Split playbook

This commit is contained in:
Tobias Manske 2023-03-30 23:52:40 +02:00
parent 642a5b29ed
commit 27c42f447c
Signed by: tobias
GPG Key ID: 9164B527694A0709
9 changed files with 157 additions and 156 deletions

View File

@ -9,161 +9,13 @@
timeout: 300 timeout: 300
sleep: 10 sleep: 10
- name: Backup - name: Common
hosts: backup ansible.builtin.import_playbook: plays/common.yaml
become: true
become_user: root
tasks:
- name: Install backup script
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Backup - name: host.nc.chaoswg.org
hosts: unprovisioned ansible.builtin.import_playbook: plays/vps.yaml
become: true - name: mon1.hel1.chaoswg.org
become_user: root ansible.builtin.import_playbook: plays/monitoring.yaml
gather_facts: true - name: thonkpad.ka.chaoswg.org
tasks: ansible.builtin.import_playbook: plays/thonkpad.yaml
- block:
- name: Install restore script
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- set_fact:
provisioned: true
cacheable: true
when: ansible_facts.provisioned is undefined
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core
- name: Install Services
hosts: host.nc.chaoswg.org
vars:
state: present
roles:
- { role: compose_project, service: traefik, with_fa: true }
- { role: compose_project, service: keycloak }
- { role: compose_project, service: minio }
- { role: compose_project, service: repo_proxy }
- { role: compose_project, service: registry }
- { role: compose_project, service: pantalaimon }
- { role: compose_project, service: gitea }
- { role: compose_project, service: gitea-runner }
- { role: compose_project, service: ba-gitlab-runner }
- { role: compose_project, service: wireguard }
- { role: compose_project, service: hedgedoc }
- { role: compose_project, service: miniflux }
- { role: compose_project, service: matrix }
- { role: compose_project, service: radicale }
- { role: compose_project, service: search }
- { role: compose_project, service: syncthing }
- { role: compose_project, service: blog }
- { role: compose_project, service: wkd }
- { role: compose_project, service: linktree }
- { role: compose_project, service: caddy }
- { role: compose_project, service: diun }
- { role: compose_project, service: watchtower }
- name: Setup Thonkpad
hosts: thonkpad.ka.chaoswg.org
vars:
state: present
roles:
- { role: compose_project, service: pantalaimon }
- { role: compose_project, service: wireguard }
- { role: compose_project, service: watchtower }
- { role: compose_project, service: gitea-runner }
- name: Base Setup Monitoring
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- { role: compose_project, service: traefik }
- { role: compose_project, service: pantalaimon }
- { role: compose_project, service: watchtower }
- name: Setup Monitoring Kuma 1
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "tobias"
urls:
- "status.tobiasmanske.de"
- "monitor.chaoswg.org"
- name: Setup Monitoring Kuma 2
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "istannen"
urls: [ "monitor.ialistannen.de"]
... ...

View File

@ -0,0 +1,83 @@
- name: Backup
hosts: backup
become: true
become_user: root
tasks:
- name: Install backup script
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Backup
hosts: unprovisioned
become: true
become_user: root
gather_facts: true
tasks:
- block:
- name: Install restore script
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- set_fact:
provisioned: true
cacheable: true
when: ansible_facts.provisioned is undefined
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core

View File

@ -0,0 +1,30 @@
- name: Base Setup Monitoring
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
- name: Setup Monitoring Kuma 1
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "tobias"
urls:
- "status.tobiasmanske.de"
- "monitor.chaoswg.org"
- name: Setup Monitoring Kuma 2
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "istannen"
urls: ["monitor.ialistannen.de"]

View File

@ -0,0 +1,9 @@
- name: Setup Thonkpad
hosts: thonkpad.ka.chaoswg.org
vars:
state: present
roles:
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: wireguard}
- {role: compose_project, service: watchtower}
- {role: compose_project, service: gitea-runner}

View File

@ -0,0 +1,27 @@
- name: Setup VPS
hosts: host.nc.chaoswg.org
vars:
state: present
roles:
- {role: compose_project, service: traefik, with_fa: true}
- {role: compose_project, service: keycloak}
- {role: compose_project, service: minio}
- {role: compose_project, service: repo_proxy}
- {role: compose_project, service: registry}
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: gitea}
- {role: compose_project, service: gitea-runner}
- {role: compose_project, service: ba-gitlab-runner}
- {role: compose_project, service: wireguard}
- {role: compose_project, service: hedgedoc}
- {role: compose_project, service: miniflux}
- {role: compose_project, service: matrix}
- {role: compose_project, service: radicale}
- {role: compose_project, service: search}
- {role: compose_project, service: syncthing}
- {role: compose_project, service: blog}
- {role: compose_project, service: wkd}
- {role: compose_project, service: linktree}
- {role: compose_project, service: caddy}
- {role: compose_project, service: diun}
- {role: compose_project, service: watchtower}