extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2024-11-25 01:34:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

ansiblesemaphore-udpate

Browse Source
This commit is contained in:
Christian Lempa 2023-05-25 13:48:38 +02:00
parent 907b39f549
commit c25d9a2fcd
21 changed files with 191 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/configuration/fail2ban/protect-sshd.yaml → ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml
View File

@ -1,5 +1,6 @@
--- ---
- hosts: all - name: install fail2ban and configure sshd
hosts: "{{ hosts }}"
become: yes become: yes
tasks: tasks:
- name: install fail2ban - name: install fail2ban

14
ansible/provisoning/add_public_keys.yaml → ansible/configuration/ssh/config-add-sshkey.yaml
View File

@ -1,25 +1,17 @@
--- ---
- hosts: all - name: add ssh key
hosts: "{{ hosts }}"
become: yes become: yes
tasks: tasks:
# Installs public key
# --
#
- name: install public keys - name: install public keys
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ lookup('env','USER') }}" user: "{{ lookup('env','USER') }}"
state: present state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
# (Optional)
# Set all sudoers to no password
# --
- name: change sudoers file - name: change sudoers file
lineinfile: lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: present state: present
regexp: '^%sudo' regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL' line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s validate: /usr/sbin/visudo -cf %s

18
ansible/provisoning/ubuntu/deploy-portainer.yaml → ansible/deployment/portainer/deploy-portainer.yaml
View File

@ -1,21 +1,13 @@
--- ---
- hosts: all - name: deploy portainer-ce latest
hosts: "{{ hosts }}"
become: yes become: yes
become_user: "{{ lookup('env','USER') }}" become_user: "{{ lookup('env','USER') }}"
tasks: tasks:
- name: create new volume
# Create Portainer Volume
# --
#
- name: Create new Volume
community.docker.docker_volume: community.docker.docker_volume:
name: portainer-data name: portainer-data
- name: deploy portainer
# Deploy Portainer
# --
#
- name: Deploy Portainer
community.docker.docker_container: community.docker.docker_container:
name: portainer name: portainer
image: "docker.io/portainer/portainer-ce" image: "docker.io/portainer/portainer-ce"
@ -24,4 +16,4 @@
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data - portainer-data:/data
restart_policy: always restart_policy: unless-stopped

17
ansible/deployment/traefik/deploy-traefik.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: deploy traefik v2.5
hosts: "{{ hosts }}"
become: yes
tasks:
- name: deploy traefik
become_user: "{{ lookup('env','USER') }}"
community.docker.docker_container:
name: traefik
image: "traefik:v2.5"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/traefik:/etc/traefik
restart_policy: unless-stopped

10
ansible/installation/inst-core.yaml Normal file
View File

@ -0,0 +1,10 @@
- name: install core packages
hosts: "{{ hosts }}"
become: yes
tasks:
- name: install core packages
apt:
name:
- prometheus-node-exporter
- nfs-common
update_cache: yes

17
ansible/provisoning/ubuntu/install-docker.yaml → ansible/installation/inst-docker.yaml
View File

@ -1,34 +1,23 @@
--- ---
- hosts: all - name: install docker
hosts: "{{ hosts }}"
become: yes become: yes
tasks: tasks:
# Install Docker
# --
#
- name: install prerequisites - name: install prerequisites
apt: apt:
name: name:
- docker.io - docker.io
update_cache: yes update_cache: yes
- name: add user permissions - name: add user permissions
shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}" shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
- name: Reset ssh connection for changes to take effect - name: Reset ssh connection for changes to take effect
meta: "reset_connection" meta: "reset_connection"
# Installs Docker SDK
# --
#
- name: install python package manager - name: install python package manager
apt: apt:
name: python3-pip name: python3-pip
- name: install python sdk - name: install python sdk
become_user: "{{ ansible_env.SUDO_USER }}" become_user: "{{ ansible_env.SUDO_USER }}"
pip: pip:
name: name:
- docker - docker
- docker-compose - docker-compose

11
ansible/installation/inst-microk8s.yaml Normal file
View File

@ -0,0 +1,11 @@
---
- name: install microk8s
hosts: "{{ hosts }}"
become: yes
tasks:
- name: install microk8s
snap:
classic: yes
name: microk8s
- name: add userpermissions
shell: "usermod -aG microk8s {{ lookup('env','USER') }}"

17
ansible/installation/inst-vm-core.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: install core packages for virtual machines
hosts: "{{ hosts }}"
become: yes
tasks:
- name: install packages
apt:
name:
- prometheus-node-exporter
- nfs-common
- qemu-guest-agent
update_cache: yes
- name: start guest qemu-guest-agent
service:
name: qemu-guest-agent
state: started
enabled: yes

11
ansible/provisoning/ubuntu/install-wireguard.yaml → ansible/installation/inst-wireguard.yaml
View File

@ -1,17 +1,14 @@
--- ---
- hosts: all - name: install wireguard
hosts: "{{ hosts }}"
become: yes become: yes
tasks: tasks:
- name: Install WireGuard - name: install wireguard
apt: apt:
name: wireguard name: wireguard
update_cache: yes update_cache: yes
- name: generate private and public keypair
- name: Generate Private and Public Key Pair
shell: | shell: |
wg genkey | tee privatekey | wg pubkey > publickey wg genkey | tee privatekey | wg pubkey > publickey
chmod 0400 privatekey chmod 0400 privatekey
chmod 0400 publickey chmod 0400 publickey

11
ansible/installation/inst-zsh.yaml Normal file
View File

@ -0,0 +1,11 @@
---
- name: install zsh
hosts: "{{ hosts }}"
become: yes
tasks:
- name: install zsh
apt:
name: zsh
state: present
update_cache: true
become: true

20
ansible/maintenance/maint-diskspace Normal file
View File

@ -0,0 +1,20 @@
---
- name: check disk space
hosts: "{{ hosts }}"
tasks:
- name: get disk usage
command: df -h
register: disk_usage
- name: check disk space available
shell: df -h / | awk 'NR==2 {print $5}'
register: disk_usage
# - name: send discord message when disk space is over 80%
# uri:
# url: "your-webhook"
# method: POST
# body_format: json
# body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
# headers:
# Content-Type: application/json
# status_code: 204
# when: disk_usage.stdout[:-1]|int > 80

13
ansible/maintenance/maint-docker-clean.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- name: clean docker
hosts: "{{ hosts }}"
tasks:
- name: prune non-dangling images
community.docker.docker_prune:
containers: false
images: true
images_filters:
dangling: false
networks: false
volumes: false
builder_cache: false

13
ansible/maintenance/maint-reboot-required.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- name: check if system reboot is required
hosts: "{{ hosts }}"
become: yes
tasks:
- name: check if system reboot is required
become: true
stat:
path: /var/run/reboot-required
register: reboot_required
- debug:
msg: "Reboot is required"
when: reboot_required.stat.exists

8
ansible/maintenance/maint-reboot.yaml Normal file
View File

@ -0,0 +1,8 @@
---
- name: reboot machine
hosts: "{{ hosts }}"
become: yes
tasks:
- name: reboot machine
reboot:
reboot_timeout: 3600

14
ansible/notification/notify-discord.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- name: notify discord
hosts: "{{ hosts }}"
tasks:
- name: send discord message
uri:
url: "your-webhook"
method: POST
body_format: json
body: '{"content": "your-message"}'
headers:
Content-Type: application/json
status_code: 204
# when: your-condition

26
ansible/provisoning/deploy-portainer.yaml
View File

@ -1,26 +0,0 @@
---
- hosts: all
tasks:
# Create Portainer Volume
# --
#
- name: Create new Volume
community.docker.docker_volume:
name: portainer_data
# Deploy Portainer
# --
#
- name: Deploy Portainer
community.docker.docker_container:
name: portainer
image: "docker.io/portainer/portainer-ce"
ports:
- "8000:8000"
- "9000:9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
restart_policy: always

46
ansible/provisoning/ubuntu/deploy-traefik.yaml
View File

@ -1,46 +0,0 @@
---
- hosts: all
become: yes
tasks:
# Create Directory
# ---
#
# - name: Create directory
# file:
# path: /etc/traefik
# state: directory
# Create Directory
# ---
#
# - name: Create directory2
# file:
# path: /etc/traefik/certs
# state: directory
# Copy File
# ---
#
# - name: Copy config file
# ansible.builtin.copy:
# src: config/traefik.yaml
# dest: /etc/traefik/traefik.yaml
# Deploy Traefik
# --
#
- name: Deploy Traefik
become_user: "{{ lookup('env','USER') }}"
community.docker.docker_container:
name: traefik
image: "traefik:v2.5"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/traefik:/etc/traefik
restart_policy: always

19
ansible/provisoning/ubuntu/install-microk8s.yaml
View File

@ -1,19 +0,0 @@
---
- hosts: all
become: yes
tasks:
# Installs Microk8s
# --
#
- name: install microk8s
snap:
classic: yes
name: microk8s
# Sets User Permissions
# --
#
- name: add userpermissions
shell: "usermod -aG microk8s {{ lookup('env','USER') }}"

0
ansible/provisoning/centos/install-podman.yaml → ansible/update/upd-apt-dist.yaml
View File

0
ansible/update/upd-apt.yaml Normal file
View File

40
docker-compose/ansiblesemaphore/docker-compose.yml Normal file
View File

@ -0,0 +1,40 @@
---
version: '3.9'
services:
mysql:
restart: unless-stopped
image: mysql:8.0
hostname: mysql
volumes:
- semaphore-mysql:/var/lib/mysql
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_DATABASE=semaphore
- MYSQL_USER=semaphore
- MYSQL_PASSWORD=your-db-password # change to your db password
semaphore:
container_name: ansiblesemaphore
image: semaphoreui/semaphore:v2.8.90
restart: unless-stopped
ports:
- 3000:3000
environment:
- SEMAPHORE_DB_USER=semaphore
- SEMAPHORE_DB_PASS=your-db-password # change to your db password
- SEMAPHORE_DB_HOST=mysql
- SEMAPHORE_DB_PORT=3306
- SEMAPHORE_DB_DIALECT=mysql
- SEMAPHORE_DB=semaphore
- SEMAPHORE_PLAYBOOK_PATH=/tmp/semaphore/
- SEMAPHORE_ADMIN_PASSWORD=your-admin-password # change to your admin password
- SEMAPHORE_ADMIN_NAME=admin
- SEMAPHORE_ADMIN_EMAIL=admin@localhost
- SEMAPHORE_ADMIN=admin
- SEMAPHORE_ACCESS_KEY_ENCRYPTION=gs72mPntFATGJs9qK0pQ0rKtfidlexiMjYCH9gWKhTU= # change to your access key encryption
- ANSIBLE_HOST_KEY_CHECKING=false # (optional) change to true if you want to enable host key checking
volumes:
- ./inventory/:/inventory:ro
- ./authorized-keys/:/authorized-keys:ro
- ./config/:/etc/semaphore:rw
depends_on:
- mysql