154 lines
4.5 KiB
YAML
154 lines
4.5 KiB
YAML
- name: Backup
|
|
hosts: backup
|
|
become: true
|
|
become_user: root
|
|
tasks:
|
|
- name: Install backup script
|
|
ansible.builtin.template:
|
|
src: backup.sh.j2
|
|
dest: /root/backup.sh
|
|
mode: '0700'
|
|
owner: root
|
|
- ansible.builtin.file:
|
|
path: /root/.ssh
|
|
owner: root
|
|
state: directory
|
|
mode: '0700'
|
|
- name: Install SSH Keys
|
|
ansible.builtin.template:
|
|
src: storagebox.j2
|
|
dest: /root/.ssh/storagebox
|
|
mode: '0600'
|
|
owner: root
|
|
- name: Add Known Hosts entries
|
|
ansible.builtin.known_hosts:
|
|
path: "/root/.ssh/known_hosts"
|
|
name: "{{ backup.known_hosts.name }}"
|
|
key: "{{ backup.known_hosts.key }}"
|
|
- name: Restore from Backup
|
|
hosts: unprovisioned
|
|
become: true
|
|
become_user: root
|
|
gather_facts: true
|
|
tasks:
|
|
- block:
|
|
- name: Install restore script
|
|
ansible.builtin.template:
|
|
src: restore.sh.j2
|
|
dest: /root/restore.sh
|
|
mode: '0700'
|
|
owner: root
|
|
- ansible.builtin.file:
|
|
path: /root/.ssh
|
|
owner: root
|
|
state: directory
|
|
mode: '0700'
|
|
- name: Install SSH Keys
|
|
ansible.builtin.template:
|
|
src: storagebox.j2
|
|
dest: /root/.ssh/storagebox
|
|
mode: '0600'
|
|
owner: root
|
|
- name: Add Known Hosts entries
|
|
ansible.builtin.known_hosts:
|
|
path: "/root/.ssh/known_hosts"
|
|
name: "{{ backup.known_hosts.name }}"
|
|
key: "{{ backup.known_hosts.key }}"
|
|
- name: Restore from Borg
|
|
become: true
|
|
become_user: root
|
|
ansible.builtin.command:
|
|
chdir: /
|
|
cmd: bash /root/restore.sh
|
|
- name: Remove script from host
|
|
ansible.builtin.file:
|
|
path: /root/restore.sh
|
|
state: absent
|
|
- set_fact:
|
|
provisioned: true
|
|
cacheable: true
|
|
when: ansible_facts.provisioned is undefined
|
|
- name: Setup Registry credentials
|
|
hosts: all
|
|
tasks:
|
|
- ansible.builtin.file:
|
|
path: /home/core/.docker
|
|
owner: core
|
|
state: directory
|
|
mode: '0700'
|
|
- ansible.builtin.template:
|
|
src: docker-config.json.j2
|
|
dest: /home/core/.docker/config.json
|
|
mode: '0600'
|
|
owner: core
|
|
- name: Setup Push Monitoring
|
|
hosts: all
|
|
tasks:
|
|
- name: Login to Kuma
|
|
delegate_to: localhost
|
|
check_mode: false
|
|
lucasheld.uptime_kuma.login:
|
|
api_url: "{{ kuma.api_url }}"
|
|
api_username: "{{ kuma.api_username }}"
|
|
api_password: "{{ kuma.api_password }}"
|
|
register: kumalogin
|
|
- name: Create Kuma Monitor
|
|
delegate_to: localhost
|
|
check_mode: false
|
|
lucasheld.uptime_kuma.monitor:
|
|
api_url: "{{ kuma.api_url }}"
|
|
api_token: "{{ kumalogin.token }}"
|
|
name: "{{ inventory_hostname }}"
|
|
description: "Managed by Ansible"
|
|
type: push
|
|
interval: 330
|
|
maxretries: 2
|
|
notification_names:
|
|
- "Kuma Statusmonitor"
|
|
state: present
|
|
- name: Obtain Kuma Push Token
|
|
delegate_to: localhost
|
|
check_mode: false
|
|
lucasheld.uptime_kuma.monitor_info:
|
|
api_url: "{{ kuma.api_url }}"
|
|
api_token: "{{ kumalogin.token }}"
|
|
name: "{{ inventory_hostname }}"
|
|
register: monitor
|
|
- name: Check if user is lingering
|
|
stat:
|
|
path: "/var/lib/systemd/linger/{{ ansible_user }}"
|
|
register: user_lingering
|
|
- name: Enable lingering for user if needed
|
|
command: "loginctl enable-linger {{ ansible_user }}"
|
|
when:
|
|
- not user_lingering.stat.exists
|
|
- name: Create systemd config dir
|
|
file:
|
|
state: directory
|
|
path: "/home/{{ ansible_user }}/.config/systemd/user"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0755'
|
|
- name: Copy Push Monitor Service and Timer
|
|
ansible.builtin.template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"
|
|
mode: '0600'
|
|
owner: "{{ ansible_user }}"
|
|
vars:
|
|
monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"
|
|
loop:
|
|
- heartbeat.service
|
|
- heartbeat.timer
|
|
- name: Enable timer
|
|
ansible.builtin.systemd:
|
|
scope: user
|
|
name: heartbeat.timer
|
|
state: started
|
|
enabled: true
|
|
masked: false
|
|
daemon_reload: true
|
|
|
|
|
|
|