From c25d9a2fcdb51deaecf5908a931a8007d9a6a470 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Thu, 25 May 2023 13:48:38 +0200 Subject: [PATCH] ansiblesemaphore-udpate --- ...sshd.yaml => config-f2b-protect-sshd.yaml} | 3 +- .../ssh/config-add-sshkey.yaml} | 14 ++---- .../portainer}/deploy-portainer.yaml | 18 ++------ .../deployment/traefik/deploy-traefik.yaml | 17 +++++++ ansible/installation/inst-core.yaml | 10 ++++ .../inst-docker.yaml} | 17 ++----- ansible/installation/inst-microk8s.yaml | 11 +++++ ansible/installation/inst-vm-core.yaml | 17 +++++++ .../inst-wireguard.yaml} | 11 ++--- ansible/installation/inst-zsh.yaml | 11 +++++ ansible/maintenance/maint-diskspace | 20 ++++++++ ansible/maintenance/maint-docker-clean.yaml | 13 ++++++ .../maintenance/maint-reboot-required.yaml | 13 ++++++ ansible/maintenance/maint-reboot.yaml | 8 ++++ ansible/notification/notify-discord.yaml | 14 ++++++ ansible/provisoning/deploy-portainer.yaml | 26 ----------- .../provisoning/ubuntu/deploy-traefik.yaml | 46 ------------------- .../provisoning/ubuntu/install-microk8s.yaml | 19 -------- .../upd-apt-dist.yaml} | 0 ansible/update/upd-apt.yaml | 0 .../ansiblesemaphore/docker-compose.yml | 40 ++++++++++++++++ 21 files changed, 191 insertions(+), 137 deletions(-) rename ansible/configuration/fail2ban/{protect-sshd.yaml => config-f2b-protect-sshd.yaml} (84%) rename ansible/{provisoning/add_public_keys.yaml => configuration/ssh/config-add-sshkey.yaml} (71%) rename ansible/{provisoning/ubuntu => deployment/portainer}/deploy-portainer.yaml (67%) create mode 100644 ansible/deployment/traefik/deploy-traefik.yaml create mode 100644 ansible/installation/inst-core.yaml rename ansible/{provisoning/ubuntu/install-docker.yaml => installation/inst-docker.yaml} (80%) create mode 100644 ansible/installation/inst-microk8s.yaml create mode 100644 ansible/installation/inst-vm-core.yaml rename ansible/{provisoning/ubuntu/install-wireguard.yaml => installation/inst-wireguard.yaml} (63%) create mode 100644 ansible/installation/inst-zsh.yaml create mode 100644 ansible/maintenance/maint-diskspace create mode 100644 ansible/maintenance/maint-docker-clean.yaml create mode 100644 ansible/maintenance/maint-reboot-required.yaml create mode 100644 ansible/maintenance/maint-reboot.yaml create mode 100644 ansible/notification/notify-discord.yaml delete mode 100644 ansible/provisoning/deploy-portainer.yaml delete mode 100644 ansible/provisoning/ubuntu/deploy-traefik.yaml delete mode 100644 ansible/provisoning/ubuntu/install-microk8s.yaml rename ansible/{provisoning/centos/install-podman.yaml => update/upd-apt-dist.yaml} (100%) create mode 100644 ansible/update/upd-apt.yaml create mode 100644 docker-compose/ansiblesemaphore/docker-compose.yml diff --git a/ansible/configuration/fail2ban/protect-sshd.yaml b/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml similarity index 84% rename from ansible/configuration/fail2ban/protect-sshd.yaml rename to ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml index 2ef2f48..7f29bca 100644 --- a/ansible/configuration/fail2ban/protect-sshd.yaml +++ b/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: install fail2ban and configure sshd + hosts: "{{ hosts }}" become: yes tasks: - name: install fail2ban diff --git a/ansible/provisoning/add_public_keys.yaml b/ansible/configuration/ssh/config-add-sshkey.yaml similarity index 71% rename from ansible/provisoning/add_public_keys.yaml rename to ansible/configuration/ssh/config-add-sshkey.yaml index 8ae33ea..99e694d 100644 --- a/ansible/provisoning/add_public_keys.yaml +++ b/ansible/configuration/ssh/config-add-sshkey.yaml @@ -1,25 +1,17 @@ --- -- hosts: all - +- name: add ssh key + hosts: "{{ hosts }}" become: yes tasks: - - # Installs public key - # -- - # - name: install public keys ansible.posix.authorized_key: user: "{{ lookup('env','USER') }}" state: present key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - - # (Optional) - # Set all sudoers to no password - # -- - name: change sudoers file lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: /usr/sbin/visudo -cf %s + validate: /usr/sbin/visudo -cf %s \ No newline at end of file diff --git a/ansible/provisoning/ubuntu/deploy-portainer.yaml b/ansible/deployment/portainer/deploy-portainer.yaml similarity index 67% rename from ansible/provisoning/ubuntu/deploy-portainer.yaml rename to ansible/deployment/portainer/deploy-portainer.yaml index 57390b3..c5aef61 100644 --- a/ansible/provisoning/ubuntu/deploy-portainer.yaml +++ b/ansible/deployment/portainer/deploy-portainer.yaml @@ -1,21 +1,13 @@ --- -- hosts: all - +- name: deploy portainer-ce latest + hosts: "{{ hosts }}" become: yes become_user: "{{ lookup('env','USER') }}" tasks: - - # Create Portainer Volume - # -- - # - - name: Create new Volume + - name: create new volume community.docker.docker_volume: name: portainer-data - - # Deploy Portainer - # -- - # - - name: Deploy Portainer + - name: deploy portainer community.docker.docker_container: name: portainer image: "docker.io/portainer/portainer-ce" @@ -24,4 +16,4 @@ volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer-data:/data - restart_policy: always + restart_policy: unless-stopped \ No newline at end of file diff --git a/ansible/deployment/traefik/deploy-traefik.yaml b/ansible/deployment/traefik/deploy-traefik.yaml new file mode 100644 index 0000000..eb4d8c2 --- /dev/null +++ b/ansible/deployment/traefik/deploy-traefik.yaml @@ -0,0 +1,17 @@ +--- +- name: deploy traefik v2.5 + hosts: "{{ hosts }}" + become: yes + tasks: + - name: deploy traefik + become_user: "{{ lookup('env','USER') }}" + community.docker.docker_container: + name: traefik + image: "traefik:v2.5" + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /etc/traefik:/etc/traefik + restart_policy: unless-stopped \ No newline at end of file diff --git a/ansible/installation/inst-core.yaml b/ansible/installation/inst-core.yaml new file mode 100644 index 0000000..c08a782 --- /dev/null +++ b/ansible/installation/inst-core.yaml @@ -0,0 +1,10 @@ +- name: install core packages + hosts: "{{ hosts }}" + become: yes + tasks: + - name: install core packages + apt: + name: + - prometheus-node-exporter + - nfs-common + update_cache: yes diff --git a/ansible/provisoning/ubuntu/install-docker.yaml b/ansible/installation/inst-docker.yaml similarity index 80% rename from ansible/provisoning/ubuntu/install-docker.yaml rename to ansible/installation/inst-docker.yaml index 8f0cd66..5d6fa88 100644 --- a/ansible/provisoning/ubuntu/install-docker.yaml +++ b/ansible/installation/inst-docker.yaml @@ -1,34 +1,23 @@ --- -- hosts: all - +- name: install docker + hosts: "{{ hosts }}" become: yes tasks: - - # Install Docker - # -- - # - name: install prerequisites apt: name: - docker.io update_cache: yes - - name: add user permissions shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}" - - name: Reset ssh connection for changes to take effect meta: "reset_connection" - - # Installs Docker SDK - # -- - # - name: install python package manager apt: name: python3-pip - - name: install python sdk become_user: "{{ ansible_env.SUDO_USER }}" pip: name: - docker - - docker-compose + - docker-compose \ No newline at end of file diff --git a/ansible/installation/inst-microk8s.yaml b/ansible/installation/inst-microk8s.yaml new file mode 100644 index 0000000..7db7ec8 --- /dev/null +++ b/ansible/installation/inst-microk8s.yaml @@ -0,0 +1,11 @@ +--- +- name: install microk8s + hosts: "{{ hosts }}" + become: yes + tasks: + - name: install microk8s + snap: + classic: yes + name: microk8s + - name: add userpermissions + shell: "usermod -aG microk8s {{ lookup('env','USER') }}" diff --git a/ansible/installation/inst-vm-core.yaml b/ansible/installation/inst-vm-core.yaml new file mode 100644 index 0000000..52b2767 --- /dev/null +++ b/ansible/installation/inst-vm-core.yaml @@ -0,0 +1,17 @@ +--- +- name: install core packages for virtual machines + hosts: "{{ hosts }}" + become: yes + tasks: + - name: install packages + apt: + name: + - prometheus-node-exporter + - nfs-common + - qemu-guest-agent + update_cache: yes + - name: start guest qemu-guest-agent + service: + name: qemu-guest-agent + state: started + enabled: yes diff --git a/ansible/provisoning/ubuntu/install-wireguard.yaml b/ansible/installation/inst-wireguard.yaml similarity index 63% rename from ansible/provisoning/ubuntu/install-wireguard.yaml rename to ansible/installation/inst-wireguard.yaml index 4884a7c..ce2067c 100644 --- a/ansible/provisoning/ubuntu/install-wireguard.yaml +++ b/ansible/installation/inst-wireguard.yaml @@ -1,17 +1,14 @@ --- -- hosts: all - +- name: install wireguard + hosts: "{{ hosts }}" become: yes - tasks: - - name: Install WireGuard + - name: install wireguard apt: name: wireguard update_cache: yes - - - name: Generate Private and Public Key Pair + - name: generate private and public keypair shell: | wg genkey | tee privatekey | wg pubkey > publickey - chmod 0400 privatekey chmod 0400 publickey diff --git a/ansible/installation/inst-zsh.yaml b/ansible/installation/inst-zsh.yaml new file mode 100644 index 0000000..a54b727 --- /dev/null +++ b/ansible/installation/inst-zsh.yaml @@ -0,0 +1,11 @@ +--- +- name: install zsh + hosts: "{{ hosts }}" + become: yes + tasks: + - name: install zsh + apt: + name: zsh + state: present + update_cache: true + become: true \ No newline at end of file diff --git a/ansible/maintenance/maint-diskspace b/ansible/maintenance/maint-diskspace new file mode 100644 index 0000000..7737528 --- /dev/null +++ b/ansible/maintenance/maint-diskspace @@ -0,0 +1,20 @@ +--- +- name: check disk space + hosts: "{{ hosts }}" + tasks: + - name: get disk usage + command: df -h + register: disk_usage + - name: check disk space available + shell: df -h / | awk 'NR==2 {print $5}' + register: disk_usage + # - name: send discord message when disk space is over 80% + # uri: + # url: "your-webhook" + # method: POST + # body_format: json + # body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}' + # headers: + # Content-Type: application/json + # status_code: 204 + # when: disk_usage.stdout[:-1]|int > 80 diff --git a/ansible/maintenance/maint-docker-clean.yaml b/ansible/maintenance/maint-docker-clean.yaml new file mode 100644 index 0000000..9f4b15b --- /dev/null +++ b/ansible/maintenance/maint-docker-clean.yaml @@ -0,0 +1,13 @@ +--- +- name: clean docker + hosts: "{{ hosts }}" + tasks: + - name: prune non-dangling images + community.docker.docker_prune: + containers: false + images: true + images_filters: + dangling: false + networks: false + volumes: false + builder_cache: false \ No newline at end of file diff --git a/ansible/maintenance/maint-reboot-required.yaml b/ansible/maintenance/maint-reboot-required.yaml new file mode 100644 index 0000000..718e975 --- /dev/null +++ b/ansible/maintenance/maint-reboot-required.yaml @@ -0,0 +1,13 @@ +--- +- name: check if system reboot is required + hosts: "{{ hosts }}" + become: yes + tasks: + - name: check if system reboot is required + become: true + stat: + path: /var/run/reboot-required + register: reboot_required + - debug: + msg: "Reboot is required" + when: reboot_required.stat.exists \ No newline at end of file diff --git a/ansible/maintenance/maint-reboot.yaml b/ansible/maintenance/maint-reboot.yaml new file mode 100644 index 0000000..8ba5020 --- /dev/null +++ b/ansible/maintenance/maint-reboot.yaml @@ -0,0 +1,8 @@ +--- +- name: reboot machine + hosts: "{{ hosts }}" + become: yes + tasks: + - name: reboot machine + reboot: + reboot_timeout: 3600 \ No newline at end of file diff --git a/ansible/notification/notify-discord.yaml b/ansible/notification/notify-discord.yaml new file mode 100644 index 0000000..aec5677 --- /dev/null +++ b/ansible/notification/notify-discord.yaml @@ -0,0 +1,14 @@ +--- +- name: notify discord + hosts: "{{ hosts }}" + tasks: + - name: send discord message + uri: + url: "your-webhook" + method: POST + body_format: json + body: '{"content": "your-message"}' + headers: + Content-Type: application/json + status_code: 204 + # when: your-condition \ No newline at end of file diff --git a/ansible/provisoning/deploy-portainer.yaml b/ansible/provisoning/deploy-portainer.yaml deleted file mode 100644 index 589e269..0000000 --- a/ansible/provisoning/deploy-portainer.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- hosts: all - - tasks: - - # Create Portainer Volume - # -- - # - - name: Create new Volume - community.docker.docker_volume: - name: portainer_data - - # Deploy Portainer - # -- - # - - name: Deploy Portainer - community.docker.docker_container: - name: portainer - image: "docker.io/portainer/portainer-ce" - ports: - - "8000:8000" - - "9000:9000" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - portainer_data:/data - restart_policy: always diff --git a/ansible/provisoning/ubuntu/deploy-traefik.yaml b/ansible/provisoning/ubuntu/deploy-traefik.yaml deleted file mode 100644 index 7681219..0000000 --- a/ansible/provisoning/ubuntu/deploy-traefik.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- hosts: all - - become: yes - - tasks: - - # Create Directory - # --- - # - # - name: Create directory - # file: - # path: /etc/traefik - # state: directory - - # Create Directory - # --- - # - # - name: Create directory2 - # file: - # path: /etc/traefik/certs - # state: directory - - # Copy File - # --- - # - # - name: Copy config file - # ansible.builtin.copy: - # src: config/traefik.yaml - # dest: /etc/traefik/traefik.yaml - - # Deploy Traefik - # -- - # - - name: Deploy Traefik - become_user: "{{ lookup('env','USER') }}" - community.docker.docker_container: - name: traefik - image: "traefik:v2.5" - ports: - - "80:80" - - "443:443" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /etc/traefik:/etc/traefik - restart_policy: always diff --git a/ansible/provisoning/ubuntu/install-microk8s.yaml b/ansible/provisoning/ubuntu/install-microk8s.yaml deleted file mode 100644 index 2fe9527..0000000 --- a/ansible/provisoning/ubuntu/install-microk8s.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- hosts: all - - become: yes - tasks: - - # Installs Microk8s - # -- - # - - name: install microk8s - snap: - classic: yes - name: microk8s - - # Sets User Permissions - # -- - # - - name: add userpermissions - shell: "usermod -aG microk8s {{ lookup('env','USER') }}" diff --git a/ansible/provisoning/centos/install-podman.yaml b/ansible/update/upd-apt-dist.yaml similarity index 100% rename from ansible/provisoning/centos/install-podman.yaml rename to ansible/update/upd-apt-dist.yaml diff --git a/ansible/update/upd-apt.yaml b/ansible/update/upd-apt.yaml new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose/ansiblesemaphore/docker-compose.yml b/docker-compose/ansiblesemaphore/docker-compose.yml new file mode 100644 index 0000000..9eb2a35 --- /dev/null +++ b/docker-compose/ansiblesemaphore/docker-compose.yml @@ -0,0 +1,40 @@ +--- +version: '3.9' +services: + mysql: + restart: unless-stopped + image: mysql:8.0 + hostname: mysql + volumes: + - semaphore-mysql:/var/lib/mysql + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + - MYSQL_DATABASE=semaphore + - MYSQL_USER=semaphore + - MYSQL_PASSWORD=your-db-password # change to your db password + semaphore: + container_name: ansiblesemaphore + image: semaphoreui/semaphore:v2.8.90 + restart: unless-stopped + ports: + - 3000:3000 + environment: + - SEMAPHORE_DB_USER=semaphore + - SEMAPHORE_DB_PASS=your-db-password # change to your db password + - SEMAPHORE_DB_HOST=mysql + - SEMAPHORE_DB_PORT=3306 + - SEMAPHORE_DB_DIALECT=mysql + - SEMAPHORE_DB=semaphore + - SEMAPHORE_PLAYBOOK_PATH=/tmp/semaphore/ + - SEMAPHORE_ADMIN_PASSWORD=your-admin-password # change to your admin password + - SEMAPHORE_ADMIN_NAME=admin + - SEMAPHORE_ADMIN_EMAIL=admin@localhost + - SEMAPHORE_ADMIN=admin + - SEMAPHORE_ACCESS_KEY_ENCRYPTION=gs72mPntFATGJs9qK0pQ0rKtfidlexiMjYCH9gWKhTU= # change to your access key encryption + - ANSIBLE_HOST_KEY_CHECKING=false # (optional) change to true if you want to enable host key checking + volumes: + - ./inventory/:/inventory:ro + - ./authorized-keys/:/authorized-keys:ro + - ./config/:/etc/semaphore:rw + depends_on: + - mysql \ No newline at end of file