infrastructure/coreos-config/plays/common.yaml

- name: Backup
  hosts: backup
  become: true
  become_user: root
  tasks:
    - name: Install backup script
      ansible.builtin.template:
        src: backup.sh.j2
        dest: /root/backup.sh
        mode: '0700'
        owner: root
    - ansible.builtin.file:
        path: /root/.ssh
        owner: root
        state: directory
        mode: '0700'
    - name: Install SSH Keys
      ansible.builtin.template:
        src: storagebox.j2
        dest: /root/.ssh/storagebox
        mode: '0600'
        owner: root
    - name: Add Known Hosts entries
      ansible.builtin.known_hosts:
        path: "/root/.ssh/known_hosts"
        name: "{{ backup.known_hosts.name }}"
        key: "{{ backup.known_hosts.key }}"
- name: Restore from Backup
  hosts: unprovisioned
  become: true
  become_user: root
  gather_facts: true
  tasks:
    - block:
        - name: Install restore script
          ansible.builtin.template:
            src: restore.sh.j2
            dest: /root/restore.sh
            mode: '0700'
            owner: root
        - ansible.builtin.file:
            path: /root/.ssh
            owner: root
            state: directory
            mode: '0700'
        - name: Install SSH Keys
          ansible.builtin.template:
            src: storagebox.j2
            dest: /root/.ssh/storagebox
            mode: '0600'
            owner: root
        - name: Add Known Hosts entries
          ansible.builtin.known_hosts:
            path: "/root/.ssh/known_hosts"
            name: "{{ backup.known_hosts.name }}"
            key: "{{ backup.known_hosts.key }}"
        - name: Restore from Borg
          become: true
          become_user: root
          ansible.builtin.command:
            chdir: /
            cmd: bash /root/restore.sh
        - name: Remove script from host
          ansible.builtin.file:
            path: /root/restore.sh
            state: absent
        - set_fact:
            provisioned: true
            cacheable: true
      when: ansible_facts.provisioned is undefined
- name: Setup Registry credentials
  hosts: all
  tasks:
    - ansible.builtin.file:
        path: /home/core/.docker
        owner: core
        state: directory
        mode: '0700'
    - ansible.builtin.template:
        src: docker-config.json.j2
        dest: /home/core/.docker/config.json
        mode: '0600'
        owner: core
- name: Setup internal networks
  hosts: all
  tasks:
    - name: Setup network
      community.docker.docker_network:
        name: "{{ item }}"
        internal: true
      loop: "{{ docker.internal_networks | default([]) }}"
- name: Setup Push Monitoring
  hosts: all
  tags:
    - never
    - setup_monitoring
  tasks:
    - name: Login to Kuma
      delegate_to: localhost
      check_mode: false
      lucasheld.uptime_kuma.login:
        api_url: "{{ kuma.api_url }}"
        api_username: "{{ kuma.api_username }}"
        api_password: "{{ kuma.api_password }}"
      register: kumalogin
    - name: Create Kuma Monitor
      delegate_to: localhost
      check_mode: false
      lucasheld.uptime_kuma.monitor:
        api_url: "{{ kuma.api_url }}"
        api_token: "{{ kumalogin.token }}"
        name: "{{ inventory_hostname }}"
        description: "Managed by Ansible"
        type: push
        interval: 330
        maxretries: 2
        notification_names:
          - "Kuma Statusmonitor"
        state: present
    - name: Obtain Kuma Push Token
      delegate_to: localhost
      check_mode: false
      lucasheld.uptime_kuma.monitor_info:
        api_url: "{{ kuma.api_url }}"
        api_token: "{{ kumalogin.token }}"
        name: "{{ inventory_hostname }}"
      register: monitor
    - name: Check if user is lingering
      stat:
        path: "/var/lib/systemd/linger/{{ ansible_user }}"
      register: user_lingering
    - name: Enable lingering for user if needed
      command: "loginctl enable-linger {{ ansible_user }}"
      when:
        - not user_lingering.stat.exists
    - name: Create systemd config dir
      file:
        state: directory
        path: "/home/{{ ansible_user }}/.config/systemd/user"
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        mode: '0755'
    - name: Copy Push Monitor Service and Timer
      ansible.builtin.template:
        src: "{{ item }}.j2"
        dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"
        mode: '0600'
        owner: "{{ ansible_user }}"
      vars:
        monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"
      loop:
        - heartbeat.service
        - heartbeat.timer
    - name: Enable timer
      ansible.builtin.systemd:
        scope: user
        name: heartbeat.timer
        state: started
        enabled: true
        masked: false
        daemon_reload: true
- name: Setup Docker Config
  hosts: all
  become: true
  become_user: root
  tasks:
    - name: Template Config
      ansible.builtin.template:
        src: "docker-daemon.json.j2"
        dest: /etc/docker/daemon.json
        owner: root
        group: root
        mode: '0600'
      notify: Restart Docker
    - name: Setup default ulimts
      ansible.builtin.lineinfile:
        path: /etc/sysconfig/docker
        search_string: '--default-ulimit nofile='
        line: '  --default-ulimit nofile=4096:4096 \'
      notify: Restart Docker
    - name: Restart Docker if necessary
      meta: flush_handlers
  handlers:
    - name: Restart Docker
      ansible.builtin.systemd:
        state: restarted
        name: docker.service
Split playbook 2023-03-30 23:52:40 +02:00			`- name: Backup`
			`hosts: backup`
			`become: true`
			`become_user: root`
			`tasks:`
			`- name: Install backup script`
			`ansible.builtin.template:`
			`src: backup.sh.j2`
			`dest: /root/backup.sh`
			`mode: '0700'`
			`owner: root`
			`- ansible.builtin.file:`
			`path: /root/.ssh`
			`owner: root`
			`state: directory`
			`mode: '0700'`
			`- name: Install SSH Keys`
			`ansible.builtin.template:`
			`src: storagebox.j2`
			`dest: /root/.ssh/storagebox`
			`mode: '0600'`
			`owner: root`
			`- name: Add Known Hosts entries`
			`ansible.builtin.known_hosts:`
			`path: "/root/.ssh/known_hosts"`
			`name: "{{ backup.known_hosts.name }}"`
			`key: "{{ backup.known_hosts.key }}"`
			`- name: Restore from Backup`
			`hosts: unprovisioned`
			`become: true`
			`become_user: root`
			`gather_facts: true`
			`tasks:`
			`- block:`
			`- name: Install restore script`
			`ansible.builtin.template:`
			`src: restore.sh.j2`
			`dest: /root/restore.sh`
			`mode: '0700'`
			`owner: root`
			`- ansible.builtin.file:`
			`path: /root/.ssh`
			`owner: root`
			`state: directory`
			`mode: '0700'`
			`- name: Install SSH Keys`
			`ansible.builtin.template:`
			`src: storagebox.j2`
			`dest: /root/.ssh/storagebox`
			`mode: '0600'`
			`owner: root`
			`- name: Add Known Hosts entries`
			`ansible.builtin.known_hosts:`
			`path: "/root/.ssh/known_hosts"`
			`name: "{{ backup.known_hosts.name }}"`
			`key: "{{ backup.known_hosts.key }}"`
			`- name: Restore from Borg`
			`become: true`
			`become_user: root`
			`ansible.builtin.command:`
			`chdir: /`
			`cmd: bash /root/restore.sh`
			`- name: Remove script from host`
			`ansible.builtin.file:`
			`path: /root/restore.sh`
			`state: absent`
			`- set_fact:`
			`provisioned: true`
			`cacheable: true`
			`when: ansible_facts.provisioned is undefined`
			`- name: Setup Registry credentials`
			`hosts: all`
			`tasks:`
			`- ansible.builtin.file:`
			`path: /home/core/.docker`
			`owner: core`
			`state: directory`
			`mode: '0700'`
			`- ansible.builtin.template:`
			`src: docker-config.json.j2`
			`dest: /home/core/.docker/config.json`
			`mode: '0600'`
			`owner: core`
Add external monitoring network 2023-08-10 16:29:52 +02:00			`- name: Setup internal networks`
			`hosts: all`
			`tasks:`
			`- name: Setup network`
			`community.docker.docker_network:`
			`name: "{{ item }}"`
			`internal: true`
			`loop: "{{ docker.internal_networks \| default([]) }}"`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`- name: Setup Push Monitoring`
			`hosts: all`
Disable monitor setup by default as the kuma plugin tends to hang 2023-04-09 22:24:34 +02:00			`tags:`
			`- never`
			`- setup_monitoring`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`tasks:`
			`- name: Login to Kuma`
			`delegate_to: localhost`
Ignore kuma in checkmode 2023-04-06 19:57:36 +02:00			`check_mode: false`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`lucasheld.uptime_kuma.login:`
			`api_url: "{{ kuma.api_url }}"`
			`api_username: "{{ kuma.api_username }}"`
			`api_password: "{{ kuma.api_password }}"`
			`register: kumalogin`
			`- name: Create Kuma Monitor`
			`delegate_to: localhost`
Ignore kuma in checkmode 2023-04-06 19:57:36 +02:00			`check_mode: false`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`lucasheld.uptime_kuma.monitor:`
			`api_url: "{{ kuma.api_url }}"`
			`api_token: "{{ kumalogin.token }}"`
			`name: "{{ inventory_hostname }}"`
			`description: "Managed by Ansible"`
			`type: push`
			`interval: 330`
			`maxretries: 2`
			`notification_names:`
			`- "Kuma Statusmonitor"`
			`state: present`
			`- name: Obtain Kuma Push Token`
			`delegate_to: localhost`
Ignore kuma in checkmode 2023-04-06 19:57:36 +02:00			`check_mode: false`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`lucasheld.uptime_kuma.monitor_info:`
			`api_url: "{{ kuma.api_url }}"`
			`api_token: "{{ kumalogin.token }}"`
			`name: "{{ inventory_hostname }}"`
			`register: monitor`
			`- name: Check if user is lingering`
			`stat:`
			`path: "/var/lib/systemd/linger/{{ ansible_user }}"`
			`register: user_lingering`
Fix typo 2023-04-06 19:13:33 +02:00			`- name: Enable lingering for user if needed`
Manage kuma monitoring for all hosts 2023-04-06 01:03:25 +02:00			`command: "loginctl enable-linger {{ ansible_user }}"`
			`when:`
			`- not user_lingering.stat.exists`
			`- name: Create systemd config dir`
			`file:`
			`state: directory`
			`path: "/home/{{ ansible_user }}/.config/systemd/user"`
			`owner: "{{ ansible_user }}"`
			`group: "{{ ansible_user }}"`
			`mode: '0755'`
			`- name: Copy Push Monitor Service and Timer`
			`ansible.builtin.template:`
			`src: "{{ item }}.j2"`
			`dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"`
			`mode: '0600'`
			`owner: "{{ ansible_user }}"`
			`vars:`
			`monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"`
			`loop:`
			`- heartbeat.service`
			`- heartbeat.timer`
			`- name: Enable timer`
			`ansible.builtin.systemd:`
			`scope: user`
			`name: heartbeat.timer`
			`state: started`
			`enabled: true`
			`masked: false`
			`daemon_reload: true`
Change default ulimits 2023-08-22 18:50:55 +02:00			`- name: Setup Docker Config`
			`hosts: all`
			`become: true`
			`become_user: root`
			`tasks:`
			`- name: Template Config`
			`ansible.builtin.template:`
			`src: "docker-daemon.json.j2"`
			`dest: /etc/docker/daemon.json`
			`owner: root`
			`group: root`
			`mode: '0600'`
			`notify: Restart Docker`
			`- name: Setup default ulimts`
			`ansible.builtin.lineinfile:`
			`path: /etc/sysconfig/docker`
			`search_string: '--default-ulimit nofile='`
			`line: ' --default-ulimit nofile=4096:4096 \'`
			`notify: Restart Docker`
			`- name: Restart Docker if necessary`
			`meta: flush_handlers`
			`handlers:`
			`- name: Restart Docker`
			`ansible.builtin.systemd:`
			`state: restarted`
			`name: docker.service`