vincent/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

split ansible playboot betwen server and workstation see homelab repo for server
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
vincent 2022-06-19 14:51:37 +02:00
parent 7dfef9d5e0
commit ac6a9740c9
44 changed files with 23 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ansible-vault-pass.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
BW_VAULT_ENTRY_ID="ansible vault"
if [[ -z ${BW_SESSION:-} ]] ; then
>&2 echo '$BW_SESSION not found! - You need to login to the vault'
BW_SESSION=$(bw unlock --raw)
fi
bw get password ${BW_VAULT_ENTRY_ID} --session ${BW_SESSION} --raw

10
group_vars/HashicorpStack
View File

@ -1,10 +0,0 @@
consul_client_addr: "0.0.0.0"
consul_datacenter: "homelab"
consul_backup_location: "/mnt/diskstation/git/backup/consul"
consul_ansible_group: HashicorpStack
consul_bootstrap_expect: 2
nomad_vault_enabled: true
nomad_vault_address: "http://active.vault.service.consul:8200"
nomad_vault_role: "nomad-cluster"
nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
nomad_bootstrap_expect: 2

24
group_vars/VMServer
View File

@ -1,24 +0,0 @@
system_upgrade: true
nginx_error_log: "/var/log/nginx/error.log debug"
hosts_entries:
- name: ducamps.win
ip: 127.0.0.1
aliases:
- arch.ducamps.win
- www.ducamps.win
- file.ducamps.win
- supysonic.ducamps.win
- syno.ducamps.win
- vault.ducamps.win
- ww.ducamps.win
- hass.ducamps.win
- git.ducamps.win
consul_bootstrap_expect: 1
nomad_bootstrap_expect: 1
nomad_datacenter: hml
consul_server: False
nomad_server: False
consul_retry_join_force:
- 192.168.1.40

92
group_vars/VPS
View File

@ -1,92 +0,0 @@
keystodeploy:
- name: juicessh with password
user: "{{user.name}}"
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- name: fixe-pc new
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- name: zen-pc
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
- name: drone
user: drone-deploy
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
# defaults file for ansible-arch-provissionning
partition_table:
- device: "/dev/sda"
label: gpt
settings:
- number: 1
part_end: 64MB
flags: [boot, esp]
fstype: vfat
format: yes
- number: 2
part_start: 512MB
part_end: 1524MB
flags: []
fstype: swap
format: yes
- number: 3
part_start: 1524MB
flags: [lvm]
fstype: ext4
format: yes
#- device: "/dev/sdb"
#settings:
#- number: 1
#name: home
#fstype: ext4
#format:
mount_table:
- device: "/dev/sda"
settings:
- number: 3
mountpath: /mnt
fstype: ext4
- number: 1
mountpath: /mnt/boot
fstype: vfat
#need vfat boot partition with esp label
provissionning_UEFI_Enable: True
sssd_configure: False
nomad_datacenter: hetzner
systemd_mounts:
diskstation_nomad:
share: diskstation.ducamps.win:/volume2/nomad
mount: /mnt/diskstation/nomad
type: nfs
options:
- " "
automount: true
hetzner_storage:
share: //u304977.your-storagebox.de/backup
mount: /mnt/hetzner/storagebox
type: cifs
options:
- credentials=/etc/creds/hetzner_credentials
- uid= 1024
- gid= 10
- vers=3.0
- mfsymlinks
automount: true
credentials_files:
1:
type: smb
path: /etc/creds/hetzner_credentials
username: u304977
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
systemd_mounts_enabled:
- diskstation_nomad
- hetzner_storage
system_user:
- name: drone-deploy
home: /home/drone-deploy
shell: /bin/bash

24
group_vars/build
View File

@ -1,24 +0,0 @@
systemd_mounts:
diskstation_git:
share: diskstation.ducamps.win:/volume2/git
mount: /mnt/diskstation/git
type: nfs
options:
- " "
automount: true
systemd_mounts_enabled:
- diskstation_git
nginx_error_log: "/var/log/nginx/error.log debug"
docker_users:
- "{{ user.name }}"
postgresql_users:
- name: root
role_attr_flags: SUPERUSER
password: "{{ vault_mysql_root }}"
keystodeploy:
- name: juicessh without password
user: "{{ user.name }}"
sshkey: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHcHCTrzRuxEhsRdV+Q2Yr+nQNNuYKoNLmxW3IlVJtCIuaCY5prX1UuE8+nNWhbNVSagBCQwmubxLUV5ORf+tCBHeMyDPo7oetu3Wy5JaUwfGcuw3yGN94Qj3LqPUkdiw== juicewithoutpassword
- name: fixe-pc new
user: "{{ user.name }}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01

152
group_vars/dhcp
View File

@ -1,152 +0,0 @@
dhcpd_authoritative: True
dhcpd_lease_time: '72'
dhcpd_domain_name: "{{ domain.name }}"
dhcpd_nameservers:
- '192.168.1.40'
- '192.168.1.10'
dhcpd_keys:
- key: dhcp
algorithm: HMAC-MD5
secret: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:dhcpd_key') }}"
dhcpd_zones:
- zone: "{{ domain.name }}."
primary: "192.168.1.10"
key: "dhcp"
- zone: "1.168.192.in-addr.arpa."
primary: "192.168.1.10"
key: "dhcp"
dhcpd_options: |
ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;
ddns-domainname "ducamps.win.";
ddns-rev-domainname "in-addr.arpa.";
dhcpd_subnets:
- subnet: '192.168.1.0'
netmask: '255.255.255.0'
options: |
option routers 192.168.1.1;
pools:
- range: '192.168.1.100 192.168.1.140'
dhcpd_hosts:
- hostname: 'zen-pc'
address: '192.168.1.14'
ethernet: 'f0:d5:bf:f4:ce:d7'
- hostname: 'fixe-pc'
address: '192.168.1.15'
ethernet: 'ee:35:20:fc:7b:04'
- hostname: 'oscar'
address: '192.168.1.40'
ethernet: '84:39:be:12:05:69'
- hostname: 'VMAS-HML'
address: '192.168.1.50'
ethernet: '52:54:00:02:74:ed'
- hostname: 'VMAS-BUILD'
address: '192.168.1.53'
ethernet: '52:54:13:1e:93'
- hostname: 'xiaomi-chambre-gateway'
address: '192.168.1.61'
ethernet: '04:cf:8c:9c:f7:f0'
- hostname: 'xiaomi-ampoule-chambre'
address: '192.168.1.62'
ethernet: '44:23:7c:88:1f:ea'
- hostname: 'shelly-chambre-ecran'
address: '192.168.1.63'
ethernet: 'b4:e6:2d:7a:ea:77'
- hostname: 'shelly-salon-cadre'
address: '192.168.1.64'
ethernet: 'b4:e6:2d:7a:e6:1e'
- hostname: 'shelly-chambre-ventilo'
address: '192.168.1.65'
ethernet: 'e0:98:06:97:78:0b'
keystodeploy:
- name: juicessh with password
user: "{{user.name}}"
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- name: fixe-pc new
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- name: zen-pc
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
nomad_datacenter: homelab
systemd_mounts:
diskstation_nomad:
share: diskstation.ducamps.win:/volume2/nomad
mount: /mnt/diskstation/nomad
type: nfs
options:
- " "
automount: true
diskstation_git:
share: diskstation.ducamps.win:/volume2/git
mount: /mnt/diskstation/git
type: nfs
options:
- " "
automount: true
diskstation_music:
share: diskstation.ducamps.win:/volume2/music
mount: /mnt/diskstation/music
type: nfs
options:
- " "
automount: true
diskstation_nextcloud:
share: //diskstation.ducamps.win/nextcloud
mount: /mnt/diskstation/nextcloud
type: cifs
options:
- credentials=/etc/creds/.diskstation_credentials
- uid=33
- gid=33
- vers=3.0
- dir_mode=0770
- _netdev
automount: true
diskstation_CardDav:
share: diskstation.ducamps.win:/volume2/CardDav
mount: /mnt/diskstation/CardDav
type: nfs
options:
- " "
automount: true
diskstation_archMirror:
share: diskstation.ducamps.win:/volume2/archMirror
mount: /mnt/diskstation/archMirror
type: nfs
options:
- " "
automount: true
credentials_files:
1:
type: smb
path: /etc/creds/.diskstation_credentials
username: admin
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}"
systemd_mounts_enabled:
- diskstation_nomad
- diskstation_git
- diskstation_music
- diskstation_nextcloud
- diskstation_CardDav
- diskstation_archMirror

55
group_vars/server/database
View File

@ -1,55 +0,0 @@
postgresql_users:
- name: root
role_attr_flags: SUPERUSER
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:root')}}"
- name: wikijs
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:wikijs')}}"
- name: ttrss
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:ttrss')}}"
- name: gitea
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:gitea')}}"
- name: supysonic
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:supysonic')}}"
- name: hass
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:hass')}}"
- name: nextcloud
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:nextcloud')}}"
- name: vaultwarden
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:vaultwarden')}}"
- name: drone
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:drone')}}"
postgresql_databases:
- name: wikijs
lc_collate: fr_FR.UTF-8
lc_ctype: en_US.UTF-8
owner: wikijs
- name: ttrss
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: ttrss
- name: gitea
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: gitea
- name: supysonic
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: supysonic
- name: hass
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: hass
- name: nextcloud
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: nextcloud
- name: vaultwarden
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: vaultwarden
- name: drone
lc_collate: fr_FR.UTF-8
lc_ctype: fr_FR.UTF-8
owner: drone

93
group_vars/server/mount
View File

@ -1,93 +0,0 @@
systemd_mounts:
diskstation_git:
share: diskstation.ducamps.win:/volume2/git
mount: /mnt/diskstation/git
type: nfs
options:
- " "
automount: true
diskstation_CardDav:
share: diskstation.ducamps.win:/volume2/CardDav
mount: /mnt/diskstation/CardDav
type: nfs
options:
- " "
automount: true
backup_disk:
share: /dev/sdb1
mount: /mnt/backup
type: ntfs-3g
options:
- "uid=1024
- guid=100
- vers=3.0"
automount: true
diskstation_home:
share: diskstation.ducamps.win:/volume2/homes/admin
mount: /mnt/diskstation/home
type: nfs
options:
- " "
automount: true
diskstation_photo:
share: diskstation.ducamps.win:/volume2/photo
mount: /mnt/diskstation/photo
type: nfs
options:
- " "
automount: true
diskstation_music:
share: diskstation.ducamps.win:/volume2/music
mount: /mnt/diskstation/music
type: nfs
options:
- " "
automount: true
diskstation_media:
share: diskstation.ducamps.win:/volume1/media
mount: /mnt/diskstation/media
type: nfs
options:
- " "
automount: true
diskstation_ebook:
share: diskstation.ducamps.win:/volume2/ebook
mount: /mnt/diskstation/ebook
type: nfs
options:
- " "
automount: true
diskstation_archMirror:
share: diskstation.ducamps.win:/volume2/archMirror
mount: /mnt/diskstation/archMirror
type: nfs
options:
- " "
automount: true
diskstation_nomad:
share: diskstation.ducamps.win:/volume2/nomad
mount: /mnt/diskstation/nomad
type: nfs
options:
- " "
automount: true
systemd_mounts_enabled:
- diskstation_git
- diskstation_music
- backup_disk
- diskstation_photo
- diskstation_home
- diskstation_CardDav
- diskstation_media
- diskstation_ebook
- diskstation_archMirror
- diskstation_nomad
credentials_files:
1:
type: smb
path: /etc/creds/.diskstation_credentials
username: admin
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}"

43
group_vars/server/server
View File

@ -1,43 +0,0 @@
notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
msmtp_mailhub: smtp.{{ domain.name }}
msmtp_auth_user: "{{ user.mail }}"
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
rsynclocations:
- name: backup nas
location: /mnt/backup
readonly: "no"
rsynchostalloawed: 192.168.1.10
docker_users: "{{user.name}}"
keystodeploy:
- name: juicessh with password
user: "{{user.name}}"
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- name: fixe-pc new
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- name: zen-pc
user: "{{user.name}}"
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
- name: drone
user: drone-deploy
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
chisel_server: true
chisel_server_port: 9090
chisel_server_backend: https://www.{{domain.name}}
chisel_server_auth:
user: chisel
pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:chisel_pass') }}"
arch_mirror_location: "/mnt/diskstation/archMirror"
system_user:
- name: drone-deploy
home: /home/drone-deploy
shell: /bin/bash
nomad_datacenter: homelab
nomad_allow_privileged: True

0
group_vars/wireguard
View File

2
host_vars/VMAS-BUILD
View File

@ -1,2 +0,0 @@
chainetv_repo_branch: dev

2
host_vars/VMAS-HML
View File

@ -1,2 +0,0 @@
chainetv_repo_branch: master

40
host_vars/corwin
View File

@ -1,40 +0,0 @@
---
ansible_host: 10.0.0.1
wireguard_address: "10.0.0.1/24"
wireguard_endpoint: "65.108.221.233"
wireguard_persistent_keepalive: "30"
wireguard_allowed_ips: "10.0.0.0/24"
wireguard_postup:
- iptables -A FORWARD -o %i -j ACCEPT
- iptables -A FORWARD -i %i -j ACCEPT
- iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
wireguard_postdown:
- iptables -D FORWARD -i %i -j ACCEPT
- iptables -D FORWARD -o %i -j ACCEPT
- iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
wireguard_unmanaged_peers:
phone:
public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
allowed_ips: 10.0.0.3/32
persistent_keepalive: 0
zen:
public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
allowed_ips: 10.0.0.4/32
persistent_keepalive: 0
consul_client_addr: "127.0.0.1 10.0.0.1"
consul_bind_address: "10.0.0.1"
consul_ui: True
consul_iface: "wg0"
nomad_bind_addr: "10.0.0.1"
nomad_host_networks:
- name: "private"
interface: wg0
- name: "public"
interface: enp1s0
- name: "default"
interface: wg0
vault_listener_address: 10.0.0.1

3
host_vars/gerard
View File

@ -1,3 +0,0 @@
---
ansible_host: "192.168.1.41"
ansible_python_interpreter: "/usr/bin/python3"

16
host_vars/oscar
View File

@ -1,16 +0,0 @@
---
wireguard_address: "10.0.0.2/24"
wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24"
perrsistent_keepalive: "30"
wireguard_endpoint: ""
wireguard_postup:
- iptables -A FORWARD -i wg0 -j ACCEPT
- iptables -A FORWARD -o wg0 -j ACCEPT
- iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
wireguard_postdown:
- iptables -D FORWARD -i wg0 -j ACCEPT
- iptables -D FORWARD -o wg0 -j ACCEPT
- iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
consul_snapshot: True

4
makefile
View File

@ -3,10 +3,10 @@ requirements:
ansible-galaxy install -g -f -r roles/requirements.yml ansible-galaxy install -g -f -r roles/requirements.yml
deploy_production: deploy_production:
ansible-playbook site.yml -i production --vault-password-file=./ansible-vault-pass.sh ansible-playbook site.yml -i production
deploy_staging: deploy_staging:
ansible-playbook site.yml -i staging --vault-password-file=./ansible-vault-pass.sh ansible-playbook site.yml -i staging
generate-token: generate-token:
@echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h` @echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h`

9
playbooks/HashicorpStack.yml
View File

@ -1,9 +0,0 @@
- hosts: HashicorpStack
roles:
- role: ansible-consul
become: true
- role: ansible-hashicorp-vault
when: ansible_architecture == 'x86_64'
become: true
- role: ansible-nomad
become: true

7
playbooks/VPS.yml
View File

@ -1,7 +0,0 @@
---
- hosts: VPS
vars:
roles:
- role: docker
become: True
- user_config

12
playbooks/build.yml
View File

@ -1,12 +0,0 @@
---
- hosts: build
vars:
# certbot_force: true
roles:
- docker
- role: nginx
become: true
- role: ansible-role-postgresql
become: true
- php
- user_config

6
playbooks/debian.yml
View File

@ -1,6 +0,0 @@
---
- hosts: debian
roles:
- syncthing
- msmtp

11
playbooks/dhcpd.yml
View File

@ -1,11 +0,0 @@
---
- hosts: dhcp
vars:
roles:
- user_config
- cronie
- role: ansible-dhcpd
become: true
- role: docker
become: true

5
playbooks/global.yml
View File

@ -1,5 +0,0 @@
---
- hosts: all
roles:
- system
- autofs

7
playbooks/music-player.yml
View File

@ -1,7 +0,0 @@
---
- hosts: music-player
roles:
- user_config
- cronie
- hass-client-control
- mpd

13
playbooks/server.yml
View File

@ -1,13 +0,0 @@
---
- hosts: server
vars:
# certbot_force: true
roles:
- role: ansible-role-chisel
become: true
- msmtp
- cronie
- rsyncd
- role: ansible-role-postgresql
become: true
- user_config

5
playbooks/wireguard.yml
View File

@ -1,5 +0,0 @@
---
- hosts: wireguard
roles:
- role: ansible-role-wireguard
become: True

4
playbooks/workstation.yml
View File

@ -1,8 +1,8 @@
--- ---
- hosts: workstation - hosts: workstation
roles: roles:
- role: ansible-role-chisel - system
become: true - autofs
- syncthing - syncthing
- user_config - user_config
- ansible-manager - ansible-manager

18
production
View File

@ -1,6 +1,3 @@
[server]
oscar
[workstation] [workstation]
fixe-pc fixe-pc
@ -10,18 +7,3 @@ laptop
[laptop] [laptop]
zen-pc zen-pc
tablette tablette
[dhcp]
gerard
[VPS]
corwin
[wireguard]
corwin
oscar
[HashicorpStack:children]
server
VPS
dhcp

54
roles/requirements.yml
View File

@ -1,55 +1,39 @@
--- ---
- src: git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-manager.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-manager.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-chisel.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-postgresql.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd - src: ssh://git@git.ducamps.win:2222/ansible-roles/autofs.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/bluetooth.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/autofs.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/cronie.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/bluetooth.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/cups.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/cronie.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/docker.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/cups.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/grub_themes.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/dns.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/hass-client-control.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/docker.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/laptop.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/grub_themes.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/mpd.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/hass-client-control.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/nvidia.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/laptop.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/system.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/mpd.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/user_config.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/msmtp.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/virt.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/nvidia.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/workstation.git
scm: git scm: git
- src: git@git.ducamps.win:2222/ansible-roles/rsyncd.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/system.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/user_config.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/virt.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/workstation.git
scm: git
- src: https://github.com/githubixx/ansible-role-wireguard.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-consul.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-hashicorp-vault.git
scm: git
- src: git@git.ducamps.win:2222/ansible-roles/ansible-nomad.git
scm: git scm: git

8
site.yml
View File

@ -1,10 +1,2 @@
--- ---
- import_playbook: playbooks/global.yml
- import_playbook: playbooks/wireguard.yml
- import_playbook: playbooks/HashicorpStack.yml
- import_playbook: playbooks/music-player.yml
- import_playbook: playbooks/server.yml
- import_playbook: playbooks/build.yml
- import_playbook: playbooks/workstation.yml - import_playbook: playbooks/workstation.yml
- import_playbook: playbooks/debian.yml
- import_playbook: playbooks/dhcpd.yml

21
staging
View File

@ -5,24 +5,3 @@ laptop
[laptop] [laptop]
VMAW VMAW
[VPS]
VMDR
[dhcp]
VMAS-BUILD
[VMServer]
VMAS-HML
[server:children]
VMServer
[HashicorpStack:children]
VMServer
[wireguard]
VMDR
[HashicorpStack]
VMDR

7
test-role/chainetv.yml
View File

@ -1,7 +0,0 @@
---
- hosts: server
vars:
force_site_update: true
roles:
- ../roles/chainetv

5
test-role/chisel.yml
View File

@ -1,5 +0,0 @@
---
- hosts: server
become: true
roles:
- ../roles/ansible-role-chisel

4
test-role/gitea.yml
View File

@ -1,4 +0,0 @@
---
- hosts: server
roles:
- ../roles/gitea

4
test-role/hass.yml
View File

@ -1,4 +0,0 @@
---
- hosts: server
roles:
- ../roles/hass

4
test-role/msmtp.yml
View File

@ -1,4 +0,0 @@
---
- hosts: server
roles:
- ../roles/msmtp

12
test-role/nextcloud.yml
View File

@ -1,12 +0,0 @@
---
- hosts: server
pre_tasks:
- name: install terminfo
pacman:
state: present
name:
- termite-terminfo
become: true
roles:
- ../roles/nextcloud

5
test-role/nginx.yml
View File

@ -1,5 +0,0 @@
---
- hosts: server
become: true
roles:
- ../roles/nginx

7
test-role/php.yml
View File

@ -1,7 +0,0 @@
---
- hosts: server
vars:
force_site_update: true
roles:
- ../roles/php

5
test-role/postgres.yml
View File

@ -1,5 +0,0 @@
---
- hosts: server
become: true
roles:
- ../roles/ansible-role-postgresql

5
test-role/samba.yml
View File

@ -1,5 +0,0 @@
---
- hosts: server
become: true
roles:
- ../roles/ansible-role-samba

7
test-role/supysonic.yml
View File

@ -1,7 +0,0 @@
---
- hosts: server
vars:
supysonic_force_site_update: true
roles:
- ../roles/supysonic

6
test-role/system.yml
View File

@ -1,6 +0,0 @@
---
- hosts: all
roles:
- ../roles/system
- ../roles/autofs
- ../roles/user_config

7
test-role/tt-rss.yml
View File

@ -1,7 +0,0 @@
---
- hosts: server
vars:
force_site_update: true
roles:
- ../roles/tt-rss

5
test-role/vaultwarden.yml
View File

@ -1,5 +0,0 @@
---
- hosts: server
become: true
roles:
- ../roles/ansible-vaultwarden