vincent/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

merge

Browse Source
This commit is contained in:
vincent 2020-02-07 20:14:52 +01:00
commit 462e37f105
11 changed files with 132 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
group_vars/all/all_vault
View File

@ -1,30 +1,31 @@
$ANSIBLE_VAULT;1.1;AES256
36393436653566306436363065303537636361316533303036323966316161343739666233333331
6562383739343862386462613861666536646337303863320a646366663664643434333263343935
35306233623866643530393863326532613063386662346530346133353439626636373666653065
6561346437346663630a366463393762343862636539363863366662326439323732366663656162
39306333396434343236323439636261636235373836356165313938306366613335343634653065
66623162663334646332666537323032656562643961303665383531373565656665326533343266
61383536353038393631643837316366383136346231333336663135323764613937653333333330
65313331303366373239623561663932323266646236383739346235383938356665313461616131
36336338303530323736313537303938356137383434323030336237656635376433653633323237
32646162613731383166653930363835643162306362646335643233303461376235643933636634
39353233643836396534663364316539386130386166663134633033643861356338336165363031
33303534333763363437646433336665373362326530623730316664376230616333653139646336
37666531336362373861376135366463323134643561346163643137613038663235636134356363
37623037656630343739333734366361313634313832343732633564356161306134646664316134
31373066306230323130613536356265396439313733376437316361393864393265666332633535
34373861616565353762366663333833346334356535336365613632656461396566323363326537
66613438663539313163306166323734366333306533346463633031376237326264613565613766
65383537313461613664343961616432313037346531333261323331663131373034323935373566
63363633633562653533326138633462633238353264323361386133316234666638383831663433
61623635636432653031373036383664393630306332386563353632373430623530336166613163
33346661353634396532353266303162326331393534336131316537366335643637613532393631
34303130356431393163636363383233356235623666623165373730633436346162343137623438
66373730653636356663366162363133303961613165343735326563636363306533386434646133
65383063396166343066383332616132353732343765323964666634633533373530643230373939
62366363356433336365343264393730653265633531326563303166393638383731313163373261
37313531643337313333336432636438393932613363393831663163646333666536653166383739
31633362636635336430336463643564626563333964313830643833396630363262666162356665
38383433323661396331663763623563636137633034643065623032383466633535343937383965
3965
31363063633762613361346137656161323835326537633830333532316534346630383364313962
6234313430383631306437323466393139303538626161630a623438323662343637313131633561
31343532373764383738323334636238356266663863356135653931356564353132373238633035
6164373637356664640a353134386332666134616465363635646533613439346230396130373630
63356134646466623036383663383833656532373464376361333739306634613735626132313762
31346637653665343966653962633861333133353065633530346235346630666539366464656339
38666136353961353734626562666332633765393234316135353030386637653835313631343161
64313766313061626263363061373332653136386130373037333666376664656639633637646533
39386438656234663335373031343534383336336531623638313036623530346666326534646132
36383430316131616463363964333732643431343962353435396238613537616332666238366136
64363062326666333133353666353966353938376531343263663335613061643665363163303162
38383436613262353739653036663637393639616336326238653831383134623135633738363337
34326666323235343161316232393237366235353563613462663534633764386634623133313135
32623366383130373030353763326362653231643165633937313234396365333038373362323361
32653539636633643666386533333135636363633830393733353439623135653536373965326165
38306263303964343632343862336365373132323561326264616364316331353563653538633239
61623634616632626432303630303837363333613931313965633430393966616264386366366264
65306564326236343531353631356235303138363037626331653865393836626666366437643764
38353534653639316436616561346662333561663333623561393738633339386536326234636165
31663461326538366430313831373233393431656564643332636464356465393931626461393063
34333438653665323363373038633334323034393439616462336138616263323566303337623463
33383664353733383139626633653531666335656566383233363066306565333438626336663066
61386162613164613334353231646238336663353037383333653261373434346634393239646636
65313534616462353631386538373462333863636231343863336436393038353835366331386163
39623837623932393335333063303166643933336330656533373833653965373463643362333939
39356661626362303830646433653264613833393034663132656431663334623339643330353166
64316631313233633231656537376166363232643832313134633232643366353339666366316462
30626134653031626665633761313338663565653561376364643261633534383164366339393431
37616231396331313064646234383664616435383565373762366632383336376339336435383438
3362613166313865333430633637343031353937633934303736

63
group_vars/server
View File

@ -14,12 +14,13 @@ systemd_mounts:
- " "
automount: true
backup_disk:
share: /dev/sda1
share: /dev/sdb1
mount: /mnt/backup
type: ntfs-3g
options:
- uid=1024
- guid=100
- vers=3.0
automount: true
diskstation_home:
share: //diskstation.ducamps.win/homes/admin
@ -29,6 +30,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_photo:
share: //diskstation.ducamps.win/photo
@ -38,6 +40,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_music:
share: //diskstation.ducamps.win/music
@ -47,6 +50,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
systemd_mounts_enabled:
- diskstation_git
@ -64,7 +68,7 @@ credentials_files:
username: admin
password: "{{ vault_default_password }}"
syncthing_address: "{{inventory_hostname}}:8384"
syncthing_address: "0.0.0.0:8384"
syncthing_gui_user: "{{user.name}}"
syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2
@ -90,6 +94,7 @@ Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
Gandi_Domain: "{{ domain.name }}"
Gandi_Record: www
certbot_force: false
certbot_auto_renew_user: root
certbot_create_if_missing: true
certbot_cert_name: "{{domain.name}}"
@ -101,6 +106,7 @@ certbot_certs:
- supysonic.{{domain.name}}
- syno.{{domain.name}}
- file.{{domain.name}}
- hass.{{domain.name}}
nginx_vhosts:
@ -220,8 +226,31 @@ nginx_vhosts:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://localhost:8000;
}
- listen: "443 ssl"
server_name: "hass.{{domain.name}}"
filename: "hass.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
include /etc/nginx/conf.d/{{domain.name}}.ssl;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://localhost:8123;
}
location /api/websocket {
proxy_pass http://localhost:8123/api/websocket;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
nginx_realIP_Proxy: 192.168.1.10/24
nginx_realIP_Proxy: 192.168.1.40/24
php_extention_enable:
- iconv
@ -244,6 +273,7 @@ mysql_users:
ttrss_db_password: "{{ vault_mysql_ttrss }}"
ttrss_log_destination: ""
ttrss_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/ttrss.sql
ttrss_url_path: "https://www.{{domain.name}}/tt-rss"
bind_listen_ipv4: ['any']
bind_allow_query: ['any']
@ -266,11 +296,34 @@ gitea_db_host: localhost:3306
gitea_db_name: gitea
gitea_db_user: gitea
gitea_db_password: "{{ vault_mysql_gitea }}"
gitea_ssh_domain: "{{ansible_hostname}}"
gitea_ssh_domain: git.{{ domain.name }}
gitea_start_ssh: false
gitea_ssh_port: 22
gitea_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/gitea.sql
gitea_http_domain: git.{{domain.name}}
gitea_root_url: https://git.{{domain.name}}
supysonic_db_password: "{{ vault_mysql_supysonic }}"
supysonic_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/supysonic.sql
supysonic_force_site_update: true
docker_users: "{{user.name}}"
docker_users: "{{user.name}}"
hass_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/hass.sql
hass_db_password: "{{ vault_mysql_hass }}"
hass_repo: gitea@git.{{ domain.name }}:vincent/HASS_conf.git
hass_user: "{{user.name}}"
samba_shares:
- name: hassconfig
path: /var/lib/hass
read_only: no
writable: yes
directory_mode: 770
owner: hass
group: hass
write_list: "{{user.name}}"
samba_users:
- name: "{{user.name}}"
password: "{{ vault_default_password }}"

21
group_vars/workstation
View File

@ -7,6 +7,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_music:
share: //diskstation/music
@ -16,6 +17,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_home:
share: //diskstation/homes/admin
@ -25,6 +27,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_photo:
share: //diskstation/photo
@ -34,6 +37,7 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
diskstation_ebook:
share: //diskstation/ebook
@ -43,6 +47,17 @@ systemd_mounts:
- credentials=/etc/creds/.diskstation_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
oscar_hassconfig:
share: //oscar/hassconfig
mount: /mnt/oscar/hassconfig
type: cifs
options:
- credentials=/etc/creds/.oscar_credentials
- uid=1024
- gid=100
- vers=3.0
automount: true
@ -52,6 +67,7 @@ systemd_mounts_enabled:
- diskstation_ebook
- diskstation_photo
- diskstation_home
- oscar_hassconfig
credentials_files:
1:
@ -59,3 +75,8 @@ credentials_files:
path: /etc/creds/.diskstation_credentials
username: admin
password: "{{ vault_default_password }}"
2:
type: smb
path: /etc/creds/.oscar_credentials
username: "{{user.name}}"
password: "{{ vault_default_password }}"

6
host_vars/arch3 → host_vars/VMAS-BUILD
View File

@ -1,7 +1,7 @@
ttrss_url_path: http://arch3/tt-rss/
ttrss_url_path: http://vmas-build/tt-rss/
gitea_http_domain: arch3
gitea_root_url: http://arch3:3000
gitea_http_domain: vmas-build
gitea_root_url: http://vmas-build:3000
chainetv_repo_branch: dev

9
host_vars/nas → host_vars/VMAS-HML
View File

@ -1,11 +1,12 @@
##ansible_python_interpreter: /usr/bin/python2
##music_directory: '/mnt/diskstation/music'
ttrss_url_path: http://nas/tt-rss/
system_upgrade: true
ttrss_url_path: http://vmas-hml/tt-rss/
gitea_http_domain: nas
gitea_root_url: http://nas:3000
system_upgrade: false
gitea_http_domain: vmas-hml
gitea_root_url: http://vmas-hml:3000
chainetv_repo_branch: master

0
host_vars/pi2 → host_vars/oscar
View File

2
library/ansible-aur

@ -1 +1 @@
Subproject commit 9761bfd931b2f8abb830ad48a8fefd87c12e723f
Subproject commit 116f023cad04268c478c2463a5f4a042f87b0267

2
production
View File

@ -1,5 +1,5 @@
[server]
pi2
oscar
[workstation]
fixe-pc

9
server.yml
View File

@ -1,6 +1,6 @@
---
- hosts: server
tasks:
pre_tasks:
- name: install terminfo
pacman:
state: present # not required. choices: absent;latest;present. Desired state of the package.
@ -9,15 +9,14 @@
become: yes
roles:
- user_config
- ssmtp
- cronie
- rsyncd
- gandi-dyn-dns
- fail2ban
- {role: dns , become: yes }
- {role: nginx, become: yes }
- {role: ansible-role-certbot, become: yes} ##need to have a external connection on 80
- {role: nginx, become: yes }
- {role: mariadb, become: yes }
- {role: radicale , become: yes }
- cloud-commander
@ -25,6 +24,8 @@
- tt-rss
- gitea
- supysonic
- hass
- {role: ansible-role-samba , become: yes }
- chainetv
- user_config

3
site.yml
View File

@ -1,4 +1,5 @@
---
- import_playbook: global.yml
- import_playbook: server.yml
- import_playbook: workstation.yml
- import_playbook: workstation.yml

11
staging
View File

@ -1,11 +1,12 @@
[workstation]
arch2
debian
VMAW
[laptop]
arch2
VMAW
[server]
nas
arch3
VMAS-HML
VMAS-BUILD
[debian]
VMDS