diff --git a/coreos-config/playbook.yaml b/coreos-config/playbook.yaml index 5873824..418c283 100644 --- a/coreos-config/playbook.yaml +++ b/coreos-config/playbook.yaml @@ -9,161 +9,13 @@ timeout: 300 sleep: 10 -- name: Backup - hosts: backup - become: true - become_user: root - tasks: - - name: Install backup script - ansible.builtin.template: - src: backup.sh.j2 - dest: /root/backup.sh - mode: '0700' - owner: root - - ansible.builtin.file: - path: /root/.ssh - owner: root - state: directory - mode: '0700' - - name: Install SSH Keys - ansible.builtin.template: - src: storagebox.j2 - dest: /root/.ssh/storagebox - mode: '0600' - owner: root - - name: Add Known Hosts entries - ansible.builtin.known_hosts: - path: "/root/.ssh/known_hosts" - name: "{{ backup.known_hosts.name }}" - key: "{{ backup.known_hosts.key }}" +- name: Common + ansible.builtin.import_playbook: plays/common.yaml -- name: Restore from Backup - hosts: unprovisioned - become: true - become_user: root - gather_facts: true - tasks: - - block: - - name: Install restore script - ansible.builtin.template: - src: restore.sh.j2 - dest: /root/restore.sh - mode: '0700' - owner: root - - ansible.builtin.file: - path: /root/.ssh - owner: root - state: directory - mode: '0700' - - name: Install SSH Keys - ansible.builtin.template: - src: storagebox.j2 - dest: /root/.ssh/storagebox - mode: '0600' - owner: root - - name: Add Known Hosts entries - ansible.builtin.known_hosts: - path: "/root/.ssh/known_hosts" - name: "{{ backup.known_hosts.name }}" - key: "{{ backup.known_hosts.key }}" - - name: Restore from Borg - become: true - become_user: root - ansible.builtin.command: - chdir: / - cmd: bash /root/restore.sh - - name: Remove script from host - ansible.builtin.file: - path: /root/restore.sh - state: absent - - set_fact: - provisioned: true - cacheable: true - when: ansible_facts.provisioned is undefined - -- name: Setup Registry credentials - hosts: all - tasks: - - ansible.builtin.file: - path: /home/core/.docker - owner: core - state: directory - mode: '0700' - - ansible.builtin.template: - src: docker-config.json.j2 - dest: /home/core/.docker/config.json - mode: '0600' - owner: core - - -- name: Install Services - hosts: host.nc.chaoswg.org - vars: - state: present - roles: - - { role: compose_project, service: traefik, with_fa: true } - - { role: compose_project, service: keycloak } - - { role: compose_project, service: minio } - - { role: compose_project, service: repo_proxy } - - { role: compose_project, service: registry } - - { role: compose_project, service: pantalaimon } - - { role: compose_project, service: gitea } - - { role: compose_project, service: gitea-runner } - - { role: compose_project, service: ba-gitlab-runner } - - { role: compose_project, service: wireguard } - - { role: compose_project, service: hedgedoc } - - { role: compose_project, service: miniflux } - - { role: compose_project, service: matrix } - - { role: compose_project, service: radicale } - - { role: compose_project, service: search } - - { role: compose_project, service: syncthing } - - { role: compose_project, service: blog } - - { role: compose_project, service: wkd } - - { role: compose_project, service: linktree } - - { role: compose_project, service: caddy } - - { role: compose_project, service: diun } - - { role: compose_project, service: watchtower } - -- name: Setup Thonkpad - hosts: thonkpad.ka.chaoswg.org - vars: - state: present - roles: - - { role: compose_project, service: pantalaimon } - - { role: compose_project, service: wireguard } - - { role: compose_project, service: watchtower } - - { role: compose_project, service: gitea-runner } - -- name: Base Setup Monitoring - hosts: mon1.hel1.chaoswg.org - vars: - state: present - roles: - - { role: compose_project, service: traefik } - - { role: compose_project, service: pantalaimon } - - { role: compose_project, service: watchtower } - -- name: Setup Monitoring Kuma 1 - hosts: mon1.hel1.chaoswg.org - vars: - state: present - roles: - - role: compose_project - service: kuma - vars: - service_name: "tobias" - urls: - - "status.tobiasmanske.de" - - "monitor.chaoswg.org" - -- name: Setup Monitoring Kuma 2 - hosts: mon1.hel1.chaoswg.org - vars: - state: present - roles: - - role: compose_project - service: kuma - vars: - service_name: "istannen" - urls: [ "monitor.ialistannen.de"] +- name: host.nc.chaoswg.org + ansible.builtin.import_playbook: plays/vps.yaml +- name: mon1.hel1.chaoswg.org + ansible.builtin.import_playbook: plays/monitoring.yaml +- name: thonkpad.ka.chaoswg.org + ansible.builtin.import_playbook: plays/thonkpad.yaml ... diff --git a/coreos-config/plays/common.yaml b/coreos-config/plays/common.yaml new file mode 100644 index 0000000..18847f1 --- /dev/null +++ b/coreos-config/plays/common.yaml @@ -0,0 +1,83 @@ +- name: Backup + hosts: backup + become: true + become_user: root + tasks: + - name: Install backup script + ansible.builtin.template: + src: backup.sh.j2 + dest: /root/backup.sh + mode: '0700' + owner: root + - ansible.builtin.file: + path: /root/.ssh + owner: root + state: directory + mode: '0700' + - name: Install SSH Keys + ansible.builtin.template: + src: storagebox.j2 + dest: /root/.ssh/storagebox + mode: '0600' + owner: root + - name: Add Known Hosts entries + ansible.builtin.known_hosts: + path: "/root/.ssh/known_hosts" + name: "{{ backup.known_hosts.name }}" + key: "{{ backup.known_hosts.key }}" +- name: Restore from Backup + hosts: unprovisioned + become: true + become_user: root + gather_facts: true + tasks: + - block: + - name: Install restore script + ansible.builtin.template: + src: restore.sh.j2 + dest: /root/restore.sh + mode: '0700' + owner: root + - ansible.builtin.file: + path: /root/.ssh + owner: root + state: directory + mode: '0700' + - name: Install SSH Keys + ansible.builtin.template: + src: storagebox.j2 + dest: /root/.ssh/storagebox + mode: '0600' + owner: root + - name: Add Known Hosts entries + ansible.builtin.known_hosts: + path: "/root/.ssh/known_hosts" + name: "{{ backup.known_hosts.name }}" + key: "{{ backup.known_hosts.key }}" + - name: Restore from Borg + become: true + become_user: root + ansible.builtin.command: + chdir: / + cmd: bash /root/restore.sh + - name: Remove script from host + ansible.builtin.file: + path: /root/restore.sh + state: absent + - set_fact: + provisioned: true + cacheable: true + when: ansible_facts.provisioned is undefined +- name: Setup Registry credentials + hosts: all + tasks: + - ansible.builtin.file: + path: /home/core/.docker + owner: core + state: directory + mode: '0700' + - ansible.builtin.template: + src: docker-config.json.j2 + dest: /home/core/.docker/config.json + mode: '0600' + owner: core diff --git a/coreos-config/plays/monitoring.yaml b/coreos-config/plays/monitoring.yaml new file mode 100644 index 0000000..6fdcd41 --- /dev/null +++ b/coreos-config/plays/monitoring.yaml @@ -0,0 +1,30 @@ +- name: Base Setup Monitoring + hosts: mon1.hel1.chaoswg.org + vars: + state: present + roles: + - {role: compose_project, service: traefik} + - {role: compose_project, service: pantalaimon} + - {role: compose_project, service: watchtower} +- name: Setup Monitoring Kuma 1 + hosts: mon1.hel1.chaoswg.org + vars: + state: present + roles: + - role: compose_project + service: kuma + vars: + service_name: "tobias" + urls: + - "status.tobiasmanske.de" + - "monitor.chaoswg.org" +- name: Setup Monitoring Kuma 2 + hosts: mon1.hel1.chaoswg.org + vars: + state: present + roles: + - role: compose_project + service: kuma + vars: + service_name: "istannen" + urls: ["monitor.ialistannen.de"] diff --git a/coreos-config/templates/backup.sh.j2 b/coreos-config/plays/templates/backup.sh.j2 similarity index 100% rename from coreos-config/templates/backup.sh.j2 rename to coreos-config/plays/templates/backup.sh.j2 diff --git a/coreos-config/templates/docker-config.json.j2 b/coreos-config/plays/templates/docker-config.json.j2 similarity index 100% rename from coreos-config/templates/docker-config.json.j2 rename to coreos-config/plays/templates/docker-config.json.j2 diff --git a/coreos-config/templates/restore.sh.j2 b/coreos-config/plays/templates/restore.sh.j2 similarity index 100% rename from coreos-config/templates/restore.sh.j2 rename to coreos-config/plays/templates/restore.sh.j2 diff --git a/coreos-config/templates/storagebox.j2 b/coreos-config/plays/templates/storagebox.j2 similarity index 100% rename from coreos-config/templates/storagebox.j2 rename to coreos-config/plays/templates/storagebox.j2 diff --git a/coreos-config/plays/thonkpad.yaml b/coreos-config/plays/thonkpad.yaml new file mode 100644 index 0000000..194ff12 --- /dev/null +++ b/coreos-config/plays/thonkpad.yaml @@ -0,0 +1,9 @@ +- name: Setup Thonkpad + hosts: thonkpad.ka.chaoswg.org + vars: + state: present + roles: + - {role: compose_project, service: pantalaimon} + - {role: compose_project, service: wireguard} + - {role: compose_project, service: watchtower} + - {role: compose_project, service: gitea-runner} diff --git a/coreos-config/plays/vps.yaml b/coreos-config/plays/vps.yaml new file mode 100644 index 0000000..d09539c --- /dev/null +++ b/coreos-config/plays/vps.yaml @@ -0,0 +1,27 @@ +- name: Setup VPS + hosts: host.nc.chaoswg.org + vars: + state: present + roles: + - {role: compose_project, service: traefik, with_fa: true} + - {role: compose_project, service: keycloak} + - {role: compose_project, service: minio} + - {role: compose_project, service: repo_proxy} + - {role: compose_project, service: registry} + - {role: compose_project, service: pantalaimon} + - {role: compose_project, service: gitea} + - {role: compose_project, service: gitea-runner} + - {role: compose_project, service: ba-gitlab-runner} + - {role: compose_project, service: wireguard} + - {role: compose_project, service: hedgedoc} + - {role: compose_project, service: miniflux} + - {role: compose_project, service: matrix} + - {role: compose_project, service: radicale} + - {role: compose_project, service: search} + - {role: compose_project, service: syncthing} + - {role: compose_project, service: blog} + - {role: compose_project, service: wkd} + - {role: compose_project, service: linktree} + - {role: compose_project, service: caddy} + - {role: compose_project, service: diun} + - {role: compose_project, service: watchtower}