- name: Backup hosts: backup become: true become_user: root tasks: - name: Install backup script ansible.builtin.template: src: backup.sh.j2 dest: /root/backup.sh mode: '0700' owner: root - ansible.builtin.file: path: /root/.ssh owner: root state: directory mode: '0700' - name: Install SSH Keys ansible.builtin.template: src: storagebox.j2 dest: /root/.ssh/storagebox mode: '0600' owner: root - name: Add Known Hosts entries ansible.builtin.known_hosts: path: "/root/.ssh/known_hosts" name: "{{ backup.known_hosts.name }}" key: "{{ backup.known_hosts.key }}" - name: Restore from Backup hosts: unprovisioned become: true become_user: root gather_facts: true tasks: - block: - name: Install restore script ansible.builtin.template: src: restore.sh.j2 dest: /root/restore.sh mode: '0700' owner: root - ansible.builtin.file: path: /root/.ssh owner: root state: directory mode: '0700' - name: Install SSH Keys ansible.builtin.template: src: storagebox.j2 dest: /root/.ssh/storagebox mode: '0600' owner: root - name: Add Known Hosts entries ansible.builtin.known_hosts: path: "/root/.ssh/known_hosts" name: "{{ backup.known_hosts.name }}" key: "{{ backup.known_hosts.key }}" - name: Restore from Borg become: true become_user: root ansible.builtin.command: chdir: / cmd: bash /root/restore.sh - name: Remove script from host ansible.builtin.file: path: /root/restore.sh state: absent - set_fact: provisioned: true cacheable: true when: ansible_facts.provisioned is undefined - name: Setup Registry credentials hosts: all tasks: - ansible.builtin.file: path: /home/core/.docker owner: core state: directory mode: '0700' - ansible.builtin.template: src: docker-config.json.j2 dest: /home/core/.docker/config.json mode: '0600' owner: core - name: Setup internal networks hosts: all tasks: - name: Setup network community.docker.docker_network: name: "{{ item }}" internal: true loop: "{{ docker.internal_networks | default([]) }}" - name: Setup Push Monitoring hosts: all tags: - never - setup_monitoring tasks: - name: Login to Kuma delegate_to: localhost check_mode: false lucasheld.uptime_kuma.login: api_url: "{{ kuma.api_url }}" api_username: "{{ kuma.api_username }}" api_password: "{{ kuma.api_password }}" register: kumalogin - name: Create Kuma Monitor delegate_to: localhost check_mode: false lucasheld.uptime_kuma.monitor: api_url: "{{ kuma.api_url }}" api_token: "{{ kumalogin.token }}" name: "{{ inventory_hostname }}" description: "Managed by Ansible" type: push interval: 330 maxretries: 2 notification_names: - "Kuma Statusmonitor" state: present - name: Obtain Kuma Push Token delegate_to: localhost check_mode: false lucasheld.uptime_kuma.monitor_info: api_url: "{{ kuma.api_url }}" api_token: "{{ kumalogin.token }}" name: "{{ inventory_hostname }}" register: monitor - name: Check if user is lingering stat: path: "/var/lib/systemd/linger/{{ ansible_user }}" register: user_lingering - name: Enable lingering for user if needed command: "loginctl enable-linger {{ ansible_user }}" when: - not user_lingering.stat.exists - name: Create systemd config dir file: state: directory path: "/home/{{ ansible_user }}/.config/systemd/user" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' - name: Copy Push Monitor Service and Timer ansible.builtin.template: src: "{{ item }}.j2" dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}" mode: '0600' owner: "{{ ansible_user }}" vars: monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK" loop: - heartbeat.service - heartbeat.timer - name: Enable timer ansible.builtin.systemd: scope: user name: heartbeat.timer state: started enabled: true masked: false daemon_reload: true