infrastructure/coreos-config/plays/common.yaml

151 lines
4.4 KiB
YAML

- name: Backup
hosts: backup
become: true
become_user: root
tasks:
- name: Install backup script
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Backup
hosts: unprovisioned
become: true
become_user: root
gather_facts: true
tasks:
- block:
- name: Install restore script
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- set_fact:
provisioned: true
cacheable: true
when: ansible_facts.provisioned is undefined
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core
- name: Setup Push Monitoring
hosts: all
tasks:
- name: Login to Kuma
delegate_to: localhost
lucasheld.uptime_kuma.login:
api_url: "{{ kuma.api_url }}"
api_username: "{{ kuma.api_username }}"
api_password: "{{ kuma.api_password }}"
register: kumalogin
- name: Create Kuma Monitor
delegate_to: localhost
lucasheld.uptime_kuma.monitor:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
description: "Managed by Ansible"
type: push
interval: 330
maxretries: 2
notification_names:
- "Kuma Statusmonitor"
state: present
- name: Obtain Kuma Push Token
delegate_to: localhost
lucasheld.uptime_kuma.monitor_info:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
register: monitor
- name: Check if user is lingering
stat:
path: "/var/lib/systemd/linger/{{ ansible_user }}"
register: user_lingering
- name: Enable lingering for root if needed
command: "loginctl enable-linger {{ ansible_user }}"
when:
- not user_lingering.stat.exists
- name: Create systemd config dir
file:
state: directory
path: "/home/{{ ansible_user }}/.config/systemd/user"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0755'
- name: Copy Push Monitor Service and Timer
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"
mode: '0600'
owner: "{{ ansible_user }}"
vars:
monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"
loop:
- heartbeat.service
- heartbeat.timer
- name: Enable timer
ansible.builtin.systemd:
scope: user
name: heartbeat.timer
state: started
enabled: true
masked: false
daemon_reload: true