From ac6a9740c99dfcbb8339478c84ed4306a67c6a38 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 19 Jun 2022 14:51:37 +0200 Subject: [PATCH] split ansible playboot betwen server and workstation see homelab repo for server --- ansible-vault-pass.sh | 7 -- group_vars/HashicorpStack | 10 --- group_vars/VMServer | 24 ------ group_vars/VPS | 92 --------------------- group_vars/build | 24 ------ group_vars/dhcp | 152 ----------------------------------- group_vars/server/database | 55 ------------- group_vars/server/mount | 93 --------------------- group_vars/server/server | 43 ---------- group_vars/wireguard | 0 host_vars/VMAS-BUILD | 2 - host_vars/VMAS-HML | 2 - host_vars/corwin | 40 --------- host_vars/gerard | 3 - host_vars/oscar | 16 ---- makefile | 4 +- playbooks/HashicorpStack.yml | 9 --- playbooks/VPS.yml | 7 -- playbooks/build.yml | 12 --- playbooks/debian.yml | 6 -- playbooks/dhcpd.yml | 11 --- playbooks/global.yml | 5 -- playbooks/music-player.yml | 7 -- playbooks/server.yml | 13 --- playbooks/wireguard.yml | 5 -- playbooks/workstation.yml | 4 +- production | 18 ----- roles/requirements.yml | 54 +++++-------- site.yml | 8 -- staging | 21 ----- test-role/chainetv.yml | 7 -- test-role/chisel.yml | 5 -- test-role/gitea.yml | 4 - test-role/hass.yml | 4 - test-role/msmtp.yml | 4 - test-role/nextcloud.yml | 12 --- test-role/nginx.yml | 5 -- test-role/php.yml | 7 -- test-role/postgres.yml | 5 -- test-role/samba.yml | 5 -- test-role/supysonic.yml | 7 -- test-role/system.yml | 6 -- test-role/tt-rss.yml | 7 -- test-role/vaultwarden.yml | 5 -- 44 files changed, 23 insertions(+), 807 deletions(-) delete mode 100755 ansible-vault-pass.sh delete mode 100644 group_vars/HashicorpStack delete mode 100644 group_vars/VMServer delete mode 100644 group_vars/VPS delete mode 100644 group_vars/build delete mode 100644 group_vars/dhcp delete mode 100644 group_vars/server/database delete mode 100644 group_vars/server/mount delete mode 100644 group_vars/server/server delete mode 100644 group_vars/wireguard delete mode 100644 host_vars/VMAS-BUILD delete mode 100644 host_vars/VMAS-HML delete mode 100644 host_vars/corwin delete mode 100644 host_vars/gerard delete mode 100644 host_vars/oscar delete mode 100644 playbooks/HashicorpStack.yml delete mode 100644 playbooks/VPS.yml delete mode 100644 playbooks/build.yml delete mode 100644 playbooks/debian.yml delete mode 100644 playbooks/dhcpd.yml delete mode 100644 playbooks/global.yml delete mode 100644 playbooks/music-player.yml delete mode 100644 playbooks/server.yml delete mode 100644 playbooks/wireguard.yml delete mode 100644 test-role/chainetv.yml delete mode 100644 test-role/chisel.yml delete mode 100644 test-role/gitea.yml delete mode 100644 test-role/hass.yml delete mode 100644 test-role/msmtp.yml delete mode 100644 test-role/nextcloud.yml delete mode 100644 test-role/nginx.yml delete mode 100644 test-role/php.yml delete mode 100644 test-role/postgres.yml delete mode 100644 test-role/samba.yml delete mode 100644 test-role/supysonic.yml delete mode 100644 test-role/system.yml delete mode 100644 test-role/tt-rss.yml delete mode 100644 test-role/vaultwarden.yml diff --git a/ansible-vault-pass.sh b/ansible-vault-pass.sh deleted file mode 100755 index d739c2a..0000000 --- a/ansible-vault-pass.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -BW_VAULT_ENTRY_ID="ansible vault" -if [[ -z ${BW_SESSION:-} ]] ; then - >&2 echo '$BW_SESSION not found! - You need to login to the vault' - BW_SESSION=$(bw unlock --raw) -fi -bw get password ${BW_VAULT_ENTRY_ID} --session ${BW_SESSION} --raw diff --git a/group_vars/HashicorpStack b/group_vars/HashicorpStack deleted file mode 100644 index 69033c1..0000000 --- a/group_vars/HashicorpStack +++ /dev/null @@ -1,10 +0,0 @@ -consul_client_addr: "0.0.0.0" -consul_datacenter: "homelab" -consul_backup_location: "/mnt/diskstation/git/backup/consul" -consul_ansible_group: HashicorpStack -consul_bootstrap_expect: 2 -nomad_vault_enabled: true -nomad_vault_address: "http://active.vault.service.consul:8200" -nomad_vault_role: "nomad-cluster" -nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}" -nomad_bootstrap_expect: 2 diff --git a/group_vars/VMServer b/group_vars/VMServer deleted file mode 100644 index 2456e81..0000000 --- a/group_vars/VMServer +++ /dev/null @@ -1,24 +0,0 @@ -system_upgrade: true -nginx_error_log: "/var/log/nginx/error.log debug" - -hosts_entries: - - name: ducamps.win - ip: 127.0.0.1 - aliases: - - arch.ducamps.win - - www.ducamps.win - - file.ducamps.win - - supysonic.ducamps.win - - syno.ducamps.win - - vault.ducamps.win - - ww.ducamps.win - - hass.ducamps.win - - git.ducamps.win - -consul_bootstrap_expect: 1 -nomad_bootstrap_expect: 1 -nomad_datacenter: hml -consul_server: False -nomad_server: False -consul_retry_join_force: - - 192.168.1.40 diff --git a/group_vars/VPS b/group_vars/VPS deleted file mode 100644 index 3aa8e7c..0000000 --- a/group_vars/VPS +++ /dev/null @@ -1,92 +0,0 @@ -keystodeploy: - - name: juicessh with password - user: "{{user.name}}" - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH - - name: fixe-pc new - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - name: zen-pc - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - - name: drone - user: drone-deploy - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar - -# defaults file for ansible-arch-provissionning -partition_table: - - device: "/dev/sda" - label: gpt - settings: - - number: 1 - part_end: 64MB - flags: [boot, esp] - fstype: vfat - format: yes - - number: 2 - part_start: 512MB - part_end: 1524MB - flags: [] - fstype: swap - format: yes - - number: 3 - part_start: 1524MB - flags: [lvm] - fstype: ext4 - format: yes - #- device: "/dev/sdb" - #settings: - #- number: 1 - #name: home - #fstype: ext4 - #format: -mount_table: - - device: "/dev/sda" - settings: - - number: 3 - mountpath: /mnt - fstype: ext4 - - number: 1 - mountpath: /mnt/boot - fstype: vfat - -#need vfat boot partition with esp label -provissionning_UEFI_Enable: True -sssd_configure: False -nomad_datacenter: hetzner - -systemd_mounts: - diskstation_nomad: - share: diskstation.ducamps.win:/volume2/nomad - mount: /mnt/diskstation/nomad - type: nfs - options: - - " " - automount: true - hetzner_storage: - share: //u304977.your-storagebox.de/backup - mount: /mnt/hetzner/storagebox - type: cifs - options: - - credentials=/etc/creds/hetzner_credentials - - uid= 1024 - - gid= 10 - - vers=3.0 - - mfsymlinks - automount: true -credentials_files: - 1: - type: smb - path: /etc/creds/hetzner_credentials - username: u304977 - password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}" - - - -systemd_mounts_enabled: - - diskstation_nomad - - hetzner_storage - -system_user: - - name: drone-deploy - home: /home/drone-deploy - shell: /bin/bash diff --git a/group_vars/build b/group_vars/build deleted file mode 100644 index f1c1563..0000000 --- a/group_vars/build +++ /dev/null @@ -1,24 +0,0 @@ -systemd_mounts: - diskstation_git: - share: diskstation.ducamps.win:/volume2/git - mount: /mnt/diskstation/git - type: nfs - options: - - " " - automount: true -systemd_mounts_enabled: - - diskstation_git -nginx_error_log: "/var/log/nginx/error.log debug" -docker_users: - - "{{ user.name }}" -postgresql_users: - - name: root - role_attr_flags: SUPERUSER - password: "{{ vault_mysql_root }}" -keystodeploy: - - name: juicessh without password - user: "{{ user.name }}" - sshkey: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHcHCTrzRuxEhsRdV+Q2Yr+nQNNuYKoNLmxW3IlVJtCIuaCY5prX1UuE8+nNWhbNVSagBCQwmubxLUV5ORf+tCBHeMyDPo7oetu3Wy5JaUwfGcuw3yGN94Qj3LqPUkdiw== juicewithoutpassword - - name: fixe-pc new - user: "{{ user.name }}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 diff --git a/group_vars/dhcp b/group_vars/dhcp deleted file mode 100644 index fce043e..0000000 --- a/group_vars/dhcp +++ /dev/null @@ -1,152 +0,0 @@ -dhcpd_authoritative: True -dhcpd_lease_time: '72' -dhcpd_domain_name: "{{ domain.name }}" -dhcpd_nameservers: - - '192.168.1.40' - - '192.168.1.10' -dhcpd_keys: - - key: dhcp - algorithm: HMAC-MD5 - secret: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:dhcpd_key') }}" - -dhcpd_zones: - - zone: "{{ domain.name }}." - primary: "192.168.1.10" - key: "dhcp" - - zone: "1.168.192.in-addr.arpa." - primary: "192.168.1.10" - key: "dhcp" - -dhcpd_options: | - ddns-updates on; - ddns-update-style interim; - ignore client-updates; - update-static-leases on; - ddns-domainname "ducamps.win."; - ddns-rev-domainname "in-addr.arpa."; - - -dhcpd_subnets: - - subnet: '192.168.1.0' - netmask: '255.255.255.0' - options: | - option routers 192.168.1.1; - pools: - - range: '192.168.1.100 192.168.1.140' - -dhcpd_hosts: - - hostname: 'zen-pc' - address: '192.168.1.14' - ethernet: 'f0:d5:bf:f4:ce:d7' - - - hostname: 'fixe-pc' - address: '192.168.1.15' - ethernet: 'ee:35:20:fc:7b:04' - - - hostname: 'oscar' - address: '192.168.1.40' - ethernet: '84:39:be:12:05:69' - - - hostname: 'VMAS-HML' - address: '192.168.1.50' - ethernet: '52:54:00:02:74:ed' - - - hostname: 'VMAS-BUILD' - address: '192.168.1.53' - ethernet: '52:54:13:1e:93' - - - - hostname: 'xiaomi-chambre-gateway' - address: '192.168.1.61' - ethernet: '04:cf:8c:9c:f7:f0' - - hostname: 'xiaomi-ampoule-chambre' - address: '192.168.1.62' - ethernet: '44:23:7c:88:1f:ea' - - hostname: 'shelly-chambre-ecran' - address: '192.168.1.63' - ethernet: 'b4:e6:2d:7a:ea:77' - - hostname: 'shelly-salon-cadre' - address: '192.168.1.64' - ethernet: 'b4:e6:2d:7a:e6:1e' - - hostname: 'shelly-chambre-ventilo' - address: '192.168.1.65' - ethernet: 'e0:98:06:97:78:0b' - -keystodeploy: - - name: juicessh with password - user: "{{user.name}}" - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH - - name: fixe-pc new - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - name: zen-pc - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - -nomad_datacenter: homelab - - -systemd_mounts: - diskstation_nomad: - share: diskstation.ducamps.win:/volume2/nomad - mount: /mnt/diskstation/nomad - type: nfs - options: - - " " - automount: true - diskstation_git: - share: diskstation.ducamps.win:/volume2/git - mount: /mnt/diskstation/git - type: nfs - options: - - " " - automount: true - diskstation_music: - share: diskstation.ducamps.win:/volume2/music - mount: /mnt/diskstation/music - type: nfs - options: - - " " - automount: true - diskstation_nextcloud: - share: //diskstation.ducamps.win/nextcloud - mount: /mnt/diskstation/nextcloud - type: cifs - options: - - credentials=/etc/creds/.diskstation_credentials - - uid=33 - - gid=33 - - vers=3.0 - - dir_mode=0770 - - _netdev - automount: true - diskstation_CardDav: - share: diskstation.ducamps.win:/volume2/CardDav - mount: /mnt/diskstation/CardDav - type: nfs - options: - - " " - automount: true - diskstation_archMirror: - share: diskstation.ducamps.win:/volume2/archMirror - mount: /mnt/diskstation/archMirror - type: nfs - options: - - " " - automount: true - -credentials_files: - 1: - type: smb - path: /etc/creds/.diskstation_credentials - username: admin - password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}" - - -systemd_mounts_enabled: - - diskstation_nomad - - diskstation_git - - diskstation_music - - diskstation_nextcloud - - diskstation_CardDav - - diskstation_archMirror diff --git a/group_vars/server/database b/group_vars/server/database deleted file mode 100644 index 36c0e98..0000000 --- a/group_vars/server/database +++ /dev/null @@ -1,55 +0,0 @@ - -postgresql_users: - - name: root - role_attr_flags: SUPERUSER - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:root')}}" - - name: wikijs - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:wikijs')}}" - - name: ttrss - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:ttrss')}}" - - name: gitea - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:gitea')}}" - - name: supysonic - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:supysonic')}}" - - name: hass - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:hass')}}" - - name: nextcloud - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:nextcloud')}}" - - name: vaultwarden - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:vaultwarden')}}" - - name: drone - password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:drone')}}" - -postgresql_databases: - - name: wikijs - lc_collate: fr_FR.UTF-8 - lc_ctype: en_US.UTF-8 - owner: wikijs - - name: ttrss - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: ttrss - - name: gitea - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: gitea - - name: supysonic - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: supysonic - - name: hass - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: hass - - name: nextcloud - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: nextcloud - - name: vaultwarden - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: vaultwarden - - name: drone - lc_collate: fr_FR.UTF-8 - lc_ctype: fr_FR.UTF-8 - owner: drone diff --git a/group_vars/server/mount b/group_vars/server/mount deleted file mode 100644 index 04922dd..0000000 --- a/group_vars/server/mount +++ /dev/null @@ -1,93 +0,0 @@ -systemd_mounts: - diskstation_git: - share: diskstation.ducamps.win:/volume2/git - mount: /mnt/diskstation/git - type: nfs - options: - - " " - automount: true - diskstation_CardDav: - share: diskstation.ducamps.win:/volume2/CardDav - mount: /mnt/diskstation/CardDav - type: nfs - options: - - " " - automount: true - backup_disk: - share: /dev/sdb1 - mount: /mnt/backup - type: ntfs-3g - options: - - "uid=1024 - - guid=100 - - vers=3.0" - automount: true - diskstation_home: - share: diskstation.ducamps.win:/volume2/homes/admin - mount: /mnt/diskstation/home - type: nfs - options: - - " " - automount: true - diskstation_photo: - share: diskstation.ducamps.win:/volume2/photo - mount: /mnt/diskstation/photo - type: nfs - options: - - " " - automount: true - diskstation_music: - share: diskstation.ducamps.win:/volume2/music - mount: /mnt/diskstation/music - type: nfs - options: - - " " - automount: true - diskstation_media: - share: diskstation.ducamps.win:/volume1/media - mount: /mnt/diskstation/media - type: nfs - options: - - " " - automount: true - diskstation_ebook: - share: diskstation.ducamps.win:/volume2/ebook - mount: /mnt/diskstation/ebook - type: nfs - options: - - " " - automount: true - diskstation_archMirror: - share: diskstation.ducamps.win:/volume2/archMirror - mount: /mnt/diskstation/archMirror - type: nfs - options: - - " " - automount: true - diskstation_nomad: - share: diskstation.ducamps.win:/volume2/nomad - mount: /mnt/diskstation/nomad - type: nfs - options: - - " " - automount: true - -systemd_mounts_enabled: - - diskstation_git - - diskstation_music - - backup_disk - - diskstation_photo - - diskstation_home - - diskstation_CardDav - - diskstation_media - - diskstation_ebook - - diskstation_archMirror - - diskstation_nomad - -credentials_files: - 1: - type: smb - path: /etc/creds/.diskstation_credentials - username: admin - password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}" - diff --git a/group_vars/server/server b/group_vars/server/server deleted file mode 100644 index b8e3513..0000000 --- a/group_vars/server/server +++ /dev/null @@ -1,43 +0,0 @@ -notification_mail: "{{inventory_hostname}}@{{ domain.name }}" -msmtp_mailhub: smtp.{{ domain.name }} -msmtp_auth_user: "{{ user.mail }}" -msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" - -rsynclocations: - - name: backup nas - location: /mnt/backup - readonly: "no" - -rsynchostalloawed: 192.168.1.10 - - -docker_users: "{{user.name}}" -keystodeploy: - - name: juicessh with password - user: "{{user.name}}" - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH - - name: fixe-pc new - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - name: zen-pc - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - - name: drone - user: drone-deploy - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar - -chisel_server: true -chisel_server_port: 9090 -chisel_server_backend: https://www.{{domain.name}} -chisel_server_auth: - user: chisel - pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:chisel_pass') }}" -arch_mirror_location: "/mnt/diskstation/archMirror" - -system_user: - - name: drone-deploy - home: /home/drone-deploy - shell: /bin/bash - -nomad_datacenter: homelab -nomad_allow_privileged: True diff --git a/group_vars/wireguard b/group_vars/wireguard deleted file mode 100644 index e69de29..0000000 diff --git a/host_vars/VMAS-BUILD b/host_vars/VMAS-BUILD deleted file mode 100644 index eec993a..0000000 --- a/host_vars/VMAS-BUILD +++ /dev/null @@ -1,2 +0,0 @@ - -chainetv_repo_branch: dev \ No newline at end of file diff --git a/host_vars/VMAS-HML b/host_vars/VMAS-HML deleted file mode 100644 index ed8158a..0000000 --- a/host_vars/VMAS-HML +++ /dev/null @@ -1,2 +0,0 @@ - -chainetv_repo_branch: master \ No newline at end of file diff --git a/host_vars/corwin b/host_vars/corwin deleted file mode 100644 index 65787ed..0000000 --- a/host_vars/corwin +++ /dev/null @@ -1,40 +0,0 @@ ---- -ansible_host: 10.0.0.1 - -wireguard_address: "10.0.0.1/24" -wireguard_endpoint: "65.108.221.233" -wireguard_persistent_keepalive: "30" -wireguard_allowed_ips: "10.0.0.0/24" - -wireguard_postup: - - iptables -A FORWARD -o %i -j ACCEPT - - iptables -A FORWARD -i %i -j ACCEPT - - iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE - -wireguard_postdown: - - iptables -D FORWARD -i %i -j ACCEPT - - iptables -D FORWARD -o %i -j ACCEPT - - iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE - -wireguard_unmanaged_peers: - phone: - public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w= - allowed_ips: 10.0.0.3/32 - persistent_keepalive: 0 - zen: - public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag= - allowed_ips: 10.0.0.4/32 - persistent_keepalive: 0 -consul_client_addr: "127.0.0.1 10.0.0.1" -consul_bind_address: "10.0.0.1" -consul_ui: True -consul_iface: "wg0" -nomad_bind_addr: "10.0.0.1" -nomad_host_networks: - - name: "private" - interface: wg0 - - name: "public" - interface: enp1s0 - - name: "default" - interface: wg0 -vault_listener_address: 10.0.0.1 diff --git a/host_vars/gerard b/host_vars/gerard deleted file mode 100644 index 58a46c1..0000000 --- a/host_vars/gerard +++ /dev/null @@ -1,3 +0,0 @@ ---- -ansible_host: "192.168.1.41" -ansible_python_interpreter: "/usr/bin/python3" diff --git a/host_vars/oscar b/host_vars/oscar deleted file mode 100644 index bd22274..0000000 --- a/host_vars/oscar +++ /dev/null @@ -1,16 +0,0 @@ ---- -wireguard_address: "10.0.0.2/24" -wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24" -perrsistent_keepalive: "30" -wireguard_endpoint: "" - -wireguard_postup: - - iptables -A FORWARD -i wg0 -j ACCEPT - - iptables -A FORWARD -o wg0 -j ACCEPT - - iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE - -wireguard_postdown: - - iptables -D FORWARD -i wg0 -j ACCEPT - - iptables -D FORWARD -o wg0 -j ACCEPT - - iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE -consul_snapshot: True diff --git a/makefile b/makefile index d6a6f5b..776f1cf 100644 --- a/makefile +++ b/makefile @@ -3,10 +3,10 @@ requirements: ansible-galaxy install -g -f -r roles/requirements.yml deploy_production: - ansible-playbook site.yml -i production --vault-password-file=./ansible-vault-pass.sh + ansible-playbook site.yml -i production deploy_staging: - ansible-playbook site.yml -i staging --vault-password-file=./ansible-vault-pass.sh + ansible-playbook site.yml -i staging generate-token: @echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h` diff --git a/playbooks/HashicorpStack.yml b/playbooks/HashicorpStack.yml deleted file mode 100644 index 51ab080..0000000 --- a/playbooks/HashicorpStack.yml +++ /dev/null @@ -1,9 +0,0 @@ -- hosts: HashicorpStack - roles: - - role: ansible-consul - become: true - - role: ansible-hashicorp-vault - when: ansible_architecture == 'x86_64' - become: true - - role: ansible-nomad - become: true diff --git a/playbooks/VPS.yml b/playbooks/VPS.yml deleted file mode 100644 index b5710fe..0000000 --- a/playbooks/VPS.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: VPS - vars: - roles: - - role: docker - become: True - - user_config diff --git a/playbooks/build.yml b/playbooks/build.yml deleted file mode 100644 index 37f71ed..0000000 --- a/playbooks/build.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: build - vars: - # certbot_force: true - roles: - - docker - - role: nginx - become: true - - role: ansible-role-postgresql - become: true - - php - - user_config diff --git a/playbooks/debian.yml b/playbooks/debian.yml deleted file mode 100644 index 2a77a52..0000000 --- a/playbooks/debian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: debian - - roles: - - syncthing - - msmtp diff --git a/playbooks/dhcpd.yml b/playbooks/dhcpd.yml deleted file mode 100644 index 383936d..0000000 --- a/playbooks/dhcpd.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- hosts: dhcp - vars: - - roles: - - user_config - - cronie - - role: ansible-dhcpd - become: true - - role: docker - become: true diff --git a/playbooks/global.yml b/playbooks/global.yml deleted file mode 100644 index fca24d1..0000000 --- a/playbooks/global.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: all - roles: - - system - - autofs diff --git a/playbooks/music-player.yml b/playbooks/music-player.yml deleted file mode 100644 index 1edfb73..0000000 --- a/playbooks/music-player.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: music-player - roles: - - user_config - - cronie - - hass-client-control - - mpd diff --git a/playbooks/server.yml b/playbooks/server.yml deleted file mode 100644 index fba3195..0000000 --- a/playbooks/server.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: server - vars: - # certbot_force: true - roles: - - role: ansible-role-chisel - become: true - - msmtp - - cronie - - rsyncd - - role: ansible-role-postgresql - become: true - - user_config diff --git a/playbooks/wireguard.yml b/playbooks/wireguard.yml deleted file mode 100644 index 561e21b..0000000 --- a/playbooks/wireguard.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: wireguard - roles: - - role: ansible-role-wireguard - become: True diff --git a/playbooks/workstation.yml b/playbooks/workstation.yml index ebeb933..b81f815 100644 --- a/playbooks/workstation.yml +++ b/playbooks/workstation.yml @@ -1,8 +1,8 @@ --- - hosts: workstation roles: - - role: ansible-role-chisel - become: true + - system + - autofs - syncthing - user_config - ansible-manager diff --git a/production b/production index 8740a92..c4273fc 100644 --- a/production +++ b/production @@ -1,6 +1,3 @@ -[server] -oscar - [workstation] fixe-pc @@ -10,18 +7,3 @@ laptop [laptop] zen-pc tablette - -[dhcp] -gerard - -[VPS] -corwin - -[wireguard] -corwin -oscar - -[HashicorpStack:children] -server -VPS -dhcp diff --git a/roles/requirements.yml b/roles/requirements.yml index cef4ad4..248ad3d 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -1,55 +1,39 @@ --- -- src: git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-manager.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-manager.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-chisel.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-postgresql.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd +- src: ssh://git@git.ducamps.win:2222/ansible-roles/autofs.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/bluetooth.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/autofs.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/cronie.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/bluetooth.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/cups.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/cronie.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/docker.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/cups.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/grub_themes.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/dns.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/hass-client-control.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/docker.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/laptop.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/grub_themes.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/mpd.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/hass-client-control.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/nvidia.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/laptop.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/system.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/mpd.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/user_config.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/msmtp.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/virt.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/nvidia.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/workstation.git scm: git -- src: git@git.ducamps.win:2222/ansible-roles/rsyncd.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/system.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/user_config.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/virt.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/workstation.git - scm: git -- src: https://github.com/githubixx/ansible-role-wireguard.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-consul.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-hashicorp-vault.git - scm: git -- src: git@git.ducamps.win:2222/ansible-roles/ansible-nomad.git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git scm: git diff --git a/site.yml b/site.yml index b3593d1..290579e 100644 --- a/site.yml +++ b/site.yml @@ -1,10 +1,2 @@ --- -- import_playbook: playbooks/global.yml -- import_playbook: playbooks/wireguard.yml -- import_playbook: playbooks/HashicorpStack.yml -- import_playbook: playbooks/music-player.yml -- import_playbook: playbooks/server.yml -- import_playbook: playbooks/build.yml - import_playbook: playbooks/workstation.yml -- import_playbook: playbooks/debian.yml -- import_playbook: playbooks/dhcpd.yml diff --git a/staging b/staging index c06a649..2def2f3 100644 --- a/staging +++ b/staging @@ -5,24 +5,3 @@ laptop [laptop] VMAW - -[VPS] -VMDR - -[dhcp] -VMAS-BUILD - -[VMServer] -VMAS-HML - -[server:children] -VMServer - -[HashicorpStack:children] -VMServer - -[wireguard] -VMDR - -[HashicorpStack] -VMDR diff --git a/test-role/chainetv.yml b/test-role/chainetv.yml deleted file mode 100644 index b4ebac3..0000000 --- a/test-role/chainetv.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: server - vars: - force_site_update: true - - roles: - - ../roles/chainetv diff --git a/test-role/chisel.yml b/test-role/chisel.yml deleted file mode 100644 index de0a20b..0000000 --- a/test-role/chisel.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: server - become: true - roles: - - ../roles/ansible-role-chisel diff --git a/test-role/gitea.yml b/test-role/gitea.yml deleted file mode 100644 index 92cbe37..0000000 --- a/test-role/gitea.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: server - roles: - - ../roles/gitea diff --git a/test-role/hass.yml b/test-role/hass.yml deleted file mode 100644 index e4be77e..0000000 --- a/test-role/hass.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: server - roles: - - ../roles/hass diff --git a/test-role/msmtp.yml b/test-role/msmtp.yml deleted file mode 100644 index cc7eee5..0000000 --- a/test-role/msmtp.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: server - roles: - - ../roles/msmtp diff --git a/test-role/nextcloud.yml b/test-role/nextcloud.yml deleted file mode 100644 index 818a095..0000000 --- a/test-role/nextcloud.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: server - pre_tasks: - - name: install terminfo - pacman: - state: present - name: - - termite-terminfo - become: true - - roles: - - ../roles/nextcloud diff --git a/test-role/nginx.yml b/test-role/nginx.yml deleted file mode 100644 index 1b5cd40..0000000 --- a/test-role/nginx.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: server - become: true - roles: - - ../roles/nginx diff --git a/test-role/php.yml b/test-role/php.yml deleted file mode 100644 index 504c0eb..0000000 --- a/test-role/php.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: server - vars: - force_site_update: true - - roles: - - ../roles/php diff --git a/test-role/postgres.yml b/test-role/postgres.yml deleted file mode 100644 index db51a2b..0000000 --- a/test-role/postgres.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: server - become: true - roles: - - ../roles/ansible-role-postgresql diff --git a/test-role/samba.yml b/test-role/samba.yml deleted file mode 100644 index 1b9b51d..0000000 --- a/test-role/samba.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: server - become: true - roles: - - ../roles/ansible-role-samba diff --git a/test-role/supysonic.yml b/test-role/supysonic.yml deleted file mode 100644 index 6a9a4fb..0000000 --- a/test-role/supysonic.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: server - vars: - supysonic_force_site_update: true - - roles: - - ../roles/supysonic diff --git a/test-role/system.yml b/test-role/system.yml deleted file mode 100644 index ac67629..0000000 --- a/test-role/system.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: all - roles: - - ../roles/system - - ../roles/autofs - - ../roles/user_config diff --git a/test-role/tt-rss.yml b/test-role/tt-rss.yml deleted file mode 100644 index 84741b4..0000000 --- a/test-role/tt-rss.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: server - vars: - force_site_update: true - - roles: - - ../roles/tt-rss diff --git a/test-role/vaultwarden.yml b/test-role/vaultwarden.yml deleted file mode 100644 index 7b5b63c..0000000 --- a/test-role/vaultwarden.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: server - become: true - roles: - - ../roles/ansible-vaultwarden