split ansible playboot betwen server and workstation see homelab repo for server
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
vincent
parent
7dfef9d5e0
commit
ac6a9740c9
@ -1,7 +0,0 @@
|
||||
#!/bin/bash
|
||||
BW_VAULT_ENTRY_ID="ansible vault"
|
||||
if [[ -z ${BW_SESSION:-} ]] ; then
|
||||
>&2 echo '$BW_SESSION not found! - You need to login to the vault'
|
||||
BW_SESSION=$(bw unlock --raw)
|
||||
fi
|
||||
bw get password ${BW_VAULT_ENTRY_ID} --session ${BW_SESSION} --raw
|
||||
@ -1,10 +0,0 @@
|
||||
consul_client_addr: "0.0.0.0"
|
||||
consul_datacenter: "homelab"
|
||||
consul_backup_location: "/mnt/diskstation/git/backup/consul"
|
||||
consul_ansible_group: HashicorpStack
|
||||
consul_bootstrap_expect: 2
|
||||
nomad_vault_enabled: true
|
||||
nomad_vault_address: "http://active.vault.service.consul:8200"
|
||||
nomad_vault_role: "nomad-cluster"
|
||||
nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
|
||||
nomad_bootstrap_expect: 2
|
||||
@ -1,24 +0,0 @@
|
||||
system_upgrade: true
|
||||
nginx_error_log: "/var/log/nginx/error.log debug"
|
||||
|
||||
hosts_entries:
|
||||
- name: ducamps.win
|
||||
ip: 127.0.0.1
|
||||
aliases:
|
||||
- arch.ducamps.win
|
||||
- www.ducamps.win
|
||||
- file.ducamps.win
|
||||
- supysonic.ducamps.win
|
||||
- syno.ducamps.win
|
||||
- vault.ducamps.win
|
||||
- ww.ducamps.win
|
||||
- hass.ducamps.win
|
||||
- git.ducamps.win
|
||||
|
||||
consul_bootstrap_expect: 1
|
||||
nomad_bootstrap_expect: 1
|
||||
nomad_datacenter: hml
|
||||
consul_server: False
|
||||
nomad_server: False
|
||||
consul_retry_join_force:
|
||||
- 192.168.1.40
|
||||
@ -1,92 +0,0 @@
|
||||
keystodeploy:
|
||||
- name: juicessh with password
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||
- name: fixe-pc new
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
- name: zen-pc
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||
- name: drone
|
||||
user: drone-deploy
|
||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
||||
|
||||
# defaults file for ansible-arch-provissionning
|
||||
partition_table:
|
||||
- device: "/dev/sda"
|
||||
label: gpt
|
||||
settings:
|
||||
- number: 1
|
||||
part_end: 64MB
|
||||
flags: [boot, esp]
|
||||
fstype: vfat
|
||||
format: yes
|
||||
- number: 2
|
||||
part_start: 512MB
|
||||
part_end: 1524MB
|
||||
flags: []
|
||||
fstype: swap
|
||||
format: yes
|
||||
- number: 3
|
||||
part_start: 1524MB
|
||||
flags: [lvm]
|
||||
fstype: ext4
|
||||
format: yes
|
||||
#- device: "/dev/sdb"
|
||||
#settings:
|
||||
#- number: 1
|
||||
#name: home
|
||||
#fstype: ext4
|
||||
#format:
|
||||
mount_table:
|
||||
- device: "/dev/sda"
|
||||
settings:
|
||||
- number: 3
|
||||
mountpath: /mnt
|
||||
fstype: ext4
|
||||
- number: 1
|
||||
mountpath: /mnt/boot
|
||||
fstype: vfat
|
||||
|
||||
#need vfat boot partition with esp label
|
||||
provissionning_UEFI_Enable: True
|
||||
sssd_configure: False
|
||||
nomad_datacenter: hetzner
|
||||
|
||||
systemd_mounts:
|
||||
diskstation_nomad:
|
||||
share: diskstation.ducamps.win:/volume2/nomad
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
hetzner_storage:
|
||||
share: //u304977.your-storagebox.de/backup
|
||||
mount: /mnt/hetzner/storagebox
|
||||
type: cifs
|
||||
options:
|
||||
- credentials=/etc/creds/hetzner_credentials
|
||||
- uid= 1024
|
||||
- gid= 10
|
||||
- vers=3.0
|
||||
- mfsymlinks
|
||||
automount: true
|
||||
credentials_files:
|
||||
1:
|
||||
type: smb
|
||||
path: /etc/creds/hetzner_credentials
|
||||
username: u304977
|
||||
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
|
||||
|
||||
|
||||
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_nomad
|
||||
- hetzner_storage
|
||||
|
||||
system_user:
|
||||
- name: drone-deploy
|
||||
home: /home/drone-deploy
|
||||
shell: /bin/bash
|
||||
@ -1,24 +0,0 @@
|
||||
systemd_mounts:
|
||||
diskstation_git:
|
||||
share: diskstation.ducamps.win:/volume2/git
|
||||
mount: /mnt/diskstation/git
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_git
|
||||
nginx_error_log: "/var/log/nginx/error.log debug"
|
||||
docker_users:
|
||||
- "{{ user.name }}"
|
||||
postgresql_users:
|
||||
- name: root
|
||||
role_attr_flags: SUPERUSER
|
||||
password: "{{ vault_mysql_root }}"
|
||||
keystodeploy:
|
||||
- name: juicessh without password
|
||||
user: "{{ user.name }}"
|
||||
sshkey: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHcHCTrzRuxEhsRdV+Q2Yr+nQNNuYKoNLmxW3IlVJtCIuaCY5prX1UuE8+nNWhbNVSagBCQwmubxLUV5ORf+tCBHeMyDPo7oetu3Wy5JaUwfGcuw3yGN94Qj3LqPUkdiw== juicewithoutpassword
|
||||
- name: fixe-pc new
|
||||
user: "{{ user.name }}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
152
group_vars/dhcp
152
group_vars/dhcp
@ -1,152 +0,0 @@
|
||||
dhcpd_authoritative: True
|
||||
dhcpd_lease_time: '72'
|
||||
dhcpd_domain_name: "{{ domain.name }}"
|
||||
dhcpd_nameservers:
|
||||
- '192.168.1.40'
|
||||
- '192.168.1.10'
|
||||
dhcpd_keys:
|
||||
- key: dhcp
|
||||
algorithm: HMAC-MD5
|
||||
secret: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:dhcpd_key') }}"
|
||||
|
||||
dhcpd_zones:
|
||||
- zone: "{{ domain.name }}."
|
||||
primary: "192.168.1.10"
|
||||
key: "dhcp"
|
||||
- zone: "1.168.192.in-addr.arpa."
|
||||
primary: "192.168.1.10"
|
||||
key: "dhcp"
|
||||
|
||||
dhcpd_options: |
|
||||
ddns-updates on;
|
||||
ddns-update-style interim;
|
||||
ignore client-updates;
|
||||
update-static-leases on;
|
||||
ddns-domainname "ducamps.win.";
|
||||
ddns-rev-domainname "in-addr.arpa.";
|
||||
|
||||
|
||||
dhcpd_subnets:
|
||||
- subnet: '192.168.1.0'
|
||||
netmask: '255.255.255.0'
|
||||
options: |
|
||||
option routers 192.168.1.1;
|
||||
pools:
|
||||
- range: '192.168.1.100 192.168.1.140'
|
||||
|
||||
dhcpd_hosts:
|
||||
- hostname: 'zen-pc'
|
||||
address: '192.168.1.14'
|
||||
ethernet: 'f0:d5:bf:f4:ce:d7'
|
||||
|
||||
- hostname: 'fixe-pc'
|
||||
address: '192.168.1.15'
|
||||
ethernet: 'ee:35:20:fc:7b:04'
|
||||
|
||||
- hostname: 'oscar'
|
||||
address: '192.168.1.40'
|
||||
ethernet: '84:39:be:12:05:69'
|
||||
|
||||
- hostname: 'VMAS-HML'
|
||||
address: '192.168.1.50'
|
||||
ethernet: '52:54:00:02:74:ed'
|
||||
|
||||
- hostname: 'VMAS-BUILD'
|
||||
address: '192.168.1.53'
|
||||
ethernet: '52:54:13:1e:93'
|
||||
|
||||
|
||||
- hostname: 'xiaomi-chambre-gateway'
|
||||
address: '192.168.1.61'
|
||||
ethernet: '04:cf:8c:9c:f7:f0'
|
||||
- hostname: 'xiaomi-ampoule-chambre'
|
||||
address: '192.168.1.62'
|
||||
ethernet: '44:23:7c:88:1f:ea'
|
||||
- hostname: 'shelly-chambre-ecran'
|
||||
address: '192.168.1.63'
|
||||
ethernet: 'b4:e6:2d:7a:ea:77'
|
||||
- hostname: 'shelly-salon-cadre'
|
||||
address: '192.168.1.64'
|
||||
ethernet: 'b4:e6:2d:7a:e6:1e'
|
||||
- hostname: 'shelly-chambre-ventilo'
|
||||
address: '192.168.1.65'
|
||||
ethernet: 'e0:98:06:97:78:0b'
|
||||
|
||||
keystodeploy:
|
||||
- name: juicessh with password
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||
- name: fixe-pc new
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
- name: zen-pc
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||
|
||||
nomad_datacenter: homelab
|
||||
|
||||
|
||||
systemd_mounts:
|
||||
diskstation_nomad:
|
||||
share: diskstation.ducamps.win:/volume2/nomad
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_git:
|
||||
share: diskstation.ducamps.win:/volume2/git
|
||||
mount: /mnt/diskstation/git
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_music:
|
||||
share: diskstation.ducamps.win:/volume2/music
|
||||
mount: /mnt/diskstation/music
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_nextcloud:
|
||||
share: //diskstation.ducamps.win/nextcloud
|
||||
mount: /mnt/diskstation/nextcloud
|
||||
type: cifs
|
||||
options:
|
||||
- credentials=/etc/creds/.diskstation_credentials
|
||||
- uid=33
|
||||
- gid=33
|
||||
- vers=3.0
|
||||
- dir_mode=0770
|
||||
- _netdev
|
||||
automount: true
|
||||
diskstation_CardDav:
|
||||
share: diskstation.ducamps.win:/volume2/CardDav
|
||||
mount: /mnt/diskstation/CardDav
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_archMirror:
|
||||
share: diskstation.ducamps.win:/volume2/archMirror
|
||||
mount: /mnt/diskstation/archMirror
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
|
||||
credentials_files:
|
||||
1:
|
||||
type: smb
|
||||
path: /etc/creds/.diskstation_credentials
|
||||
username: admin
|
||||
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}"
|
||||
|
||||
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_nomad
|
||||
- diskstation_git
|
||||
- diskstation_music
|
||||
- diskstation_nextcloud
|
||||
- diskstation_CardDav
|
||||
- diskstation_archMirror
|
||||
@ -1,55 +0,0 @@
|
||||
|
||||
postgresql_users:
|
||||
- name: root
|
||||
role_attr_flags: SUPERUSER
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:root')}}"
|
||||
- name: wikijs
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:wikijs')}}"
|
||||
- name: ttrss
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:ttrss')}}"
|
||||
- name: gitea
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:gitea')}}"
|
||||
- name: supysonic
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:supysonic')}}"
|
||||
- name: hass
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:hass')}}"
|
||||
- name: nextcloud
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:nextcloud')}}"
|
||||
- name: vaultwarden
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:vaultwarden')}}"
|
||||
- name: drone
|
||||
password: "{{ lookup('hashi_vault', 'secret=secrets/data/ansible/database:drone')}}"
|
||||
|
||||
postgresql_databases:
|
||||
- name: wikijs
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: en_US.UTF-8
|
||||
owner: wikijs
|
||||
- name: ttrss
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: ttrss
|
||||
- name: gitea
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: gitea
|
||||
- name: supysonic
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: supysonic
|
||||
- name: hass
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: hass
|
||||
- name: nextcloud
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: nextcloud
|
||||
- name: vaultwarden
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: vaultwarden
|
||||
- name: drone
|
||||
lc_collate: fr_FR.UTF-8
|
||||
lc_ctype: fr_FR.UTF-8
|
||||
owner: drone
|
||||
@ -1,93 +0,0 @@
|
||||
systemd_mounts:
|
||||
diskstation_git:
|
||||
share: diskstation.ducamps.win:/volume2/git
|
||||
mount: /mnt/diskstation/git
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_CardDav:
|
||||
share: diskstation.ducamps.win:/volume2/CardDav
|
||||
mount: /mnt/diskstation/CardDav
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
backup_disk:
|
||||
share: /dev/sdb1
|
||||
mount: /mnt/backup
|
||||
type: ntfs-3g
|
||||
options:
|
||||
- "uid=1024
|
||||
- guid=100
|
||||
- vers=3.0"
|
||||
automount: true
|
||||
diskstation_home:
|
||||
share: diskstation.ducamps.win:/volume2/homes/admin
|
||||
mount: /mnt/diskstation/home
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_photo:
|
||||
share: diskstation.ducamps.win:/volume2/photo
|
||||
mount: /mnt/diskstation/photo
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_music:
|
||||
share: diskstation.ducamps.win:/volume2/music
|
||||
mount: /mnt/diskstation/music
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_media:
|
||||
share: diskstation.ducamps.win:/volume1/media
|
||||
mount: /mnt/diskstation/media
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_ebook:
|
||||
share: diskstation.ducamps.win:/volume2/ebook
|
||||
mount: /mnt/diskstation/ebook
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_archMirror:
|
||||
share: diskstation.ducamps.win:/volume2/archMirror
|
||||
mount: /mnt/diskstation/archMirror
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
diskstation_nomad:
|
||||
share: diskstation.ducamps.win:/volume2/nomad
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_git
|
||||
- diskstation_music
|
||||
- backup_disk
|
||||
- diskstation_photo
|
||||
- diskstation_home
|
||||
- diskstation_CardDav
|
||||
- diskstation_media
|
||||
- diskstation_ebook
|
||||
- diskstation_archMirror
|
||||
- diskstation_nomad
|
||||
|
||||
credentials_files:
|
||||
1:
|
||||
type: smb
|
||||
path: /etc/creds/.diskstation_credentials
|
||||
username: admin
|
||||
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:diskstation_admin') }}"
|
||||
|
||||
@ -1,43 +0,0 @@
|
||||
notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
|
||||
msmtp_mailhub: smtp.{{ domain.name }}
|
||||
msmtp_auth_user: "{{ user.mail }}"
|
||||
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
|
||||
|
||||
rsynclocations:
|
||||
- name: backup nas
|
||||
location: /mnt/backup
|
||||
readonly: "no"
|
||||
|
||||
rsynchostalloawed: 192.168.1.10
|
||||
|
||||
|
||||
docker_users: "{{user.name}}"
|
||||
keystodeploy:
|
||||
- name: juicessh with password
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||
- name: fixe-pc new
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
- name: zen-pc
|
||||
user: "{{user.name}}"
|
||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||
- name: drone
|
||||
user: drone-deploy
|
||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
||||
|
||||
chisel_server: true
|
||||
chisel_server_port: 9090
|
||||
chisel_server_backend: https://www.{{domain.name}}
|
||||
chisel_server_auth:
|
||||
user: chisel
|
||||
pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:chisel_pass') }}"
|
||||
arch_mirror_location: "/mnt/diskstation/archMirror"
|
||||
|
||||
system_user:
|
||||
- name: drone-deploy
|
||||
home: /home/drone-deploy
|
||||
shell: /bin/bash
|
||||
|
||||
nomad_datacenter: homelab
|
||||
nomad_allow_privileged: True
|
||||
@ -1,2 +0,0 @@
|
||||
|
||||
chainetv_repo_branch: dev
|
||||
@ -1,2 +0,0 @@
|
||||
|
||||
chainetv_repo_branch: master
|
||||
@ -1,40 +0,0 @@
|
||||
---
|
||||
ansible_host: 10.0.0.1
|
||||
|
||||
wireguard_address: "10.0.0.1/24"
|
||||
wireguard_endpoint: "65.108.221.233"
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_allowed_ips: "10.0.0.0/24"
|
||||
|
||||
wireguard_postup:
|
||||
- iptables -A FORWARD -o %i -j ACCEPT
|
||||
- iptables -A FORWARD -i %i -j ACCEPT
|
||||
- iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
|
||||
|
||||
wireguard_postdown:
|
||||
- iptables -D FORWARD -i %i -j ACCEPT
|
||||
- iptables -D FORWARD -o %i -j ACCEPT
|
||||
- iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
|
||||
|
||||
wireguard_unmanaged_peers:
|
||||
phone:
|
||||
public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
|
||||
allowed_ips: 10.0.0.3/32
|
||||
persistent_keepalive: 0
|
||||
zen:
|
||||
public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
|
||||
allowed_ips: 10.0.0.4/32
|
||||
persistent_keepalive: 0
|
||||
consul_client_addr: "127.0.0.1 10.0.0.1"
|
||||
consul_bind_address: "10.0.0.1"
|
||||
consul_ui: True
|
||||
consul_iface: "wg0"
|
||||
nomad_bind_addr: "10.0.0.1"
|
||||
nomad_host_networks:
|
||||
- name: "private"
|
||||
interface: wg0
|
||||
- name: "public"
|
||||
interface: enp1s0
|
||||
- name: "default"
|
||||
interface: wg0
|
||||
vault_listener_address: 10.0.0.1
|
||||
@ -1,3 +0,0 @@
|
||||
---
|
||||
ansible_host: "192.168.1.41"
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
wireguard_address: "10.0.0.2/24"
|
||||
wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24"
|
||||
perrsistent_keepalive: "30"
|
||||
wireguard_endpoint: ""
|
||||
|
||||
wireguard_postup:
|
||||
- iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
- iptables -A FORWARD -o wg0 -j ACCEPT
|
||||
- iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
||||
|
||||
wireguard_postdown:
|
||||
- iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
- iptables -D FORWARD -o wg0 -j ACCEPT
|
||||
- iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
||||
consul_snapshot: True
|
||||
4
makefile
4
makefile
@ -3,10 +3,10 @@ requirements:
|
||||
ansible-galaxy install -g -f -r roles/requirements.yml
|
||||
|
||||
deploy_production:
|
||||
ansible-playbook site.yml -i production --vault-password-file=./ansible-vault-pass.sh
|
||||
ansible-playbook site.yml -i production
|
||||
|
||||
deploy_staging:
|
||||
ansible-playbook site.yml -i staging --vault-password-file=./ansible-vault-pass.sh
|
||||
ansible-playbook site.yml -i staging
|
||||
|
||||
generate-token:
|
||||
@echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h`
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
- hosts: HashicorpStack
|
||||
roles:
|
||||
- role: ansible-consul
|
||||
become: true
|
||||
- role: ansible-hashicorp-vault
|
||||
when: ansible_architecture == 'x86_64'
|
||||
become: true
|
||||
- role: ansible-nomad
|
||||
become: true
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: VPS
|
||||
vars:
|
||||
roles:
|
||||
- role: docker
|
||||
become: True
|
||||
- user_config
|
||||
@ -1,12 +0,0 @@
|
||||
---
|
||||
- hosts: build
|
||||
vars:
|
||||
# certbot_force: true
|
||||
roles:
|
||||
- docker
|
||||
- role: nginx
|
||||
become: true
|
||||
- role: ansible-role-postgresql
|
||||
become: true
|
||||
- php
|
||||
- user_config
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
- hosts: debian
|
||||
|
||||
roles:
|
||||
- syncthing
|
||||
- msmtp
|
||||
@ -1,11 +0,0 @@
|
||||
---
|
||||
- hosts: dhcp
|
||||
vars:
|
||||
|
||||
roles:
|
||||
- user_config
|
||||
- cronie
|
||||
- role: ansible-dhcpd
|
||||
become: true
|
||||
- role: docker
|
||||
become: true
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: all
|
||||
roles:
|
||||
- system
|
||||
- autofs
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: music-player
|
||||
roles:
|
||||
- user_config
|
||||
- cronie
|
||||
- hass-client-control
|
||||
- mpd
|
||||
@ -1,13 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
vars:
|
||||
# certbot_force: true
|
||||
roles:
|
||||
- role: ansible-role-chisel
|
||||
become: true
|
||||
- msmtp
|
||||
- cronie
|
||||
- rsyncd
|
||||
- role: ansible-role-postgresql
|
||||
become: true
|
||||
- user_config
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: wireguard
|
||||
roles:
|
||||
- role: ansible-role-wireguard
|
||||
become: True
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
- hosts: workstation
|
||||
roles:
|
||||
- role: ansible-role-chisel
|
||||
become: true
|
||||
- system
|
||||
- autofs
|
||||
- syncthing
|
||||
- user_config
|
||||
- ansible-manager
|
||||
|
||||
18
production
18
production
@ -1,6 +1,3 @@
|
||||
[server]
|
||||
oscar
|
||||
|
||||
[workstation]
|
||||
fixe-pc
|
||||
|
||||
@ -10,18 +7,3 @@ laptop
|
||||
[laptop]
|
||||
zen-pc
|
||||
tablette
|
||||
|
||||
[dhcp]
|
||||
gerard
|
||||
|
||||
[VPS]
|
||||
corwin
|
||||
|
||||
[wireguard]
|
||||
corwin
|
||||
oscar
|
||||
|
||||
[HashicorpStack:children]
|
||||
server
|
||||
VPS
|
||||
dhcp
|
||||
|
||||
@ -1,55 +1,39 @@
|
||||
---
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-arch-provissionning.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-manager.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-manager.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-chisel.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-postgresql.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-role-sssd
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/autofs.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible_bootstrap.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/bluetooth.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/autofs.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/cronie.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/bluetooth.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/cups.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/cronie.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/docker.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/cups.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/grub_themes.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/dns.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/hass-client-control.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/docker.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/laptop.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/grub_themes.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/mpd.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/hass-client-control.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/nvidia.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/laptop.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/system.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/mpd.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/user_config.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/msmtp.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/virt.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/nvidia.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/workstation.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/rsyncd.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/system.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/user_config.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/virt.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/workstation.git
|
||||
scm: git
|
||||
- src: https://github.com/githubixx/ansible-role-wireguard.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-consul.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-hashicorp-vault.git
|
||||
scm: git
|
||||
- src: git@git.ducamps.win:2222/ansible-roles/ansible-nomad.git
|
||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git
|
||||
scm: git
|
||||
|
||||
8
site.yml
8
site.yml
@ -1,10 +1,2 @@
|
||||
---
|
||||
- import_playbook: playbooks/global.yml
|
||||
- import_playbook: playbooks/wireguard.yml
|
||||
- import_playbook: playbooks/HashicorpStack.yml
|
||||
- import_playbook: playbooks/music-player.yml
|
||||
- import_playbook: playbooks/server.yml
|
||||
- import_playbook: playbooks/build.yml
|
||||
- import_playbook: playbooks/workstation.yml
|
||||
- import_playbook: playbooks/debian.yml
|
||||
- import_playbook: playbooks/dhcpd.yml
|
||||
|
||||
21
staging
21
staging
@ -5,24 +5,3 @@ laptop
|
||||
|
||||
[laptop]
|
||||
VMAW
|
||||
|
||||
[VPS]
|
||||
VMDR
|
||||
|
||||
[dhcp]
|
||||
VMAS-BUILD
|
||||
|
||||
[VMServer]
|
||||
VMAS-HML
|
||||
|
||||
[server:children]
|
||||
VMServer
|
||||
|
||||
[HashicorpStack:children]
|
||||
VMServer
|
||||
|
||||
[wireguard]
|
||||
VMDR
|
||||
|
||||
[HashicorpStack]
|
||||
VMDR
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
vars:
|
||||
force_site_update: true
|
||||
|
||||
roles:
|
||||
- ../roles/chainetv
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
become: true
|
||||
roles:
|
||||
- ../roles/ansible-role-chisel
|
||||
@ -1,4 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
roles:
|
||||
- ../roles/gitea
|
||||
@ -1,4 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
roles:
|
||||
- ../roles/hass
|
||||
@ -1,4 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
roles:
|
||||
- ../roles/msmtp
|
||||
@ -1,12 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
pre_tasks:
|
||||
- name: install terminfo
|
||||
pacman:
|
||||
state: present
|
||||
name:
|
||||
- termite-terminfo
|
||||
become: true
|
||||
|
||||
roles:
|
||||
- ../roles/nextcloud
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
become: true
|
||||
roles:
|
||||
- ../roles/nginx
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
vars:
|
||||
force_site_update: true
|
||||
|
||||
roles:
|
||||
- ../roles/php
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
become: true
|
||||
roles:
|
||||
- ../roles/ansible-role-postgresql
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
become: true
|
||||
roles:
|
||||
- ../roles/ansible-role-samba
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
vars:
|
||||
supysonic_force_site_update: true
|
||||
|
||||
roles:
|
||||
- ../roles/supysonic
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
- hosts: all
|
||||
roles:
|
||||
- ../roles/system
|
||||
- ../roles/autofs
|
||||
- ../roles/user_config
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
vars:
|
||||
force_site_update: true
|
||||
|
||||
roles:
|
||||
- ../roles/tt-rss
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: server
|
||||
become: true
|
||||
roles:
|
||||
- ../roles/ansible-vaultwarden
|
||||
Loading…
Reference in New Issue
Block a user