manager - mpd - + - virt - hosts: laptop roles: From c96e2f2e71e4ac3c333ed383af22b1fd51e7c11d Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 22:17:14 +0200 Subject: [PATCH 12/27] =?UTF-8?q?Mettre=20=C3=A0=20jour=20'README.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index bc25535..fd80fa6 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ ***launch ansible bootstrap*** ` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass` -*** encrypt string** +*** encrypt string*** ` ansible-vault encrypt_string ` @@ -38,13 +38,13 @@ - create user - copy clé RSA -- [X] samba automount role +- [x] samba automount role - géré les credential en fichier - initialisé les variable pour les diferent périphérique -- [X] davfs mount +- [x] davfs mount -- [ ] VM server +- [x] VM server - [ ] syncthing role @@ -69,10 +69,10 @@ ### Server Roles -- [server role] - - cron - - ssmtp - - controle du reboot +- [ ] cron + - controle du reboot + +- [ ] ssmtp - [ ] rsyncd role From 9dcbb0e2e6ab3ce3f7d73ecef811d6cd808bd602 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 9 Apr 2019 22:18:02 +0200 Subject: [PATCH 13/27] =?UTF-8?q?Mettre=20=C3=A0=20jour=20'README.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fd80fa6..6fc7a15 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ ***launch ansible bootstrap*** ` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass` -*** encrypt string*** -` ansible-vault encrypt_string ` +***encrypt string*** +`ansible-vault encrypt_string` ## Prerequis From 155aa20697c61ad1e79bb8d9aef3366e71e09b35 Mon Sep 17 00:00:00 2001 From: vincent Date: Wed, 10 Apr 2019 20:25:29 +0200 Subject: [PATCH 14/27] create syncthing role finished --- global.yml | 2 +- group_vars/server | 5 ++- syncthing/defaults/main.yml | 11 +++++ syncthing/handlers/main.yml | 5 +++ syncthing/meta/main.yml | 60 ++++++++++++++++++++++++++ syncthing/tasks/main.yml | 85 +++++++++++++++++++++++++++++++++++++ syncthing/vars/main.yml | 2 + 7 files changed, 168 insertions(+), 2 deletions(-) create mode 100644 syncthing/defaults/main.yml create mode 100644 syncthing/handlers/main.yml create mode 100644 syncthing/meta/main.yml create mode 100644 syncthing/tasks/main.yml create mode 100644 syncthing/vars/main.yml diff --git a/global.yml b/global.yml index 020dcaf..be2b246 100644 --- a/global.yml +++ b/global.yml @@ -3,4 +3,4 @@ roles: - system - autofs - \ No newline at end of file + - syncthing \ No newline at end of file diff --git a/group_vars/server b/group_vars/server index 86814d1..c148262 100644 --- a/group_vars/server +++ b/group_vars/server @@ -18,4 +18,7 @@ systemd_mounts: systemd_mounts_enabled: - diskstation_git - backup_disk - \ No newline at end of file + +syncthing_address: "{{inventory_hostname}}:8384" +syncthing_gui_user: "{{username}}" +syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 \ No newline at end of file diff --git a/syncthing/defaults/main.yml b/syncthing/defaults/main.yml new file mode 100644 index 0000000..f749bc3 --- /dev/null +++ b/syncthing/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# defaults file for syncthing +syncthing_address: 127.0.0.1:8384 +syncthing_listen: tcp://0.0.0.0:22000 +syncthing_home: /home/{{ username }} +syncthing_localannounce: true +syncthing_globalannounce: true +syncthing_upnp: true +#syncthing_gui_user: root +#password: root +#syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 \ No newline at end of file diff --git a/syncthing/handlers/main.yml b/syncthing/handlers/main.yml new file mode 100644 index 0000000..355706e --- /dev/null +++ b/syncthing/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# handlers file for syncthing +- name: restart syncthing + service: name=syncthing@{{ username }} state=restarted + become: yes diff --git a/syncthing/meta/main.yml b/syncthing/meta/main.yml new file mode 100644 index 0000000..5d50bf4 --- /dev/null +++ b/syncthing/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/syncthing/tasks/main.yml b/syncthing/tasks/main.yml new file mode 100644 index 0000000..0d07dda --- /dev/null +++ b/syncthing/tasks/main.yml @@ -0,0 +1,85 @@ +--- +# tasks file for syncthing + +- name: install syncthing + pacman: + state: present + name: syncthing # not required. Name or list of names of the packages to install, upgrade, or remove. + become: yes + +- name: start and enable syncthing + service: + name: syncthing@{{ username }} # required. Name of the service. + enabled: true # not required. Whether the service should start on boot. B(At least one of state and enabled are required.) + state: started + become: yes + +- name: waiting for configfile (takes some time) + wait_for: path={{ syncthing_home }}/.config/syncthing/config.xml + + +- name: syncthing | config.xml set webinterface address + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/gui/address + value={{ syncthing_address }} + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set listen address + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/options/listenAddress + value={{ syncthing_listen }} + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set localAnnounceEnabled + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/options/localAnnounceEnabled + value={{ syncthing_localannounce|lower }} + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set globalAnnounceEnabled + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/options/globalAnnounceEnabled + value={{ syncthing_globalannounce|lower }} + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set upnpEnabled + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/options/upnpEnabled + value={{ syncthing_upnp|lower }} + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set user + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/gui/user + value={{ syncthing_gui_user }} + when: syncthing_gui_user is defined + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set password + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/gui/password + value={{ syncthing_gui_password }} + when: syncthing_gui_password is defined + notify: restart syncthing + become_user: "{{ username }}" + +- name: syncthing | config.xml set dark theme + xml: + file={{ syncthing_home }}/.config/syncthing/config.xml + xpath=/configuration/gui/theme + value=dark + notify: restart syncthing + become_user: "{{ username }}" \ No newline at end of file diff --git a/syncthing/vars/main.yml b/syncthing/vars/main.yml new file mode 100644 index 0000000..c935ef4 --- /dev/null +++ b/syncthing/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for syncthing \ No newline at end of file From 91e62797867e29eb0c1c1e8fd26155b2f83fbcd5 Mon Sep 17 00:00:00 2001 From: vincent Date: Wed, 10 Apr 2019 20:26:26 +0200 Subject: [PATCH 15/27] put workstation in playbook --- workstation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workstation.yml b/workstation.yml index e344e7b..b874ae6 100644 --- a/workstation.yml +++ b/workstation.yml @@ -5,7 +5,7 @@ - ansible-manager - mpd - virt - + - workstation - hosts: laptop roles: From 16118964fc7f51c5788a6b4788539b8eb2cbf54c Mon Sep 17 00:00:00 2001 From: vincent Date: Wed, 10 Apr 2019 20:28:14 +0200 Subject: [PATCH 16/27] --- README.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bc25535..788578e 100644 --- a/README.md +++ b/README.md @@ -44,9 +44,9 @@ - [X] davfs mount -- [ ] VM server +- [X] VM server -- [ ] syncthing role +- [X] syncthing role ### Workstation roles @@ -57,10 +57,8 @@ - install ansible aur module - clone ansible repo -- [ ] workstation role - - install wm software - - install worstation software (firefox keepass,pulseaudio,ncmpcc) - +- [X] workstation role +- -need to check for nvidia drver - [ ] cups - [ ] bluetooth et tlp pour laptop @@ -72,6 +70,7 @@ - [server role] - cron - ssmtp + - terminfo - controle du reboot - [ ] rsyncd role From 6c5b559fbfe782ded98e78641cd4951951a7de66 Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 11 Apr 2019 13:55:04 +0200 Subject: [PATCH 17/27] printer role --- README.md | 15 ++------------- workstation.yml | 1 + 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index e0c8019..57d0e32 100644 --- a/README.md +++ b/README.md @@ -44,11 +44,7 @@ - [x] davfs mount -<<<<<<< HEAD - [X] VM server -======= -- [x] VM server ->>>>>>> 7b617622d298e2f5abac73c6aeeeeb5bc636d25b - [X] syncthing role @@ -63,26 +59,19 @@ - [X] workstation role - -need to check for nvidia drver -- [ ] cups +- [X] cups - [ ] bluetooth et tlp pour laptop -- [ ] grubtheme +- [X] grubtheme ### Server Roles -<<<<<<< HEAD - [server role] - cron - ssmtp - terminfo - controle du reboot -======= -- [ ] cron - - controle du reboot - -- [ ] ssmtp ->>>>>>> 7b617622d298e2f5abac73c6aeeeeb5bc636d25b - [ ] rsyncd role diff --git a/workstation.yml b/workstation.yml index ad48a2f..a4a7eb6 100644 --- a/workstation.yml +++ b/workstation.yml @@ -6,6 +6,7 @@ - mpd - virt - workstation + - cups - grub_themes - hosts: laptop roles: From 227089cc4ad7cbc6ba3c55808c11aa9dd4fca18e Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 11 Apr 2019 18:50:53 +0200 Subject: [PATCH 18/27] add git module aur --- .gitmodules | 3 +++ library/ansible-aur | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 library/ansible-aur diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..73a8f06 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "library/ansible-aur"] + path = library/ansible-aur + url = https://github.com/pigmonkey/ansible-aur.git diff --git a/library/ansible-aur b/library/ansible-aur new file mode 160000 index 0000000..9761bfd --- /dev/null +++ b/library/ansible-aur @@ -0,0 +1 @@ +Subproject commit 9761bfd931b2f8abb830ad48a8fefd87c12e723f From ce8edb732e9ac33639ed6d19053ba4c8bac59a2e Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 11 Apr 2019 18:52:29 +0200 Subject: [PATCH 19/27] add role laptop --- syncthing/defaults/main.yml | 11 ----- syncthing/handlers/main.yml | 5 --- syncthing/meta/main.yml | 60 -------------------------- syncthing/tasks/main.yml | 85 ------------------------------------- syncthing/vars/main.yml | 2 - 5 files changed, 163 deletions(-) delete mode 100644 syncthing/defaults/main.yml delete mode 100644 syncthing/handlers/main.yml delete mode 100644 syncthing/meta/main.yml delete mode 100644 syncthing/tasks/main.yml delete mode 100644 syncthing/vars/main.yml diff --git a/syncthing/defaults/main.yml b/syncthing/defaults/main.yml deleted file mode 100644 index f749bc3..0000000 --- a/syncthing/defaults/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# defaults file for syncthing -syncthing_address: 127.0.0.1:8384 -syncthing_listen: tcp://0.0.0.0:22000 -syncthing_home: /home/{{ username }} -syncthing_localannounce: true -syncthing_globalannounce: true -syncthing_upnp: true -#syncthing_gui_user: root -#password: root -#syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 \ No newline at end of file diff --git a/syncthing/handlers/main.yml b/syncthing/handlers/main.yml deleted file mode 100644 index 355706e..0000000 --- a/syncthing/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# handlers file for syncthing -- name: restart syncthing - service: name=syncthing@{{ username }} state=restarted - become: yes diff --git a/syncthing/meta/main.yml b/syncthing/meta/main.yml deleted file mode 100644 index 5d50bf4..0000000 --- a/syncthing/meta/main.yml +++ /dev/null @@ -1,60 +0,0 @@ -galaxy_info: - author: your name - description: your description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) - - min_ansible_version: 2.4 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. \ No newline at end of file diff --git a/syncthing/tasks/main.yml b/syncthing/tasks/main.yml deleted file mode 100644 index 0d07dda..0000000 --- a/syncthing/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# tasks file for syncthing - -- name: install syncthing - pacman: - state: present - name: syncthing # not required. Name or list of names of the packages to install, upgrade, or remove. - become: yes - -- name: start and enable syncthing - service: - name: syncthing@{{ username }} # required. Name of the service. - enabled: true # not required. Whether the service should start on boot. B(At least one of state and enabled are required.) - state: started - become: yes - -- name: waiting for configfile (takes some time) - wait_for: path={{ syncthing_home }}/.config/syncthing/config.xml - - -- name: syncthing | config.xml set webinterface address - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/gui/address - value={{ syncthing_address }} - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set listen address - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/options/listenAddress - value={{ syncthing_listen }} - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set localAnnounceEnabled - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/options/localAnnounceEnabled - value={{ syncthing_localannounce|lower }} - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set globalAnnounceEnabled - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/options/globalAnnounceEnabled - value={{ syncthing_globalannounce|lower }} - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set upnpEnabled - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/options/upnpEnabled - value={{ syncthing_upnp|lower }} - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set user - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/gui/user - value={{ syncthing_gui_user }} - when: syncthing_gui_user is defined - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set password - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/gui/password - value={{ syncthing_gui_password }} - when: syncthing_gui_password is defined - notify: restart syncthing - become_user: "{{ username }}" - -- name: syncthing | config.xml set dark theme - xml: - file={{ syncthing_home }}/.config/syncthing/config.xml - xpath=/configuration/gui/theme - value=dark - notify: restart syncthing - become_user: "{{ username }}" \ No newline at end of file diff --git a/syncthing/vars/main.yml b/syncthing/vars/main.yml deleted file mode 100644 index c935ef4..0000000 --- a/syncthing/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for syncthing \ No newline at end of file From d219b1329f5d4f60f8dd1fdcbeb6ba454ba9b5e7 Mon Sep 17 00:00:00 2001 From: vincent Date: Thu, 11 Apr 2019 18:54:12 +0200 Subject: [PATCH 20/27] divers --- group_vars/all/all | 4 +++- group_vars/server | 4 ++-- host_vars/fixe-pc | 6 +++++- host_vars/pi2 | 6 ------ host_vars/zen-pc | 3 +++ workstation.yml | 3 +++ 6 files changed, 16 insertions(+), 10 deletions(-) diff --git a/group_vars/all/all b/group_vars/all/all index 8d1c1bc..59e0590 100644 --- a/group_vars/all/all +++ b/group_vars/all/all @@ -1,2 +1,4 @@ ##ansible_python_interpreter: /usr/bin/python2 -username: 'vincent' \ No newline at end of file +user: + name: vincent + uid: 1024 \ No newline at end of file diff --git a/group_vars/server b/group_vars/server index c148262..c02f1fe 100644 --- a/group_vars/server +++ b/group_vars/server @@ -9,7 +9,7 @@ systemd_mounts: backup_disk: share: /dev/sda1 mount: /mnt/backup - type: nfs + type: ntfs-3g options: - uid=1024 - guid=100 @@ -20,5 +20,5 @@ systemd_mounts_enabled: - backup_disk syncthing_address: "{{inventory_hostname}}:8384" -syncthing_gui_user: "{{username}}" +syncthing_gui_user: "{{user.name}}" syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 \ No newline at end of file diff --git a/host_vars/fixe-pc b/host_vars/fixe-pc index 487e2bd..3da5910 100644 --- a/host_vars/fixe-pc +++ b/host_vars/fixe-pc @@ -1,2 +1,6 @@ ##ansible_python_interpreter: /usr/bin/python2 -music_directory: '/mnt/diskstation/music' \ No newline at end of file +music_directory: '/mnt/diskstation/music' + +gpu: + nvidia: true + bumblebee: false \ No newline at end of file diff --git a/host_vars/pi2 b/host_vars/pi2 index 385f3a8..e69de29 100644 --- a/host_vars/pi2 +++ b/host_vars/pi2 @@ -1,6 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61393533323364663463346439613732316134373930616464613930383831653263633831303261 -6162336166663662373062653038643136376137303336390a616231396334333137313065323635 -31616164393831373838376532616532316136306639383832666234666565336330313336313163 -3836626539323630620a343036373533306635373032626466333132326635633937343562323461 -37343534386430313439356432366134353666633865383838373234373437653965 diff --git a/host_vars/zen-pc b/host_vars/zen-pc index e69de29..29de1c8 100644 --- a/host_vars/zen-pc +++ b/host_vars/zen-pc @@ -0,0 +1,3 @@ +gpu: + nvidia: true + bumblebee: true \ No newline at end of file diff --git a/workstation.yml b/workstation.yml index a4a7eb6..e8dbaf2 100644 --- a/workstation.yml +++ b/workstation.yml @@ -8,7 +8,10 @@ - workstation - cups - grub_themes + - nvidia - hosts: laptop roles: + - laptop + - bluetooth # - Windows_manager From ce5003d151d33458171050802f366167e5dd9d41 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 11:45:39 +0200 Subject: [PATCH 21/27] role ssmtp --- roles/ssmtp/defaults/main.yml | 5 +++++ roles/ssmtp/tasks/main.yml | 35 +++++++++++++++++++++++++++++ roles/ssmtp/templates/revaliases.j2 | 3 +++ roles/ssmtp/templates/ssmtp_conf.j2 | 12 ++++++++++ 4 files changed, 55 insertions(+) create mode 100644 roles/ssmtp/templates/revaliases.j2 create mode 100644 roles/ssmtp/templates/ssmtp_conf.j2 diff --git a/roles/ssmtp/defaults/main.yml b/roles/ssmtp/defaults/main.yml index e69de29..d29b8e9 100644 --- a/roles/ssmtp/defaults/main.yml +++ b/roles/ssmtp/defaults/main.yml @@ -0,0 +1,5 @@ +notification_mail: vincent@ducamps.win +ssmtp_mailhub: smtp.ducamps.win:587 +ssmtp_hostname: ducamps.win +ssmtp_auth_user: vincent@ducamps.win +ssmtp_auth_pass: the_mandrill_api_key \ No newline at end of file diff --git a/roles/ssmtp/tasks/main.yml b/roles/ssmtp/tasks/main.yml index e69de29..3968237 100644 --- a/roles/ssmtp/tasks/main.yml +++ b/roles/ssmtp/tasks/main.yml @@ -0,0 +1,35 @@ + +- name: Install SSMTP + aur: name=ssmtp skip_installed=yes + become_user: aur_builder + + +- name: Set up ssmtp.conf + template: + src: ssmtp_conf.j2 + dest: /etc/ssmtp/ssmtp.conf + owner: root + group: mail + mode: 0640 + become: yes + +- name: Set up revaliases + template: + src: revaliases.j2 + dest: /etc/ssmtp/revaliases + owner: root + group: mail + mode: 0640 + become: yes + +- name: set right on /usr/sbin/ssmtp + file: + path: /usr/sbin/ssmtp # required. Path to the file being managed. + group: mail # not required. Name of the group that should own the file/directory, as would be fed to I(chown). + mode: 2711 # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). + owner: root # not required. Name of the user that should own the file/directory, as would be fed to I(chown). + become: yes + +#sudo chown root:mail /usr/sbin/ssmtp /etc/ssmtp{,/{ssmtp.conf,revaliases}} +#sudo chmod 2711 /usr/sbin/ssmtp +#sudo chmod o-rwx /etc/ssmtp /etc/ssmtp/ssmtp.conf; \ No newline at end of file diff --git a/roles/ssmtp/templates/revaliases.j2 b/roles/ssmtp/templates/revaliases.j2 new file mode 100644 index 0000000..d2dac30 --- /dev/null +++ b/roles/ssmtp/templates/revaliases.j2 @@ -0,0 +1,3 @@ + +root:{{ notification_mail }}:{{ ssmtp_mailhub }} +{{ user.name }}:{{ notification_mail }}:{{ ssmtp_mailhub }} \ No newline at end of file diff --git a/roles/ssmtp/templates/ssmtp_conf.j2 b/roles/ssmtp/templates/ssmtp_conf.j2 new file mode 100644 index 0000000..e04b29d --- /dev/null +++ b/roles/ssmtp/templates/ssmtp_conf.j2 @@ -0,0 +1,12 @@ + +# ---- basic config +root={{notification_mail}} +AuthMethod=LOGIN +UseSTARTTLS=Yes +UseTLS=NO +hostname={{ssmtp_hostname}} +FromLineOverride=Yes + +AuthUser={{ ssmtp_auth_user }} +mailhub={{ ssmtp_mailhub }} +AuthPass={{ ssmtp_auth_pass }} From 33dd9eb836f60ae35c29f228109f69e0533f1f26 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 11:46:12 +0200 Subject: [PATCH 22/27] add variable --- group_vars/all/all | 6 +++++- group_vars/all/all_vault | 15 +++++++++------ group_vars/server | 24 +++++++++++++++++++++++- server.yml | 15 ++++++++++++++- 4 files changed, 51 insertions(+), 9 deletions(-) diff --git a/group_vars/all/all b/group_vars/all/all index 59e0590..835bbbb 100644 --- a/group_vars/all/all +++ b/group_vars/all/all @@ -1,4 +1,8 @@ ##ansible_python_interpreter: /usr/bin/python2 user: name: vincent - uid: 1024 \ No newline at end of file + uid: 1024 + mail: vincent@ducamps.win + +domain: + name: ducamps.win \ No newline at end of file diff --git a/group_vars/all/all_vault b/group_vars/all/all_vault index 9f3fb6a..bda2981 100644 --- a/group_vars/all/all_vault +++ b/group_vars/all/all_vault @@ -1,7 +1,10 @@ $ANSIBLE_VAULT;1.1;AES256 -37316536616233313365623539323834623836653839376231383563323639616331386164343832 -3665663937376437323236396237616339616538643635610a643439343365613139623964623831 -66616430623239363436656538306232373339303737613531326463623662383566363662333230 -6338623736373834660a653136373963346265376639663836323537666332393831386662396361 -66396432393131373830666532646530393038353333663936613533363833343264326263326665 -6233323135383039626138656339363739643463373438353234 +36336139353839303537376234623535363838613761633137633166636261353862643935393563 +6363356531376261333364306238343961343435336637380a623134636661326262623635326266 +62623433343939353866373365343966656533376230323835313131326130326265316364336537 +6332306265643336630a326530656536373662613636353735666164326461333232363534316564 +36643333636464663734666364366436366235326136313134393965626636643034396662383261 +34363236653530326635303239643166313966363062333534616332383736626430346633396438 +61353964643930353731316664393534356366373563326337303964323366333733386134646337 +31303736383735366662323637336635656161376337313563386438376136653365656433663336 +3530 diff --git a/group_vars/server b/group_vars/server index c02f1fe..8bf9d00 100644 --- a/group_vars/server +++ b/group_vars/server @@ -21,4 +21,26 @@ systemd_mounts_enabled: syncthing_address: "{{inventory_hostname}}:8384" syncthing_gui_user: "{{user.name}}" -syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 \ No newline at end of file +syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 + +notification_mail: "{{ user.mail }}" +ssmtp_mailhub: smtp.{{ domain.name }}:587 +ssmtp_hostname: "{{ domain.name }}" +ssmtp_auth_user: "{{ user.mail }}" +ssmtp_auth_pass: "{{ vault_default_password }}" + +rsynclocations: + - name: backup nas + location: /mnt/backup + readonly: "no" + +rsynchostalloawed: 192.168.1.10 + + + +fail2ban_destmail: "{{ user.mail }}" +fail2ban_sendmail: "{{ user.mail }}" + +Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}" +Gandi_Domain: "{{ domain.name }}" +Gandi_Record: www \ No newline at end of file diff --git a/server.yml b/server.yml index 4957eb4..95434e8 100644 --- a/server.yml +++ b/server.yml @@ -1,8 +1,21 @@ --- - hosts: server + tasks: + - name: install terminfo + pacman: + state: present # not required. choices: absent;latest;present. Desired state of the package. + name: + - termite-terminfo # not required. Name or list of names of the packages to install, upgrade, or remove. + become: yes + roles: - - dns - ssmtp + - cronie + - rsyncd + - gandi-dyn-dns + - fail2ban + - dns - tt-rss - gitea - user_config + From d6a4857510280dc46c111bdf45effa05e569e51b Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 11:47:23 +0200 Subject: [PATCH 23/27] todo list --- README.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 57d0e32..3d96254 100644 --- a/README.md +++ b/README.md @@ -60,24 +60,23 @@ - [X] workstation role - -need to check for nvidia drver - [X] cups -- [ ] bluetooth et tlp pour laptop +- [X] bluetooth et tlp pour laptop - [X] grubtheme ### Server Roles -- [server role] - - cron - - ssmtp - terminfo - - controle du reboot -- [ ] rsyncd role +- [server role] + - [X] cron + - [X] ssmtp -- [ ] backup role? + +- [X] rsyncd role -- [ ] ssmtp role +- [X] failtoban role - [ ] nginx/php role - install @@ -90,14 +89,18 @@ - [ ] tt-rss role - depend nginx & madiadb role + - fail2ban jail - [ ] gitea role - depend of mariadb role - [ ] dns role -slave/primary + +- [ ] backup role? + - controle du reboot -- [ ] failtoban role + #### global improvment From 6d5bc6663984fbd3e6af8d82fbcbff247bd3ccc8 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 11:51:42 +0200 Subject: [PATCH 24/27] --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3d96254..dc6b525 100644 --- a/README.md +++ b/README.md @@ -50,9 +50,9 @@ ### Workstation roles -- [x] mpd role +- [X] mpd role -- [x] ansible manager +- [X] ansible manager - install ansible - install ansible aur module - clone ansible repo @@ -69,7 +69,7 @@ - terminfo -- [server role] +- server role - [X] cron - [X] ssmtp From c5d2c85ee9abf06a56a2ba069d2e90897fbd4e9c Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 11:52:40 +0200 Subject: [PATCH 25/27] --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index dc6b525..5796a7c 100644 --- a/README.md +++ b/README.md @@ -44,25 +44,25 @@ - [x] davfs mount -- [X] VM server +- [x] VM server -- [X] syncthing role +- [x] syncthing role ### Workstation roles -- [X] mpd role +- [x] mpd role -- [X] ansible manager +- [x] ansible manager - install ansible - install ansible aur module - clone ansible repo -- [X] workstation role +- [x] workstation role - -need to check for nvidia drver -- [X] cups -- [X] bluetooth et tlp pour laptop +- [x] cups +- [x] bluetooth et tlp pour laptop -- [X] grubtheme +- [x] grubtheme ### Server Roles @@ -70,13 +70,13 @@ - terminfo - server role - - [X] cron - - [X] ssmtp + - [x] cron + - [x] ssmtp -- [X] rsyncd role +- [x] rsyncd role -- [X] failtoban role +- [x] failtoban role - [ ] nginx/php role - install From 2c57e5263325b043bb80f920741a6fa7399545e3 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 15:51:48 +0200 Subject: [PATCH 26/27] create role nginx --- README.md | 4 ++++ group_vars/server | 38 +++++++++++++++++++++++++++++++++++++- server.yml | 1 + 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5796a7c..ce1b2bc 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,10 @@ - install - config +- [ ] dns role + -slave/primary + + - [ ] mariadb role - install - config diff --git a/group_vars/server b/group_vars/server index 8bf9d00..1a6fcf6 100644 --- a/group_vars/server +++ b/group_vars/server @@ -43,4 +43,40 @@ fail2ban_sendmail: "{{ user.mail }}" Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}" Gandi_Domain: "{{ domain.name }}" -Gandi_Record: www \ No newline at end of file +Gandi_Record: www + + +nginx_vhosts: + - listen: "80" + server_name: "localhost" + root: "/usr/share/nginx/html/" + error_page: "404 /404/404.html" + filename: "default.conf" + state: "present" + template: "{{ nginx_vhost_template }}" + extra_parameters: | + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + location =/ { + rewrite ^ /starter; + } + location / { + index index.php index.html index.htm ; + default_type text/html; + + } + location ~ \.php$ { + # try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_read_timeout 800; + fastcgi_index index.php; + include fastcgi_params; + } + + +nginx_realIP_Proxy: 192.168.1.10/24 \ No newline at end of file diff --git a/server.yml b/server.yml index 95434e8..dc90be3 100644 --- a/server.yml +++ b/server.yml @@ -15,6 +15,7 @@ - gandi-dyn-dns - fail2ban - dns + - {role: nginx, become: yes } - tt-rss - gitea - user_config From d55b031e5c0a4ee7c4f5945cbda322c00f06bfdc Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 14 Apr 2019 16:49:30 +0200 Subject: [PATCH 27/27] add php role --- group_vars/server | 8 +++++++- server.yml | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/group_vars/server b/group_vars/server index 1a6fcf6..e3a7e32 100644 --- a/group_vars/server +++ b/group_vars/server @@ -79,4 +79,10 @@ nginx_vhosts: } -nginx_realIP_Proxy: 192.168.1.10/24 \ No newline at end of file +nginx_realIP_Proxy: 192.168.1.10/24 + +php_extention_enable: + - iconv + - mysqli + - pdo_mysql + - soap \ No newline at end of file diff --git a/server.yml b/server.yml index dc90be3..5a75d8f 100644 --- a/server.yml +++ b/server.yml @@ -16,6 +16,7 @@ - fail2ban - dns - {role: nginx, become: yes } + - php - tt-rss - gitea - user_config