mirror of
https://github.com/ChristianLempa/boilerplates.git
synced 2024-11-25 01:34:36 +01:00
ansiblesemaphore-udpate
This commit is contained in:
parent
907b39f549
commit
c25d9a2fcd
@ -1,5 +1,6 @@
|
||||
---
|
||||
- hosts: all
|
||||
- name: install fail2ban and configure sshd
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install fail2ban
|
@ -1,21 +1,13 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
- name: add ssh key
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# Installs public key
|
||||
# --
|
||||
#
|
||||
- name: install public keys
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ lookup('env','USER') }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||
|
||||
# (Optional)
|
||||
# Set all sudoers to no password
|
||||
# --
|
||||
- name: change sudoers file
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
@ -1,21 +1,13 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
- name: deploy portainer-ce latest
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
become_user: "{{ lookup('env','USER') }}"
|
||||
tasks:
|
||||
|
||||
# Create Portainer Volume
|
||||
# --
|
||||
#
|
||||
- name: Create new Volume
|
||||
- name: create new volume
|
||||
community.docker.docker_volume:
|
||||
name: portainer-data
|
||||
|
||||
# Deploy Portainer
|
||||
# --
|
||||
#
|
||||
- name: Deploy Portainer
|
||||
- name: deploy portainer
|
||||
community.docker.docker_container:
|
||||
name: portainer
|
||||
image: "docker.io/portainer/portainer-ce"
|
||||
@ -24,4 +16,4 @@
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- portainer-data:/data
|
||||
restart_policy: always
|
||||
restart_policy: unless-stopped
|
17
ansible/deployment/traefik/deploy-traefik.yaml
Normal file
17
ansible/deployment/traefik/deploy-traefik.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: deploy traefik v2.5
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: deploy traefik
|
||||
become_user: "{{ lookup('env','USER') }}"
|
||||
community.docker.docker_container:
|
||||
name: traefik
|
||||
image: "traefik:v2.5"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/traefik:/etc/traefik
|
||||
restart_policy: unless-stopped
|
10
ansible/installation/inst-core.yaml
Normal file
10
ansible/installation/inst-core.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
- name: install core packages
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install core packages
|
||||
apt:
|
||||
name:
|
||||
- prometheus-node-exporter
|
||||
- nfs-common
|
||||
update_cache: yes
|
@ -1,31 +1,20 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
- name: install docker
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# Install Docker
|
||||
# --
|
||||
#
|
||||
- name: install prerequisites
|
||||
apt:
|
||||
name:
|
||||
- docker.io
|
||||
update_cache: yes
|
||||
|
||||
- name: add user permissions
|
||||
shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
|
||||
|
||||
- name: Reset ssh connection for changes to take effect
|
||||
meta: "reset_connection"
|
||||
|
||||
# Installs Docker SDK
|
||||
# --
|
||||
#
|
||||
- name: install python package manager
|
||||
apt:
|
||||
name: python3-pip
|
||||
|
||||
- name: install python sdk
|
||||
become_user: "{{ ansible_env.SUDO_USER }}"
|
||||
pip:
|
11
ansible/installation/inst-microk8s.yaml
Normal file
11
ansible/installation/inst-microk8s.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: install microk8s
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install microk8s
|
||||
snap:
|
||||
classic: yes
|
||||
name: microk8s
|
||||
- name: add userpermissions
|
||||
shell: "usermod -aG microk8s {{ lookup('env','USER') }}"
|
17
ansible/installation/inst-vm-core.yaml
Normal file
17
ansible/installation/inst-vm-core.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: install core packages for virtual machines
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install packages
|
||||
apt:
|
||||
name:
|
||||
- prometheus-node-exporter
|
||||
- nfs-common
|
||||
- qemu-guest-agent
|
||||
update_cache: yes
|
||||
- name: start guest qemu-guest-agent
|
||||
service:
|
||||
name: qemu-guest-agent
|
||||
state: started
|
||||
enabled: yes
|
@ -1,17 +1,14 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
- name: install wireguard
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
|
||||
tasks:
|
||||
- name: Install WireGuard
|
||||
- name: install wireguard
|
||||
apt:
|
||||
name: wireguard
|
||||
update_cache: yes
|
||||
|
||||
- name: Generate Private and Public Key Pair
|
||||
- name: generate private and public keypair
|
||||
shell: |
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
|
||||
chmod 0400 privatekey
|
||||
chmod 0400 publickey
|
11
ansible/installation/inst-zsh.yaml
Normal file
11
ansible/installation/inst-zsh.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: install zsh
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install zsh
|
||||
apt:
|
||||
name: zsh
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
20
ansible/maintenance/maint-diskspace
Normal file
20
ansible/maintenance/maint-diskspace
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: check disk space
|
||||
hosts: "{{ hosts }}"
|
||||
tasks:
|
||||
- name: get disk usage
|
||||
command: df -h
|
||||
register: disk_usage
|
||||
- name: check disk space available
|
||||
shell: df -h / | awk 'NR==2 {print $5}'
|
||||
register: disk_usage
|
||||
# - name: send discord message when disk space is over 80%
|
||||
# uri:
|
||||
# url: "your-webhook"
|
||||
# method: POST
|
||||
# body_format: json
|
||||
# body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
|
||||
# headers:
|
||||
# Content-Type: application/json
|
||||
# status_code: 204
|
||||
# when: disk_usage.stdout[:-1]|int > 80
|
13
ansible/maintenance/maint-docker-clean.yaml
Normal file
13
ansible/maintenance/maint-docker-clean.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: clean docker
|
||||
hosts: "{{ hosts }}"
|
||||
tasks:
|
||||
- name: prune non-dangling images
|
||||
community.docker.docker_prune:
|
||||
containers: false
|
||||
images: true
|
||||
images_filters:
|
||||
dangling: false
|
||||
networks: false
|
||||
volumes: false
|
||||
builder_cache: false
|
13
ansible/maintenance/maint-reboot-required.yaml
Normal file
13
ansible/maintenance/maint-reboot-required.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: check if system reboot is required
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: check if system reboot is required
|
||||
become: true
|
||||
stat:
|
||||
path: /var/run/reboot-required
|
||||
register: reboot_required
|
||||
- debug:
|
||||
msg: "Reboot is required"
|
||||
when: reboot_required.stat.exists
|
8
ansible/maintenance/maint-reboot.yaml
Normal file
8
ansible/maintenance/maint-reboot.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: reboot machine
|
||||
hosts: "{{ hosts }}"
|
||||
become: yes
|
||||
tasks:
|
||||
- name: reboot machine
|
||||
reboot:
|
||||
reboot_timeout: 3600
|
14
ansible/notification/notify-discord.yaml
Normal file
14
ansible/notification/notify-discord.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: notify discord
|
||||
hosts: "{{ hosts }}"
|
||||
tasks:
|
||||
- name: send discord message
|
||||
uri:
|
||||
url: "your-webhook"
|
||||
method: POST
|
||||
body_format: json
|
||||
body: '{"content": "your-message"}'
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
status_code: 204
|
||||
# when: your-condition
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
tasks:
|
||||
|
||||
# Create Portainer Volume
|
||||
# --
|
||||
#
|
||||
- name: Create new Volume
|
||||
community.docker.docker_volume:
|
||||
name: portainer_data
|
||||
|
||||
# Deploy Portainer
|
||||
# --
|
||||
#
|
||||
- name: Deploy Portainer
|
||||
community.docker.docker_container:
|
||||
name: portainer
|
||||
image: "docker.io/portainer/portainer-ce"
|
||||
ports:
|
||||
- "8000:8000"
|
||||
- "9000:9000"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- portainer_data:/data
|
||||
restart_policy: always
|
@ -1,46 +0,0 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
become: yes
|
||||
|
||||
tasks:
|
||||
|
||||
# Create Directory
|
||||
# ---
|
||||
#
|
||||
# - name: Create directory
|
||||
# file:
|
||||
# path: /etc/traefik
|
||||
# state: directory
|
||||
|
||||
# Create Directory
|
||||
# ---
|
||||
#
|
||||
# - name: Create directory2
|
||||
# file:
|
||||
# path: /etc/traefik/certs
|
||||
# state: directory
|
||||
|
||||
# Copy File
|
||||
# ---
|
||||
#
|
||||
# - name: Copy config file
|
||||
# ansible.builtin.copy:
|
||||
# src: config/traefik.yaml
|
||||
# dest: /etc/traefik/traefik.yaml
|
||||
|
||||
# Deploy Traefik
|
||||
# --
|
||||
#
|
||||
- name: Deploy Traefik
|
||||
become_user: "{{ lookup('env','USER') }}"
|
||||
community.docker.docker_container:
|
||||
name: traefik
|
||||
image: "traefik:v2.5"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/traefik:/etc/traefik
|
||||
restart_policy: always
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
- hosts: all
|
||||
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# Installs Microk8s
|
||||
# --
|
||||
#
|
||||
- name: install microk8s
|
||||
snap:
|
||||
classic: yes
|
||||
name: microk8s
|
||||
|
||||
# Sets User Permissions
|
||||
# --
|
||||
#
|
||||
- name: add userpermissions
|
||||
shell: "usermod -aG microk8s {{ lookup('env','USER') }}"
|
0
ansible/update/upd-apt.yaml
Normal file
0
ansible/update/upd-apt.yaml
Normal file
40
docker-compose/ansiblesemaphore/docker-compose.yml
Normal file
40
docker-compose/ansiblesemaphore/docker-compose.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
version: '3.9'
|
||||
services:
|
||||
mysql:
|
||||
restart: unless-stopped
|
||||
image: mysql:8.0
|
||||
hostname: mysql
|
||||
volumes:
|
||||
- semaphore-mysql:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_RANDOM_ROOT_PASSWORD=yes
|
||||
- MYSQL_DATABASE=semaphore
|
||||
- MYSQL_USER=semaphore
|
||||
- MYSQL_PASSWORD=your-db-password # change to your db password
|
||||
semaphore:
|
||||
container_name: ansiblesemaphore
|
||||
image: semaphoreui/semaphore:v2.8.90
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 3000:3000
|
||||
environment:
|
||||
- SEMAPHORE_DB_USER=semaphore
|
||||
- SEMAPHORE_DB_PASS=your-db-password # change to your db password
|
||||
- SEMAPHORE_DB_HOST=mysql
|
||||
- SEMAPHORE_DB_PORT=3306
|
||||
- SEMAPHORE_DB_DIALECT=mysql
|
||||
- SEMAPHORE_DB=semaphore
|
||||
- SEMAPHORE_PLAYBOOK_PATH=/tmp/semaphore/
|
||||
- SEMAPHORE_ADMIN_PASSWORD=your-admin-password # change to your admin password
|
||||
- SEMAPHORE_ADMIN_NAME=admin
|
||||
- SEMAPHORE_ADMIN_EMAIL=admin@localhost
|
||||
- SEMAPHORE_ADMIN=admin
|
||||
- SEMAPHORE_ACCESS_KEY_ENCRYPTION=gs72mPntFATGJs9qK0pQ0rKtfidlexiMjYCH9gWKhTU= # change to your access key encryption
|
||||
- ANSIBLE_HOST_KEY_CHECKING=false # (optional) change to true if you want to enable host key checking
|
||||
volumes:
|
||||
- ./inventory/:/inventory:ro
|
||||
- ./authorized-keys/:/authorized-keys:ro
|
||||
- ./config/:/etc/semaphore:rw
|
||||
depends_on:
|
||||
- mysql
|
Loading…
Reference in New Issue
Block a user