Split playbook
This commit is contained in:
parent
642a5b29ed
commit
27c42f447c
@ -9,161 +9,13 @@
|
|||||||
timeout: 300
|
timeout: 300
|
||||||
sleep: 10
|
sleep: 10
|
||||||
|
|
||||||
- name: Backup
|
- name: Common
|
||||||
hosts: backup
|
ansible.builtin.import_playbook: plays/common.yaml
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
tasks:
|
|
||||||
- name: Install backup script
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: backup.sh.j2
|
|
||||||
dest: /root/backup.sh
|
|
||||||
mode: '0700'
|
|
||||||
owner: root
|
|
||||||
- ansible.builtin.file:
|
|
||||||
path: /root/.ssh
|
|
||||||
owner: root
|
|
||||||
state: directory
|
|
||||||
mode: '0700'
|
|
||||||
- name: Install SSH Keys
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: storagebox.j2
|
|
||||||
dest: /root/.ssh/storagebox
|
|
||||||
mode: '0600'
|
|
||||||
owner: root
|
|
||||||
- name: Add Known Hosts entries
|
|
||||||
ansible.builtin.known_hosts:
|
|
||||||
path: "/root/.ssh/known_hosts"
|
|
||||||
name: "{{ backup.known_hosts.name }}"
|
|
||||||
key: "{{ backup.known_hosts.key }}"
|
|
||||||
|
|
||||||
- name: Restore from Backup
|
- name: host.nc.chaoswg.org
|
||||||
hosts: unprovisioned
|
ansible.builtin.import_playbook: plays/vps.yaml
|
||||||
become: true
|
- name: mon1.hel1.chaoswg.org
|
||||||
become_user: root
|
ansible.builtin.import_playbook: plays/monitoring.yaml
|
||||||
gather_facts: true
|
- name: thonkpad.ka.chaoswg.org
|
||||||
tasks:
|
ansible.builtin.import_playbook: plays/thonkpad.yaml
|
||||||
- block:
|
|
||||||
- name: Install restore script
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: restore.sh.j2
|
|
||||||
dest: /root/restore.sh
|
|
||||||
mode: '0700'
|
|
||||||
owner: root
|
|
||||||
- ansible.builtin.file:
|
|
||||||
path: /root/.ssh
|
|
||||||
owner: root
|
|
||||||
state: directory
|
|
||||||
mode: '0700'
|
|
||||||
- name: Install SSH Keys
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: storagebox.j2
|
|
||||||
dest: /root/.ssh/storagebox
|
|
||||||
mode: '0600'
|
|
||||||
owner: root
|
|
||||||
- name: Add Known Hosts entries
|
|
||||||
ansible.builtin.known_hosts:
|
|
||||||
path: "/root/.ssh/known_hosts"
|
|
||||||
name: "{{ backup.known_hosts.name }}"
|
|
||||||
key: "{{ backup.known_hosts.key }}"
|
|
||||||
- name: Restore from Borg
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
ansible.builtin.command:
|
|
||||||
chdir: /
|
|
||||||
cmd: bash /root/restore.sh
|
|
||||||
- name: Remove script from host
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /root/restore.sh
|
|
||||||
state: absent
|
|
||||||
- set_fact:
|
|
||||||
provisioned: true
|
|
||||||
cacheable: true
|
|
||||||
when: ansible_facts.provisioned is undefined
|
|
||||||
|
|
||||||
- name: Setup Registry credentials
|
|
||||||
hosts: all
|
|
||||||
tasks:
|
|
||||||
- ansible.builtin.file:
|
|
||||||
path: /home/core/.docker
|
|
||||||
owner: core
|
|
||||||
state: directory
|
|
||||||
mode: '0700'
|
|
||||||
- ansible.builtin.template:
|
|
||||||
src: docker-config.json.j2
|
|
||||||
dest: /home/core/.docker/config.json
|
|
||||||
mode: '0600'
|
|
||||||
owner: core
|
|
||||||
|
|
||||||
|
|
||||||
- name: Install Services
|
|
||||||
hosts: host.nc.chaoswg.org
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
roles:
|
|
||||||
- { role: compose_project, service: traefik, with_fa: true }
|
|
||||||
- { role: compose_project, service: keycloak }
|
|
||||||
- { role: compose_project, service: minio }
|
|
||||||
- { role: compose_project, service: repo_proxy }
|
|
||||||
- { role: compose_project, service: registry }
|
|
||||||
- { role: compose_project, service: pantalaimon }
|
|
||||||
- { role: compose_project, service: gitea }
|
|
||||||
- { role: compose_project, service: gitea-runner }
|
|
||||||
- { role: compose_project, service: ba-gitlab-runner }
|
|
||||||
- { role: compose_project, service: wireguard }
|
|
||||||
- { role: compose_project, service: hedgedoc }
|
|
||||||
- { role: compose_project, service: miniflux }
|
|
||||||
- { role: compose_project, service: matrix }
|
|
||||||
- { role: compose_project, service: radicale }
|
|
||||||
- { role: compose_project, service: search }
|
|
||||||
- { role: compose_project, service: syncthing }
|
|
||||||
- { role: compose_project, service: blog }
|
|
||||||
- { role: compose_project, service: wkd }
|
|
||||||
- { role: compose_project, service: linktree }
|
|
||||||
- { role: compose_project, service: caddy }
|
|
||||||
- { role: compose_project, service: diun }
|
|
||||||
- { role: compose_project, service: watchtower }
|
|
||||||
|
|
||||||
- name: Setup Thonkpad
|
|
||||||
hosts: thonkpad.ka.chaoswg.org
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
roles:
|
|
||||||
- { role: compose_project, service: pantalaimon }
|
|
||||||
- { role: compose_project, service: wireguard }
|
|
||||||
- { role: compose_project, service: watchtower }
|
|
||||||
- { role: compose_project, service: gitea-runner }
|
|
||||||
|
|
||||||
- name: Base Setup Monitoring
|
|
||||||
hosts: mon1.hel1.chaoswg.org
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
roles:
|
|
||||||
- { role: compose_project, service: traefik }
|
|
||||||
- { role: compose_project, service: pantalaimon }
|
|
||||||
- { role: compose_project, service: watchtower }
|
|
||||||
|
|
||||||
- name: Setup Monitoring Kuma 1
|
|
||||||
hosts: mon1.hel1.chaoswg.org
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
roles:
|
|
||||||
- role: compose_project
|
|
||||||
service: kuma
|
|
||||||
vars:
|
|
||||||
service_name: "tobias"
|
|
||||||
urls:
|
|
||||||
- "status.tobiasmanske.de"
|
|
||||||
- "monitor.chaoswg.org"
|
|
||||||
|
|
||||||
- name: Setup Monitoring Kuma 2
|
|
||||||
hosts: mon1.hel1.chaoswg.org
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
roles:
|
|
||||||
- role: compose_project
|
|
||||||
service: kuma
|
|
||||||
vars:
|
|
||||||
service_name: "istannen"
|
|
||||||
urls: [ "monitor.ialistannen.de"]
|
|
||||||
...
|
...
|
||||||
|
83
coreos-config/plays/common.yaml
Normal file
83
coreos-config/plays/common.yaml
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
- name: Backup
|
||||||
|
hosts: backup
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
tasks:
|
||||||
|
- name: Install backup script
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: backup.sh.j2
|
||||||
|
dest: /root/backup.sh
|
||||||
|
mode: '0700'
|
||||||
|
owner: root
|
||||||
|
- ansible.builtin.file:
|
||||||
|
path: /root/.ssh
|
||||||
|
owner: root
|
||||||
|
state: directory
|
||||||
|
mode: '0700'
|
||||||
|
- name: Install SSH Keys
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: storagebox.j2
|
||||||
|
dest: /root/.ssh/storagebox
|
||||||
|
mode: '0600'
|
||||||
|
owner: root
|
||||||
|
- name: Add Known Hosts entries
|
||||||
|
ansible.builtin.known_hosts:
|
||||||
|
path: "/root/.ssh/known_hosts"
|
||||||
|
name: "{{ backup.known_hosts.name }}"
|
||||||
|
key: "{{ backup.known_hosts.key }}"
|
||||||
|
- name: Restore from Backup
|
||||||
|
hosts: unprovisioned
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- block:
|
||||||
|
- name: Install restore script
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: restore.sh.j2
|
||||||
|
dest: /root/restore.sh
|
||||||
|
mode: '0700'
|
||||||
|
owner: root
|
||||||
|
- ansible.builtin.file:
|
||||||
|
path: /root/.ssh
|
||||||
|
owner: root
|
||||||
|
state: directory
|
||||||
|
mode: '0700'
|
||||||
|
- name: Install SSH Keys
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: storagebox.j2
|
||||||
|
dest: /root/.ssh/storagebox
|
||||||
|
mode: '0600'
|
||||||
|
owner: root
|
||||||
|
- name: Add Known Hosts entries
|
||||||
|
ansible.builtin.known_hosts:
|
||||||
|
path: "/root/.ssh/known_hosts"
|
||||||
|
name: "{{ backup.known_hosts.name }}"
|
||||||
|
key: "{{ backup.known_hosts.key }}"
|
||||||
|
- name: Restore from Borg
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
ansible.builtin.command:
|
||||||
|
chdir: /
|
||||||
|
cmd: bash /root/restore.sh
|
||||||
|
- name: Remove script from host
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /root/restore.sh
|
||||||
|
state: absent
|
||||||
|
- set_fact:
|
||||||
|
provisioned: true
|
||||||
|
cacheable: true
|
||||||
|
when: ansible_facts.provisioned is undefined
|
||||||
|
- name: Setup Registry credentials
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- ansible.builtin.file:
|
||||||
|
path: /home/core/.docker
|
||||||
|
owner: core
|
||||||
|
state: directory
|
||||||
|
mode: '0700'
|
||||||
|
- ansible.builtin.template:
|
||||||
|
src: docker-config.json.j2
|
||||||
|
dest: /home/core/.docker/config.json
|
||||||
|
mode: '0600'
|
||||||
|
owner: core
|
30
coreos-config/plays/monitoring.yaml
Normal file
30
coreos-config/plays/monitoring.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
- name: Base Setup Monitoring
|
||||||
|
hosts: mon1.hel1.chaoswg.org
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- {role: compose_project, service: traefik}
|
||||||
|
- {role: compose_project, service: pantalaimon}
|
||||||
|
- {role: compose_project, service: watchtower}
|
||||||
|
- name: Setup Monitoring Kuma 1
|
||||||
|
hosts: mon1.hel1.chaoswg.org
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- role: compose_project
|
||||||
|
service: kuma
|
||||||
|
vars:
|
||||||
|
service_name: "tobias"
|
||||||
|
urls:
|
||||||
|
- "status.tobiasmanske.de"
|
||||||
|
- "monitor.chaoswg.org"
|
||||||
|
- name: Setup Monitoring Kuma 2
|
||||||
|
hosts: mon1.hel1.chaoswg.org
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- role: compose_project
|
||||||
|
service: kuma
|
||||||
|
vars:
|
||||||
|
service_name: "istannen"
|
||||||
|
urls: ["monitor.ialistannen.de"]
|
9
coreos-config/plays/thonkpad.yaml
Normal file
9
coreos-config/plays/thonkpad.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
- name: Setup Thonkpad
|
||||||
|
hosts: thonkpad.ka.chaoswg.org
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- {role: compose_project, service: pantalaimon}
|
||||||
|
- {role: compose_project, service: wireguard}
|
||||||
|
- {role: compose_project, service: watchtower}
|
||||||
|
- {role: compose_project, service: gitea-runner}
|
27
coreos-config/plays/vps.yaml
Normal file
27
coreos-config/plays/vps.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
- name: Setup VPS
|
||||||
|
hosts: host.nc.chaoswg.org
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- {role: compose_project, service: traefik, with_fa: true}
|
||||||
|
- {role: compose_project, service: keycloak}
|
||||||
|
- {role: compose_project, service: minio}
|
||||||
|
- {role: compose_project, service: repo_proxy}
|
||||||
|
- {role: compose_project, service: registry}
|
||||||
|
- {role: compose_project, service: pantalaimon}
|
||||||
|
- {role: compose_project, service: gitea}
|
||||||
|
- {role: compose_project, service: gitea-runner}
|
||||||
|
- {role: compose_project, service: ba-gitlab-runner}
|
||||||
|
- {role: compose_project, service: wireguard}
|
||||||
|
- {role: compose_project, service: hedgedoc}
|
||||||
|
- {role: compose_project, service: miniflux}
|
||||||
|
- {role: compose_project, service: matrix}
|
||||||
|
- {role: compose_project, service: radicale}
|
||||||
|
- {role: compose_project, service: search}
|
||||||
|
- {role: compose_project, service: syncthing}
|
||||||
|
- {role: compose_project, service: blog}
|
||||||
|
- {role: compose_project, service: wkd}
|
||||||
|
- {role: compose_project, service: linktree}
|
||||||
|
- {role: compose_project, service: caddy}
|
||||||
|
- {role: compose_project, service: diun}
|
||||||
|
- {role: compose_project, service: watchtower}
|
Loading…
Reference in New Issue
Block a user