commit 7df8c091a10923d23e907609249a5b2e56d5b169 Author: Michael Grote <38253905+quotengrote@users.noreply.github.com> Date: Tue Aug 18 11:57:53 2020 +0200 first commit diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..37783e12 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,15 @@ + +exclude_paths: + - roles/stefangweichinger.rclone/ + - roles/igor_mukhin.bash_aliases/ + - roles/nickjj.ansible-user/ + - roles/azavea.ansible-pip/ + +parseable: true +quiet: true +skip_list: + - '204' + - '701' +use_default_rules: true +verbosity: 0 +# https://github.com/ansible/ansible-lint#false-positives-skipping-rules diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d16d0ab7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.git/ +ansible-vault-password.yml +# https://www.atlassian.com/git/tutorials/saving-changes/gitignore diff --git a/.remote-sync.json b/.remote-sync.json new file mode 100644 index 00000000..06776a8a --- /dev/null +++ b/.remote-sync.json @@ -0,0 +1,14 @@ +{ + "uploadOnSave": true, + "useAtomicWrites": true, + "deleteLocal": false, + "hostname": "ansible.grote.lan", + "port": "22", + "target": "/home/mg/ansible", + "ignore": [ + ".git/**" + ], + "username": "mg", + "keyfile": "C:/Users/mg/Desktop/NextCloud/Rest/ssh-keys/heimserver/private.ppk", + "transport": "scp" +} diff --git a/Archiv/Rest/smb.conf - omvv2.txt b/Archiv/Rest/smb.conf - omvv2.txt new file mode 100644 index 00000000..31702918 --- /dev/null +++ b/Archiv/Rest/smb.conf - omvv2.txt @@ -0,0 +1,358 @@ + +root@omvv2.grote.lan's password: +Linux omvv2 4.19.0-0.bpo.8-amd64 #1 SMP Debian 4.19.98-1~bpo9+1 (2020-03-09) x86 _64 + +The programs included with the Debian GNU/Linux system are free software; +the exact distribution terms for each program are described in the +individual files in /usr/share/doc/*/copyright. + +Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent +permitted by applicable law. +Last login: Sun Apr 19 16:09:19 2020 from 192.168.2.40 +root@omvv2:~# cat /etc/samba/smb.conf +#======================= Global Settings ======================= +[global] +workgroup = WORKGROUP +server string = %h server +dns proxy = no +log level = 0 +log file = /var/log/samba/log.%m +max log size = 1000 +logging = syslog +panic action = /usr/share/samba/panic-action %d +encrypt passwords = true +passdb backend = tdbsam +obey pam restrictions = no +unix password sync = no +passwd program = /usr/bin/passwd %u +passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n * password\supdated\ssuccessfully* . +pam password change = yes +socket options = TCP_NODELAY IPTOS_LOWDELAY +guest account = nobody +load printers = no +disable spoolss = yes +printing = bsd +printcap name = /dev/null +unix extensions = yes +wide links = no +create mask = 0777 +directory mask = 0777 +map to guest = Bad User +use sendfile = yes +aio read size = 16384 +aio write size = 16384 +local master = yes +time server = no +wins support = no +acl allow execute always = yes +allocation roundup size = 4096 +#======================= Share Definitions ======================= +[scans] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/scans +guest ok = yes +guest only = yes +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = no +[tmp] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/tmp +guest ok = yes +guest only = yes +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +[pve] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/pve +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "michaelgrote","pve" +invalid users = +read list = +write list = "michaelgrote","pve" +[aptcacherng] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/aptcacherng +guest ok = no +read only = no +browseable = yes +inherit acls = no +inherit permissions = yes +ea support = no +store dos attributes = no +vfs objects = +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = +invalid users = +read list = +write list = +[ag-v1] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/ag-v1 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "michaelgrote","andreasgrote" +invalid users = +read list = +write list = "michaelgrote","andreasgrote" +[hm-v1] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/hm-v1 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "michaelgrote","horstmartin" +invalid users = +read list = +write list = "michaelgrote","horstmartin" +[Videos-v2] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/Videos-v2 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "annemariedroessler","michaelgrote","toolserver","win10" +invalid users = +read list = "annemariedroessler" +write list = "michaelgrote","toolserver","win10" +[Musik-v2] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/Musik-v2 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = no +valid users = "annemariedroessler","jellyfin","michaelgrote","win10" +invalid users = +read list = "annemariedroessler","jellyfin","win10" +write list = "michaelgrote" +[mg-v2] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/mg-v2 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "michaelgrote","win10" +invalid users = +read list = +write list = "michaelgrote","win10" +[Backup-v2] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/Backup-v2 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "annemariedroessler","michaelgrote","restic","toolserver","win10" +invalid users = +read list = +write list = "annemariedroessler","michaelgrote","restic","toolserver","win10" +[amd-v2] +path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/amd-v2 +guest ok = no +read only = no +browseable = yes +inherit acls = yes +inherit permissions = no +ea support = no +store dos attributes = no +vfs objects = recycle +recycle:repository = .recycle/%U +recycle:keeptree = yes +recycle:versions = yes +recycle:touch = yes +recycle:directory_mode = 0777 +recycle:subdir_mode = 0700 +recycle:exclude = +recycle:exclude_dir = +recycle:maxsize = 0 +printable = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +hide special files = yes +follow symlinks = yes +hide dot files = yes +valid users = "michaelgrote","annemariedroessler","win10" +invalid users = +read list = "michaelgrote","win10" +write list = "annemariedroessler" +root@omvv2:~# diff --git a/Archiv/azavea.ansible-pip/.gitignore b/Archiv/azavea.ansible-pip/.gitignore new file mode 100644 index 00000000..d1b859b6 --- /dev/null +++ b/Archiv/azavea.ansible-pip/.gitignore @@ -0,0 +1,8 @@ +.vagrant + +# Molecule +.molecule +*.retry +*__pycache__* +*.cache +*.log diff --git a/Archiv/azavea.ansible-pip/CHANGELOG.md b/Archiv/azavea.ansible-pip/CHANGELOG.md new file mode 100644 index 00000000..716958d3 --- /dev/null +++ b/Archiv/azavea.ansible-pip/CHANGELOG.md @@ -0,0 +1,30 @@ +## 2.0.0 + +- Add `pip_executable` variable to support Python 2 and 3 installations. +- Removed deprecated tests-as-filters in `when` directives. +- Updated minimum supported Ansible version to 2.5.x. + +## 1.1.0 + +- Add `pip_get_pip_version` to support older `get-pip.py` releases. See version history at https://bootstrap.pypa.io. + +## 1.0.1 + +- Prevent `get-pip.py` download when it is already present. + +## 1.0.0 + +- Install pip using `get-pip.py` instead of `apt`. See Install pip, setuptools, and wheel in the [pip documentation](https://packaging.python.org/installing/#install-pip-setuptools-and-wheel) for more information. + +## 0.2.0 + +- Replace existing Vagrant testing setup with Molecule. +- Add Molecule testing support for Ubuntu 16.04. + +## 0.1.1 + +- Make use of a version glob to install the `pip` package. + +## 0.1.0 + +- Initial release. diff --git a/Archiv/azavea.ansible-pip/LICENSE b/Archiv/azavea.ansible-pip/LICENSE new file mode 100644 index 00000000..f4810ac8 --- /dev/null +++ b/Archiv/azavea.ansible-pip/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018 Azavea Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Archiv/azavea.ansible-pip/README.md b/Archiv/azavea.ansible-pip/README.md new file mode 100644 index 00000000..dc905b10 --- /dev/null +++ b/Archiv/azavea.ansible-pip/README.md @@ -0,0 +1,35 @@ +# ansible-pip + +An Ansible role for installing [pip](https://pip.pypa.io/en/latest/). + +## Role Variables + +- `pip_version` - pip version +- `pip_get_pip_version` - get_pip.py version +- `pip_executable` - the executable to run to check pip's version + +## Testing +Tests are done using [molecule](http://molecule.readthedocs.io/). To run the test suite, install molecule and its dependencies and run ` molecule test` from the folder containing molecule.yml. To add additional tests, add a [testinfra](http://testinfra.readthedocs.org/) python script in the [tests](./tests/) directory, or add a function to [test_pip.py](./tests/test_scala.py). Information about available Testinfra modules is available [here](http://testinfra.readthedocs.io/en/latest/modules.html). + +### Example +``` +# Download molecule, dependencies +$ pip install molecule + +# Change to the top-level project directory, which contains molecule.yml +$ cd /path/to/ansible-pip + +# Ensure that molecule.yml is present +$ ls +CHANGELOG.md molecule.yml +LICENSE playbook.retry +README.md playbook.yml +ansible.cfg tasks +defaults templates +handlers tests +meta + +# We're in the right directory, so let's run tests! +$ molecule test + +``` diff --git a/Archiv/azavea.ansible-pip/defaults/main.yml b/Archiv/azavea.ansible-pip/defaults/main.yml new file mode 100644 index 00000000..fa4c9dbd --- /dev/null +++ b/Archiv/azavea.ansible-pip/defaults/main.yml @@ -0,0 +1,4 @@ +--- +pip_version: "9.0.*" +pip_get_pip_version: "latest" +pip_executable: "pip" diff --git a/Archiv/azavea.ansible-pip/meta/main.yml b/Archiv/azavea.ansible-pip/meta/main.yml new file mode 100644 index 00000000..86aadde0 --- /dev/null +++ b/Archiv/azavea.ansible-pip/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Hector Castro + description: An Ansible role for installing pip. + company: Azavea Inc. + license: Apache + min_ansible_version: 2.5 + platforms: + - name: Ubuntu + versions: + - trusty + - xenial + galaxy_tags: + - development +dependencies: [] diff --git a/Archiv/azavea.ansible-pip/molecule.yml b/Archiv/azavea.ansible-pip/molecule.yml new file mode 100644 index 00000000..cd81bb21 --- /dev/null +++ b/Archiv/azavea.ansible-pip/molecule.yml @@ -0,0 +1,25 @@ +--- +molecule: + test: + sequence: + - destroy + - syntax + - create + - converge + - idempotence + - verify + +vagrant: + platforms: + - name: trusty64 + box: ubuntu/trusty64 + + - name: xenial64 + box: ubuntu/xenial64 + + providers: + - name: virtualbox + type: virtualbox + + instances: + - name: ansible-pip \ No newline at end of file diff --git a/Archiv/azavea.ansible-pip/tasks/main.yml b/Archiv/azavea.ansible-pip/tasks/main.yml new file mode 100644 index 00000000..5104779e --- /dev/null +++ b/Archiv/azavea.ansible-pip/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Get installed pip version + command: "{{ pip_executable }} --version" + register: pip_version_output + ignore_errors: yes + changed_when: false + +- name: Download get-pip.py + vars: + pip_version_url: "{{ (pip_get_pip_version == 'latest') | ternary('', pip_get_pip_version) }}" + required_vars: + - pip_get_pip_version + get_url: + url: 'https://bootstrap.pypa.io/{{ pip_version_url }}/get-pip.py' + dest: /tmp/get-pip.py + when: (pip_version_output is failed) or not pip_version_output.stdout is search(pip_version) + +# Install pip if it's not already installed, or if +# the desired versions of pip aren't installed +# The regular expression extracts '9.0' out of '9.0.*' +- name: Install pip + command: "{{ ansible_python_interpreter if ansible_python_interpreter is defined else 'python' }} get-pip.py pip=={{ pip_version }}" + when: "(pip_version_output is failed) or not pip_version_output.stdout is search('pip ' + pip_version)" + args: + chdir: /tmp diff --git a/Archiv/azavea.ansible-pip/tests/test_pip.py b/Archiv/azavea.ansible-pip/tests/test_pip.py new file mode 100644 index 00000000..e177df7e --- /dev/null +++ b/Archiv/azavea.ansible-pip/tests/test_pip.py @@ -0,0 +1,26 @@ +import pytest + + +@pytest.fixture() +def AnsibleDefaults(Ansible): + """ Load default variables into dictionary. + Args: + Ansible - Requires the ansible connection backend. + """ + return Ansible("include_vars", "./defaults/main.yml")["ansible_facts"] + + +def test_pip_exists(Command, AnsibleDefaults): + """ Ensure the candidate version of pip is installed. + + Args: + Command - Module to determine package install status and version + GetAnsibleDefaults - Get default version of the package + """ + pip_version_check = Command("pip --version") + + # We only care about the major.minor versions + pip_version = AnsibleDefaults["pip_version"].split("*")[0] + + assert pip_version_check.rc == 0 + assert pip_version in pip_version_check.stdout diff --git a/Archiv/fileserver.grote.lan.yml.old b/Archiv/fileserver.grote.lan.yml.old new file mode 100644 index 00000000..695d9318 --- /dev/null +++ b/Archiv/fileserver.grote.lan.yml.old @@ -0,0 +1,6 @@ +--- + ### mgrote.fileserver_mergerfs + laufwerke: ## Muessen als HDD* in /mnt gemountet damit sie in mergerFS eingebunden werden + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1', ordner: 'HDD1'} + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2', ordner: 'HDD2'} + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3', ordner: 'HDD3'} diff --git a/Archiv/fileserver.yml b/Archiv/fileserver.yml new file mode 100644 index 00000000..5b5029b4 --- /dev/null +++ b/Archiv/fileserver.yml @@ -0,0 +1,78 @@ +############################################################################### +# Vor dem Ausfuehren des Playbooks die Festplatten fuer +# mergerFS mit "/dev/disk/by-id" rausfinden. +# Die Festplatten werden unter sources hinterlegt. +# Auf diesen Festplatten muss sich ein EXT4_Dateisystem befinden. +# "mkfs.ext4 /dev/..." +############################################################################### +# Wenn es hier hakt, zuerst SMB auskommentieren, Ausfuehren dann wieder mit smb. +############################################################################### +# Wenn Freigaben geloescht werden muss der dazugehoerige Ordner per CLI geloescht +# werden. +############################################################################### + +--- +- hosts: fileserver.grote.lan + roles: + - { role: mgrote.fileserver_mergerfs, tags: "fileserver_mergerfs" } + - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.fileserver_smb, tags: "fileserver_smb" } + - { role: mgrote.sicherung_medien, tags: "youtube-dl", when: ansible_hostname == "fileserver", become: true } + - { role: mgrote.sicherung_nextcloud, tags: "nextcloud_sicherung", when: ansible_hostname == "fileserver" } + - { role: mgrote.sicherung_cloud, tags: "rclone", when: ansible_hostname == "fileserver" } + + vars: + ### mergerFS + mergerfs_mountpoint: "/shares" + mount_optionen: defaults,allow_other,direct_io,use_ino,moveonenospc=true,category.create=mfs,minfreespace=100G,nonempty + ###laufwerke: sind im inventory pro host deklariert + mergerfs_tree_cron_minutes: "30" + mergerfs_tree_cron_hours: "5" + ### smb_fileserver + smb_nutzer: + - { name: 'andreasgrote', groups: 'users', password: 'hallowelt' } + - { name: 'annemariedroessler', groups: 'users', password: 'hallowelt' } + - { name: 'aptcacherng', groups: 'users', password: 'hallowelt' } + - { name: 'horstmartin', groups: 'users', password: 'hallowelt' } + - { name: 'pve', groups: 'users', password: 'hallowelt' } + - { name: 'restic', groups: 'users', password: 'restic' } + - { name: 'toolserver', groups: 'users', password: 'hallowelt' } + - { name: 'win10', groups: 'users', password: 'hallowelt' } + - { name: 'toolserver', groups: 'users', password: '1TWoLbNzNG2W2c1rhyGh' } + - { name: 'kodi', groups: 'users', password: 'hallowelt' } + - { name: 'michaelgrote3', groups: 'users', password: 'hallowelt' } + + smb_freigaben: #werden unter /shares angelegt + - { freigabename: 'Backup', ordnerpfad: '/shares/Backup', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'Musik', ordnerpfad: '/shares/Musik', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'Videos', ordnerpfad: '/shares/Videos', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'ag', ordnerpfad: '/shares/ag', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'amd', ordnerpfad: '/shares/amd', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'hm', ordnerpfad: '/shares/hm', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'mg', ordnerpfad: '/shares/mg', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'pve', ordnerpfad: '/shares/pve', lese_nutzer: '', schreibe_nutzer: '' } + - { freigabename: 'tmp', ordnerpfad: '/shares/tmp', lese_nutzer: '', schreibe_nutzer: '' } + smb_workgroup: WORKGROUP + + smb_nutzer_loeschen: + - { name: 'platzhalter' } + + ### nfs_fileserver + nfs_freigaben: + - { freigabename: 'nfsfreigabe', nutzer: pve } + + ### youtube mg + youtubedl_cron_minutes: "40" + youtubedl_cron_hours: "21" + playlisten: + - { url: 'https://www.youtube.com/playlist?list=PLPM-eyPokAWNhhDNO4YzC5cGRwuI2ykwE', titel: 'music'} + - { url: 'https://www.youtube.com/playlist?list=PLPM-eyPokAWNnDxuyX131R5wkl8fzvu7D', titel: 'lost and found'} + - { url: 'https://www.youtube.com/playlist?list=PLPM-eyPokAWPmStfh37roJge-JuLfgma0', titel: 'lost and found 2'} + ### nextcloud_sicherung + nextcloud_sicherung_cron_minutes: "20" + nextcloud_sicherung_cron_hours: "21" + ### rclone + rclone_cron_minutes: "1" + rclone_cron_hours: "22,04,10,16" + ### postfix + mail_nach_cronjob: false diff --git a/Archiv/gsuite rclone.txt b/Archiv/gsuite rclone.txt new file mode 100644 index 00000000..71aab0e2 --- /dev/null +++ b/Archiv/gsuite rclone.txt @@ -0,0 +1,11 @@ +####### GSUITE +echo "GSuite - mg" +/usr/local/bin/rclone --config /root/rclone/config/rclone.conf copy --drive-stop-on-upload-limit --dry-run --ignore-existing --log-file="/root/rclone/logs/log_tmp_$dt.txt" --log-level INFO --transfers 2 --checkers 4 --bwlimit "Mon-08:00,{{ rclone_bandbreite }} 22:00,off Tue-08:00,{{ rclone_bandbreite }} 22:00,off Wed-08:00,{{ rclone_bandbreite }} 22:00,off Thu-08:00,{{ rclone_bandbreite }} 22:00,off Fri-08:00,{{ rclone_bandbreite }} 22:00,off Sat-09:00,{{ rclone_bandbreite }} 23:00,off Sun-09:00,{{ rclone_bandbreite }} 22:00,off" --contimeout 60s --timeout 300s --retries 5 --low-level-retries 10 --max-backlog 300000 --stats 5s --drive-server-side-across-configs=true --delete-after --progress --stats-file-name-length 120 --drive-chunk-size 64M --fast-list --exclude /.recycle/** "/shares/mg" "gdrive-v3-encrypt:/mg" --backup-dir "gdrive-v3-encrypt:/old/mg/$dt" +echo "GSuite - amd" +/usr/local/bin/rclone --config /root/rclone/config/rclone.conf copy --drive-stop-on-upload-limit --dry-run --ignore-existing --log-file="/root/rclone/logs/log_tmp_$dt.txt" --log-level INFO --transfers 4 --checkers 8 --bwlimit "Mon-08:00,{{ rclone_bandbreite }} 22:00,off Tue-08:00,{{ rclone_bandbreite }} 22:00,off Wed-08:00,{{ rclone_bandbreite }} 22:00,off Thu-08:00,{{ rclone_bandbreite }} 22:00,off Fri-08:00,{{ rclone_bandbreite }} 22:00,off Sat-09:00,{{ rclone_bandbreite }} 23:00,off Sun-09:00,{{ rclone_bandbreite }} 22:00,off" --contimeout 60s --timeout 300s --retries 5 --low-level-retries 10 --max-backlog 300000 --stats 5s --drive-server-side-across-configs=true --delete-after --progress --stats-file-name-length 120 --drive-chunk-size 64M --fast-list --exclude /.recycle/** "/shares/amd" "gdrive-v3-encrypt:/amd" --backup-dir "gdrive-v3-encrypt:/old/amd/$dt" +echo "GSuite - Backup" +/usr/local/bin/rclone --config /root/rclone/config/rclone.conf copy --drive-stop-on-upload-limit --dry-run --ignore-existing --log-file="/root/rclone/logs/log_tmp_$dt.txt" --log-level INFO --transfers 4 --checkers 8 --bwlimit "Mon-08:00,{{ rclone_bandbreite }} 22:00,off Tue-08:00,{{ rclone_bandbreite }} 22:00,off Wed-08:00,{{ rclone_bandbreite }} 22:00,off Thu-08:00,{{ rclone_bandbreite }} 22:00,off Fri-08:00,{{ rclone_bandbreite }} 22:00,off Sat-09:00,{{ rclone_bandbreite }} 23:00,off Sun-09:00,{{ rclone_bandbreite }} 22:00,off" --contimeout 60s --timeout 300s --retries 5 --low-level-retries 10 --max-backlog 300000 --stats 5s --drive-server-side-across-configs=true --delete-after --progress --stats-file-name-length 120 --drive-chunk-size 64M --fast-list --exclude /.recycle/** "/shares/Backup" "gdrive-v3-encrypt:/Backup" --backup-dir "gdrive-v3-encrypt:/old/backup/$dt" +echo "GSuite - Musik" +/usr/local/bin/rclone --config /root/rclone/config/rclone.conf copy --drive-stop-on-upload-limit --dry-run --ignore-existing --log-file="/root/rclone/logs/log_tmp_$dt.txt" --log-level INFO --transfers 6 --checkers 12 --bwlimit "Mon-08:00,{{ rclone_bandbreite }} 22:00,off Tue-08:00,{{ rclone_bandbreite }} 22:00,off Wed-08:00,{{ rclone_bandbreite }} 22:00,off Thu-08:00,{{ rclone_bandbreite }} 22:00,off Fri-08:00,{{ rclone_bandbreite }} 22:00,off Sat-09:00,{{ rclone_bandbreite }} 23:00,off Sun-09:00,{{ rclone_bandbreite }} 22:00,off" --contimeout 60s --timeout 300s --retries 5 --low-level-retries 10 --max-backlog 300000 --stats 5s --drive-server-side-across-configs=true --delete-after --progress --stats-file-name-length 120 --drive-chunk-size 64M --fast-list --exclude /.recycle/** "/shares/Musik" "gdrive-v2:/unverschluesselt/Musik" --backup-dir "gdrive-v2:/old/Musik/$dt" +echo "GSuite - Videos" +/usr/local/bin/rclone --config /root/rclone/config/rclone.conf copy --drive-stop-on-upload-limit --dry-run --ignore-existing --log-file="/root/rclone/logs/log_tmp_$dt.txt" --log-level INFO --transfers 2 --checkers 4 --bwlimit "Mon-08:00,{{ rclone_bandbreite }} 22:00,off Tue-08:00,{{ rclone_bandbreite }} 22:00,off Wed-08:00,{{ rclone_bandbreite }} 22:00,off Thu-08:00,{{ rclone_bandbreite }} 22:00,off Fri-08:00,{{ rclone_bandbreite }} 22:00,off Sat-09:00,{{ rclone_bandbreite }} 23:00,off Sun-09:00,{{ rclone_bandbreite }} 22:00,off" --contimeout 60s --timeout 300s --retries 5 --low-level-retries 10 --max-backlog 300000 --stats 5s --drive-server-side-across-configs=true --delete-after --progress --stats-file-name-length 120 --drive-chunk-size 64M --fast-list --exclude /.recycle/** "/shares/Videos" "gdrive-v2:/unverschluesselt/Videos" --backup-dir "gdrive-v2:/old/video/$dt" diff --git a/Archiv/igor_mukhin.bash_aliases/.editorconfig b/Archiv/igor_mukhin.bash_aliases/.editorconfig new file mode 100644 index 00000000..5547d36e --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/.editorconfig @@ -0,0 +1,13 @@ +# http://editorconfig.org + +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{yml,yml.dist,yml.js2}] +indent_style = space +indent_size = 2 diff --git a/Archiv/igor_mukhin.bash_aliases/LICENSE b/Archiv/igor_mukhin.bash_aliases/LICENSE new file mode 100644 index 00000000..dde1abd3 --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2015 Igor Mukhin + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Archiv/igor_mukhin.bash_aliases/README.md b/Archiv/igor_mukhin.bash_aliases/README.md new file mode 100644 index 00000000..0fa31a38 --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/README.md @@ -0,0 +1,39 @@ + # ansible-role-bash_aliases + +Ansible role for setting aliases in ~/.bash_aliases for Debian/Ubuntu. + +## Prerequisites + +First of all you should install [Ansible](http://www.ansible.com/home) on your machine, official [docs](http://docs.ansible.com/intro_installation.html) should help you with that. + +# Installation +```bash +ansible-galaxy install igor_mukhin.bash_aliases +``` + +## Example playbook + +Lets make aliases for most used symfony2 console commands + +```yml +# playbook.yml + +vars: + # See all available variables at defaults/main.yml + bash_aliases: + - { alias: 'sf', command: 'php app/console' } + + - { alias: 'sfcc', command: 'sf cache:clear' } + - { alias: 'sfccnw', command: 'sfcc --no-warmup' } + + - { alias: 'sfl', command: 'sf list' } + - { alias: 'sflg', command: 'sf list | grep' } + + # You also can add extra lines in any format to .bash_aliases + bash_aliases_extra: + - "git config --global alias.unstage 'reset HEAD --'" + +roles: + - { role: igor_mukhin.bash_aliases, sudo: false } + +``` diff --git a/Archiv/igor_mukhin.bash_aliases/defaults/main.yml b/Archiv/igor_mukhin.bash_aliases/defaults/main.yml new file mode 100644 index 00000000..2a6239ed --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +bash_aliases_path: "~/.bash_aliases" + +bash_aliases: false + +bash_aliases_extra: false +# - alias sf="php app/console" +# - alias sflg="sf list|grep" diff --git a/Archiv/igor_mukhin.bash_aliases/meta/main.yml b/Archiv/igor_mukhin.bash_aliases/meta/main.yml new file mode 100644 index 00000000..af31aad0 --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/meta/main.yml @@ -0,0 +1,18 @@ +--- + +dependencies: [] + +galaxy_info: + author: igor_mukhin + description: Set aliases in ~/.bash_aliases for Debian/Ubuntu + license: "MIT" + min_ansible_version: 1.8 + platforms: + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - system diff --git a/Archiv/igor_mukhin.bash_aliases/tasks/main.yml b/Archiv/igor_mukhin.bash_aliases/tasks/main.yml new file mode 100644 index 00000000..e6558ae8 --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: Bash aliases | Add aliases + lineinfile: + dest: "{{ bash_aliases_path }}" + create: yes + mode: 0644 + line: 'alias {{ item.alias }}="{{ item.command }}"' + regexp: "^alias {{ item.alias }}=" + with_items: "{{ bash_aliases }}" + when: bash_aliases != false + +- name: Bash aliases | Add extra + lineinfile: + dest: "{{ bash_aliases_path }}" + create: yes + mode: 0644 + line: "{{ item }}" + with_items: "{{ bash_aliases_extra }}" + when: bash_aliases_extra != false diff --git a/Archiv/igor_mukhin.bash_aliases/tests/playbook.yml b/Archiv/igor_mukhin.bash_aliases/tests/playbook.yml new file mode 100644 index 00000000..b6c1246b --- /dev/null +++ b/Archiv/igor_mukhin.bash_aliases/tests/playbook.yml @@ -0,0 +1,10 @@ +--- + +- hosts: all + + vars: + bash_aliases: + - { alias: 'sf', command: 'php app/console2' } + + roles: + - "../../mgrote.bash_aliases" diff --git a/Archiv/mgrote.cockpit/README.md b/Archiv/mgrote.cockpit/README.md new file mode 100644 index 00000000..ad2cd634 --- /dev/null +++ b/Archiv/mgrote.cockpit/README.md @@ -0,0 +1,6 @@ +## mgrote.cockpit + +### Beschreibung +Installiert [Cockpit](https://cockpit-project.org/) +### Funktioniert auf +- [x] Ubuntu (>=18.04) diff --git a/Archiv/mgrote.cockpit/defaults/main.yml b/Archiv/mgrote.cockpit/defaults/main.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/Archiv/mgrote.cockpit/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/Archiv/mgrote.cockpit/handlers/main.yml b/Archiv/mgrote.cockpit/handlers/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/Archiv/mgrote.cockpit/meta/main.yml b/Archiv/mgrote.cockpit/meta/main.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/Archiv/mgrote.cockpit/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/Archiv/mgrote.cockpit/tasks/main.yml b/Archiv/mgrote.cockpit/tasks/main.yml new file mode 100644 index 00000000..43ea5a85 --- /dev/null +++ b/Archiv/mgrote.cockpit/tasks/main.yml @@ -0,0 +1,6 @@ + - name: install cockpit + become: yes + apt: + name: + - cockpit + state: present diff --git a/Archiv/mgrote.fileserver_mergerfs/README.md b/Archiv/mgrote.fileserver_mergerfs/README.md new file mode 100644 index 00000000..012a3f42 --- /dev/null +++ b/Archiv/mgrote.fileserver_mergerfs/README.md @@ -0,0 +1,35 @@ +## mgrote.fileserver_mergerfs + +### Beschreibung +Diese Rolle richtet mergerFS ein und mountet die ausgewaehlten Festplatten unter /mnt/HDD*. +Danach werden die Festplatten mit mergerFS unter /shares zusammengefasst. + +Cave: Die Festplatten muessen vorher mit einem Dateisystem versehen sein. (mkfs.ext4 /dev/disk/by-id/XXXXX) + +Erstellt einen Cronjob der "tree" ausfuehrt und unter "/root/tree/tree.txt" speichert. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [ ] Debian + + +### Variablen + Defaults +##### Mount Optionen +mount_optionen: defaults,allow_other,direct_io,use_ino,moveonenospc=true,category.create=mfs,minfreespace=100G,nonempty +##### wohin die Laufwerke gemountet werden sollen +mergerfs_mountpoint: "/shares" +##### Minuten wann "tree" ausgefuehrt wird +mergerfs_tree_cron_minutes: 30 +##### Stunden wann "tree" ausgefuehrt wird +mergerfs_tree_cron_hours: 5 +##### Welche Festplatten gemountet UND eingebunden werden soll +- "ordner:XXX" <-- muss HDDx sein +- hier ist KEIN default gesetzt + +``` +sources: + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1', ordner: 'HDD1'} + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2', ordner: 'HDD2'} + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3', ordner: 'HDD3'} + - { pfad: '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi4', ordner: 'HDD4'} +``` diff --git a/Archiv/mgrote.fileserver_mergerfs/defaults/main.yml b/Archiv/mgrote.fileserver_mergerfs/defaults/main.yml new file mode 100644 index 00000000..03a8fc24 --- /dev/null +++ b/Archiv/mgrote.fileserver_mergerfs/defaults/main.yml @@ -0,0 +1,5 @@ +--- +mount_optionen: defaults,allow_other,direct_io,use_ino,moveonenospc=true,category.create=mfs,minfreespace=100G,nonempty +mergerfs_mountpoint: "/shares" +mergerfs_tree_cron_minutes: 30 +mergerfs_tree_cron_hours: 5 diff --git a/Archiv/mgrote.fileserver_mergerfs/handlers/main.yml b/Archiv/mgrote.fileserver_mergerfs/handlers/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/Archiv/mgrote.fileserver_mergerfs/tasks/main.yml b/Archiv/mgrote.fileserver_mergerfs/tasks/main.yml new file mode 100644 index 00000000..cef4197c --- /dev/null +++ b/Archiv/mgrote.fileserver_mergerfs/tasks/main.yml @@ -0,0 +1,55 @@ + - name: mergerFS installieren + become: yes + apt: + name: + - mergerfs + - python3 + - fuse + state: present + + - name: mergerFS-Tools installieren + become: yes + git: + repo: https://github.com/trapexit/mergerfs-tools.git + dest: /usr/local/bin/mergerfs_tools + version: 2.29.0 + + - name: "einzelne Laufwerke mounten" + become: yes + mount: + path: /mnt/{{ item.ordner }} + src: "{{ item.pfad }}" + fstype: ext4 + state: mounted + loop: "{{ laufwerke }}" + + - name: "Mount mergerFS" + become: yes + mount: + path: "{{ mergerfs_mountpoint }}" + src: "/mnt/HDD*" + opts: "{{ mount_optionen }}" + fstype: fuse.mergerfs + state: present + + - name: Ordner "tree" erstellen + become: yes + file: + path: /root/tree + state: directory + + - name: Kopiere Tree-Script + become: yes + template: + src: tree.sh + dest: /root/tree/tree.sh + mode: a+x + + - name: cronjob fuer tree.sh anlegen + become: yes + cron: + name: tree + state: present + job: "/root/tree/tree.sh" + minute: "{{ mergerfs_tree_cron_minutes }}" + hour: "{{ mergerfs_tree_cron_hours }}" diff --git a/Archiv/mgrote.fileserver_mergerfs/templates/tree.sh b/Archiv/mgrote.fileserver_mergerfs/templates/tree.sh new file mode 100644 index 00000000..defeea87 --- /dev/null +++ b/Archiv/mgrote.fileserver_mergerfs/templates/tree.sh @@ -0,0 +1,2 @@ +#!/bin/bash +tree / > /root/tree/tree.txt diff --git a/Archiv/mgrote.fileserver_mergerfs/vars/main.yml b/Archiv/mgrote.fileserver_mergerfs/vars/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/Archiv/mgrote.telegraf/README.md b/Archiv/mgrote.telegraf/README.md new file mode 100644 index 00000000..6dab9ed9 --- /dev/null +++ b/Archiv/mgrote.telegraf/README.md @@ -0,0 +1,57 @@ +## mgrote.telegraf + +### Beschreibung +Installiert und konfiguriert "telegraf". +Telegraf ist fuer das [[Grafana Dashboard 928|https://grafana.com/grafana/dashboards/928]] konfiguriert. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [x] Debian +- [x] ProxMox 6.1 + +### Variablen + Defaults +##### InfluxDB Protocol +`telegraf_influxdb_srv_protocol: "http://"` +##### InfluxDB FQDN +`telegraf_influxdb_srv_fqdn: grafana.grote.lan` +##### InfluxDB Port - ist Pflichtangabe +`telegraf_influxdb_srv_port: 8086` +##### Basis-Metriken aktivieren +`telegraf_base_metrics: true` +##### APCUPSD-Metriken aktivieren +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "apcupsd". +- [[Grafana Dashboard|https://grafana.com/grafana/dashboards/10977]] +`telegraf_apcupsd_metrics: true` +##### HDDTEMP-Metriken aktivieren +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "hddtemp". +`telegraf_hddtemp_metrics: true` +##### SMART-Metriken aktivieren +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "smartctl". +`telegraf_smart_pfad_zu_smartctl: "/usr/sbin/smartctl"` +`telegraf_smart_metrics: true` +##### x509-Metriken aktivieren +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "x509 Zertifikaten" bei nginx. +`telegraf_x509_metrics: true` + ``` + telegraf_x509_domains: + - "https://mgrote.net:443" + - "https://dokuwiki.mgrote.net:443" + - "https://miniflux.mgrote.net:443" + ``` +- [[Grafana-Dashboard|https://grafana.com/grafana/dashboards/11707]] +- Der Port ist Pflicht. +##### ZFS-Metriken aktivieren + `telegraf_zfs_metrics: true` +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "zfs". +- [[Grafana Dashboard|https://gist.github.com/bartmeuris/41caf0998f38a2fae7cf1ff92cd4a5fa]] +##### Postgres-Metriken aktivieren +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "postgres". +- [[Grafana Dashboard|https://grafana.com/grafana/dashboards/355]] +- Die Zugangsdaten mit denen sich telegraf bei Postgres anmeldet um die Metriken zu sammeln. + `telegraf_postgres_metrics: true` + `telegraf_postgres_name_db_user: "telegraf_db_user"` + `telegraf_postgres_password_db_user: "geheim"` + `telegraf_postgres_name_db: "telegraf_db"` +##### lm_sensors-Metriken aktivieren (Temperaturen o.Ä.) + `telegraf_lm_sensors_metrics: true` +- Installiert und konfiguriert telegraf fuer das Sammeln von Metriken von "lm_sensors". diff --git a/Archiv/mgrote.telegraf/defaults/main.yml b/Archiv/mgrote.telegraf/defaults/main.yml new file mode 100644 index 00000000..4b5e9ab2 --- /dev/null +++ b/Archiv/mgrote.telegraf/defaults/main.yml @@ -0,0 +1,20 @@ +--- +### Module +telegraf_installieren: true +telegraf_base_metrics: true +telegraf_apcupsd_metrics: false +telegraf_hddtemp_metrics: false +telegraf_smart_metrics: false +telegraf_x509_metrics: false +telegraf_zfs_metrics: false +telegraf_postgres_metrics: false +telegraf_lm_sensors_metrics: false + +### smartctl +telegraf_smart_pfad_zu_smartctl: "/usr/sbin/smartctl" + +### telegraf.conf +telegraf_influxdb_srv_protocol: "http://" +telegraf_influxdb_srv_fqdn: "tig.grote.lan" +telegraf_influxdb_srv_port: "8086" +telegraf_database_name: "telegraf" diff --git a/Archiv/mgrote.telegraf/handlers/main.yml b/Archiv/mgrote.telegraf/handlers/main.yml new file mode 100644 index 00000000..c143bc54 --- /dev/null +++ b/Archiv/mgrote.telegraf/handlers/main.yml @@ -0,0 +1,14 @@ + + - name: restart_telegraf + become: yes + systemd: + name: telegraf + enabled: yes + state: restarted + + - name: restart_hddtemp + become: yes + systemd: + name: hddtemp + state: restarted + enabled: yes diff --git a/Archiv/mgrote.telegraf/tasks/grafana/datasource.yml b/Archiv/mgrote.telegraf/tasks/grafana/datasource.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/grafana/datasource.yml @@ -0,0 +1 @@ +--- diff --git a/Archiv/mgrote.telegraf/tasks/main.yml b/Archiv/mgrote.telegraf/tasks/main.yml new file mode 100644 index 00000000..4de5f8e6 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/main.yml @@ -0,0 +1,103 @@ + - name: Apt-key hinzufuegen fuer das telegraf-repository + become: yes + apt_key: + url: https://repos.influxdata.com/influxdb.key + state: present + when: telegraf_installieren + + - name: telegraf-repository hinzufuegen + become: yes + apt_repository: + repo: 'deb https://repos.influxdata.com/ubuntu {{ ansible_distribution_release }} stable' + state: present + filename: telegraf_repo + update_cache: yes + when: telegraf_installieren + + - name: telegraf installieren + become: yes + apt: + name: telegraf + state: present + when: telegraf_installieren + + - name: telegraf deinstallieren + become: yes + apt: + name: telegraf + state: absent + when: not telegraf_installieren + + - name: telegraf.conf kopieren + become: yes + template: + src: "telegraf.conf" + dest: "/etc/telegraf/telegraf.conf" + notify: restart_telegraf + when: telegraf_installieren + + # "aktivieren" + - name: add base_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_base_metrics.yml' + when: telegraf_base_metrics + + - name: add apcupsd_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_apcupsd_metrics.yml' + when: telegraf_apcupsd_metrics + + - name: add hddtemp_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_hddtemp_metrics.yml' + when: telegraf_hddtemp_metrics + + - name: add smart_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_smart_metrics.yml' + when: telegraf_smart_metrics + + - name: add x509_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_x509_metrics.yml' + when: telegraf_x509_metrics + + - name: add zfs_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_zfs_metrics.yml' + when: telegraf_zfs_metrics + + - name: add postgres_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_postgres_metrics.yml' + when: telegraf_postgres_metrics + + - name: add lm_sensors_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/add_lm_sensors_metrics.yml' + when: telegraf_lm_sensors_metrics + + # deaktivieren + - name: add base_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_base_metrics.yml' + when: not telegraf_base_metrics + + - name: add apcupsd_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_apcupsd_metrics.yml' + when: not telegraf_apcupsd_metrics + + - name: add hddtemp_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_hddtemp_metrics.yml' + when: not telegraf_hddtemp_metrics + + - name: add smart_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_smart_metrics.yml' + when: not telegraf_smart_metrics + + - name: add x509_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_x509_metrics.yml' + when: not telegraf_x509_metrics + + - name: add zfs_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_zfs_metrics.yml' + when: not telegraf_zfs_metrics + + - name: add postgres_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_postgres_metrics.yml' + when: not telegraf_postgres_metrics + + - name: add lm_sensors_metrics tasks + import_tasks: '{{ role_path }}/tasks/metrics/remove_lm_sensors_metrics.yml' + when: not telegraf_lm_sensors_metrics diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_apcupsd_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_apcupsd_metrics.yml new file mode 100644 index 00000000..309257ca --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_apcupsd_metrics.yml @@ -0,0 +1,10 @@ + - import_role: + name: mgrote.apcupsd + + - name: apcupsd.conf kopieren + become: yes + template: + src: "apcupsd.conf" + dest: "/etc/telegraf/telegraf.d/apcupsd.conf" + notify: restart_telegraf +#https://grafana.com/grafana/dashboards/10977 diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_base_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_base_metrics.yml new file mode 100644 index 00000000..258b1ab9 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_base_metrics.yml @@ -0,0 +1,6 @@ + - name: base_metrics.conf kopieren + become: yes + template: + src: "base_metrics.conf" + dest: "/etc/telegraf/telegraf.d/base_metrics.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_hddtemp_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_hddtemp_metrics.yml new file mode 100644 index 00000000..239b1a69 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_hddtemp_metrics.yml @@ -0,0 +1,19 @@ + - name: hddtemp installieren + become: yes + apt: + name: hddtemp + state: present + + - name: hddtemp kopieren + become: yes + template: + src: "hddtemp" + dest: "/etc/default/hddtemp" + notify: restart_hddtemp + + - name: hddtemp.conf kopieren + become: yes + template: + src: "hddtemp.conf" + dest: "/etc/telegraf/telegraf.d/hddtemp.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_lm_sensors_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_lm_sensors_metrics.yml new file mode 100644 index 00000000..bb5f8048 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_lm_sensors_metrics.yml @@ -0,0 +1,12 @@ + - name: lm-sensors installieren + become: yes + apt: + name: lm-sensors + state: present + + - name: lm_sensors.conf kopieren + become: yes + template: + src: "lm_sensors.conf" + dest: "/etc/telegraf/telegraf.d/lm_sensors.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_postgres_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_postgres_metrics.yml new file mode 100644 index 00000000..9894719a --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_postgres_metrics.yml @@ -0,0 +1,6 @@ + - name: postgres.conf kopieren + become: yes + template: + src: "postgres.conf" + dest: "/etc/telegraf/telegraf.d/postgres.conf" + notify: telegraf_starten_aktivieren diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_smart_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_smart_metrics.yml new file mode 100644 index 00000000..a7a48399 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_smart_metrics.yml @@ -0,0 +1,21 @@ + - name: smartmontools installieren + become: yes + apt: + name: smartmontools + state: present + + - name: telegraf passwordless sudo + become: yes + blockinfile: + path: /etc/sudoers + block: | + Cmnd_Alias SMARTCTL = {{ telegraf_smart_pfad_zu_smartctl }} + telegraf ALL=(ALL) NOPASSWD: SMARTCTL + Defaults!SMARTCTL !logfile, !syslog, !pam_session + + - name: smart.conf kopieren + become: yes + template: + src: "smart.conf" + dest: "/etc/telegraf/telegraf.d/smart.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_x509_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_x509_metrics.yml new file mode 100644 index 00000000..93149913 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_x509_metrics.yml @@ -0,0 +1,7 @@ + - name: ssl.conf kopieren + become: yes + template: + src: "ssl.conf" + dest: "/etc/telegraf/telegraf.d/ssl.conf" + notify: restart_telegraf +#https://grafana.com/grafana/dashboards/11707 diff --git a/Archiv/mgrote.telegraf/tasks/metrics/add_zfs_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/add_zfs_metrics.yml new file mode 100644 index 00000000..fbd2f2e7 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/add_zfs_metrics.yml @@ -0,0 +1,7 @@ + - name: zfs.conf kopieren + become: yes + template: + src: "zfs.conf" + dest: "/etc/telegraf/telegraf.d/zfs.conf" + notify: restart_telegraf +#https://gist.github.com/bartmeuris/41caf0998f38a2fae7cf1ff92cd4a5fa diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_apcupsd_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_apcupsd_metrics.yml new file mode 100644 index 00000000..2153b881 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_apcupsd_metrics.yml @@ -0,0 +1,6 @@ + - name: remove apcupsd.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/apcupsd.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_base_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_base_metrics.yml new file mode 100644 index 00000000..d637c770 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_base_metrics.yml @@ -0,0 +1,6 @@ + - name: remove base_metrics.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/base_metrics.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_hddtemp_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_hddtemp_metrics.yml new file mode 100644 index 00000000..e8550a9f --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_hddtemp_metrics.yml @@ -0,0 +1,6 @@ + - name: remove hddtemp.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/hddtemp.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_lm_sensors_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_lm_sensors_metrics.yml new file mode 100644 index 00000000..b035bdbf --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_lm_sensors_metrics.yml @@ -0,0 +1,6 @@ + - name: remove lm_sensors.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/lm_sensors.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_postgres_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_postgres_metrics.yml new file mode 100644 index 00000000..89cd5a2c --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_postgres_metrics.yml @@ -0,0 +1,6 @@ + - name: remove postgres.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/postgres.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_smart_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_smart_metrics.yml new file mode 100644 index 00000000..72cfff63 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_smart_metrics.yml @@ -0,0 +1,6 @@ + - name: remove smart.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/smart.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_x509_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_x509_metrics.yml new file mode 100644 index 00000000..941b7ee7 --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_x509_metrics.yml @@ -0,0 +1,6 @@ + - name: remove ssl.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/ssl.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/tasks/metrics/remove_zfs_metrics.yml b/Archiv/mgrote.telegraf/tasks/metrics/remove_zfs_metrics.yml new file mode 100644 index 00000000..80a33a6e --- /dev/null +++ b/Archiv/mgrote.telegraf/tasks/metrics/remove_zfs_metrics.yml @@ -0,0 +1,6 @@ + - name: remove zfs.conf + become: yes + file: + state: absent + path: "/etc/telegraf/telegraf.d/zfs.conf" + notify: restart_telegraf diff --git a/Archiv/mgrote.telegraf/templates/apcupsd.conf b/Archiv/mgrote.telegraf/templates/apcupsd.conf new file mode 100644 index 00000000..5c80f315 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/apcupsd.conf @@ -0,0 +1,2 @@ +[[inputs.apcupsd]] +#https://grafana.com/grafana/dashboards/10977 diff --git a/Archiv/mgrote.telegraf/templates/base_metrics.conf b/Archiv/mgrote.telegraf/templates/base_metrics.conf new file mode 100644 index 00000000..5f461e95 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/base_metrics.conf @@ -0,0 +1,18 @@ +[[inputs.cpu]] + percpu = true + totalcpu = true + fielddrop = ["time_*"] +[[inputs.disk]] + ignore_fs = ["tmpfs", "devtmpfs"] +[[inputs.diskio]] +skip_serial_number = false + interval = "30s" +[[inputs.kernel]] +[[inputs.mem]] +[[inputs.processes]] +[[inputs.swap]] +[[inputs.system]] +[[inputs.net]] +[[inputs.netstat]] +[[inputs.interrupts]] +[[inputs.linux_sysctl_fs]] diff --git a/Archiv/mgrote.telegraf/templates/hddtemp b/Archiv/mgrote.telegraf/templates/hddtemp new file mode 100644 index 00000000..d91526fd --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/hddtemp @@ -0,0 +1,38 @@ +# Defaults for hddtemp initscript (/etc/init.d/hddtemp) +# This is a POSIX shell fragment + +# Master system-wide hddtemp switch. The initscript will not run if it is not +# set to true. STOP THE SERVICE BEFORE DISABLING IT! + +# [automatically edited by postinst, do not change line format or set it to +# anything but false or true ] +RUN_DAEMON="true" + +# List of devices you want to use with hddtemp. If none specified, +# hddtemp will probe standard devices. +#DISKS="/dev/sda /dev/sdb" # your hard drive here hda or hdb etc. + +# List of devices you want to use with hddtemp, but that would not be +# probed for a working sensor. +DISKS_NOPROBE="" + +# IP address of the interface on which you want hddtemp to be bound +# on. If none specified, goes to 127.0.0.1. Use 0.0.0.0 to bind hddtemp +# on all interfaces. +INTERFACE="127.0.0.1" + +# Port number on which you want hddtemp to listen on. If none specified, +# the port 7634 is used. +PORT="7634" + +# Database file to use. If none specified, /etc/hddtemp.db is used. +#DATABASE="/etc/hddtemp.db" + +# Separator to use between fields. The default separator is '|'. +#SEPARATOR="|" + +# Logging period (in seconds) for the temperatures. +SYSLOG="300" # 300 = every 5 minutes + +# Other options to pass to hddtemp +OPTIONS="" diff --git a/Archiv/mgrote.telegraf/templates/hddtemp.conf b/Archiv/mgrote.telegraf/templates/hddtemp.conf new file mode 100644 index 00000000..5fc4a1e6 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/hddtemp.conf @@ -0,0 +1,5 @@ +[[inputs.hddtemp]] + interval = "30s" + +[[inputs.temp]] + interval = "30s" diff --git a/Archiv/mgrote.telegraf/templates/lm_sensors.conf b/Archiv/mgrote.telegraf/templates/lm_sensors.conf new file mode 100644 index 00000000..daa8263d --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/lm_sensors.conf @@ -0,0 +1,6 @@ +[[inputs.sensors]] + # Remove numbers from field names. If true, a field name like 'temp1_input' will be changed to 'temp_input'. + #remove_numbers = true + + # Timeout is the maximum amount of time that the sensors command can run. + #timeout = "5s" diff --git a/Archiv/mgrote.telegraf/templates/postgres.conf b/Archiv/mgrote.telegraf/templates/postgres.conf new file mode 100644 index 00000000..de89ece5 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/postgres.conf @@ -0,0 +1,2 @@ +[[inputs.postgresql]] + address = "postgres://{{ telegraf_postgres_name_db_user }}:{{ telegraf_postgres_password_db_user }}@localhost/{{ telegraf_postgres_name_db }}?sslmode=disable" diff --git a/Archiv/mgrote.telegraf/templates/smart.conf b/Archiv/mgrote.telegraf/templates/smart.conf new file mode 100644 index 00000000..c24f3993 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/smart.conf @@ -0,0 +1,36 @@ +# Read metrics from storage devices supporting S.M.A.R.T. +[[inputs.smart]] + interval = "300s" + + ## Optionally specify the path to the smartctl executable + # path = "/usr/bin/smartctl" + + ## On most platforms smartctl requires root access. + ## Setting 'use_sudo' to true will make use of sudo to run smartctl. + ## Sudo must be configured to to allow the telegraf user to run smartctl + ## without a password. + use_sudo = true + + ## Skip checking disks in this power mode. Defaults to + ## "standby" to not wake up disks that have stoped rotating. + ## See --nocheck in the man pages for smartctl. + ## smartctl version 5.41 and 5.42 have faulty detection of + ## power mode and might require changing this value to + ## "never" depending on your disks. + nocheck = "standby" + + ## Gather all returned S.M.A.R.T. attribute metrics and the detailed + ## information from each drive into the `smart_attribute` measurement. + #attributes = true + + ## Optionally specify devices to exclude from reporting. + # excludes = [ "/dev/pass6" ] + + ## Optionally specify devices and device type, if unset + ## a scan (smartctl --scan) for S.M.A.R.T. devices will + ## done and all found will be included except for the + ## excluded in excludes. + # devices = [ "/dev/ada0 -d atacam" ] + + ## Timeout for the smartctl command to complete. + timeout = "30s" diff --git a/Archiv/mgrote.telegraf/templates/ssl.conf b/Archiv/mgrote.telegraf/templates/ssl.conf new file mode 100644 index 00000000..5f85eee3 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/ssl.conf @@ -0,0 +1,5 @@ +[[inputs.x509_cert]] + sources= {{ telegraf_x509_domains | to_json }} + interval = "1800s" +# 1800 damit nicht alls 10 sekunden dns abfragen gestellt werden +# to_json damit am anfang nicht u'variable steht diff --git a/Archiv/mgrote.telegraf/templates/telegraf.conf b/Archiv/mgrote.telegraf/templates/telegraf.conf new file mode 100644 index 00000000..e1a88e3a --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/telegraf.conf @@ -0,0 +1,20 @@ +[global_tags] + +[agent] +interval = "30s" +round_interval = true +metric_batch_size = 1000 +metric_buffer_limit = 10000 +collection_jitter = "0s" +flush_interval = "10s" +flush_jitter = "0s" +precision = "" +debug = false +quiet = false +hostname = "" +omit_hostname = false +logfile = "/var/log/telegraf/telegraf.log" + +[[outputs.influxdb]] urls = ["{{ telegraf_influxdb_srv_protocol }}{{ telegraf_influxdb_srv_fqdn }}:{{ telegraf_influxdb_srv_port }}"] + ## The target database for metrics; will be created as needed. + database = "{{ telegraf_database_name }}" diff --git a/Archiv/mgrote.telegraf/templates/zfs.conf b/Archiv/mgrote.telegraf/templates/zfs.conf new file mode 100644 index 00000000..75677871 --- /dev/null +++ b/Archiv/mgrote.telegraf/templates/zfs.conf @@ -0,0 +1,3 @@ +[[inputs.zfs]] +poolMetrics = true +#https://gist.github.com/bartmeuris/41caf0998f38a2fae7cf1ff92cd4a5fa diff --git a/Archiv/pve-neu.grote.lan.yml b/Archiv/pve-neu.grote.lan.yml new file mode 100644 index 00000000..8253fa13 --- /dev/null +++ b/Archiv/pve-neu.grote.lan.yml @@ -0,0 +1,18 @@ +--- +### mgrote.zfs_tools +zfs_arc_max: "12884901888" +zfs_pool: + - { name: "zfs_vm_mirror", cron_minute_zfs_trim: "12", cron_hour_zfs_trim: "23", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "0", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "3"} + - { name: "zfs_single_hdd", cron_minute_zfs_trim: "12", cron_hour_zfs_trim: "23", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "3", cron_weekday_zfs_scrub: "0", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "5"} +### mgrote.apcupsd +ONBATTERYDELAY: 10 +BATTERYLEVEL: 50 +MINUTES: 10 +### mgrote.postfix-gmail +mail_nach_cronjob: false +### mgrote.smart +smart_smartctlmail_cron_minutes: "15" +smart_smartctlmail_cron_hours: "6" +smart_smartctlmail_cron_weekday: "3" +### Extra +sudo: false diff --git a/Archiv/pve.grote.lan.yml.old b/Archiv/pve.grote.lan.yml.old new file mode 100644 index 00000000..8253fa13 --- /dev/null +++ b/Archiv/pve.grote.lan.yml.old @@ -0,0 +1,18 @@ +--- +### mgrote.zfs_tools +zfs_arc_max: "12884901888" +zfs_pool: + - { name: "zfs_vm_mirror", cron_minute_zfs_trim: "12", cron_hour_zfs_trim: "23", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "0", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "3"} + - { name: "zfs_single_hdd", cron_minute_zfs_trim: "12", cron_hour_zfs_trim: "23", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "3", cron_weekday_zfs_scrub: "0", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "5"} +### mgrote.apcupsd +ONBATTERYDELAY: 10 +BATTERYLEVEL: 50 +MINUTES: 10 +### mgrote.postfix-gmail +mail_nach_cronjob: false +### mgrote.smart +smart_smartctlmail_cron_minutes: "15" +smart_smartctlmail_cron_hours: "6" +smart_smartctlmail_cron_weekday: "3" +### Extra +sudo: false diff --git a/Archiv/sensors.yml b/Archiv/sensors.yml new file mode 100644 index 00000000..2000212a --- /dev/null +++ b/Archiv/sensors.yml @@ -0,0 +1,14 @@ +--- +- hosts: testeinzeln + roles: + - { role: mgrote.telegraf, tags: "telegraf" } + + vars: + telegraf_base_metrics: true + telegraf_apcupsd_metrics: false + telegraf_hddtemp_metrics: false + telegraf_smart_metrics: false + telegraf_x509_metrics: false + telegraf_zfs_metrics: false + telegraf_postgres_metrics: false + telegraf_lm_sensors_metrics: false diff --git a/README.md b/README.md new file mode 100644 index 00000000..56a4ffe0 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# ansible_heimserver +![Ansible Lint](https://github.com/quotengrote/ansible_heimserver/workflows/Ansible%20Lint/badge.svg) diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 00000000..ce0315bb --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,22 @@ +[defaults] +inventory = /home/mg/ansible/inventories +nocows = 1 +retry_files_enabled = False +roles_path = /home/mg/ansible/roles +[inventory] + +[privilege_escalation] + +[paramiko_connection] + +[ssh_connection] + +[persistent_connection] + +[accelerate] + +[selinux] + +[colors] + +[diff] diff --git a/inventories/group_vars/acng.yml b/inventories/group_vars/acng.yml new file mode 100644 index 00000000..e1dd4e36 --- /dev/null +++ b/inventories/group_vars/acng.yml @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.1;AES256 +66386233653666313061343763393637376631633334653333346663616537363462373234376533 +3534666365653166626432396137356663633432303761330a633937353539326335656562663062 +62623662646638346263333835326538653036316338643131643664353533316233616637643036 +3636656439306431630a646236633964633236396339336537303264336532393164643231643632 +34646262373239333933343765393365343066393830353737303335653163663432356366616339 +61376433306131373861653439653837356661316564633766643564393164323936663533623862 +33393162366537633961363035616138323233326234393735663438626137373335613163313335 +33663034616139373665316262626666636332393533656134303330626633613365343639333030 +61633933373730323436323336386534303666323739333231303730626630633232363031393536 +66396663346163663061623237316639303365613330353832303133346366636362333733656230 +37643439353766613063363033663735616665383031353039323935663163383532363435376362 +31316165353530333264366663373236623363616332623364653064626432613733333961626537 +33316466386532363361356532363131383839663538656335386437386461363361 diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml new file mode 100644 index 00000000..63eaf5f1 --- /dev/null +++ b/inventories/group_vars/all.yml @@ -0,0 +1,109 @@ +$ANSIBLE_VAULT;1.1;AES256 +30363261613933353839366135613932383536626236636638633538356631636539653364393564 +6531663830376436363634366466386335333063326333300a666265613833323739393164393537 +39633263396236373035653631316538363866393661373064633130313634346462663862393231 +6364393138376564610a306637306362616339306633306330353961323533323764333535643966 +30376239396461616135616661636537316430653361313832323665346661633239316166613038 +31353062653234306134376161303765633039373833346366613463316536306662643637313135 +35346632333365623138656337383437663464346332333532363763363538303266363463646263 +62366130356135396437376663326465343837653536353736383635646232306630646461306364 +39383065353131643663636532666665383164356234383233623836393832616634373961613330 +34343730343463313363343932306330656130376432363762336635653666386430616239336366 +61656638636234663836653935396164626533306232396166316134376566303636333232333737 +65653532663636343265336663663563313032306139373864386663333066383734353538383136 +63386363333437313137633463626630353932646434663766613235393162636535663666353966 +32613364323437303330363938623438336134333238613339353562326339323330623463366638 +35653465363762663030306566366430613033353561393238653238373265386433656337613962 +32643262333861376264656330383766643861313866616134336461396363373039646438373733 +32666437366237663230356636356436333833653431626631366139316631653663376231643836 +66373366313232363365626233623937613261343837343462376239333737306534323464616535 +66623530396364333031643562376238393639373961643735623533393532643230333965313061 +61663533346635333639316233313837306238626432643363313765643862343661613839333430 +64623564353966333934343838353738643430326562356232343833373837306165656562623863 +64646436656365313534613466623130333737386430393838326630616166653962303237623864 +31326262663637613333633637343135373533303064386261333661343964303462393233633632 +37343866643739633234343432653138356166366433303935366336326437323032346465346363 +36376233613036353864336261326639343166356131336639373637386530313262373839653364 +31356664363261376262393263393331393036396536356538613439646664383231333238393161 +32346439633164633437343031353835336338393633643633343738633231323231663831653834 +34363863313833306330306163333133313738656562396330333563653461323033656663616430 +39366337376561366439353334366266633736313331373434626137626534323234643535333630 +39613537383433643062373061353637376637666265326537343362643634633965373334623265 +33663863383533636563396134616139346333383438633262613466386231663039656534666365 +63613132343233653436343266326161396634616237616164663231376436396366653036393031 +62633464393337663937373964383562383965386635343765346635656337353035643439653534 +65396434646138646237373938393935303563383635336238626133333862633463353232316262 +66383634323964663237356363613235323661326563303936343563316538643130303064323162 +63666361643863653565376665306163343433343532636466336561373937623964643031643238 +33383137653363383732666434393164373466333262636664656435313534613736613563316137 +34393433323664323065346662333863613537633031333536653032636264383762333436613036 +63643038346334646566383661316463303763313530376437303765376234313638393962383163 +65663764643730366366616264666232333262366239626336343533656162356234356234636138 +66366664303832393965313433633532343438623434616635343835663062373363653236366437 +32663634393731386566383962643463653237663930653634336465636439346534393436656234 +66623635363639663662383664643464356561613833316535623039343961376162343866613464 +63386534346633613931626436306464346139333138653231323334636563353564663661396437 +62313236316262366138373138396339613738363536613138393162393066616134663766303861 +32646533383763626561363436366533663735306332303661306339663463636265346662303437 +30326236356630306661363139323866346361656166393231393333613165333230333636353332 +30346231663331373562373961643930363039363466646261396638313436373933383232323431 +66663161373631643439663837643364643933353463643666316164396136313561383263666634 +38323364333264323733633936323531373937396335656561313739383661663165313132333436 +37383630346531313832623431613138313332633963306135336635306362376362623733316433 +36306330613034333336356633343365303761366239616263346332396334353836623938346263 +66623362313461336330646264336539643933666632643263643037303161633864393032343436 +31653038613038636538313263633938623362356230373637323066343266303737636136313736 +66346235616133313561336539623364656363653662323236303237396631666330623438343761 +39663731306163373239343464343636653532306334316364396439343933653838626661393166 +39396166636333376233386431636238313838393138323264626566353630623064333363336462 +37303561373732353533396661646535636530623231306537386438636137313637376230306262 +30363132306239373961333164396430663662383461643462643838393061313064366436613033 +61313933393763326566363333313835343831643534613734386166616662306333393736316265 +62666666303930653866643438306364373863643963663932326630346637366531616231646663 +31326566636333343563373262343531346130663037323237636532363066643462663862396237 +32653662616363306134343262623636616131343566356534653531333130326532333931336461 +33333538393664643865343066616235306531636663633330623038326638626164363832333264 +38373664656130306437303262363334326163343335366636376662376361663863386331623064 +30376662336561616635316263346130663937633839356264666265386561653666336533623162 +35343334306161656562366435366632313063636663613861366237306530366435366434646264 +38623439326466303137623365653466306633393261633031613138393533303533376366643132 +64393436316462633735613262636637303561656236313038363435336538663632323230353538 +64326663313539333532376564373339636538646464363939386266393430323436333638376638 +61663031366636623362666534356263666163336633343238356135363737313165653561633838 +66343962353065613730383536613639313965616337323234616566643639633138653833386433 +33653063653931663133343932373334623735393839336336646536383166336138353134633663 +38386662393539373030363466313133633862326539353462333234633030643766633762346433 +63366664323765393032373861633363383431363938313139343564646635343134613864336466 +38356236663665623963316134656161303862323432666638313930353637613764643236653731 +38626636666665633036376663336231323463663965316464636432653937653332653962373934 +35623532396232396666353934313139393837363462663137663739623061633763663633326262 +64353535326230303734393039623262343233383638633030663366613465663566343063303938 +32323738346231613135383935653161363266393535386133356561363133343132636636643963 +63363030383533313337663966666638323532323063323434333165336239633835653366393737 +39633431323632663835316463346465363066316465396430323862663064633433346536623064 +66326133616539653637396336623032383937623038613864666631336630353865663766383438 +37346233666339393535383632393231346633613733396631353562376536663166613632656436 +65336533616532613863366261636632613135356661636430313533666266613664623631653961 +38656366363863613065343361366261393532396465396164633765646130333264623733313338 +38653062326332393864363066323662376363383963303434653539303330356234386533356437 +62326331316630353335356233633039313335333235363861623331383064666336393661643735 +35316464636234366666333432323862383339616534643462626463663035613632343466643032 +36336561636334303637613335376531356138366533363461363534316162626164356137386130 +63383765343032656265353537383433353565616663373566393063653362306434626239323437 +30666631373438643966393865316236356436613961613332643764316231613663636637623065 +33623636326331656461336566346561303430653237373161363166343438303461386161313736 +39306638383838346337336336643132623436623832313666343631323964643731336635353266 +62366264653163373265353230613464353738376362663466323931313962613731343434396237 +61613335323861396562366462613538346661363838383339333163363133346563326533333763 +63653031626266366363643265313034633436333734363663393864326639363161633365653133 +65303837323761333864346637323337633638663430623230613964343535363833623832323437 +36366363646565636637656333333434366163343563376539613739656331303765626438323939 +39323534613763316561663462333034616564343933313934353162633534643063313062393536 +61663234616430636237343837396163616234653232646466346664373532343962633262616434 +36316632333736363330333638376361653636336534356566303738633830616439396361373030 +37316662396561323664303938643735356564653131363765363734613165366566653539356531 +33633566396532383137653037353765303865373637363536623032643837646134643963636563 +30333765666363633735653161366134616633376639303061356637643634376535303336393964 +61343061386363373934313539626365643862326439373165383664646535653563353962316130 +61653665643031346466656537383635663930333538303166613431323438393064366331343438 +66646239386634336365 diff --git a/inventories/group_vars/dns.yml b/inventories/group_vars/dns.yml new file mode 100644 index 00000000..a0c0cfe4 --- /dev/null +++ b/inventories/group_vars/dns.yml @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +30346531303632666535646531393962393664656338306162333833383830663632383637663336 +3261313838313130646563653362353039356265366337350a396664333330323861666234313533 +39663162663532336664396238616161616366356437333561373738616665613764633431623463 +6132393036646461310a373765336266303139656437323137626362643963336236383134363638 +39366132333034613736653064333763326662393032336133386666313635623132303132623330 +32383735303161316432363132663530343535613566656135623236623332613364303532633536 +38353731313234616333373161613634313737653732393162373766306438666533626663306231 +62313636303830303061616565383665633438396230633764323736363831313035623061343662 +31616231383964323932356464663265316561666663373561343763383434393237623162386164 +65633565653935373533356531613936343634386164626635366237646666383633396132383061 +36613061336330363439336130643338383136613038313364636262333465626262616665316466 +32376235313836346364383334306564396162356131316465396332323461366535323037313330 +37626535376666633365656461346665316530383263353932323032393664616636643733386632 +39383563366433343563613732666439323832376337616633376466336639383365343637386662 +38626139353765633038613262363837643939636366636137373731313432643064666332313437 +66623732323561666265363837653230613838333335393430313038393133316162343466336332 +32383031376639383338346532303164626263306564633861636365346366386630643638366666 +32663335393430316139653130366433326330343863343466333166353633376663646639343965 +65303939663161356137366466303264306261666463646565636139393533393765356238323361 +39653636396666376362393366613661663264663963613761343666316165383662613836656535 +30303466633236653935306138396236383138373636643931626665633034326235393132653938 +66666331363238346435313664376463353738396633333333633765633932343939633066656162 +36666435663938663130353739613137366637633566383134373134653034353865663937356465 +31323963623165386462 diff --git a/inventories/group_vars/docker.yml b/inventories/group_vars/docker.yml new file mode 100644 index 00000000..73526f4c --- /dev/null +++ b/inventories/group_vars/docker.yml @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.1;AES256 +32656133313836353235366264616132346165643864326366373335643164333432636238633037 +3034353063373331383164643636663064353939343038390a643631303466306433383161343631 +35323863396635353464653638306561663434666261643230386364666533633633626536643239 +6161386165643930640a353666363834383662623961623530343635346638383231313839336430 +32313661363038383537383532356364363035333863663233376338633637306430343164326236 +32396661333934396139383361316261313633663461643730653363613163636661636662616537 +62353665343664663435386535366461653138613532616237346239346336333265356134393136 +65333037616166633366316232646166363564303732373638363964343365356337366265666339 +61623931366236333835303465646234646632636535323830613263396335653839643639313439 +61313439366530323361656230383539306637393764343631623065306566303037336435373664 +61643532306437626435346332646563346663386635313932613338626138363864643732376237 +64646663343766656630306631383633336536346337616332633862633966616565386639386237 +35383331613538373262346537333830383965366264396365363838353264393231313761643362 +36323134663465356638646333636332363937306162313665343430663565623735623465613563 +64613562356230316630366130636639393731323364656264653130343266646430363664643530 +62306333373762633766643636343638313134623663326263363161616131666432343734363438 +36623537333133363435343463376636396231336361353530656430646661663737353330336166 +30356135316138313032343633336162306264623334633564313933333134303163656363643535 +383665336238626164636132363934656133 diff --git a/inventories/group_vars/dokuwiki.yml b/inventories/group_vars/dokuwiki.yml new file mode 100644 index 00000000..a8a5da70 --- /dev/null +++ b/inventories/group_vars/dokuwiki.yml @@ -0,0 +1,19 @@ +$ANSIBLE_VAULT;1.1;AES256 +63343239636566376630393734316662373839353564333339643162353537373564303463376462 +3665396138306464663962373631326164656332653238610a653032356131316662376132353839 +62366564373134633261343930316463376233663436326364303035613133616134333265356537 +6138636466613866640a633336613930633830393331343033303262323438366664653963326637 +65663331323533333865376532643530666361303832303132306539356162333530623839383632 +35356638326234383433613161323664356137656531336362383830316139656230333362663765 +65626633383832616433633730356331336462333661326333653461393663666363363139326665 +38313463326136616265386131323631616432393732623333643132336161396536616632323633 +30316330376461613433313165386333316565316335643635346331613932643434616136666266 +32636439333931303037613230663562653666333936326466666139366132666539323332353063 +30393436363763646139303731336437656263306663346231613536653161303363366634653266 +61316339336636333434646138343162393566303133386364383836616430626230386338396266 +37613835333065633962366432373566343030663431643536336532373032383439613336396330 +37333263346636303531396363646131626138323133646566366132623633336566666231613137 +34663832623938653530376232306438326231653133666630323863333532323131343131333139 +35313737653739376338626230383131383564666265323062306134633663353730666131353233 +39353463636630393135393535393366666330383630663837653766326364366136353731613438 +3066663561633631303465313466363061336466613062333565 diff --git a/inventories/group_vars/miniflux.yml b/inventories/group_vars/miniflux.yml new file mode 100644 index 00000000..edd35388 --- /dev/null +++ b/inventories/group_vars/miniflux.yml @@ -0,0 +1,57 @@ +$ANSIBLE_VAULT;1.1;AES256 +61376131663637343462336164653432306664643230393536333661386432343236343761333732 +3262313562373564623631373364363463646439633364330a626637613631316136336536616439 +62316130313934646538336361623465373265393366333534373533633761306362366161616438 +3738646666353733370a353864656235306630333139336231666465313066663833663734323838 +32383436303233666333313639326664383031663638663461313361303438333734373233356134 +61303864386130326534303262633734366565643862313730653933653638316166616663666238 +39386636653562386365636464616166666162376130653963653732626261343739653461356534 +38333633656437333139613263656134393063366634303563626563643538316338366262646565 +34643337313739616630386463306236646562376662666336623564303964353235303530646639 +39396238613337333031333933393438383835366337613333383238666363653038336235363064 +61343830333663356332373831666561646266366537666136316531633931323031646331366135 +36346639656635313734333663313131356430393966613563363732326366336237386563313264 +37313466306565306434303033353131323461326466373632313665633632316237653238666338 +31363437323730626166666662383939386534616266386631613766383530643335633433336161 +62663863323537393065333930636638353738383861363462366232626530303537626462663165 +64626535653266343335663630343362613135333334363837356538356534363763383635333462 +36336437396130316437653230663035313130383835656338633230396134613466333538643436 +63386561376133303739633338346238626531323133373138383365616562613336383362656230 +37626337363132663839323762383532653465616135393035656131386632313239656630343930 +36326131316561356662616163366436383565353236326637313966353965646535633739373732 +36323538343638363763303038303631386635343439396335326438376163393730636631636464 +63623365643632363634613835303234356430386163643162336534376636343433386632633738 +34333535633937323866396262616664656263616339613366323736316566303530666434343165 +65656261653633326563383962643663313563306632623332373765383930663135613431623334 +35373161663062633438646133333334636562376439373131373662323737363531323135666132 +65313861306233363339356463623061333633393864303838393632653466623262353962653763 +64653665353234343062393664303136366339623931663533643435623230336165656431653835 +66326239623861316366353638346163633162366361383137613030623766613234366535666333 +38666664303138366663623138356539333066386366643063353132316537643037373666356332 +66663631616264666134306632306163653337386139333936393032393434643232656138363561 +31373966373037646238343336326634643463616230366536343538326663306438663537323832 +31626632613465633966376264383361616265313933363235633564333464303365643134353037 +61626332643966383861643766613435656532396463333633373832643338313636353038333835 +34353363646165343335373966306333316336326330656635646337653864643164663365373637 +38333531386631373761386438323863396339313937313139333533313361623263393936366363 +33303334326262306464303664656434396535393038613063323438306239356161616363653365 +35366630623232336334653664663063653939656335343836383632643331353766333739373835 +37663863636637303431633139613735373462626433623931306162326637376664323938643530 +62373566636130653664323462323833383333356138366435396163306430326433336537313232 +65383831333335303534646561343665626134613065353638343634376661343637393863343162 +35386133373837356238366331623630393730346561313566303065626236366230626139313264 +63336130613935333538643464663961316439383364366362623335393433326139313735383561 +38323732303533623738333738656465626230633063376161316230663564393238633436633263 +39623331373361373235353663636332393635353734616662613063323535353936343931376262 +66306466633635356438363831356133366266323263373465326238366362363635393763613337 +62306561666162313136626530643762363938326535656164396533353539346436633639393633 +39336630333938323036333133316161663237336637396331313061376437623062666337613330 +31363736313863633362376531333564373732313261396436623539623634373934353733643336 +37393237373235323437643031656630316534303933303833633661383132646266363239663636 +35366438626631373539363230363362313663346534653336613230303832383337353930636562 +31326136306239396266303037396635303134366263636265633837346130613333396238613566 +63333733376661366563386431336264373462383962326263666263323038623539643837323931 +34303638653065373731326631323239623463626561336236356661373764626138633464646637 +35646636636535633862323761313363343765653234356365373537386631363636363435373031 +38383631346137663063323632636665653162333363633563636637636232666538646665303032 +62646466356635643835 diff --git a/inventories/group_vars/ovpn.yml b/inventories/group_vars/ovpn.yml new file mode 100644 index 00000000..ed8cd42c --- /dev/null +++ b/inventories/group_vars/ovpn.yml @@ -0,0 +1,19 @@ +$ANSIBLE_VAULT;1.1;AES256 +35383966363434633264613636336335663465373434363236626531616135643732633431306237 +3830633638663361313066366363306461373161353635350a323832326637363031306631653532 +34376262363564333139353364376531386338636461633735333137626531356432646135663730 +3831336636353665300a346666323566663231616635636536633366353836623133363763316333 +30366433303964323963343837353330376164653330613662346530623937646238633434316335 +66336266346532303336363064336639336261363034313566646462376564613162343966656331 +37383066353465366239393237346332336336613863356638313839656263383035633663366663 +66653331336462353965626131353539333336343034626165326466373531303537383362306364 +33373362666532343635326166623933643265666565326536313764303534326132313039366236 +35376162626662373035356562363937663730353862376264363730313561306238656161346138 +36306337633433623239646439653765313230306363363431343565386130336365396261343339 +61366239353934633162666133303531366230636531656564356536623861613363393031323139 +34353863343665616364663761316666393137366664626563313665396137623766303966383131 +31396230373338373236636361316661343365396435373534346232363363653032373634623238 +64323735313335616665313736626633653734373264353539343135396431336238316362326333 +63313938663133653035626330333962623838316531663766313531306530666239623036396435 +32363236666532663039633439306538326335356133653166346534356535353338616530663339 +3838353261353035303236643332366431663035613137663533 diff --git a/inventories/group_vars/reverseproxy.yml b/inventories/group_vars/reverseproxy.yml new file mode 100644 index 00000000..914b4cab --- /dev/null +++ b/inventories/group_vars/reverseproxy.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +32356461626336363230313135353939393865333266396230646137393836646266373665646333 +3833363165363434303265393931623530343231316262340a316661303034373239336263386163 +34643065376334313238396337633465643338323230646661373036386130653861643966336235 +3734343734336335310a326164323365366337346638613735653636326466366334336163623233 +65383662313764373562633534646131613934346638613164666266663639303137623964396332 +34363737396430376137666634643932396663653961316431316462373637386138326432653035 +66356565393262323735313730376530653233336231343461333232323863393635386639333030 +39386632303765636463623833643762663864386562633066633432343737376233653132333335 +61383739656538666366323338393931636535643833653831636661336462333462633133386138 +33376137653137646135306361656234613630346437396431316632316666313864323038343962 +64336439373462306233303864626231376232313838323636633263383061306337333161633763 +64653638643131373661626138313237373332326236653133356539353830663533346536623833 +38393163353364623637623039353362323833636238633535303165643236386133623466626565 +38623535636561613637353339306239316263316130663336623935316461333130613566363839 +30353732313835626330326138306564623231383430653530653035386334316663393561386135 +38663738393030326232663861643238353565383837316136333838316133336661376239326461 +6337 diff --git a/inventories/group_vars/storage.yml b/inventories/group_vars/storage.yml new file mode 100644 index 00000000..f78a2572 --- /dev/null +++ b/inventories/group_vars/storage.yml @@ -0,0 +1,291 @@ +$ANSIBLE_VAULT;1.1;AES256 +31626563306565366361386137306233343261663636326137383461303736306535633037336330 +6130616339306334373566343462613139303165336537330a363564343264363831633133363632 +38306131633664666636366130653337346535376231386631303763383439626339356466303033 +3232316338643462610a656638613334626666376631666631303962373836633461316666383430 +63303133313261613430323439633664353632633337336161653438316138666163316236313936 +63656434633561393465336134383139333565623837383866396435313434393936313964323135 +36613830616230393462353831376661313438386630666661353137626535623531326232306533 +35306536643538376232653339366232373237343839623962323135356561386361633532646661 +35313134666130653233393333356264336134613434613862646339303934363935633037613863 +61306262663263623637356638616431653930313335616435356434356633646461393739626337 +31653732323639363339396463363239336635656664316530656466653838633630323135323538 +39646261346431333131363464653733373461316333366237396537313365636536666636336237 +33643766353264366230313033626138623438653663666265333931386234393633636561313134 +34383538366336626165363766373237613565643863623864656163303763346563623166626230 +63353639396665623330373639656139313933616464633666393061383337313662653535313065 +33633264353735393936366234636561616133313934353637643836356463306365643738393663 +30373533326239306631626132336639386662343332393939333230643564376566333631326666 +32396230666564333666613737653361313930623236626437343132316436353133386438326630 +30346364366337393766643833613236666365613764643231396561366631383961626331343734 +34613464306436353466366233626531346164643565313830633966366664623565666436373666 +66376434323866383633356466323461303463623837356561303532383236393036633765323933 +30633934373531306236626565333836626630363836643332643565393362666436333333313164 +38646661316430353165366263326262663135653439376363363039333139343532333264316566 +66306461383463633963336563336231333361333030643439663938323436376336373933383530 +62333932643733633564383938363032386538373063613964376338633561323734303666646461 +64356139353439643330306163663061393436656432346533376338326535303037386635363335 +31626438383532346333376536336462316465613231313231376231646434653834363762636534 +37636638346634633032386331333139643261303938373732653366663565313130643531386533 +35663537653437613961656539613263373964363761643564353235663130666664303535623961 +37626461303665626630376634373332343935366263383439306433636339623937636362646531 +39373663613336383839613736653263333061333562303532373562363864356633623966313065 +39393230613336623936373639316130383366373138333037663562346537306332636330323362 +32613935343938616465666535656434636530643732356365633466636665653561613438613635 +66343965633830323864623031396330393133613131646336323539383365303438356330643038 +33626231343962336134633634303966336333326336346137313831333832373764326531303832 +34653731353066666139366265656433366431393132653937316234336663316165323732663436 +65386561323536383831613134333061353063663938383533656165656665633032313163366338 +37383634336139303235656633383037383962316335656635613233366361366137666361343764 +63343366636231356264346661333464383336333539613262386164636334373266303961333965 +66396437643034336236363433353630393838656433323132343830353566646461666337336635 +61633030653663393763326533626264303735313633326631343234616334623434396461646637 +35346336643536643265613166643265316436643439646265306530616132356463646234326664 +36633066376461633237346466396231393464613734633637396639653464613737623339396133 +66613333656565623661346239656137336165396436356639376439306363383934306431623966 +66363832383233306264396630366531613962343434656334633037636238626363336133366231 +63393265663965613761613534393163666137613031623236303434323366653663646134303038 +38653236643964663965633738346439326138633338353233623830303330663939623236306230 +39383964663537653561306665346438393735363033383339326466383764363639396537366261 +62616335306234616436346664326564313834343765383564613235373664373736343063323138 +34356263646630313430623730306330363066643933653130303762636639313433613539393866 +64333339616436336261306533616233303530306539643766333730323964643861396261336163 +36623439386265373165643831313632313237376431323036393965373137386237333335326537 +64666661353438626135346362383838646435653934643932386265303630393961653164366339 +36306564376234623036346236373465343566653662633862363966326264666235323863653536 +62306561363963306361313565623462633462356136613536356262663936656436323863646664 +62343366306365613961663231343236663562393739643134353761323037333766336664396434 +38663937653732353632666435636436343237393939323538613965383863646266326338313731 +35373262383431313130386362386436343965386631376164363966363361613238343066386462 +35643731656562303764323632613737613265356463376661363233613634636534663136613663 +62306463666364636132316638386430323762643137306536613265356433373961313930653361 +30393861383735333261663132633062396566356364636431326462336364616164316532363435 +38623966646335313566653532376532366134653165633830636266376565313133323932626637 +39663763356332623134633263373231396264393964326231336433623162363462623834666135 +35323163623739383935613333383330343036623663643633383134636639316331343634316134 +35343736386336666434373361653235653032656633326331656638363133353333383537326264 +39376531383434666536356163316634393330393038363630663537303161653830623265313633 +34393331623264396330643435393833646365306162373463613362633638323262626231306238 +62636337626461663433313965633135643661303062623436383762643138613831396364306234 +35306163626264656634313033363161656238333834313931353661363631633039306636633364 +39376438633834666433626166303936663461373830323864363730643035366563306432623563 +64366239343762306630333635383465616131323061633632363934313235643037653237343137 +66383338363932636435326232316337626539376430386564383038613831643838663361656162 +61386365346135633031323563363566386635613861616434623234343362393536633033386462 +34376362346432346665346538613437336434313238346138343236376566333031653137626661 +34643938616364323238346264393365366135633937303730303832646161613237393461323038 +64656334326133363836613031633035646530363839383436656366306266656136316130386166 +65663334633833653664333463393362626536336561383164653965636666373865633838333833 +62363135613665373433643530336437373030656138386538376463653832386461633865393537 +31343261666262633531366132613536323439333035353632333537373763616562633335383463 +66323638373334626434383435323130633564626330643566653562353339656230316162393162 +38353439346262396264643530656535353063333961613633636233623138393266346231313531 +31363036303236646331646231346538346361636339353433363264633431393035303533633264 +31363065666262643235393533333665333830616134333064353032626233386334653666666130 +66656561633735366630386331653666623135383664663065396436356231643363613834346532 +63373563646135353462653461623163386461323563306230393031653664366465343836333538 +34343662373033323231363132336364646231306566376662383138313066643436373939613765 +66666561323131366430313231386263353836653137363831643935386661323265313661636531 +39623066643033333965353131353632616130383232663930366461313032633638303362343162 +65363539316166373334353462356431313965656637663034663833386638323966616362366663 +34623666356363376136396561326435333530646633333035643565316661303465613238396439 +62333264353231353735343262323434306331343833656166373339383033666332366663323462 +38656362663664336531366135386330663830623161396531623538353236393438633764323431 +64663437313239383637316438356662653738343438623263363138353236623830323334613336 +61393738653136386331623861663766643463333137333562633130626535656138656336313265 +38633331613363386331623439396562313462373035333735386261653830363334386332356166 +31613963393462323635326362633430343435623834343331383062323830346532313765333933 +35663864366237313666323836393834353363313266386634306230336532643039323964656535 +36613237306261303265333764666434303534336165333332643131336335373330623536383263 +63303731656132643734623031626663363633363132356362366332363666303736663635373238 +30366236616563383863393736303939623864666330313561393130646163323864663330383766 +39376134313164663232336364343237323566653165306239643635333332303234613636633336 +36393338626131323938313039373861626233306362396137333339386538336164616335323538 +31666363353531653435323638653338656664313430316631323337666164366435373536616237 +30653936623237636233626465303465303239653434386634623239623839623739636333366334 +38303238383463666430656334643264313932613838303330393161383633366663386230363033 +37626339613638616637303032393363373130326465363236316238313731323762636561666631 +31356437323464643337313462353265366438376232353965663336303139303135623037303465 +37663935623162333532333061656263303461316334306163613461316131616530663039333030 +37323631653065653836353830343132306232323636303232396531656166636534666532396531 +64303736303636326636383331653236356235663863396365313338346463363932643937383337 +35336461343866303535363132336433376636656231323033663735666665316561393762663766 +62386438623234623262366430383261366532316439626466383930363632626537346564353235 +62616432663830373133313264663038393731623365643463343335646165633866346636643530 +33386264613334346230363735313937643139303035646564346539303538626336636633303562 +35323562393361663034623062353432613162386431303163306364653464643665376232633130 +31643633313335386535353332663865343164343766663234336462363035313938356464356564 +36333034636265666266636531623237333137613633386638343733626361346664363262643666 +37613538656163303532383531636337323238643166616430303536653361366162316433393863 +66336662306663303064386566313130356665346165386234636239346638663939616264633432 +36303434393237663235636166623536353961336561646163386137323234396438353531323461 +38313566623061373565333562373562653461633439363233393734343762343538393039613838 +63653736626130386664386330393732616565656630633037336161373532383365303061663934 +64613732386638656335383337363664356136343332386435656131346364303436633435333738 +63323964653132643962326331373236646465363934633732623730336361306233343264313863 +66353963323930663636663033333334653561326463613833383161346132633364623135376530 +37363433303763323666643437363132313262383662646232396564666630396233386231356462 +39366639666164616439333932363162316132653234306165396263343135343737336165343735 +31313364616362303339373236306432656165646162356135626338303365383362383932616364 +35666165323763383262346137306130326531356265353438353666333737633734353366376635 +32393238326337396266343631383035316139616537346564313566626536666235623962336233 +65643131333733383161613235616533303530356436313765386336643332613836393461346334 +32366334613330396636356363623736656533303133356464613837636430373934353538363030 +31373036383234373732373434373764353537353836633765663537326538353135326465656532 +36336236333235383236396231396433363966363536643837363063346564383830326663303933 +35386566333264656634333133646135336635383566633439643437626563643235623161383234 +63613831366133643939343737656430343636626137326562633866353739656632326435333264 +61376364653466343733616661353064353764363930366264386137613461623231653965663062 +63613330623939366639323038623166343564396237396233323035306166373466616536626663 +32346165346434383637663461616362616235373830633038653962393039343232393631383136 +64356266336332353163613832326564393461306463656439383938346666373431646366343436 +34646562353861306361643562313066376433303462336636666431626230626164346265646563 +34313634636539663939333062616566653534363930383565333632613761663439396333663732 +36626364306330626536643933326135353830663261616366653839303564373863393762313964 +39303565626632626131313435323537396339623964346465343734383164376165323365386364 +65366466613538333137336161343234363139356233373232623463613461363333313165356264 +61316232343030663665323566633931316261346332393561343435356161366430666562613562 +32613764306132336139613661626666643662643166656266376561653863623231666163316331 +30383835323437623932343936306230323431356535636365613831343339346231356635613262 +62366531666262303064313531326466363461653639636463303839383164633465666363326132 +33353361366332356466636435623139616536303837333234373637623737613236643831363134 +36613139653835666266313463646338666433626130383732356563303966613563653661366136 +34663732663431393039323434303735393135613461623065373239393363653836396238616136 +63353135313238653734633763393032376263363566666634316631613265653035306435353732 +39343166336663393036373236616538336439663531303135363439646239393561343734656266 +31346231636134343765353536616136336639626531656334666530353165613665643930363630 +36613133636336613430306666373236363836616266636362353765656130306637626162396164 +32613738643765633139393865636135663337333264653865323634656337646133633139643738 +35326565313562326563613062613863383635303463623830613030323232633133653363646565 +31376533666532643961313866623332393334326263346666333431636261613932333834393962 +65376566616139396662343862323565636130643631376537326530393235333166336433633832 +33353764393834353366613239373865323261373639663131306464393338356465313362633932 +36373230353435633066633037633130393063393936623366613235353436653135333536636361 +33623865353465363166393139376466313332303234373161373662386565376266656565396331 +37306336353039323533303234303561326637396139643937366632306631393530666136393931 +62393735623235663062623862333365373762623363323565313261663137613233663262306133 +63356631353232343530626238323438633531396536646336396362663864333561663033396435 +64333262366661386432316532633036313330336565313537373261333132636337636237333336 +65333832336337373230663266626537303934313332646138336633386136373931396362313932 +33626462646434646535623333623339313237323430376564363763303032656435616633613734 +64333661623361373039626164336431353635613233613665636431316534653639366238306264 +39636234373265326263336539306233353134356236316536636637616364646366363433633932 +30353665383735633262363532613531386337303764373937343737303432363531396266626639 +39366636323933623135653363633835343337333162346266373231303330646561376165303264 +34663937616434663765616135336239653937336164383232306263326639333630316237313263 +37626638383932393063316338316330336463643130643837383730313164646537333465306265 +34343235303430316334316134393732346634653235396638323834303365653466656261656336 +65316333303231356663326430663635613766646265383535346439653266373134353861386238 +63303561333963663134646366303764323336313433386163333437303935386465613530393361 +36306435343233333330376434643636396638356166306436376464346562363666643439346438 +62386365653735316336613037613031376430343538616665653432633534346538643466383130 +61663135353836643062393231333933613238373063336134343630353435336134323130613738 +64316632646535353139306164303163643238363863393130383466323336663539646365346635 +61343462313332633737323939376362326333636166343538383235363336333033616365633932 +66343230313836613932336132366261646262396631303831343061356330323431306435396262 +38633038623430666134373236336566323637653733656334326437636230393934616332343232 +39393961366533366561306235343630396238356333333331383233363033356366626236363166 +36333164613539653762393134356537653739393036383039656236663665383364303238666336 +35663966346433623437303639343463366435626361303563353131323332363630666235343365 +37623761303739653362313765646164653766633362316534643932396262613862343739626237 +35643062613666336535623766323239366531336466613039363038396639663463656562313062 +33386261346132303065653165643761613666343937366230663936643866323363666339383035 +39356562656430393330336131343562663363613463313531656135376265666166333635653035 +30363635366664363961343030616263313835303930366430383636303232306433623265356631 +61653638396532613761326230656337636362303935653939336236323739383538323463393732 +63323031613830646165623162343031326163316137303735383133656365616462313866643966 +38343238316136373462303335353663386239626238386538633139386363666432663836336330 +64623836326136626263313461636165373030646632643364313232623130666466323963646632 +35653332613962363964383462386634333135373134633637373762646539366639326161633062 +36336562653631376363316565396230396666383035363466653066656663646361313163643463 +63303033666530656463393165333162643138663436393134376661333061666164643636393436 +31663138353037623336613661393861373031623733663063643062643839326331383637363765 +61633362313735626639303734633631313334663663616164333332383838393866623865393765 +32383766643461303866353661396663636532316233663862383338643965363563323865383132 +35636461303439643966383062383037353362333638353131366232343364666562313630656534 +38343962343566623131306364366266366630383139626130313162323166643134663539616332 +31616362386439663831373636373732323665666239326534663135326338646237653339613534 +38313062343533666464343663623136666665643939376631373938393033663763663139643066 +34326664393735616430346335343165613465303233633862313935663762646538623933353165 +62643335373436636362363839636330613861363061633732646232313866376638343636633666 +61666536326532626561356231343764363934656135623465346535646639646538373763366139 +32303138633965636261623137666239356637393034303565656630383366663062323732643036 +34383036626331333965663135303933383635323037663830663562343931366465396164616632 +38336430656166306230663831313735376437643534366438386434613231653266373932366539 +62396530333665663930363137353437363231343435373337323938666461383131363530363762 +66353230303330643439386461323839366433336333323632383131653837363030343135643737 +65626538373032363837383664633739623537386661643732656664393933356537323738353036 +31346530303862616365666464613964383038666537313237346437376631323465633938666230 +32303330313061386164373765646136363938333936393161663330386163323037366633313739 +33613664323837373063316436653865333938363638363861373130646464613561303932623937 +38326264363232353063386431663366393662353736373432373566376430656665333838343739 +64633131373036303738643363383532626463353766396439303330393163396337333430383230 +38386664613563633034316233616431303966373330363939353663656138306130366566316465 +66613135663764343738313064613664633262393937633231393265663361353737616233653139 +61653539363662393636653332376535616636333931623531343564396231333961363732363263 +66393236643963386530373633393966363331316263336230323838383862633261633430396662 +31393832343533373535643732646239653431313430623735363233626539393138313739353061 +38393865323832646162666465653236316331396262326535626238616138303339343566366162 +37616566356236643330356536326163636139353733306566633061396232653965633336643538 +35623534653466353366313931626436363835343132666264346664393265663962396661623734 +62343166623730396665326135626438313539323633643639326631643666376439356136363162 +35323362303166663666363762373336336361343936643463326335333930616532633738636539 +62356461313665616630303230343531303061303134623665653961326630616234313237393365 +33333764393936353663643065366333306234613535303666393236356461613639303461666563 +38666432393334333739306361393361383635623364393939623231313934373231393733363736 +62353431333133663136366665616266343933663761393666643938306536356666386132656662 +61626530626633646566343262313765336531633835303832373861666131363938323838316335 +34393634333837333937396235383362363039633364666639323831653133363362666163313933 +30376162613161313331356266356462336166663462626261316633383339616239336564303432 +37626136333437613261643536613635646261663563616566336232306130393739356564653438 +62333366326561613962633434336530656639383437666663653938653563613937396566666661 +39623165393565396338616338383263343031613366656262663436333238353430303930643533 +63386163303562376438333133333466653230343565653838633964633433363964366361623338 +37366163313265373661356465623566663466343637636464313836666462303139333864303035 +35666136336166383138326435333037626138646533383533333063353339343463626636653530 +39343363393162316533306261363032663033613464386135383037613238353738656633636533 +38366132353534656436303630623864306331373834323738353462383430663365363561616338 +38373861636434383036396563323963366362323230323535356666386135386435363731613932 +38626438343664323832303634323932636561353263633736326438346466613865653438646338 +66633666353066643262323430383866616364333937333637356536366231376663616563393363 +64373465616163353361366365373039636162386633643364623039376637646161363134306635 +63396663663533663534616637633238323963363238323638363131643966636533633131343434 +38653937386235333833646333303430396533316261636133663539396361353433303030326661 +36333039316665613734356261343830613137383437393330313737316232636662643830326134 +32323537323438323661653139343461633462343537323062383662656138626264376532643033 +36363164316634643432313533323861343536633133376235393434343264383062373538386536 +64653763326464366562616135393566386666356164613064643532356336366363306337323033 +39303830363466663366663262653339386666643336393030393432373735663432643130353731 +33613936653432313862656638353834313331373465323739613561653462653233633833636664 +32303562383235313436333763626533666330316431303530343065633666336532383830313538 +32653862333261366130633963363964626362303038653538613630613238626334396461643734 +30333163356136613166633530663238613763353232623964376363616366613462363561343337 +66356163346362313932636637383761626561393635386231306565343065363766353534316365 +33393862336331643137343163383565613135623434356165323530366235393262396533393264 +61656531366231666635356531336162656262396662306631343332353632616336626662633730 +32626465656239333033326236656638656139633131313161663330633335343662316432373031 +62643431333761353833356332653032323639303363343330306335313835393039646166326530 +39353739656564353861323036343630626430343064616233626534396231663134616163373136 +63663832363236663066383738636362303231653366306364396137356664666630353161643063 +37306266356539323732643839633238336432643032373061633337653135633564323436623730 +39663962356235646332656133663064336131616665333538373062363561346163333133653864 +66666364376439363962356166323066373361636561653066613039363932613162623966323239 +65396634616630373239643034376265646233636165646531346237363737373633646539653763 +38353034613366396635623936313633333231363532396231353463366238666461393131666337 +33323361633665326436646439303539386661343537356531633664623531386431323437346137 +31663161666164336365393934363335336337303930306663386333646436353163316334343231 +39303032303539653938643435623130663361663534393262353433666366373365363966373262 +30646565363366643432643463363431613466393731373930313537626631303266616562663335 +32396234336232643763373235336266663936313832353038356136653433376266653037386137 +66393338653739383230653835353038383462643735663636373537633466386266366564626132 +64333638396464656461393966663237343436323533393362633363316437326234343265363537 +34613266633235353534663838643566643262616633633833353064643030383136353235346335 +35633032313839323261333130346639643736613066323030663632326138303236393633643739 +62613561346265356561663236636265306536613365666235623239313637336534656535633263 +36326365393636313431376665656665353232343063663338346235626466636539633038353062 +31323139353637393932663961313661363561313364313361643866393337383137326563333662 +33656134303832336331633231623838333536373763363165313863613933353530636465306265 +64316466306232663035316365383465336232306465343363393066653836663162373230623530 +37653063373731343836623535626566636366363438613332613238616338353632626630323236 +64333032333034643235323239373961386430383337643534663562666565326666303564633530 +3631333938383239333236646361643839373532303762366433 diff --git a/inventories/group_vars/virt.yml b/inventories/group_vars/virt.yml new file mode 100644 index 00000000..91300756 --- /dev/null +++ b/inventories/group_vars/virt.yml @@ -0,0 +1,104 @@ +$ANSIBLE_VAULT;1.1;AES256 +66653462306337343432303833396236616634363031633534396665623735633338646661303137 +6666343230343966356235366462326366303831336636310a396263623363356661353666336435 +66333934323761663933613137386664346438383635623939373431663661373837333032646161 +6135373931333031630a313033396561396339376539303363316239356161323466323438333830 +31336234633763653331366261376365663239303566373434356536653232393730376562333266 +31373636303165356632346438343735326466343564333139393136383130653936303261623238 +61323232646131646564396334353839306135633362613266306539363166386234613939366436 +64303162346466373566326361656432646663376563383636636237386437303037386532653937 +31393061666439383638316461323730393637616165333066303661383763306435643734616432 +66656264663734326261396537383531323832393035383439613931633931313230336532623062 +65306464383766346264336537663562336466623362633030616136373361363663393938366539 +36313063643639616139393362643164313134366131623363376638653233343237326366373764 +65373931386331356566636264643731383131643230343164346630313966353463353263653230 +36613937613734333139393463633265306466643363326265643430353334653339313435643265 +37303064323161616630653030306131306232376633323835303435643863663063386435366237 +61366132383862656261323433343833336532386639633133323163386435376261333734383336 +62333538323731653137333563323566313965633262663837386365333537326566333139396564 +36346238373630633334636264656631363561313765303839303963633831656463353839373464 +65353965313062373266633938633734303463346534353538356163373962383239653465613834 +35353435613135313430663333363733353465366439316635613337623065373339663437656336 +30323765626662353638393534393763393633306663356265633638653537303134653966366236 +63313539356635393733643466623236626338386361376661633430393436393265633939303966 +32643465346135333037666362396137633834616631343139613639363432386565313437376530 +32353562333538663630383862616439363363303865383164633836363633316262623965303963 +66363261316661313236623635393238363062616361373766313463363966643564356362346366 +33623637663366636139653163653561333531663033623235363462633834653665663830626130 +31386338656532653638393032366530323437393734373932613836313530613731376264393131 +63353731346432633361396466316534346366636335646131663038643063366535623234383663 +64636366626664373165646534613063336538336465313863643139373334373532653636363364 +34323564393536663666656264346530666666633133363662396163633465306535393363653931 +62333635363230626634333934303165313536306130383838376131303364353336316532663263 +32393933303139396333353936316262633462656539623638633931666139653566623737316331 +38366338396361626161343231386335646366383338383133303131636433656330653133626636 +39653366386166623963616337393135393136393061653963383830393566376434313634376663 +34383965623733376265623833343363626361363861666639626439636334363830313932346136 +30643164393162343831653330626536326363633665343533343038646465623264623031376462 +66313732636138386164383133656436383639353361336435336164356436386662376631333730 +35346265353836643033336634663464303734356330646365346635643937663362663937353464 +35613632366463373336663862363338653038376539373837653864656330303036306336303338 +35393530383431363765323862663934353838316234373930643038653762346134326362636262 +62316161653933333863336539376332303635343763363335616538346462353336333339353735 +63333163343761646237386661333763663535386130643937323062326463646437383337336631 +33646530336561613138303537333461666163373261393736636237633664336364383436616266 +34656665613037396663303762666336653466363730326466363438663462653462656432313638 +61316165353962383637303939356165656639316536323038386337333462666233633537303039 +38363630633838663934646331306532623263343237623762623832373137323061396536363231 +35363236643964356637313334333865386631613339366635313163313965636537633533666666 +32363266346666323839313736336464353537323936313661633461316461636665396164323331 +63396333303931333161373830646661656136383939383262643566343664633766383435353364 +62306330656337356566306562653032383064653939663236363866633432303863386264356136 +33626236636132373139353863376666636236363334353332613636336662656161663264363965 +34623333643235626534613965333062316237353835386430366532653966363832346666613935 +34356233306562353038346531663734303864373764313866623763613733376664663033356138 +36313232653562326136643466373464666161646465386438613861633264613937303231306331 +36373634666266363130376539306532363864383561623236623164313761643066313765363434 +66303464373732343035653664643262343830343063666538363937633138626262633737323566 +62383064656262623262303664613764303536653864356330363535353562303234393632313865 +32363930633138393162333736303234313036383239303031616161626566656561623234623261 +38623164383863356131643165343965656162633433373462653834653436313861343439306434 +35356366653665373133396565313833313637343163663836366538373538616563393963306261 +31613731333863333361373336636335633164343466313732656533393865393163303364623637 +38383836626537356633346666383435336537396133313363653836323062636433386230363632 +32333931616639613732636162386466326563653437613533396430633465326564616132356135 +36663033353939356166326537653062303835343730363035366465623030383430636634376466 +62643862363565643765643232636364303065323033363439323466633834623064366231613637 +63633230343065386436386562366333333638336361373131336131633366353533366565343930 +32343164306434643530613431376230633462303430653432313635666439303036343636623435 +31386239376139363561343434356164326635633937393663336633613737326461386662366133 +30633036363630306137356235613631303839633836366537623730623436336666383735373265 +64383266356631353733616236326163333761333133653466303765613335333232303934633630 +38393432636632653962356165653730643466636361613633663731353362303230316534643362 +64616130366330323966306264326335646330336531393037373838376330323862333363636438 +34653566366437653832643936666461386333616161653038383137623930306539396333353261 +61303466313430383538633863393930616665343062303038363534363839386263306334336166 +63653434343338633466643739366263656639363839656361343837366432643433343336343835 +39323533666566386362386137333064373433623136303631643430663833383532366637386463 +35386535386132653832646533616261626435633134623230303164393136666130373263373536 +36623462363634386134666630346263323366326238343566383134653634653065653031643136 +66336138323764346330353165343136313538613435383632353832326539633139643630643034 +33643665653339303464306134376161383130363264333435666266323031323930306664303036 +32363037323435663732393663343666336536613836313835626435653933363131316432353634 +39306233343362656366626534393162383736326164616563643261343032366134666235613138 +32366430386133323366376235316236303764623736313435326432636561643166656461363361 +65373865303933353862623835333739393038616634633639326639336265633430363338376533 +62313438363764383732626263306633623163626464616231373764346138316466386265373635 +66376331623365636139663464373963653538323964356466313762303536373661353162343563 +37613639326430613862323232366337373134306335643939653363623035313337616263306430 +33346237393164633365643733613435353030373631303436333838386135633162656134343035 +30303631343230333163633932633631616130623064313530336233623931633061613062393861 +62663030346530613032623836356663373935313465653632333539303732613433303339366333 +36346138353764323735333665653832663866356666666338616461646466346338396361393138 +62313661303763343265383835623834303861613931666636616133333939386264613635326165 +31653861623661376433666566303834653837316164353636343936623661656564623365323137 +66663763376365656262386563333463623234643332633666656163353062363662616438666561 +66636464323665376435366335643363326531613634643534653866333466356330666538373836 +31363034316662653566646462376264396138386535323833646638616538613031363562323137 +31646364383462383262366130663066313962396537333032363937313430353935353233623638 +32336233383632363362336630663365633638653831383531366633643362363637316165343138 +33313165313535636333353037643939643232663536353831373830616662613935633233316232 +66323330366331383962326163343735663537646166383636306135333866386261643833303737 +37383739633530353630643031633535306232323362366363306563393934613264626134383063 +39303563323537303533363965356633366232626264326130346530383530353266303264363563 +383833623861633238643031353564326166 diff --git a/inventories/group_vars/wireguard.yml b/inventories/group_vars/wireguard.yml new file mode 100644 index 00000000..27bb9b32 --- /dev/null +++ b/inventories/group_vars/wireguard.yml @@ -0,0 +1,19 @@ +$ANSIBLE_VAULT;1.1;AES256 +31336530316165363961633962643337386339633933323037663234633666323766646436626164 +6564306436623162366333303664323934393735383732380a616662616538313634306237383732 +36336436653562313933623031643938623064623766383333386333623036363936663965363636 +6436363965633133630a353834356339613463333064393262623631363735353939376437396238 +66653061633333303963326639323963316336303066633662633161383633646166343337313037 +62313461346633636531353833383538343334626139393235313862333430663532366230623039 +65633034666232306366626462393362366535306538386239653638383536643130396465373964 +64346466666666313735353934363135306462343864666634643532313037623339313464633432 +33323966323961386636623061313831353262626634623539376636383033313832653163386561 +63323639323961323935333538653439376338366132623763386332633864366338373264663462 +31613962383139303962333839646662366431313965636437656263323166366663373862306463 +35386537636230613035626635333733623537623638633961383362643734313338313639316630 +31316630393137383637653537643262623562353561643738356264306131333430373130386162 +33316234633038353265383037646166643232346337396331636566383037663564306131663030 +36356163306166313761616366616630653634386533363061383464393833626137303935366661 +61323333373964626631313065363337356131666132383235393230653262303937633336376532 +64343130366631316163313862386563633934326332656637393834366264316231616636643736 +6464313465326664663239636638653863623765306661343932 diff --git a/inventories/production b/inventories/production new file mode 100644 index 00000000..09fc912f --- /dev/null +++ b/inventories/production @@ -0,0 +1,34 @@ +all: + children: + production: + children: + wireguard: + hosts: + wireguard.grote.lan + reverseproxy: + hosts: + reverseproxy-v2.grote.lan: + dokuwiki: + hosts: + dokuwiki2.grote.lan: + miniflux: + hosts: + miniflux.grote.lan: + storage: + hosts: + fileserver2.grote.lan: + dns: + hosts: + pi.hole: + acng: + hosts: + acng.grote.lan: + ansible: + hosts: + ansible.grote.lan: + docker: + hosts: + docker.grote.lan: + ovpn: + hosts: + ovpn.grote.lan: diff --git a/inventories/staging b/inventories/staging new file mode 100644 index 00000000..68e544e4 --- /dev/null +++ b/inventories/staging @@ -0,0 +1,34 @@ +all: + children: + staging: + children: + wireguard: + hosts: + wireguard-staging.grote.lan: + reverseproxy: + hosts: + reverseproxy-staging.grote.lan: + dokuwiki: + hosts: + dokuwiki-staging.grote.lan: + miniflux: + hosts: + miniflux-staging.grote.lan: + storage: + hosts: + fileserver-staging.grote.lan: + dns: + hosts: + pihole-staging.grote.lan: + acng: + hosts: + acng-staging.grote.lan: + docker: + hosts: + docker-staging.grote.lan: + ansible: + hosts: + ansible-staging.grote.lan: + ovpn: + hosts: + ovpn-staging.grote.lan: diff --git a/inventories/test b/inventories/test new file mode 100644 index 00000000..2ee99635 --- /dev/null +++ b/inventories/test @@ -0,0 +1,41 @@ +all: + children: + test: + children: + wireguard: + hosts: + wireguard-test.grote.lan: + reverseproxy: + hosts: + reverseproxy-test.grote.lan: + dokuwiki: + hosts: + dokuwiki-test.grote.lan: + miniflux: + hosts: + miniflux-test.grote.lan: + storage: + hosts: + fileserver-test.grote.lan: + dns: + hosts: + pihole-test.grote.lan: + acng: + hosts: + acng-test.grote.lan: + ansible: + hosts: + ansible-test.grote.lan: + docker: + hosts: + docker-test.grote.lan: + testeinzeln: + hosts: + vm-test.grote.lan: + lxc-test.grote.lan: + ovpn: + hosts: + ovpn-test.grote.lan: + baseimage: + hosts: + # vorlagebaseimage.grote.lan: diff --git a/inventories/virt b/inventories/virt new file mode 100644 index 00000000..191a9f95 --- /dev/null +++ b/inventories/virt @@ -0,0 +1,13 @@ +all: + children: + virt: + children: + virtstaging: + hosts: + pve-staging.grote.lan: + virttest: + hosts: + pve-test.grote.lan: + virtproduction: + hosts: + pve2.grote.lan: diff --git a/playbooks/base/0_master.yml b/playbooks/base/0_master.yml new file mode 100644 index 00000000..92535e76 --- /dev/null +++ b/playbooks/base/0_master.yml @@ -0,0 +1,7 @@ +--- + - hosts: all + - import_playbook: 2_packages.yml + - import_playbook: 3_base.yml + - import_playbook: 4_create_user.yml + - import_playbook: 5_personalisierung.yml + - import_playbook: 6_haertung.yml diff --git a/playbooks/base/1_bootstrap.yml b/playbooks/base/1_bootstrap.yml new file mode 100644 index 00000000..62b269cb --- /dev/null +++ b/playbooks/base/1_bootstrap.yml @@ -0,0 +1,38 @@ +--- +############################################################# +# Wenn das OS ProxMox ist: +# vorher PVE-Nag-Buster ausführen +# wget https://raw.githubusercontent.com/foundObjects/pve-nag-buster/master/install.sh +# bash install.sh +# rm install.sh +############################################################# + - hosts: all + become: yes + gather_facts: false + max_fail_percentage: 20% + pre_tasks: + - name: install python + raw: test -e /usr/bin/python || ( apt update && apt install python -y ) # noqa 301 301 + - name: erstelle "/etc/sudoers" + file: + path: /etc/sudoers + state: touch + # - name: install sudo + # raw: test -e /usr/bin/sudo || ( apt update && apt install sudo -y ) # noqa 301 301 + - name: gather facts + setup: + + roles: + - { role: nickjj.ansible-user, tags: "ansible-user" } + + vars: + ### fuer rolle nickjj.ansible-user + user_name: "ansible-user" + user_generate_ssh_key: true + user_local_ssh_key_path: "~/.ssh/id_rsa.pub" + user_enable_passwordless_sudo: True + + ansible_user: "mg" # Hier ändern wenn ein anderer Nutzer für die Erstanmeldung verwendet werden soll. + ansible_password: "hallowelt" + ansible_become_password: "hallowelt" + ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'" diff --git a/playbooks/base/2_packages.yml b/playbooks/base/2_packages.yml new file mode 100644 index 00000000..7bb0ef7e --- /dev/null +++ b/playbooks/base/2_packages.yml @@ -0,0 +1,10 @@ +--- + - hosts: all + serial: 3 + max_fail_percentage: 20% + roles: + - { role: mgrote.set_apt_sources, tags: "apt_sources", + when: "not 'virt' in group_names" } + - { role: mgrote.update_packages, tags: "updates" } + - { role: mgrote.install_packages, + tags: "install" } diff --git a/playbooks/base/3_base.yml b/playbooks/base/3_base.yml new file mode 100644 index 00000000..c2f9b6d9 --- /dev/null +++ b/playbooks/base/3_base.yml @@ -0,0 +1,6 @@ +--- + - hosts: all + roles: + - { role: mgrote.create_users, tags: "users" } + - { role: mgrote.set_timezone, tags: "timezone" } + - { role: mgrote.restic, tags: "restic" } diff --git a/playbooks/base/4_create_user.yml b/playbooks/base/4_create_user.yml new file mode 100644 index 00000000..cb60fad3 --- /dev/null +++ b/playbooks/base/4_create_user.yml @@ -0,0 +1,12 @@ +--- + - hosts: all + roles: +# - { role: nickjj.ansible-user, tags: "ansible-user", become: yes } + - { role: mgrote.deploy_ssh_keys, tags: "ssh", become: yes } + + vars: + ### nickjj.ansible-user + user_name: "mg" + user_generate_ssh_key: true + user_local_ssh_key_path: "~/.ssh/id_rsa.pub" + user_enable_passwordless_sudo: True diff --git a/playbooks/base/5_personalisierung.yml b/playbooks/base/5_personalisierung.yml new file mode 100644 index 00000000..90a7f7bb --- /dev/null +++ b/playbooks/base/5_personalisierung.yml @@ -0,0 +1,8 @@ +--- + - hosts: all + roles: + - { role: mgrote.motd, tags: "motd" } + - { role: mgrote.tmux, + tags: "tmux", + when: "not 'virt' in group_names" } + - { role: mgrote.dotfiles, tags: "dotfiles" } diff --git a/playbooks/base/6_haertung.yml b/playbooks/base/6_haertung.yml new file mode 100644 index 00000000..cb1eae0a --- /dev/null +++ b/playbooks/base/6_haertung.yml @@ -0,0 +1,9 @@ +--- + - hosts: all + roles: + - { role: mgrote.fail2ban, tags: "f2b" } + - { role: mgrote.deactivate_ssh_password_login, tags: "ssh" } + - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt + tags: "ufw", + become: true, + when: "not 'virt' in group_names" } diff --git a/playbooks/on-off/apt_autoremove.yml b/playbooks/on-off/apt_autoremove.yml new file mode 100644 index 00000000..aec28428 --- /dev/null +++ b/playbooks/on-off/apt_autoremove.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + become: yes + serial: 5 + + tasks: + - name: apt autoremove + become: yes + apt: + autoremove: yes diff --git a/playbooks/on-off/apt_update.yml b/playbooks/on-off/apt_update.yml new file mode 100644 index 00000000..90f00a66 --- /dev/null +++ b/playbooks/on-off/apt_update.yml @@ -0,0 +1,10 @@ +--- +- hosts: ovpn + become: yes + serial: 5 + + tasks: + - name: update apt cache + become: yes + apt: + update_cache: yes diff --git a/playbooks/on-off/cv4pve.yml b/playbooks/on-off/cv4pve.yml new file mode 100644 index 00000000..d25c0048 --- /dev/null +++ b/playbooks/on-off/cv4pve.yml @@ -0,0 +1,7 @@ +--- +- hosts: pve2.grote.lan + become: yes + roles: + - { role: mgrote.cv4pve-autosnap, tags: "cv4pve" } + vars: + cv4pve_vmid: all,-109 diff --git a/playbooks/on-off/deinstall_cowsay.yml b/playbooks/on-off/deinstall_cowsay.yml new file mode 100644 index 00000000..cf9b9743 --- /dev/null +++ b/playbooks/on-off/deinstall_cowsay.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + tasks: + - name: cowsay deinstallieren + become: yes + apt: + name: cowsay + state: absent diff --git a/playbooks/on-off/deinstall_telegraf.yml b/playbooks/on-off/deinstall_telegraf.yml new file mode 100644 index 00000000..7fb5d072 --- /dev/null +++ b/playbooks/on-off/deinstall_telegraf.yml @@ -0,0 +1,14 @@ +--- +- hosts: all + tasks: + - name: telegraf deinstallieren + become: yes + apt: + name: telegraf + state: absent + - name: telegraf-repository entfernen + become: yes + apt_repository: + repo: 'deb https://repos.influxdata.com/ubuntu {{ ansible_distribution_release }} stable' + state: absent + filename: telegraf_repo diff --git a/playbooks/on-off/f2b.yml b/playbooks/on-off/f2b.yml new file mode 100644 index 00000000..ee346697 --- /dev/null +++ b/playbooks/on-off/f2b.yml @@ -0,0 +1,6 @@ +--- +- hosts: testeinzeln + become: yes + roles: + - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.fail2ban, tags: "f2b" } diff --git a/playbooks/on-off/remove_ipmitool.yml b/playbooks/on-off/remove_ipmitool.yml new file mode 100644 index 00000000..87891e01 --- /dev/null +++ b/playbooks/on-off/remove_ipmitool.yml @@ -0,0 +1,13 @@ +--- +- hosts: all + become: yes + + tasks: + - name: remove Packages + become: yes + apt: + name: + - hddtemp + - ipmitool + - powertop + state: absent diff --git a/playbooks/on-off/set_dns_resolver.yml b/playbooks/on-off/set_dns_resolver.yml new file mode 100644 index 00000000..cfe78779 --- /dev/null +++ b/playbooks/on-off/set_dns_resolver.yml @@ -0,0 +1,11 @@ +--- +- hosts: dns + become: yes + + tasks: + - name: Setze DNS-Resolver fuer pihole-* + lineinfile: + path: /etc/resolv.conf.head + line: nameserver 192.168.2.2 + create: yes + backrefs: false diff --git a/playbooks/on-off/tig.yml b/playbooks/on-off/tig.yml new file mode 100644 index 00000000..3e53a494 --- /dev/null +++ b/playbooks/on-off/tig.yml @@ -0,0 +1,23 @@ +--- +- hosts: monitoring + roles: + - { role: geerlingguy.pip, tags: "pip", become: true } + - { role: mgrote.influxdb, tags: "influx", become: true } + - { role: mgrote.grafana, tags: "grafana", become: true } + vars: + ### mgrote.grafana + grafana_http_port: 3000 +# grafana_url: "http://tig.grote.lan:3000" <-- in GroupVars definiert +# grafana_server: "tig.grote.lan" <-- in GroupVars definiert +# grafana_influx_url: "http://tig.grote.lan:8086" <-- in GroupVars definiert + grafana_user: admin + grafana_password: hallowelt + grafana_telegraf_database_name: telegraf + ### mgrote.influxdb + influxdb_users: + - { name: 'influx', password: 'hallowelt' } + - { name: 'grafana', password: 'hallowelt' } + - { name: 'michaelgrote', password: 'hallowelt' } + + +# Login nach Neuinstalll ist admin:admin diff --git a/playbooks/service/acng.yml b/playbooks/service/acng.yml new file mode 100644 index 00000000..2765af03 --- /dev/null +++ b/playbooks/service/acng.yml @@ -0,0 +1,8 @@ +--- +- hosts: acng + roles: + - { role: mgrote.acng, tags: "acng" } + vars: + ### mgrote.acng + acng_server_port: 9999 + apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf diff --git a/playbooks/service/ansible.yml b/playbooks/service/ansible.yml new file mode 100644 index 00000000..4eeb2b08 --- /dev/null +++ b/playbooks/service/ansible.yml @@ -0,0 +1,4 @@ +--- +- hosts: ansible + roles: + - { role: mgrote.ansible, tags: "ansible_host" } diff --git a/playbooks/service/docker.yml b/playbooks/service/docker.yml new file mode 100644 index 00000000..17677a10 --- /dev/null +++ b/playbooks/service/docker.yml @@ -0,0 +1,18 @@ +--- +- hosts: docker + roles: + - { role: geerlingguy.pip, tags: "pip", become: true } + - { role: geerlingguy.docker, tags: "docker", become: true } + - { role: gantsign.ctop, tags: "ctop", become: true } + +# tasks: +# - git: # noqa 401 401 502 502 +# repo: 'https://github.com/quotengrote/docker' # noqa 401 401 502 502 +# dest: /home/mg/docker +# become: yes + + vars: + docker_users: + - mg + - root + - ansible-user diff --git a/playbooks/service/dokuwiki.yml b/playbooks/service/dokuwiki.yml new file mode 100644 index 00000000..ead0507d --- /dev/null +++ b/playbooks/service/dokuwiki.yml @@ -0,0 +1,6 @@ +--- +- hosts: dokuwiki + roles: + - { role: mgrote.dokuwiki, tags: "dokuwiki" } + vars: + dokuwiki_update: false # Muss für den ersten Lauf aktiviert sein! diff --git a/playbooks/service/fileserver.yml b/playbooks/service/fileserver.yml new file mode 100644 index 00000000..d92ea0e5 --- /dev/null +++ b/playbooks/service/fileserver.yml @@ -0,0 +1,21 @@ +############################################################################### +# Vorher ZFS-Datasets als BindMount durchreichen +############################################################################### +# Wenn es hier hakt, zuerst SMB auskommentieren, Ausfuehren dann wieder mit smb. +############################################################################### +# Wenn Freigaben geloescht werden muss der dazugehoerige Ordner per CLI geloescht +# werden. +############################################################################### +# in PVE +# pct set 109 -mp1 /hdd_data_raidz/data,mp=/shares/ +# pct set 109 -mp0 /hdd_data_raidz/data_videos,mp=/shares_videos +############################################################################### + +--- +- hosts: storage + roles: + - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.fileserver_smb, tags: "fileserver_smb" } + - { role: mgrote.sicherung_medien, tags: "youtube-dl", when: ansible_hostname == "fileserver2", become: true } + - { role: mgrote.sicherung_nextcloud, tags: "nextcloud_sicherung", when: ansible_hostname == "fileserver2" } + - { role: mgrote.sicherung_cloud, tags: "cloud", when: ansible_hostname == "fileserver2" } diff --git a/playbooks/service/miniflux.yml b/playbooks/service/miniflux.yml new file mode 100644 index 00000000..8b0a0074 --- /dev/null +++ b/playbooks/service/miniflux.yml @@ -0,0 +1,10 @@ +--- +- hosts: miniflux + roles: + - { role: mgrote.postgresql, tags: "postgres" } + - { role: mgrote.miniflux, tags: "miniflux" } + +################################################################################################################### +# Danach cname einrichten: http://dokuwiki2.grote.lan/artikel/technik/reverseproxy?s[]=cname +# und dann "nginx_reverse_proxy" anpassen und ausführen +################################################################################################################### diff --git a/playbooks/service/nginx_reverse_proxy.yml b/playbooks/service/nginx_reverse_proxy.yml new file mode 100644 index 00000000..2bf0275e --- /dev/null +++ b/playbooks/service/nginx_reverse_proxy.yml @@ -0,0 +1,45 @@ +--- +- hosts: reverseproxy + tasks: + - name: certbot installieren + become: yes + apt: + name: + - certbot + - python3-certbot-nginx + state: present + # sudo certbot --nginx + # https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx + roles: + - { role: hispanico.letsencrypt-nginx-revproxy, tags: "letsencrypt-nginx-revproxy", become: true } + # Variablen liegen unter roles/ansible-nginx-revproxy/vars/main.yml + vars: + nginx_revproxy_sites: + #vhost fuer dokuwiki + der normale-domainname + letsencrypt-Zertifikat + dokuwiki.mgrote.net: + domains: + - dokuwiki.mgrote.net + - www.mgrote.net + - mgrote.net + upstreams: + - { backend_address: dokuwiki2.grote.lan, backend_port: 80 } + letsencrypt: true + letsencrypt_email: "michael.grote@posteo.de" + #vhost fuer miniflux + letsencrypt-Zertifikat + miniflux.mgrote.net: + domains: + - miniflux.mgrote.net + upstreams: + - { backend_address: miniflux.grote.lan, backend_port: 8080 } + letsencrypt: true + letsencrypt_email: "michael.grote@posteo.de" + telegraf_x509_domains: # im template wird die variable mit "|to_json}}" verwertet da sonst am anfang 'u und []' stehen + - "https://mgrote.net:443" #port muss mit angegeben werden + - "https://dokuwiki.mgrote.net:443" + - "https://miniflux.mgrote.net:443" + - "https://miniflux-staging.mgrote.net:443" + telegraf_x509_metrics: true + +################################################## +# der CNAME muss vorher eingerichtet werden! # +################################################## diff --git a/playbooks/service/pve.yml b/playbooks/service/pve.yml new file mode 100644 index 00000000..2b0c693f --- /dev/null +++ b/playbooks/service/pve.yml @@ -0,0 +1,13 @@ +--- +- hosts: virt + roles: + - { role: mgrote.pve_nag-buster, tags: "nag-buster" } + - { role: mgrote.apcupsd, tags: "apcupsd" } + - { role: mgrote.smart, tags: "smart" } + - { role: mgrote.zfs_tools, tags: "zfs_tools" } + - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.sanoid, tags: "sanoid" } + - { role: mgrote.ecc-rasdaemon, + tags: "ecc", + when: "'virtproduction' in group_names" } + - { role: mgrote.cv4pve-autosnap, tags: "cv4pve" } diff --git a/roles/gantsign.ctop/.editorconfig b/roles/gantsign.ctop/.editorconfig new file mode 100644 index 00000000..c30c09d8 --- /dev/null +++ b/roles/gantsign.ctop/.editorconfig @@ -0,0 +1,27 @@ +# EditorConfig: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Defaults for all editor files +[*] +insert_final_newline = true +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true + +# YAML is fussy about indenting and charset +[*.yml] +indent_style = space +indent_size = 2 +continuation_indent_size = unset +charset = utf-8 + +# Markdown is fussy about indenting +[*.md] +indent_style = space +indent_size = 4 + +# Jinja2 template files +[*.j2] +end_of_line = lf diff --git a/roles/gantsign.ctop/.gitattributes b/roles/gantsign.ctop/.gitattributes new file mode 100644 index 00000000..ea7ae0f9 --- /dev/null +++ b/roles/gantsign.ctop/.gitattributes @@ -0,0 +1,47 @@ + +# Set the default behavior, in case people don't have core.autocrlf set. +* text=auto + +# Explicitly declare text files you want to always be normalized and converted +# to native line endings on checkout. +LICENSE text +.editorconfig text +.gitattributes text +.gitignore text +.yamllint text +*.cfg text +*.css text +*.htm text +*.html text +*.js text +*.json text +*.less text +*.md text +*.py text +*.scss text +*.ts text +*.txt text +*.xhtml text +*.xml text +*.yaml text +*.yml text + +# Declare files that will always have CRLF line endings on checkout. +*.bat text eol=crlf +*.cmd text eol=crlf + +# Declare files that will always have LF line endings on checkout. +*.conf eol=lf +*.desktop eol=lf +*.j2 eol=lf +*.service eol=lf +*.sh text eol=lf + +# Denote all files that are truly binary and should not be modified. +*.eot binary +*.gif binary +*.jpeg binary +*.jpg binary +*.png binary +*.tff binary +*.woff binary diff --git a/roles/gantsign.ctop/.gitignore b/roles/gantsign.ctop/.gitignore new file mode 100644 index 00000000..81318854 --- /dev/null +++ b/roles/gantsign.ctop/.gitignore @@ -0,0 +1,297 @@ +# Created by https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible + +### Ansible ### +*.retry + +### Eclipse ### + +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# CDT- autotools +.autotools + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Annotation Processing +.apt_generated/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet + +### Eclipse Patch ### +# Eclipse Core +.project + +# JDT-specific (Eclipse Java Development Tools) +.classpath + +# Annotation Processing +.apt_generated + +### Emacs ### +# -*- mode: gitignore; -*- +*~ +\#*\# +/.emacs.desktop +/.emacs.desktop.lock +*.elc +auto-save-list +tramp +.\#* + +# Org-mode +.org-id-locations +*_archive + +# flymake-mode +*_flymake.* + +# eshell files +/eshell/history +/eshell/lastdir + +# elpa packages +/elpa/ + +# reftex files +*.rel + +# AUCTeX auto folder +/auto/ + +# cask packages +.cask/ +dist/ + +# Flycheck +flycheck_*.el + +# server auth directory +/server/ + +# projectiles files +.projectile + +# directory configuration +.dir-locals.el + +### Intellij ### +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/modules.xml +# .idea/*.iml +# .idea/modules + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +### Intellij Patch ### +# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 + +# *.iml +# modules.xml +# .idea/misc.xml +# *.ipr + +# Sonarlint plugin +.idea/sonarlint + +### Linux ### + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### OSX ### +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### Vim ### +# Swap +[._]*.s[a-v][a-z] +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim + +# Temporary +.netrwhist +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + + +# End of https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible + +#################### +### Custom rules ### +#################### + +### Molecule ### + +__pycache__ +.cache +.molecule diff --git a/roles/gantsign.ctop/.moleculew/ansible_version b/roles/gantsign.ctop/.moleculew/ansible_version new file mode 100644 index 00000000..dedcc7d4 --- /dev/null +++ b/roles/gantsign.ctop/.moleculew/ansible_version @@ -0,0 +1 @@ +2.9.1 diff --git a/roles/gantsign.ctop/.moleculew/molecule_version b/roles/gantsign.ctop/.moleculew/molecule_version new file mode 100644 index 00000000..4699fb07 --- /dev/null +++ b/roles/gantsign.ctop/.moleculew/molecule_version @@ -0,0 +1 @@ +2.22 diff --git a/roles/gantsign.ctop/.moleculew/python_version b/roles/gantsign.ctop/.moleculew/python_version new file mode 100644 index 00000000..f24054fd --- /dev/null +++ b/roles/gantsign.ctop/.moleculew/python_version @@ -0,0 +1 @@ +2.7.15 diff --git a/roles/gantsign.ctop/.travis.yml b/roles/gantsign.ctop/.travis.yml new file mode 100644 index 00000000..29d19362 --- /dev/null +++ b/roles/gantsign.ctop/.travis.yml @@ -0,0 +1,77 @@ +--- +language: python +python: '2.7' + +env: + global: + - MOLECULEW_USE_SYSTEM=true + +# Spin off separate builds for each of the following versions +# of Ansible and Linux. +jobs: + include: + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=centos + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=debian_max + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=debian_min + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=ubuntu_max + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=ubuntu_min + - env: + - MOLECULEW_ANSIBLE=2.7.15 + - MOLECULE_SCENARIO=opensuse + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=centos + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=debian_max + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=debian_min + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=ubuntu_max + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=ubuntu_min + - env: + - MOLECULEW_ANSIBLE=2.9.1 + - MOLECULE_SCENARIO=opensuse + +# Require Ubuntu 16.04 +dist: xenial + +# Require Docker +services: + - docker + +install: + # Install dependencies + - ./moleculew wrapper-install + + # Display versions + - ./moleculew wrapper-versions + +script: + - ./moleculew test --scenario-name=$MOLECULE_SCENARIO + +cache: + directories: + - $HOME/.moleculew + +branches: + only: + - master + - /^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)([\.\-].*)?$/ + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/gantsign.ctop/.yamllint b/roles/gantsign.ctop/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/roles/gantsign.ctop/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/roles/gantsign.ctop/LICENSE b/roles/gantsign.ctop/LICENSE new file mode 100644 index 00000000..4add3620 --- /dev/null +++ b/roles/gantsign.ctop/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 GantSign Ltd. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/gantsign.ctop/README.md b/roles/gantsign.ctop/README.md new file mode 100644 index 00000000..1b1a2efd --- /dev/null +++ b/roles/gantsign.ctop/README.md @@ -0,0 +1,156 @@ +Ansible Role: ctop +================== + +[![Build Status](https://travis-ci.com/gantsign/ansible_role_ctop.svg?branch=master)](https://travis-ci.com/gantsign/ansible_role_ctop) +[![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-gantsign.ctop-blue.svg)](https://galaxy.ansible.com/gantsign/ctop) +[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/gantsign/ansible_role_ctop/master/LICENSE) + +Role to download and install [ctop](https://ctop.sh) the top-like interface for +container metrics. View CPU, RAM and network I/O for your Docker containers at +a glance from your terminal. + +Requirements +------------ + +* Ansible >= 2.7 + +* Linux Distribution + + * Debian Family + + * Debian + + * Jessie (8) + * Stretch (9) + + * Ubuntu + + * Xenial (16.04) + * Bionic (18.04) + + * RedHat Family + + * CentOS + + * 7 + + * Fedora + + * 31 + + * SUSE Family + + * openSUSE + + * 15.1 + + * Note: other versions are likely to work but have not been tested. + +* Docker (already installed) + +Role Variables +-------------- + +The following variables will change the behavior of this role (default values +are shown below): + +```yaml +# ctop version number +ctop_version: '0.7.3' + +# SHA256 sum for the ctop redistributable +ctop_redis_sha256sum: '54598d424396cbe25646e097b47d76a55d475c29ae4c3111548141a3ecfb7fc1' + +# Directory to store files downloaded for ctop +ctop_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" +``` + +Example Playbook +---------------- + +```yaml +- hosts: servers + roles: + - role: gantsign.ctop +``` + +Tab Completion for Zsh +---------------------- + +### Using Ansible + +We recommend using the +[gantsign.antigen](https://galaxy.ansible.com/gantsign/antigen) role to enable +tab completion for ctop (this must be configured for each user). + +```yaml +- hosts: servers + roles: + - role: gantsign.ctop + + - role: gantsign.antigen + users: + - username: example + antigen_bundles: + - name: ctop + url: gantsign/zsh-plugins + location: ctop +``` + +### Using Antigen + +If you prefer to use [Antigen](https://github.com/zsh-users/antigen) directly +add the following to your Antigen configuration: + +```bash +antigen bundle gantsign/zsh-plugins ctop +``` + +More Roles From GantSign +------------------------ + +You can find more roles from GantSign on +[Ansible Galaxy](https://galaxy.ansible.com/gantsign). + +Development & Testing +--------------------- + +This project uses [Molecule](http://molecule.readthedocs.io/) to aid in the +development and testing; the role is unit tested using +[Testinfra](http://testinfra.readthedocs.io/) and +[pytest](http://docs.pytest.org/). + +To develop or test you'll need to have installed the following: + +* Linux (e.g. [Ubuntu](http://www.ubuntu.com/)) +* [Docker](https://www.docker.com/) +* [Python](https://www.python.org/) (including python-pip) +* [Ansible](https://www.ansible.com/) +* [Molecule](http://molecule.readthedocs.io/) + +Because the above can be tricky to install, this project includes +[Molecule Wrapper](https://github.com/gantsign/molecule-wrapper). Molecule +Wrapper is a shell script that installs Molecule and it's dependencies (apart +from Linux) and then executes Molecule with the command you pass it. + +To test this role using Molecule Wrapper run the following command from the +project root: + +```bash +./moleculew test +``` + +Note: some of the dependencies need `sudo` permission to install. + +License +------- + +MIT + +Author Information +------------------ + +John Freeman + +GantSign Ltd. +Company No. 06109112 (registered in England) diff --git a/roles/gantsign.ctop/defaults/main.yml b/roles/gantsign.ctop/defaults/main.yml new file mode 100644 index 00000000..61835a0f --- /dev/null +++ b/roles/gantsign.ctop/defaults/main.yml @@ -0,0 +1,9 @@ +--- +# ctop version number +ctop_version: '0.7.3' + +# SHA256 sum for the ctop redistributable +ctop_redis_sha256sum: '54598d424396cbe25646e097b47d76a55d475c29ae4c3111548141a3ecfb7fc1' + +# Directory to store files downloaded for ctop +ctop_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" diff --git a/roles/gantsign.ctop/handlers/main.yml b/roles/gantsign.ctop/handlers/main.yml new file mode 100644 index 00000000..5b6f86c4 --- /dev/null +++ b/roles/gantsign.ctop/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ansible_role_ctop diff --git a/roles/gantsign.ctop/meta/main.yml b/roles/gantsign.ctop/meta/main.yml new file mode 100644 index 00000000..b6bcf34b --- /dev/null +++ b/roles/gantsign.ctop/meta/main.yml @@ -0,0 +1,31 @@ +--- +galaxy_info: + author: John Freeman + role_name: ctop + description: Ansible role for downloading and installing ctop. + company: GantSign Ltd. + license: MIT + min_ansible_version: 2.7 + platforms: + - name: EL + versions: + - 7 + - name: Fedora + versions: + - 31 + - name: Ubuntu + versions: + - xenial + - bionic + - name: Debian + versions: + - jessie + - stretch + - name: opensuse + versions: + - 15.1 + galaxy_tags: + - ctop + - docker + - development +dependencies: [] diff --git a/roles/gantsign.ctop/molecule/centos/INSTALL.rst b/roles/gantsign.ctop/molecule/centos/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/centos/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/centos/molecule.yml b/roles/gantsign.ctop/molecule/centos/molecule.yml new file mode 100644 index 00000000..a862c894 --- /dev/null +++ b/roles/gantsign.ctop/molecule/centos/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_centos + image: centos:7 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: centos + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst b/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/debian_max/molecule.yml b/roles/gantsign.ctop/molecule/debian_max/molecule.yml new file mode 100644 index 00000000..c1263f8b --- /dev/null +++ b/roles/gantsign.ctop/molecule/debian_max/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_debian_max + image: debian:9 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: debian_max + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst b/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/debian_min/molecule.yml b/roles/gantsign.ctop/molecule/debian_min/molecule.yml new file mode 100644 index 00000000..392bf5e4 --- /dev/null +++ b/roles/gantsign.ctop/molecule/debian_min/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_debian_min + image: debian:8 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: debian_min + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/default/Dockerfile.j2 b/roles/gantsign.ctop/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..0de39e63 --- /dev/null +++ b/roles/gantsign.ctop/molecule/default/Dockerfile.j2 @@ -0,0 +1,22 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi diff --git a/roles/gantsign.ctop/molecule/default/INSTALL.rst b/roles/gantsign.ctop/molecule/default/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/default/molecule.yml b/roles/gantsign.ctop/molecule/default/molecule.yml new file mode 100644 index 00000000..caa58a7f --- /dev/null +++ b/roles/gantsign.ctop/molecule/default/molecule.yml @@ -0,0 +1,26 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_default + image: ubuntu:18.04 + +provisioner: + name: ansible + lint: + name: ansible-lint + +scenario: + name: default + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/default/playbook.yml b/roles/gantsign.ctop/molecule/default/playbook.yml new file mode 100644 index 00000000..e2368af7 --- /dev/null +++ b/roles/gantsign.ctop/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible_role_ctop diff --git a/roles/gantsign.ctop/molecule/default/tests/test_role.py b/roles/gantsign.ctop/molecule/default/tests/test_role.py new file mode 100644 index 00000000..8eede6b3 --- /dev/null +++ b/roles/gantsign.ctop/molecule/default/tests/test_role.py @@ -0,0 +1,30 @@ +import os + +import testinfra.utils.ansible_runner + +import re + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_dir(host): + dir = host.file('/usr/local/bin') + assert dir.exists + assert dir.is_directory + assert dir.user == 'root' + assert dir.group == 'root' + + +def test_file(host): + installed_file = host.file('/usr/local/bin/ctop') + assert installed_file.exists + assert installed_file.is_file + assert installed_file.user == 'root' + assert installed_file.group == 'root' + + +def test_version(host): + version = host.check_output('ctop -v') + pattern = 'ctop version [0-9\\.]+' + assert re.search(pattern, version) diff --git a/roles/gantsign.ctop/molecule/fedora/INSTALL.rst b/roles/gantsign.ctop/molecule/fedora/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/fedora/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/fedora/molecule.yml b/roles/gantsign.ctop/molecule/fedora/molecule.yml new file mode 100644 index 00000000..d4bb59a3 --- /dev/null +++ b/roles/gantsign.ctop/molecule/fedora/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_fedora + image: fedora:31 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: fedora + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst b/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/opensuse/molecule.yml b/roles/gantsign.ctop/molecule/opensuse/molecule.yml new file mode 100644 index 00000000..4ef88a64 --- /dev/null +++ b/roles/gantsign.ctop/molecule/opensuse/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_opensuse + image: opensuse/leap:15.1 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: opensuse + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst b/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml b/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml new file mode 100644 index 00000000..97599dea --- /dev/null +++ b/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_ubuntu_max + image: ubuntu:18.04 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: ubuntu_max + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst b/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml b/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml new file mode 100644 index 00000000..f9d8134f --- /dev/null +++ b/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: + name: yamllint + +platforms: + - name: ansible_role_ctop_ubuntu_min + image: ubuntu:16.04 + dockerfile: ../default/Dockerfile.j2 + +provisioner: + name: ansible + playbooks: + converge: ../default/playbook.yml + lint: + name: ansible-lint + +scenario: + name: ubuntu_min + +verifier: + name: testinfra + directory: ../default/tests + lint: + name: flake8 diff --git a/roles/gantsign.ctop/moleculew b/roles/gantsign.ctop/moleculew new file mode 100644 index 00000000..952183b5 --- /dev/null +++ b/roles/gantsign.ctop/moleculew @@ -0,0 +1,736 @@ +#!/usr/bin/env bash + +# MIT License +# +# Copyright (c) 2018 GantSign Ltd. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + + +# Molecule Wrapper the wrapper script for Molecule +# https://github.com/gantsign/molecule-wrapper + +set -e + +WRAPPER_VERSION=0.9.12 + +VERSION_DIR='.moleculew' +PYTHON_VERSION_FILE="$VERSION_DIR/python_version" +ANSIBLE_VERSION_FILE="$VERSION_DIR/ansible_version" +MOLECULE_VERSION_FILE="$VERSION_DIR/molecule_version" + +BUILD_DEPENDENCIES_INSTALLLED=false +PYENV_INSTALLED=false + +ANSIBLE_VERSION='' +MOLECULE_VERSION='' +PYTHON_VERSION='' +USE_SYSTEM_DEPENDENCIES=false + +PRE_ARGS=() +MOLECULE_CMD='' +POST_ARGS=() + +export PATH="$HOME/.pyenv/bin:$HOME/.local/bin:$PATH" + +hr() { + for ((i = 1; i <= 80; i++)); do + printf '*' + done + echo '' +} + +banner() { + hr + echo "$1" + hr +} + +run_as_root() { + if [[ $EUID -eq 0 ]]; then + "$@" + elif [ -x "$(command -v sudo)" ]; then + sudo "$@" + else + echo "Error: sudo is not installed" >&2 + exit 1 + fi +} + +build_dependencies_present() { + if [[ $BUILD_DEPENDENCIES_INSTALLLED == true ]]; then + return + fi + if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then + return + fi + # https://github.com/pyenv/pyenv/wiki/common-build-problems + if [[ -x "$(command -v apt-get)" ]]; then + banner 'Installing build dependencies' + + run_as_root apt-get update + run_as_root apt-get install --assume-yes \ + make build-essential libssl-dev zlib1g-dev libbz2-dev \ + libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \ + libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev \ + git jq + echo '' + elif [[ -x "$(command -v dnf)" ]]; then + banner 'Installing build dependencies' + + run_as_root dnf install \ + zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ + openssl-devel xz xz-devel libffi-devel \ + git curl jq + echo '' + elif [[ -x "$(command -v yum)" ]]; then + banner 'Installing build dependencies' + + run_as_root yum install \ + zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ + openssl-devel xz xz-devel libffi-devel \ + git curl jq + echo '' + elif [[ -x "$(command -v zypper)" ]]; then + banner 'Installing build dependencies' + + run_as_root zypper install \ + zlib-devel bzip2 libbz2-devel readline-devel sqlite3 sqlite3-devel \ + libopenssl-devel xz xz-devel \ + git curl jq + echo '' + fi + BUILD_DEPENDENCIES_INSTALLLED=true +} + +pyenv_present() { + if [[ $PYENV_INSTALLED == true ]]; then + return + fi + if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then + return + fi + if [[ -x "$(command -v pyenv)" ]]; then + PYENV_INSTALLED=true + return + fi + + build_dependencies_present + + banner "Installing pyenv for user $USER" + bash <(curl --location https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer) + echo '' + PYENV_INSTALLED=true +} + +query_latest_python_version2() { + pyenv_present + + PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^2\.' | grep --invert-match '\-dev$' | tail -1)" +} + +query_latest_python_version3() { + pyenv_present + + PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^3\.' | grep --invert-match '\-dev$' | tail -1)" +} + +query_latest_package_version() { + if [[ ! -x "$(command -v curl)" ]]; then + build_dependencies_present + fi + if [[ ! -x "$(command -v jq)" ]]; then + build_dependencies_present + fi + if [[ ! -x "$(command -v curl)" ]]; then + echo 'Error: curl is not installed.' >&2 + exit 1 + fi + if [[ ! -x "$(command -v jq)" ]]; then + echo 'Error: jq is not installed.' >&2 + exit 1 + fi + + local version + # shellcheck disable=SC2034 + version=$(curl --fail --silent --show-error --location "https://pypi.org/pypi/$2/json" | jq --raw-output '.info.version') + + eval "$1=\"\$version\"" +} + +docker_present() { + if [[ -x "$(command -v docker)" ]]; then + return + fi + if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then + echo 'Error: docker is not installed.' >&2 + exit 1 + fi + + build_dependencies_present + + banner 'Installing Docker' + sh <(curl --fail --silent --show-error --location https://get.docker.com) + run_as_root usermod --append --groups docker "$USER" + banner "User '$USER' has been added to the 'docker' group. Logout/restart and log back in for changes to take effect." + exit +} + +python_present() { + if [[ $PYTHON_VERSION == system ]]; then + if [[ ! -x "$(command -v python)" ]]; then + echo 'Error: python is not installed.' >&2 + exit 1 + fi + if [[ ! -x "$(command -v pip)" ]]; then + echo 'Error: pip is not installed.' >&2 + exit 1 + fi + PYTHON_EXE="$(command -v python)" + else + if [[ ! -x "$(command -v git)" ]]; then + echo 'Error: git is not installed.' >&2 + exit 1 + fi + + pyenv_present + + export PYENV_VERSION="$PYTHON_VERSION" + if [[ ! -d "$HOME/.pyenv/versions/$PYTHON_VERSION" ]]; then + build_dependencies_present + + banner "Making Python version $PYTHON_VERSION available using pyenv" + pyenv install "$PYTHON_VERSION" + echo '' + fi + eval "$(pyenv init -)" + PYTHON_EXE="$(pyenv which python)" + fi +} + +virtualenv_presant() { + if [[ ! -x "$(command -v virtualenv)" ]]; then + banner "Installing virtualenv for user $USER" + pip install --user virtualenv + echo '' + fi +} + +install_ansible() { + banner "Installing Ansible $ANSIBLE_VERSION into virtualenv $VIRTUAL_ENV" + pip install "ansible==$ANSIBLE_VERSION" + echo '' +} + +install_molecule() { + banner "Installing Molecule $MOLECULE_VERSION into virtualenv $VIRTUAL_ENV" + + # Workaround https://github.com/ansible-community/molecule/issues/2676 + pip install 'sh==1.12.14' + + pip install "molecule[docker]==$MOLECULE_VERSION" + echo '' +} + +wrapper_clean() { + local MOLECULE_WRAPPER_HOME="$HOME/.moleculew" + read -r -p "Delete ${MOLECULE_WRAPPER_HOME} (y/n)? " yn + case $yn in + [Yy]|YES|yes|Yes) + rm -rf "$MOLECULE_WRAPPER_HOME"; + exit + ;; + *) + exit + ;; + esac +} + +wrapper_upgrade() { + curl --fail --silent --show-error --location --output moleculew.new \ + 'https://raw.githubusercontent.com/gantsign/molecule-wrapper/master/moleculew' \ + && chmod 'u+x' moleculew.new \ + && mv --force moleculew.new moleculew + + local NEW_VERSION + NEW_VERSION="$(./moleculew wrapper-version)" + if [ "$WRAPPER_VERSION" != "$NEW_VERSION" ]; then + echo "Upgraded wrapper from version $WRAPPER_VERSION to $NEW_VERSION" + else + echo "You are already using the latest version" + fi + exit +} + +wrapper_version() { + echo "$WRAPPER_VERSION" + exit +} + +print_versions() { + echo "Python: $PYTHON_VERSION" + echo "Ansible: $ANSIBLE_VERSION" + echo "Molecule: $MOLECULE_VERSION" +} + +wrapper_versions() { + detemine_versions + + print_versions + exit +} + +wrapper_freeze() { + detemine_versions + + banner 'Freezing versions' + + mkdir -p "$VERSION_DIR" + + echo "$PYTHON_VERSION" > "$PYTHON_VERSION_FILE" + echo "$ANSIBLE_VERSION" > "$ANSIBLE_VERSION_FILE" + echo "$MOLECULE_VERSION" > "$MOLECULE_VERSION_FILE" + + print_versions + + exit +} + +wrapper_unfreeze() { + banner 'Un-freezing versions' + + if [[ -f "$PYTHON_VERSION_FILE" ]]; then + rm --verbose "$PYTHON_VERSION_FILE" + fi + if [[ -f "$ANSIBLE_VERSION_FILE" ]]; then + rm --verbose "$ANSIBLE_VERSION_FILE" + fi + if [[ -f "$MOLECULE_VERSION_FILE" ]]; then + rm --verbose "$MOLECULE_VERSION_FILE" + fi + exit +} + +wrapper_upgrade_versions() { + detemine_versions + + banner 'Upgrading versions' + + local CURRENT_PYTHON_VERSION="$PYTHON_VERSION" + local CURRENT_ANSIBLE_VERSION="$ANSIBLE_VERSION" + local CURRENT_MOLECULE_VERSION="$MOLECULE_VERSION" + + query_latest_python_version2 + query_latest_package_version ANSIBLE_VERSION ansible + query_latest_package_version MOLECULE_VERSION molecule + echo '' + + echo 'New versions:' + if [[ "$CURRENT_PYTHON_VERSION" == "$PYTHON_VERSION" ]]; then + echo "Python: $CURRENT_PYTHON_VERSION (no change)" + else + echo "Python: $CURRENT_PYTHON_VERSION -> $PYTHON_VERSION" + fi + + if [[ "$CURRENT_ANSIBLE_VERSION" == "$ANSIBLE_VERSION" ]]; then + echo "Ansible: $CURRENT_ANSIBLE_VERSION (no change)" + else + echo "Ansible: $CURRENT_ANSIBLE_VERSION -> $ANSIBLE_VERSION" + fi + + if [[ "$CURRENT_MOLECULE_VERSION" == "$MOLECULE_VERSION" ]]; then + echo "Molecule: $CURRENT_MOLECULE_VERSION (no change)" + else + echo "Molecule: $CURRENT_MOLECULE_VERSION -> $MOLECULE_VERSION" + fi + echo '' + + wrapper_freeze +} + +wrapper_help() { + activate_virtualenv + + molecule --help + + echo " +Molecule Wrapper + +Additional options: + --ansible VERSION Use the specified version of Ansible + --molecule VERSION Use the specified version of Molecule + --python VERSION Use the specified version of Python + --use-system-dependencies Use system dependencies + +Additional commands: + wrapper-clean Removes all the wrapper virtual environments + wrapper-freeze Freezes the dependency versions being used + wrapper-unfreeze Un-freezes the dependency versions + wrapper-upgrade Upgrades the Molecule Wrapper to the latest version + wrapper-upgrade-versions Upgrades any frozen dependency versions + wrapper-version Displays the current version of Molecule Wrapper +" +} + +query_package_versions() { + local package_name="$1" + local min_version="$2" + + if [[ ! -x "$(command -v curl)" ]]; then + build_dependencies_present > /dev/null + fi + if [[ ! -x "$(command -v jq)" ]]; then + build_dependencies_present > /dev/null + fi + if [[ ! -x "$(command -v curl)" ]]; then + echo 'Error: curl is not installed.' >&2 + exit 1 + fi + if [[ ! -x "$(command -v jq)" ]]; then + echo 'Error: jq is not installed.' >&2 + exit 1 + fi + if [[ ! -x "$(command -v sort)" ]]; then + echo 'Error: sort is not installed.' >&2 + exit 1 + fi + + for i in $(curl --fail --silent --show-error \ + --location "https://pypi.org/pypi/$package_name/json" \ + | jq --raw-output ".releases | keys | .[], \"$min_version.\"" \ + | grep --invert-match '[a-zA-Z]' \ + | sort --version-sort --reverse) ; do + if [[ "$i" == "$min_version." ]]; then + break + fi + echo "$i" + done +} + +wrapper_options_ansible() { + echo 'latest' + query_package_versions 'ansible' '2.7' +} + +wrapper_options_molecule() { + echo 'latest' + query_package_versions 'molecule' '2.20' +} + +wrapper_options_python() { + if [[ ! -x "$(command -v sort)" ]]; then + echo 'Error: sort is not installed.' >&2 + exit 1 + fi + + pyenv_present > /dev/null + + local min_version='2.7' + + echo 'latest' + + for i in $( (echo "$min_version." && \ + ~/.pyenv/plugins/python-build/bin/python-build --definitions) \ + | grep --color=never '^[0-9]' \ + | grep --invert-match '\-dev$' \ + | sort --version-sort --reverse) ; do + if [[ "$i" == "$min_version." ]]; then + break + fi + echo "$i" + done +} + +wrapper_options_scenario() { + if [ -f 'moleculew' ]; then + activate_virtualenv > /dev/null + fi + python << EOF +import os +import sys + +import six +import yaml + + +molecule_dir = 'molecule' +if not os.path.isdir(molecule_dir): + sys.exit() + +scenarios = [] +default = False + +for filename in os.listdir(molecule_dir): + scenario_dir = os.path.join(molecule_dir, filename) + if not os.path.isdir(scenario_dir): + continue + + molecule_yaml = os.path.join(scenario_dir, 'molecule.yml') + if not os.path.isfile(molecule_yaml): + continue + + with open(molecule_yaml, 'r') as stream: + try: + contents = yaml.safe_load(stream) + except yaml.YAMLError as exc: + continue + + if not isinstance(contents, dict): + continue + + scenario = contents.get('scenario') + if scenario is None: + continue + if not isinstance(scenario, dict): + continue + + name = scenario.get('name') + if name is None: + continue + if not isinstance(name, six.string_types): + continue + + if name == 'default': + default = True + else: + scenarios.append(name) + +scenarios.sort() +if default: + scenarios.append('default') + +for scenario in scenarios: + print(scenario) +EOF +} + +wrapper_virtualenv() { + activate_virtualenv > /dev/null + echo "$VIRTUAL_ENV" +} + +parse_args() { + set +e + + while [[ $# -gt 0 ]]; do + key="$1" + + case $key in + --python=*) + PYTHON_VERSION="${1#*=}" + shift + ;; + --python) + shift + PYTHON_VERSION="$1" + shift + ;; + --ansible=*) + ANSIBLE_VERSION="${1#*=}" + shift + ;; + --ansible) + shift + ANSIBLE_VERSION="$1" + shift + ;; + --molecule=*) + MOLECULE_VERSION="${1#*=}" + shift + ;; + --molecule) + shift + MOLECULE_VERSION="$1" + shift + ;; + --use-system-dependencies) + USE_SYSTEM_DEPENDENCIES=true + shift + ;; + --help) + MOLECULE_CMD='wrapper-help' + break + ;; + wrapper-*) + MOLECULE_CMD="$1" + shift + ;; + check|converge|create|dependency|destroy|idempotence|init|lint|list|login|matrix|prepare|side-effect|syntax|test|verify) + if [[ "$MOLECULE_CMD" != '' ]]; then + shift + else + MOLECULE_CMD="$1" + shift + for arg in "$@"; do + POST_ARGS+=("$arg") + done + break + fi + ;; + *) + PRE_ARGS+=("$1") + shift + ;; + esac + done + set -e +} + +detemine_versions() { + if [[ $USE_SYSTEM_DEPENDENCIES == false ]]; then + USE_SYSTEM_DEPENDENCIES="$MOLECULEW_USE_SYSTEM" + fi + if [[ $PYTHON_VERSION == '' ]]; then + PYTHON_VERSION="$MOLECULEW_PYTHON" + fi + if [[ $ANSIBLE_VERSION == '' ]]; then + ANSIBLE_VERSION="$MOLECULEW_ANSIBLE" + fi + if [[ $MOLECULE_VERSION == '' ]]; then + MOLECULE_VERSION="$MOLECULEW_MOLECULE" + fi + + if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then + if [[ $PYTHON_VERSION != '' ]]; then + echo "Error: --python and --use-system-dependencies cannot be used together" >&2 + exit 1 + fi + PYTHON_VERSION=system + elif [[ $PYTHON_VERSION == '' ]] || [[ $PYTHON_VERSION == 'default' ]]; then + if [[ -f $PYTHON_VERSION_FILE ]]; then + PYTHON_VERSION=$(<"$PYTHON_VERSION_FILE") + fi + if [[ $PYTHON_VERSION == '' ]]; then + query_latest_python_version2 + fi + elif [[ $PYTHON_VERSION == 'latest' ]] || [[ $PYTHON_VERSION == 'latest2' ]]; then + query_latest_python_version2 + elif [[ $PYTHON_VERSION == 'latest3' ]]; then + query_latest_python_version3 + fi + + if [[ $ANSIBLE_VERSION == '' ]] || [[ $ANSIBLE_VERSION == 'default' ]]; then + if [[ -f $ANSIBLE_VERSION_FILE ]]; then + ANSIBLE_VERSION=$(<"$ANSIBLE_VERSION_FILE") + fi + if [[ $ANSIBLE_VERSION == '' ]]; then + query_latest_package_version ANSIBLE_VERSION ansible + fi + elif [[ $ANSIBLE_VERSION == 'latest' ]]; then + query_latest_package_version ANSIBLE_VERSION ansible + fi + + if [[ $MOLECULE_VERSION == '' ]] || [[ $MOLECULE_VERSION == 'default' ]]; then + if [[ -f $MOLECULE_VERSION_FILE ]]; then + MOLECULE_VERSION=$(<$MOLECULE_VERSION_FILE) + fi + if [[ $MOLECULE_VERSION == '' ]]; then + query_latest_package_version MOLECULE_VERSION molecule + fi + elif [[ $MOLECULE_VERSION == 'latest' ]]; then + query_latest_package_version MOLECULE_VERSION molecule + fi +} + +activate_virtualenv() { + detemine_versions + + MOLECULE_WRAPPER_ENV="$HOME/.moleculew/molecule/$MOLECULE_VERSION/ansible/$ANSIBLE_VERSION/python/$PYTHON_VERSION" + + if [ ! -f "$MOLECULE_WRAPPER_ENV/bin/activate" ]; then + + build_dependencies_present + + docker_present + + python_present + + virtualenv_presant + + banner "Initializing virtualenv $MOLECULE_WRAPPER_ENV" + virtualenv "--python=$PYTHON_EXE" "$MOLECULE_WRAPPER_ENV" + # shellcheck disable=SC1090 + source "$MOLECULE_WRAPPER_ENV/bin/activate" + echo '' + + install_ansible + + install_molecule + else + # shellcheck disable=SC1090 + source "$MOLECULE_WRAPPER_ENV/bin/activate" + fi +} + +parse_args "$@" + +case $MOLECULE_CMD in + wrapper-clean) + wrapper_clean + ;; + wrapper-freeze) + wrapper_freeze + ;; + wrapper-help) + wrapper_help + ;; + wrapper-install) + activate_virtualenv + ;; + wrapper-options-ansible) + wrapper_options_ansible + ;; + wrapper-options-molecule) + wrapper_options_molecule + ;; + wrapper-options-python) + wrapper_options_python + ;; + wrapper-options-scenario) + wrapper_options_scenario + ;; + wrapper-unfreeze) + wrapper_unfreeze + ;; + wrapper-upgrade) + wrapper_upgrade + ;; + wrapper-upgrade-versions) + wrapper_upgrade_versions + ;; + wrapper-version) + wrapper_version + ;; + wrapper-versions) + wrapper_versions + ;; + wrapper-virtualenv) + wrapper_virtualenv + ;; + wrapper-*) + echo "Unsupported command: $1" >&2 + exit 1 + ;; + *) + activate_virtualenv + + # shellcheck disable=SC2086 + exec molecule "${PRE_ARGS[@]}" $MOLECULE_CMD "${POST_ARGS[@]}" + ;; +esac diff --git a/roles/gantsign.ctop/tasks/main.yml b/roles/gantsign.ctop/tasks/main.yml new file mode 100644 index 00000000..d14549ca --- /dev/null +++ b/roles/gantsign.ctop/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: create download directory + file: + state: directory + mode: 'u=rwx,go=rx' + dest: '{{ ctop_download_dir }}' + +- name: download ctop + get_url: + url: '{{ ctop_mirror }}/{{ ctop_redis_filename }}' + dest: '{{ ctop_download_dir }}/{{ ctop_redis_filename }}' + checksum: 'sha256:{{ ctop_redis_sha256sum }}' + mode: 'u=rw,go=r' + +- name: create the ctop installation dir + become: yes + file: + state: directory + owner: root + group: root + mode: 'u=rwx,go=rx' + dest: '{{ ctop_install_dir }}' + +- name: install ctop + become: yes + copy: + src: '{{ ctop_download_dir }}/{{ ctop_redis_filename }}' + remote_src: yes + dest: '{{ ctop_install_path }}' + force: yes + mode: 'u=rwx,go=rx' diff --git a/roles/gantsign.ctop/vars/main.yml b/roles/gantsign.ctop/vars/main.yml new file mode 100644 index 00000000..1afc4eec --- /dev/null +++ b/roles/gantsign.ctop/vars/main.yml @@ -0,0 +1,18 @@ +--- +# Dir where ctop should be installed +ctop_install_dir: '/usr/local/bin' + +# Path where ctop should be installed +ctop_install_path: '{{ ctop_install_dir }}/ctop' + +# Mirror to download the ctop from +ctop_mirror: 'https://github.com/bcicen/ctop/releases/download/v{{ ctop_version }}' + +# The OS of the ctop redistributable +ctop_os: 'linux' + +# The CPU architecture of the ctop redistributable +ctop_architecture: 'amd64' + +# File name of the ctop redistributable file +ctop_redis_filename: 'ctop-{{ ctop_version }}-{{ ctop_os }}-{{ ctop_architecture }}' diff --git a/roles/geerlingguy.docker/.ansible-lint b/roles/geerlingguy.docker/.ansible-lint new file mode 100644 index 00000000..47785641 --- /dev/null +++ b/roles/geerlingguy.docker/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '306' diff --git a/roles/geerlingguy.docker/.github/FUNDING.yml b/roles/geerlingguy.docker/.github/FUNDING.yml new file mode 100644 index 00000000..96b49383 --- /dev/null +++ b/roles/geerlingguy.docker/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.docker/.github/stale.yml b/roles/geerlingguy.docker/.github/stale.yml new file mode 100644 index 00000000..3ac21f9a --- /dev/null +++ b/roles/geerlingguy.docker/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale +--- +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.docker/.gitignore b/roles/geerlingguy.docker/.gitignore new file mode 100644 index 00000000..f56f5b57 --- /dev/null +++ b/roles/geerlingguy.docker/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.docker/.travis.yml b/roles/geerlingguy.docker/.travis.yml new file mode 100644 index 00000000..40c8f5b9 --- /dev/null +++ b/roles/geerlingguy.docker/.travis.yml @@ -0,0 +1,33 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: docker + matrix: + - MOLECULE_DISTRO: centos8 + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: ubuntu2004 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: debian10 + - MOLECULE_DISTRO: debian9 + - MOLECULE_DISTRO: fedora31 + +install: + # Install test dependencies. + - pip install molecule yamllint ansible-lint docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.docker/.yamllint b/roles/geerlingguy.docker/.yamllint new file mode 100644 index 00000000..7aeec5a4 --- /dev/null +++ b/roles/geerlingguy.docker/.yamllint @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 200 + level: warning diff --git a/roles/geerlingguy.docker/LICENSE b/roles/geerlingguy.docker/LICENSE new file mode 100644 index 00000000..4275cf3c --- /dev/null +++ b/roles/geerlingguy.docker/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.docker/README.md b/roles/geerlingguy.docker/README.md new file mode 100644 index 00000000..e6e9e43f --- /dev/null +++ b/roles/geerlingguy.docker/README.md @@ -0,0 +1,97 @@ +# Ansible Role: Docker + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-docker.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-docker) + +An Ansible Role that installs [Docker](https://www.docker.com) on Linux. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). + docker_edition: 'ce' + docker_package: "docker-{{ docker_edition }}" + docker_package_state: present + +The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-`; Debian/Ubuntu: `docker-{{ docker_edition }}=`. + +You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). + + docker_service_state: started + docker_service_enabled: true + docker_restart_handler_state: restarted + +Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`. + + docker_install_compose: true + docker_compose_version: "1.26.0" + docker_compose_path: /usr/local/bin/docker-compose + +Docker Compose installation options. + + docker_apt_release_channel: stable + docker_apt_arch: amd64 + docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" + docker_apt_ignore_key_error: True + docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + +(Used only for Debian/Ubuntu.) You can switch the channel to `edge` if you want to use the Edge release. + +You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. +Usually in combination with changing `docker_apt_repository` as well. + + docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo + docker_yum_repo_enable_edge: '0' + docker_yum_repo_enable_test: '0' + docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg + +(Used only for RedHat/CentOS.) You can enable the Edge or Test repo by setting the respective vars to `1`. + +You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. +Usually in combination with changing `docker_yum_repository` as well. + + docker_users: + - user1 + - user2 + +A list of system users to be added to the `docker` group (so they can use Docker on the server). + +## Use with Ansible (and `docker` Python library) + +Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: + +```yaml +- hosts: all + + vars: + pip_install_packages: + - name: docker + + roles: + - geerlingguy.pip + - geerlingguy.docker +``` + +## Dependencies + +None. + +## Example Playbook + +```yaml +- hosts: all + roles: + - geerlingguy.docker +``` + +## License + +MIT / BSD + +## Author Information + +This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.docker/defaults/main.yml b/roles/geerlingguy.docker/defaults/main.yml new file mode 100644 index 00000000..fc8d79e8 --- /dev/null +++ b/roles/geerlingguy.docker/defaults/main.yml @@ -0,0 +1,31 @@ +--- +# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). +docker_edition: 'ce' +docker_package: "docker-{{ docker_edition }}" +docker_package_state: present + +# Service options. +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted + +# Docker Compose options. +docker_install_compose: true +docker_compose_version: "1.26.0" +docker_compose_path: /usr/local/bin/docker-compose + +# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed. +docker_apt_release_channel: stable +docker_apt_arch: amd64 +docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_ignore_key_error: true +docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + +# Used only for RedHat/CentOS/Fedora. +docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo +docker_yum_repo_enable_edge: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg + +# A list of users who will be added to the docker group. +docker_users: [] diff --git a/roles/geerlingguy.docker/handlers/main.yml b/roles/geerlingguy.docker/handlers/main.yml new file mode 100644 index 00000000..7847bc1c --- /dev/null +++ b/roles/geerlingguy.docker/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart docker + service: "name=docker state={{ docker_restart_handler_state }}" diff --git a/roles/geerlingguy.docker/meta/main.yml b/roles/geerlingguy.docker/meta/main.yml new file mode 100644 index 00000000..fc017275 --- /dev/null +++ b/roles/geerlingguy.docker/meta/main.yml @@ -0,0 +1,35 @@ +--- +dependencies: [] + +galaxy_info: + role_name: docker + author: geerlingguy + description: Docker for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 7 + - 8 + - name: Fedora + versions: + - all + - name: Debian + versions: + - stretch + - buster + - name: Ubuntu + versions: + - xenial + - bionic + - focal + galaxy_tags: + - web + - system + - containers + - docker + - orchestration + - compose + - server diff --git a/roles/geerlingguy.docker/molecule/default/converge.yml b/roles/geerlingguy.docker/molecule/default/converge.yml new file mode 100644 index 00000000..629095b2 --- /dev/null +++ b/roles/geerlingguy.docker/molecule/default/converge.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + + - name: Wait for systemd to complete initialization. # noqa 303 + command: systemctl is-system-running + register: systemctl_status + until: > + 'running' in systemctl_status.stdout or + 'degraded' in systemctl_status.stdout + retries: 30 + delay: 5 + when: ansible_service_mgr == 'systemd' + changed_when: false + failed_when: systemctl_status.rc > 1 + + roles: + - role: geerlingguy.docker diff --git a/roles/geerlingguy.docker/molecule/default/molecule.yml b/roles/geerlingguy.docker/molecule/default/molecule.yml new file mode 100644 index 00000000..2da47dd1 --- /dev/null +++ b/roles/geerlingguy.docker/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.docker/tasks/docker-compose.yml b/roles/geerlingguy.docker/tasks/docker-compose.yml new file mode 100644 index 00000000..92cf4f27 --- /dev/null +++ b/roles/geerlingguy.docker/tasks/docker-compose.yml @@ -0,0 +1,20 @@ +--- +- name: Check current docker-compose version. + command: docker-compose --version + register: docker_compose_current_version + changed_when: false + failed_when: false + +- name: Delete existing docker-compose version if it's different. + file: + path: "{{ docker_compose_path }}" + state: absent + when: > + docker_compose_current_version.stdout is defined + and docker_compose_version not in docker_compose_current_version.stdout + +- name: Install Docker Compose (if configured). + get_url: + url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 + dest: "{{ docker_compose_path }}" + mode: 0755 diff --git a/roles/geerlingguy.docker/tasks/docker-users.yml b/roles/geerlingguy.docker/tasks/docker-users.yml new file mode 100644 index 00000000..b3b6e0f1 --- /dev/null +++ b/roles/geerlingguy.docker/tasks/docker-users.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure docker users are added to the docker group. + user: + name: "{{ item }}" + groups: docker + append: true + with_items: "{{ docker_users }}" diff --git a/roles/geerlingguy.docker/tasks/main.yml b/roles/geerlingguy.docker/tasks/main.yml new file mode 100644 index 00000000..56449ef7 --- /dev/null +++ b/roles/geerlingguy.docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Install Docker. + package: + name: "{{ docker_package }}" + state: "{{ docker_package_state }}" + notify: restart docker + +- name: Ensure Docker is started and enabled at boot. + service: + name: docker + state: "{{ docker_service_state }}" + enabled: "{{ docker_service_enabled }}" + +- name: Ensure handlers are notified now to avoid firewall conflicts. + meta: flush_handlers + +- include_tasks: docker-compose.yml + when: docker_install_compose | bool + +- include_tasks: docker-users.yml + when: docker_users | length > 0 diff --git a/roles/geerlingguy.docker/tasks/setup-Debian.yml b/roles/geerlingguy.docker/tasks/setup-Debian.yml new file mode 100644 index 00000000..fe695ac6 --- /dev/null +++ b/roles/geerlingguy.docker/tasks/setup-Debian.yml @@ -0,0 +1,40 @@ +--- +- name: Ensure old versions of Docker are not installed. + package: + name: + - docker + - docker-engine + state: absent + +- name: Ensure dependencies are installed. + apt: + name: + - apt-transport-https + - ca-certificates + - gnupg2 + state: present + +- name: Add Docker apt key. + apt_key: + url: "{{ docker_apt_gpg_key }}" + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + state: present + register: add_repository_key + ignore_errors: "{{ docker_apt_ignore_key_error }}" + +- name: Ensure curl is present (on older systems without SNI). + package: name=curl state=present + when: add_repository_key is failed + +- name: Add Docker apt key (alternative for older systems without SNI). + shell: > # noqa 306 306 + curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add - + args: + warn: false + when: add_repository_key is failed + +- name: Add Docker repository. + apt_repository: + repo: "{{ docker_apt_repository }}" + state: present + update_cache: true diff --git a/roles/geerlingguy.docker/tasks/setup-RedHat.yml b/roles/geerlingguy.docker/tasks/setup-RedHat.yml new file mode 100644 index 00000000..6ef41de5 --- /dev/null +++ b/roles/geerlingguy.docker/tasks/setup-RedHat.yml @@ -0,0 +1,41 @@ +--- +- name: Ensure old versions of Docker are not installed. + package: + name: + - docker + - docker-common + - docker-engine + state: absent + +- name: Add Docker GPG key. + rpm_key: + key: "{{ docker_yum_gpg_key }}" + state: present + +- name: Add Docker repository. + get_url: + url: "{{ docker_yum_repo_url }}" + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + owner: root + group: root + mode: 0644 + +- name: Configure Docker Edge repo. + ini_file: + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + section: 'docker-{{ docker_edition }}-edge' + option: enabled + value: '{{ docker_yum_repo_enable_edge }}' + +- name: Configure Docker Test repo. + ini_file: + dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' + section: 'docker-{{ docker_edition }}-test' + option: enabled + value: '{{ docker_yum_repo_enable_test }}' + +- name: Install containerd separately (CentOS 8). + package: + name: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm + state: present + when: ansible_distribution_major_version | int == 8 diff --git a/roles/geerlingguy.pip/.github/FUNDING.yml b/roles/geerlingguy.pip/.github/FUNDING.yml new file mode 100644 index 00000000..96b49383 --- /dev/null +++ b/roles/geerlingguy.pip/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.pip/.github/stale.yml b/roles/geerlingguy.pip/.github/stale.yml new file mode 100644 index 00000000..c7ff1275 --- /dev/null +++ b/roles/geerlingguy.pip/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.pip/.gitignore b/roles/geerlingguy.pip/.gitignore new file mode 100644 index 00000000..f56f5b57 --- /dev/null +++ b/roles/geerlingguy.pip/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.pip/.travis.yml b/roles/geerlingguy.pip/.travis.yml new file mode 100644 index 00000000..e2770b1b --- /dev/null +++ b/roles/geerlingguy.pip/.travis.yml @@ -0,0 +1,31 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: pip + matrix: + - MOLECULE_DISTRO: centos8 + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: fedora32 + - MOLECULE_DISTRO: ubuntu2004 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian10 + +install: + # Install test dependencies. + - pip install molecule yamllint ansible-lint docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.pip/.yamllint b/roles/geerlingguy.pip/.yamllint new file mode 100644 index 00000000..a3dbc38e --- /dev/null +++ b/roles/geerlingguy.pip/.yamllint @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning diff --git a/roles/geerlingguy.pip/LICENSE b/roles/geerlingguy.pip/LICENSE new file mode 100644 index 00000000..4275cf3c --- /dev/null +++ b/roles/geerlingguy.pip/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.pip/README.md b/roles/geerlingguy.pip/README.md new file mode 100644 index 00000000..5353e555 --- /dev/null +++ b/roles/geerlingguy.pip/README.md @@ -0,0 +1,76 @@ +# Ansible Role: Pip (for Python) + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pip.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pip) + +An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux. + +## Requirements + +On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + pip_package: python3-pip + +The name of the packge to install to get `pip` on the system. For older systems that don't have Python 3 available, you can set this to `python-pip`. + + pip_executable: pip3 + +The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`. + + pip_install_packages: [] + +A list of packages to install with pip. Examples below: + + pip_install_packages: + # Specify names and versions. + - name: docker + version: "1.2.3" + - name: awscli + version: "1.11.91" + + # Or specify bare packages to get the latest release. + - docker + - awscli + + # Or uninstall a package. + - name: docker + state: absent + + # Or update a package ot the latest version. + - name: docker + state: latest + + # Or force a reinstall. + - name: docker + state: forcereinstall + + # Or install a package in a particular virtualenv. + - name: docker + virtualenv: /my_app/venv + +## Dependencies + +None. + +## Example Playbook + + - hosts: all + + vars: + pip_install_packages: + - name: docker + - name: awscli + + roles: + - geerlingguy.pip + +## License + +MIT / BSD + +## Author Information + +This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.pip/defaults/main.yml b/roles/geerlingguy.pip/defaults/main.yml new file mode 100644 index 00000000..e51000ba --- /dev/null +++ b/roles/geerlingguy.pip/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# For Python 3, use python3-pip. +pip_package: python3-pip +pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}" + +pip_install_packages: [] diff --git a/roles/geerlingguy.pip/meta/main.yml b/roles/geerlingguy.pip/meta/main.yml new file mode 100644 index 00000000..908669d9 --- /dev/null +++ b/roles/geerlingguy.pip/meta/main.yml @@ -0,0 +1,31 @@ +--- +dependencies: [] + +galaxy_info: + role_name: pip + author: geerlingguy + description: Pip (Python package manager) for Linux. + issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues + company: "Midwestern Mac, LLC" + license: "MIT" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - all + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - system + - server + - packaging + - python + - pip + - tools diff --git a/roles/geerlingguy.pip/molecule/default/converge.yml b/roles/geerlingguy.pip/molecule/default/converge.yml new file mode 100644 index 00000000..e0151a53 --- /dev/null +++ b/roles/geerlingguy.pip/molecule/default/converge.yml @@ -0,0 +1,28 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + pip_install_packages: + # Test installing a specific version of a package. + - name: ipaddress + version: "1.0.18" + # Test installing a package by name. + - colorama + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + + - name: Set package name for older OSes. + set_fact: + pip_package: python-pip + when: > + (ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8) + or (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10) + or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18) + + roles: + - role: geerlingguy.pip diff --git a/roles/geerlingguy.pip/molecule/default/molecule.yml b/roles/geerlingguy.pip/molecule/default/molecule.yml new file mode 100644 index 00000000..2da47dd1 --- /dev/null +++ b/roles/geerlingguy.pip/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.pip/tasks/main.yml b/roles/geerlingguy.pip/tasks/main.yml new file mode 100644 index 00000000..dda7fac9 --- /dev/null +++ b/roles/geerlingguy.pip/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Ensure Pip is installed. + package: + name: "{{ pip_package }}" + state: present + +- name: Ensure pip_install_packages are installed. + pip: + name: "{{ item.name | default(item) }}" + version: "{{ item.version | default(omit) }}" + virtualenv: "{{ item.virtualenv | default(omit) }}" + state: "{{ item.state | default(omit) }}" + executable: "{{ pip_executable }}" + with_items: "{{ pip_install_packages }}" diff --git a/roles/hedii.youtube-dl/.gitignore b/roles/hedii.youtube-dl/.gitignore new file mode 100644 index 00000000..5890704a --- /dev/null +++ b/roles/hedii.youtube-dl/.gitignore @@ -0,0 +1,3 @@ +.idea/ +.DS_Store +tests/test.retry \ No newline at end of file diff --git a/roles/hedii.youtube-dl/.travis.yml b/roles/hedii.youtube-dl/.travis.yml new file mode 100644 index 00000000..f3bed673 --- /dev/null +++ b/roles/hedii.youtube-dl/.travis.yml @@ -0,0 +1,42 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: true + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + + # Run the role/playbook with ansible-playbook + - ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo + + # Run the role/playbook again, checking to make sure it's idempotent + - > + ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check if youtube-dl is installed and working. + - youtube-dl --version + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/hedii.youtube-dl/LICENSE b/roles/hedii.youtube-dl/LICENSE new file mode 100644 index 00000000..3dfb5c50 --- /dev/null +++ b/roles/hedii.youtube-dl/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 hedii + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/hedii.youtube-dl/README.md b/roles/hedii.youtube-dl/README.md new file mode 100644 index 00000000..abb939e5 --- /dev/null +++ b/roles/hedii.youtube-dl/README.md @@ -0,0 +1,51 @@ +Ansible role: youtube-dl +======================== + +[![Build Status](https://travis-ci.org/hedii/ansible-role-youtube-dl.svg?branch=master)](https://travis-ci.org/hedii/ansible-role-youtube-dl) + +Installs [youtube-dl](https://github.com/rg3/youtube-dl) on any Linux or UNIX system. + +Youtube-dl is a small command-line program to download videos from YouTube.com and other video platforms. + +Requirements +------------ + +None. + +Role Variables +-------------- + +Available variables are listed below, along with default values (see `defaults/main.yml`) + +```yml +# The path where youtube-dl executable will be installed. +# It is recommended to not change this path. +youtubedl_executable_path: "/usr/local/bin/youtube-dl" + +# Do we need to update youtube-dl if it is already installed? +youtubedl_update: false +``` + + +Dependencies +------------ + +None. + +Example Playbook +---------------- +```yml +- hosts: servers + roles: + - hedii.youtube-dl +``` + +License +------- + +MIT + +Author Information +------------------ + +[Hedi Chaibi](https://hedichaibi.com) diff --git a/roles/hedii.youtube-dl/defaults/main.yml b/roles/hedii.youtube-dl/defaults/main.yml new file mode 100644 index 00000000..ae12afa0 --- /dev/null +++ b/roles/hedii.youtube-dl/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# The path where youtube-dl executable will be installed. +# It is recommended to not change this path. +youtubedl_executable_path: "/usr/local/bin/youtube-dl" + +# Do we need to update youtube-dl if it is already installed? +youtubedl_update: false \ No newline at end of file diff --git a/roles/hedii.youtube-dl/handlers/main.yml b/roles/hedii.youtube-dl/handlers/main.yml new file mode 100644 index 00000000..9e11583b --- /dev/null +++ b/roles/hedii.youtube-dl/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ansible-role-youtube-dl diff --git a/roles/hedii.youtube-dl/meta/main.yml b/roles/hedii.youtube-dl/meta/main.yml new file mode 100644 index 00000000..d8f7e785 --- /dev/null +++ b/roles/hedii.youtube-dl/meta/main.yml @@ -0,0 +1,25 @@ +galaxy_info: + author: hedii + description: Youtube-dl installation for Linux/UNIX. + company: hedii + license: MIT + min_ansible_version: 2.0 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Ubuntu + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - system +dependencies: [] \ No newline at end of file diff --git a/roles/hedii.youtube-dl/tasks/main.yml b/roles/hedii.youtube-dl/tasks/main.yml new file mode 100644 index 00000000..b84f2116 --- /dev/null +++ b/roles/hedii.youtube-dl/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Check if youtube-dl is already installed + stat: + path: "{{ youtubedl_executable_path }}" + register: youtubedl_bin + +- name: Download from source move to executables folder and set permissions + get_url: + url: http://yt-dl.org/latest/youtube-dl + dest: "{{ youtubedl_executable_path }}" + mode: 0755 + force: yes + when: not youtubedl_bin.stat.exists + +- name: Update youtube-dl + command: youtube-dl -U + register: youtubedl_update_out + when: youtubedl_bin.stat.exists and youtubedl_update + changed_when: "'Updated youtube-dl.' in youtubedl_update_out.stdout" + failed_when: "'ERROR:' in youtubedl_update_out.stdout" + ignore_errors: true diff --git a/roles/hedii.youtube-dl/tests/inventory b/roles/hedii.youtube-dl/tests/inventory new file mode 100644 index 00000000..d18580b3 --- /dev/null +++ b/roles/hedii.youtube-dl/tests/inventory @@ -0,0 +1 @@ +localhost \ No newline at end of file diff --git a/roles/hedii.youtube-dl/tests/test.yml b/roles/hedii.youtube-dl/tests/test.yml new file mode 100644 index 00000000..6fa5bfde --- /dev/null +++ b/roles/hedii.youtube-dl/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-youtube-dl \ No newline at end of file diff --git a/roles/hedii.youtube-dl/vars/main.yml b/roles/hedii.youtube-dl/vars/main.yml new file mode 100644 index 00000000..85968809 --- /dev/null +++ b/roles/hedii.youtube-dl/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-role-youtube-dl diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/.travis.yml b/roles/hispanico.letsencrypt-nginx-revproxy/.travis.yml new file mode 100644 index 00000000..1922619d --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/.travis.yml @@ -0,0 +1,50 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: required + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + + # Install dependendies roles + - ansible-galaxy install hispanico.nginx-revproxy + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + + # Run the role/playbook with ansible-playbook + - ansible-playbook tests/test.yml -i tests/inventory --connection=local --become + + # Run the role/playbook again, checking to make sure it's idempotent + - > + ansible-playbook tests/test.yml -i tests/inventory --connection=local --become + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Check for role is done + - sudo service nginx status + - sudo netstat -ntulp |grep nginx + - sudo ls /etc/nginx/sites-enabled/ + - for i in $(sudo ls /etc/nginx/sites-enabled/); do echo $i;echo "------------------------------"; sudo cat /etc/nginx/sites-enabled/$i; echo "------------------------------";echo ""; done + - sudo ls -l /usr/bin/certbot-auto + - sudo crontab -l + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/README.md b/roles/hispanico.letsencrypt-nginx-revproxy/README.md new file mode 100644 index 00000000..3e869aa4 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/README.md @@ -0,0 +1,77 @@ +ansible-letsencrypt-nginx-revproxy +========= +[![Build Status](https://img.shields.io/travis/hispanico/ansible-letsencrypt-nginx-revproxy.svg?style=flat-square)](https://travis-ci.org/hispanico/ansible-letsencrypt-nginx-revproxy) +[![Galaxy](https://img.shields.io/badge/galaxy-hispanico.letsencrypt--nginx--revproxy-blue.svg?style=flat-square)](https://galaxy.ansible.com/hispanico/letsencrypt-nginx-revproxy/) + +Configures Nginx as reverse proxy for multiple website with Let's Encrypt certificate. + +Requirements +------------ + +This role requires Ansible 1.9 or higher. + +Role Variables +-------------- + +Default values: + +```yaml +nginx_revproxy_sites: # List of sites to reverse proxy + example.com: # Domain name + domains: # List of server_name aliases + - example.com + - www.example.com + upstreams: # List of Upstreams + - { backend_address: 192.168.0.100, backend_port: 80 } + - { backend_address: 192.168.0.101, backend_port: 8080 } + letsencrypt: true # Set to True if you are using hispanico.letsencrypt-nginx-revproxy role + letsencrypt_email: 'contatti@ninux.org' +``` + +Dependencies +------------ + +* [hispanico.nginx-revproxy](https://galaxy.ansible.com/hispanico/nginx-revproxy) + +Example Playbook +---------------- + +This esample configure nginx as reverse proxy for the following sites: + * example.org with selfsign ssl certificate + * example.com ssl certificate generate via let's encrypt ACME protocol. + +```yaml + - hosts: all + roles: + - ansible-nginx-revproxy + - ansible-letsencrypt-nginx-revproxy + vars: + nginx_revproxy_sites: + example.org: + domains: + - example.org + - www.example.org + upstreams: + - { backend_address: 192.168.0.200, backend_port: 80 } + - { backend_address: 192.168.0.201, backend_port: 80 } + letsencrypt: false + + example.com: + domains: + - example.com + - www.example.com + upstreams: + - { backend_address: 192.168.0.100, backend_port: 80 } + - { backend_address: 192.168.0.101, backend_port: 80 } + letsencrypt: true +``` + +License +------- + +Licensed under the GPLv3 License. See the LICENSE file for details. + +Author Information +------------------ + +Hispanico diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/defaults/main.yml b/roles/hispanico.letsencrypt-nginx-revproxy/defaults/main.yml new file mode 100644 index 00000000..7e7ac947 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/defaults/main.yml @@ -0,0 +1,14 @@ +--- + +nginx_revproxy_sites: # List of sites to reverse proxy + example.com: # Domain name + domains: # List of server_name aliases + - example.com + - www.example.com + upstreams: # List of Upstreams + - { backend_address: 192.168.0.100, backend_port: 80 } + - { backend_address: 192.168.0.101, backend_port: 8080 } + ssl: false # Set to True if you want to redirect http to https + hsts_max_age: 63072000 # Set HSTS header with max-age defined + letsencrypt: false # Set to True if you are using hispanico.letsencrypt-nginx-revproxy role + letsencrypt_email: 'info@example.com' diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/handlers/main.yml b/roles/hispanico.letsencrypt-nginx-revproxy/handlers/main.yml new file mode 100644 index 00000000..9b7fce29 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Start Nginx + service: name=nginx state=started + +- name: Reload Nginx + service: name=nginx state=reloaded diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/meta/.galaxy_install_info b/roles/hispanico.letsencrypt-nginx-revproxy/meta/.galaxy_install_info new file mode 100644 index 00000000..700a5718 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Sun Mar 29 15:01:58 2020', version: master} diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/meta/main.yml b/roles/hispanico.letsencrypt-nginx-revproxy/meta/main.yml new file mode 100644 index 00000000..55092a25 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/meta/main.yml @@ -0,0 +1,21 @@ +galaxy_info: + author: Hispanico + description: Manage Nginx as Reverse Proxy + license: GPLv3 + + min_ansible_version: 1.2 + + platforms: + - name: Ubuntu + versions: + - trusty + - xenial + + galaxy_tags: + - system + - nginx + - reverseproxy + - letsencrypt + +dependencies: + - hispanico.nginx-revproxy diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/tasks/main.yml b/roles/hispanico.letsencrypt-nginx-revproxy/tasks/main.yml new file mode 100644 index 00000000..e1b7c192 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Install certbot + get_url: + url: https://dl.eff.org/certbot-auto + dest: /usr/bin/certbot-auto + mode: "a+x" + tags: + - letsencrypt + +- name: Generate certs (first time) + command: certbot-auto certonly --webroot -w /var/www/{{ item.key }} -d {{ item.value.domains | join(' -d ') }} --email {{ item.value.letsencrypt_email }} --non-interactive --agree-tos creates=/etc/letsencrypt/live/{{ item.key }}/fullchain.pem + with_dict: "{{ nginx_revproxy_sites }}" + when: item.value.letsencrypt | default(False) + tags: + - letsencrypt + +- name: Update Site Config + template: + src=reverseproxy_ssl.conf.j2 + dest=/etc/nginx/sites-available/{{ item.key }}.conf + owner=root + group=root + with_dict: "{{ nginx_revproxy_sites }}" + when: + - item.value.letsencrypt | default(False) + notify: + - Reload Nginx + tags: + - letsencrypt + +- name: Insert cert-bot renew in crontab + cron: + name: "cert-bot renew" + minute: 30 + hour: 3 + weekday: 1 + job: 'certbot-auto renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-update.log 2>&1' + tags: + - letsencrypt diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/templates/reverseproxy_ssl.conf.j2 b/roles/hispanico.letsencrypt-nginx-revproxy/templates/reverseproxy_ssl.conf.j2 new file mode 100644 index 00000000..92747997 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/templates/reverseproxy_ssl.conf.j2 @@ -0,0 +1,67 @@ +################################################################################ +# This file was generated by Ansible for {{ansible_fqdn}} +# Do NOT modify this file by hand! +################################################################################ + +upstream {{ item.key }}_backend { +{% for upstream in item.value.upstreams %} + server {{upstream.backend_address}}:{{upstream.backend_port}}; +{% endfor %} +} + +server { + listen 80; + listen [::]:80; + server_name {{ item.value.domains | join(' ') }}; + location / { + return 301 https://$server_name$request_uri; + } + + location /.well-known { + alias /var/www/{{ item.key }}/.well-known; + } + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name {{ item.value.domains | join(' ') }}; + +{% if item.value.hsts_max_age is defined %} + add_header Strict-Transport-Security "max-age={{ item.value.hsts_max_age }}; includeSubDomains; preload" always; +{% endif %} + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + + ssl on; + ssl_certificate /etc/letsencrypt/live/{{ item.key }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ item.key }}/privkey.pem; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + location /.well-known { + alias /var/www/{{ item.key }}/.well-known; + } + + location / { + gzip off; + proxy_set_header X-Forwarded-Ssl on; + client_max_body_size {{ item.value.client_max_body_size | default('50M') }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://{{ item.key }}_backend; + } +} diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/tests/inventory b/roles/hispanico.letsencrypt-nginx-revproxy/tests/inventory new file mode 100644 index 00000000..d18580b3 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/tests/inventory @@ -0,0 +1 @@ +localhost \ No newline at end of file diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/tests/test.yml b/roles/hispanico.letsencrypt-nginx-revproxy/tests/test.yml new file mode 100644 index 00000000..61f4bf5b --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/tests/test.yml @@ -0,0 +1,7 @@ +--- +- hosts: localhost + remote_user: root + + roles: + - {role: hispanico.nginx-revproxy} + - {role: ansible-letsencrypt-nginx-revproxy} diff --git a/roles/hispanico.letsencrypt-nginx-revproxy/vars/main.yml b/roles/hispanico.letsencrypt-nginx-revproxy/vars/main.yml new file mode 100644 index 00000000..6096aec3 --- /dev/null +++ b/roles/hispanico.letsencrypt-nginx-revproxy/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/letsencrypt diff --git a/roles/hispanico.nginx-revproxy/.travis.yml b/roles/hispanico.nginx-revproxy/.travis.yml new file mode 100644 index 00000000..91784832 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/.travis.yml @@ -0,0 +1,31 @@ +--- +os: linux +language: python +services: docker + +env: + global: + - ROLE_NAME: nginx-revproxy + jobs: + # - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian9 + - MOLECULE_DISTRO: debian10 + +install: + # Install test dependencies. + - pip install molecule docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-$ROLE_NAME hispanico.$ROLE_NAME + - cd hispanico.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/hispanico.nginx-revproxy/LICENSE b/roles/hispanico.nginx-revproxy/LICENSE new file mode 100644 index 00000000..92c8504f --- /dev/null +++ b/roles/hispanico.nginx-revproxy/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + ansible-nginx-revproxy + Copyright (C) 2017 Hispanico + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + ansible-nginx-revproxy Copyright (C) 2017 Hispanico + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/roles/hispanico.nginx-revproxy/README.md b/roles/hispanico.nginx-revproxy/README.md new file mode 100644 index 00000000..a8c68f89 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/README.md @@ -0,0 +1,90 @@ +ansible-nginx-revproxy +========= + +[![Build Status](https://img.shields.io/travis/hispanico/ansible-nginx-revproxy.svg?style=flat-square)](https://travis-ci.org/hispanico/ansible-nginx-revproxy) +[![Galaxy](https://img.shields.io/badge/galaxy-hispanico.nginx--revproxy-blue.svg?style=flat-square)](https://galaxy.ansible.com/hispanico/nginx-revproxy/) + +Install and configures Nginx as reverse proxy for multiple website. + +Requirements +------------ + +This role requires Ansible 2.4 or higher. + +Role Variables +-------------- + +Default values: + +```yaml +nginx_revproxy_sites: # List of sites to reverse proxy + default: # Set defualt site to return 444 (Connection Closed Without Response) + ssl: false # Set to True if you want to redirect http to https + letsencrypt: false + + example.com: # Domain name + domains: # List of server_name aliases + - example.com + - www.example.com + upstreams: # List of Upstreams + - { backend_address: 192.168.0.100, backend_port: 80 } + - { backend_address: 192.168.0.101, backend_port: 8080 } + auth: # Define this block for a single HTTP user/password, or leave undefined for unauthenticated vhosts + login: myusername + password: mysecretpassword + listen: 9000 # Specify which port you want to listen to with clear HTTP, or leave undefined for 80 + ssl: false # Set to True if you want to redirect http to https + letsencrypt: false # Set to True if you are using hispanico.letsencrypt-nginx-revproxy role + + example.org: # Domain name + domains: # List of server_name aliases + - example.org + - www.example.org + upstreams: # List of Upstreams + - { backend_address: 192.168.0.200, backend_port: 80 } + - { backend_address: 192.168.0.201, backend_port: 8080 } + listen: 9000 # Specify which port you want to listen to with clear HTTP, or leave undefined for 80 + listen_ssl: 9001 # Specify which port you want to listen to with HTTPS, or leave undefined for 443 + ssl: true # Set to True if you want to redirect http to https + letsencrypt: false # Set to True if you want use letsencrypt + letsencrypt_email: "" # Set email for letencrypt cert +``` + +Dependencies +------------ + +None. + +Example Playbook +---------------- + +```yaml + - hosts: all + roles: + - ansible-nginx-revproxy + vars: + nginx_revproxy_sites: + default: + ssl: false + letsencrypt: false + + example.com: + domains: + - example.com + - www.example.com + upstreams: + - { backend_address: 192.168.0.100, backend_port: 80 } + - { backend_address: 192.168.0.101, backend_port: 80 } + ssl: true + letsencrypt: false +``` + +License +------- + +Licensed under the GPLv3 License. See the LICENSE file for details. + +Author Information +------------------ + +Hispanico diff --git a/roles/hispanico.nginx-revproxy/defaults/main.yml b/roles/hispanico.nginx-revproxy/defaults/main.yml new file mode 100644 index 00000000..abbfda36 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/defaults/main.yml @@ -0,0 +1,14 @@ +--- + +nginx_revproxy_sites: # List of sites to reverse proxy + example.com: # Domain name + domains: # List of server_name aliases + - example.com + - www.example.com + upstreams: # List of Upstreams + - {backend_address: 192.168.0.100, backend_port: 80} + - {backend_address: 192.168.0.101, backend_port: 8080} + ssl: true # Set to True if you want to redirect http to https + hsts_max_age: 63072000 # Set HSTS header with max-age defined + letsencrypt: false # Set to True if you want use letsencrypt + letsencrypt_email: "" # Set email for letencrypt cert diff --git a/roles/hispanico.nginx-revproxy/handlers/main.yml b/roles/hispanico.nginx-revproxy/handlers/main.yml new file mode 100644 index 00000000..65d59df2 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Start Nginx + service: + name: nginx + state: started + +- name: Reload Nginx + service: + name: nginx + state: reloaded + +- name: Restart Nginx + service: + name: nginx + state: restarted diff --git a/roles/hispanico.nginx-revproxy/meta/.galaxy_install_info b/roles/hispanico.nginx-revproxy/meta/.galaxy_install_info new file mode 100644 index 00000000..2bbe62e8 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Sun Mar 29 15:02:01 2020', version: v1.1.5} diff --git a/roles/hispanico.nginx-revproxy/meta/main.yml b/roles/hispanico.nginx-revproxy/meta/main.yml new file mode 100644 index 00000000..624b0787 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/meta/main.yml @@ -0,0 +1,29 @@ +--- + +galaxy_info: + author: Hispanico + description: Manage Nginx as Reverse Proxy + license: GPLv3 + + min_ansible_version: 2.4 + + platforms: + - name: Debian + versions: + - stretch + - buster + - name: Ubuntu + versions: + - xenial + - bionic + + galaxy_tags: + - development + - web + - nginx + - reverse + - proxy + - load + - balancer + +dependencies: [] diff --git a/roles/hispanico.nginx-revproxy/molecule/default/molecule.yml b/roles/hispanico.nginx-revproxy/molecule/default/molecule.yml new file mode 100644 index 00000000..a4a9a65b --- /dev/null +++ b/roles/hispanico.nginx-revproxy/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml + enabled: true +platforms: + - name: "${ROLE_NAME}-${MOLECULE_DISTRO:-centos7}" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /var/lib/docker + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/hispanico.nginx-revproxy/molecule/default/playbook.yml b/roles/hispanico.nginx-revproxy/molecule/default/playbook.yml new file mode 100644 index 00000000..8489e2a1 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/molecule/default/playbook.yml @@ -0,0 +1,26 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Install cron (RedHat). + yum: + name: cronie + state: present + when: ansible_os_family == 'RedHat' + + - name: Install cron (Debian). + apt: + name: cron + state: present + when: ansible_distribution == 'Debian' + + - name: Update apt cache. + apt: + update_cache: true + cache_valid_time: 600 + when: ansible_distribution == 'Ubuntu' + + roles: + - role: hispanico.nginx-revproxy diff --git a/roles/hispanico.nginx-revproxy/molecule/default/yaml-lint.yml b/roles/hispanico.nginx-revproxy/molecule/default/yaml-lint.yml new file mode 100644 index 00000000..c9aab08b --- /dev/null +++ b/roles/hispanico.nginx-revproxy/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 150 + level: warning diff --git a/roles/hispanico.nginx-revproxy/tasks/letsencrypt.yml b/roles/hispanico.nginx-revproxy/tasks/letsencrypt.yml new file mode 100644 index 00000000..0d8c615a --- /dev/null +++ b/roles/hispanico.nginx-revproxy/tasks/letsencrypt.yml @@ -0,0 +1,98 @@ +--- + +- name: Install certbot + get_url: + url: https://dl.eff.org/certbot-auto + dest: /usr/bin/certbot-auto + mode: "a+x" + tags: + - lesencrypt + - nginxrevproxy + +- name: Get Active Sites + command: ls -1 /etc/nginx/sites-enabled/ + changed_when: "active.stdout_lines != nginx_revproxy_sites.keys()|sort()" + check_mode: false + register: active + tags: + - lesencrypt + - nginxrevproxy + +- name: Enable sites for ACME protocol + block: + - name: Add Https Site Config + template: + src: reverseproxy_ssl.conf.j2 + dest: /etc/nginx/sites-available/{{ item.key }}.conf + owner: root + group: root + with_dict: "{{ nginx_revproxy_sites }}" + register: siteconfig + when: + - item.value.letsencrypt | default(False) + - item.key not in active.stdout_lines + + - name: Enable Site Config + file: + src: /etc/nginx/sites-available/{{ item.key }}.conf + dest: /etc/nginx/sites-enabled/{{ item.key }} + state: link + with_dict: "{{ nginx_revproxy_sites }}" + register: site_enabled + when: + - siteconfig is success + - not ansible_check_mode + - item.value.letsencrypt | default(False) + - item.key not in active.stdout_lines + + - name: Reload Nginx + service: + name: nginx + state: reloaded + when: + - site_enabled is success + when: + - active.changed + - nginxinstalled is success + tags: + - lesencrypt + - nginxrevproxy + +- name: Generate certs (first time) + command: | + certbot-auto certonly + --webroot -w /var/www/{{ item.key }} + -d {{ item.value.domains | join(' -d ') }} + --email {{ item.value.letsencrypt_email }} + --non-interactive --cert-name {{ item.key }} + --agree-tos creates=/etc/letsencrypt/live/{{ item.key }}/fullchain.pem + with_dict: "{{ nginx_revproxy_sites }}" + when: item.value.letsencrypt | default(False) + tags: + - lesencrypt + - nginxrevproxy + +- name: Update Site Config + template: + src: reverseproxy_ssl_letsencrypt.conf.j2 + dest: /etc/nginx/sites-available/{{ item.key }}.conf + owner: root + group: root + with_dict: "{{ nginx_revproxy_sites }}" + notify: Reload Nginx + when: + - item.value.letsencrypt | default(False) + tags: + - lesencrypt + - nginxrevproxy + +- name: Insert cert-bot renew in crontab + cron: + name: "cert-bot renew" + job: 'certbot-auto renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-update.log 2>&1' + hour: "3" + minute: "30" + weekday: "1" + tags: + - lesencrypt + - nginxrevproxy diff --git a/roles/hispanico.nginx-revproxy/tasks/main.yml b/roles/hispanico.nginx-revproxy/tasks/main.yml new file mode 100644 index 00000000..b0f32bbd --- /dev/null +++ b/roles/hispanico.nginx-revproxy/tasks/main.yml @@ -0,0 +1,190 @@ +--- + +- name: Install Nginx and ssl-cert + apt: + name: + - nginx + - ssl-cert + state: present + register: + nginxinstalled + delay: 10 + retries: 12 + until: nginxinstalled is successful + tags: + - nginxrevproxy + - packages + +- name: Install python-passlib for Python 3 hosts + apt: + name: + - "python3-passlib" + state: present + register: + result + delay: 10 + retries: 12 + until: result is successful + tags: + - nginxrevproxy + - packages + when: + - ansible_python['version']['major'] == 3 + +- name: Install python-passlib for Python 2 hosts + apt: + name: + - "python-passlib" + state: present + register: + result + delay: 10 + retries: 12 + until: result is successful + tags: + - nginxrevproxy + - packages + when: + - ansible_python['version']['major'] == 2 + +- name: Set up nginx directories + file: + path: "/etc/nginx/{{ item }}" + state: directory + owner: root + group: root + with_items: + - sites-available + - sites-enabled + tags: + - nginxrevproxy + +- name: Add authentication + htpasswd: + path: "/etc/nginx/{{ item.key }}_htpasswd" + name: "{{ item.value.auth.login }}" + password: "{{ item.value.auth.password }}" + with_dict: "{{ nginx_revproxy_sites }}" + when: + - nginxinstalled is success + - item.value.auth is defined + tags: + - nginxrevproxy + +- name: Add Site Config + template: + src: reverseproxy.conf.j2 + dest: /etc/nginx/sites-available/{{ item.key }}.conf + owner: root + group: root + with_dict: "{{ nginx_revproxy_sites }}" + register: + siteconfig + when: + - nginxinstalled is success + - not item.value.ssl | default(True) + - not item.value.letsencrypt | default(True) + tags: + - nginxrevproxy + +- name: Add Https Site Config + template: + src: reverseproxy_ssl.conf.j2 + dest: /etc/nginx/sites-available/{{ item.key }}.conf + owner: root + group: root + with_dict: "{{ nginx_revproxy_sites }}" + register: + siteconfig + when: + - nginxinstalled is success + - item.value.ssl | default(False) + - not item.value.letsencrypt | default(True) + tags: + - nginxrevproxy + +- name: Get Active Sites + command: ls -1 /etc/nginx/sites-enabled/ + changed_when: "active.stdout_lines != nginx_revproxy_sites.keys()|sort()" + check_mode: false + register: active + tags: + - nginxrevproxy + +- name: De-activate Sites + file: + path: /etc/nginx/sites-enabled/{{ item }} + state: absent + with_items: "{{ active.stdout_lines }}" + notify: Reload Nginx + when: + - item not in nginx_revproxy_sites + tags: + - nginxrevproxy + +- name: Enable Site Config + file: + src: /etc/nginx/sites-available/{{ item.key }}.conf + dest: /etc/nginx/sites-enabled/{{ item.key }} + state: link + with_dict: "{{ nginx_revproxy_sites }}" + notify: Reload Nginx + when: + - siteconfig is success + - not item.value.letsencrypt | default(True) + - not ansible_check_mode + tags: + - nginxrevproxy + +- name: Create WebRoot sites + file: + dest: /var/www/{{ item.key }}/.well-known + mode: 0775 + state: directory + owner: www-data + group: www-data + with_dict: "{{ nginx_revproxy_sites }}" + notify: Reload Nginx + when: + - nginxinstalled is success + tags: + - nginxrevproxy + +- name: WebRoot Permissions Sites + file: + dest: /var/www/{{ item.key }} + mode: 0775 + state: directory + owner: www-data + group: www-data + recurse: true + with_dict: "{{ nginx_revproxy_sites }}" + notify: Reload Nginx + when: + - nginxinstalled is success + tags: + - nginxrevproxy + +- name: Get WebRoot Sites + command: ls -1 /var/www/ + changed_when: "webroot.stdout_lines != nginx_revproxy_sites.keys()|sort()" + check_mode: false + register: webroot + tags: + - nginxrevproxy + +- name: Remove WebRoot Sites + file: + path: /var/www/{{ item }}/ + state: absent + with_items: "{{ webroot.stdout_lines }}" + notify: Reload Nginx + when: + - item not in nginx_revproxy_sites + tags: + - nginxrevproxy + +- include_tasks: letsencrypt.yml + tags: + - lesencrypt + - nginxrevproxy diff --git a/roles/hispanico.nginx-revproxy/templates/reverseproxy.conf.j2 b/roles/hispanico.nginx-revproxy/templates/reverseproxy.conf.j2 new file mode 100644 index 00000000..47feccad --- /dev/null +++ b/roles/hispanico.nginx-revproxy/templates/reverseproxy.conf.j2 @@ -0,0 +1,56 @@ +################################################################################ +# This file was generated by Ansible for {{ansible_fqdn}} +# Do NOT modify this file by hand! +################################################################################ + +{% if item.key == "default" %} +server { + listen {{ item.value.listen | default(80) }} default_server; + listen [::]:{{ item.value.listen | default(80) }} default_server; + server_name _; + return 444; + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} + +{% else %} +upstream {{ item.key }}_backend { +{% for upstream in item.value.upstreams %} + server {{upstream.backend_address}}:{{upstream.backend_port}}; +{% endfor %} +} + +server { + listen {{ item.value.listen | default(80) }}; + listen [::]:{{ item.value.listen | default(80) }}; + server_name {{ item.value.domains | join(' ') }}; + + location / { + gzip off; + proxy_set_header X-Forwarded-Ssl on; + client_max_body_size {{ item.value.client_max_body_size | default('50M') }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://{{ item.key }}_backend; +{% if item.value.auth is defined %} + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/{{ item.key }}_htpasswd; +{% endif %} + } + + location /.well-known { + alias /var/www/{{ item.key }}/.well-known; + } + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} +{% endif %} diff --git a/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl.conf.j2 b/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl.conf.j2 new file mode 100644 index 00000000..9a97684f --- /dev/null +++ b/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl.conf.j2 @@ -0,0 +1,104 @@ +################################################################################ +# This file was generated by Ansible for {{ansible_fqdn}} +# Do NOT modify this file by hand! +################################################################################ + +{% if item.key == "default" %} +server { + listen {{ item.value.listen | default(80) }} default_server; + listen [::]:{{ item.value.listen | default(80) }} default_server; + server_name _; + return 444; + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} + +server { + listen {{ item.value.listen_ssl | default(443) }} ssl http2 default_server; + listen [::]:{{ item.value.listen_ssl | default(443) }} ssl http2 default_server; + server_name _; + return 444; + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; +} + +{% else %} +upstream {{ item.key }}_backend { +{% for upstream in item.value.upstreams %} + server {{upstream.backend_address}}:{{upstream.backend_port}}; +{% endfor %} +} + +server { + listen {{ item.value.listen | default(80) }}; + listen [::]:{{ item.value.listen | default(80) }}; + server_name {{ item.value.domains | join(' ') }}; + location / { + return 301 https://$server_name$request_uri; + } + + location /.well-known/acme-challenge { + alias /var/www/{{ item.key }}/.well-known/acme-challenge; + } + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} + +server { + listen {{ item.value.listen_ssl | default(443) }} ssl http2; + listen [::]:{{ item.value.listen_ssl | default(443) }} ssl http2; + server_name {{ item.value.domains | join(' ') }}; + +{% if item.value.hsts_max_age is defined %} + add_header Strict-Transport-Security "max-age={{ item.value.hsts_max_age }}; includeSubDomains; preload" always; +{% endif %} + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + location /.well-known/acme-challenge { + alias /var/www/{{ item.key }}/.well-known/acme-challenge; + } + + location / { + gzip off; + proxy_set_header X-Forwarded-Ssl on; + client_max_body_size {{ item.value.client_max_body_size | default('50M') }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass {{ item.value.backend_protocol | default('http') }}://{{ item.key }}_backend; +{% if item.value.auth is defined %} + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/{{ item.key }}_htpasswd; +{% endif %} + } +} +{% endif %} diff --git a/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl_letsencrypt.conf.j2 b/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl_letsencrypt.conf.j2 new file mode 100644 index 00000000..ae06d313 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/templates/reverseproxy_ssl_letsencrypt.conf.j2 @@ -0,0 +1,71 @@ +################################################################################ +# This file was generated by Ansible for {{ansible_fqdn}} +# Do NOT modify this file by hand! +################################################################################ + +upstream {{ item.key }}_backend { +{% for upstream in item.value.upstreams %} + server {{upstream.backend_address}}:{{upstream.backend_port}}; +{% endfor %} +} + +server { + listen {{ item.value.listen | default(80) }}; + listen [::]:{{ item.value.listen | default(80) }}; + server_name {{ item.value.domains | join(' ') }}; + location / { + return 301 https://$server_name$request_uri; + } + + location /.well-known/acme-challenge { + alias /var/www/{{ item.key }}/.well-known/acme-challenge; + } + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + +} + +server { + listen {{ item.value.listen_ssl | default(443) }} ssl http2; + listen [::]:{{ item.value.listen_ssl | default(443) }} ssl http2; + server_name {{ item.value.domains | join(' ') }}; + +{% if item.value.hsts_max_age is defined %} + add_header Strict-Transport-Security "max-age={{ item.value.hsts_max_age }}; includeSubDomains; preload" always; +{% endif %} + + access_log /var/log/nginx/{{ item.key }}_access.log; + error_log /var/log/nginx/{{ item.key }}_error.log error; + + ssl on; + ssl_certificate /etc/letsencrypt/live/{{ item.key }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ item.key }}/privkey.pem; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + location /.well-known/acme-challenge { + alias /var/www/{{ item.key }}/.well-known/acme-challenge; + } + + location / { + gzip off; + proxy_set_header X-Forwarded-Ssl on; + client_max_body_size {{ item.value.client_max_body_size | default('50M') }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass {{ item.value.backend_protocol | default('http') }}://{{ item.key }}_backend; +{% if item.value.auth is defined %} + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/{{ item.key }}_htpasswd; +{% endif %} + } +} diff --git a/roles/hispanico.nginx-revproxy/vars/main.yml b/roles/hispanico.nginx-revproxy/vars/main.yml new file mode 100644 index 00000000..8b9699d8 --- /dev/null +++ b/roles/hispanico.nginx-revproxy/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/ansible-nginx-revproxy diff --git a/roles/mgrote.acng/README.md b/roles/mgrote.acng/README.md new file mode 100644 index 00000000..c7bc1fb7 --- /dev/null +++ b/roles/mgrote.acng/README.md @@ -0,0 +1,15 @@ +## mgrote.acng +### Beschreibung +Installiert Apt-Cacher-NG. +Die Daten werden auf der Maschine abgelegt. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [ ] Debian + + +### Variablen + Defaults +##### Auf welchen Port ACNG laufen soll +- acng_server_port: "9999" +##### Wie lange Pakete gespeichert werden sollen +- acng_exthreshold: "60" diff --git a/roles/mgrote.acng/defaults/main.yml b/roles/mgrote.acng/defaults/main.yml new file mode 100644 index 00000000..7a1459e6 --- /dev/null +++ b/roles/mgrote.acng/defaults/main.yml @@ -0,0 +1,3 @@ +--- +acng_exthreshold: "60" +acng_server_port: 9999 diff --git a/roles/mgrote.acng/handlers/main.yml b/roles/mgrote.acng/handlers/main.yml new file mode 100644 index 00000000..27f00682 --- /dev/null +++ b/roles/mgrote.acng/handlers/main.yml @@ -0,0 +1,6 @@ + - name: acng_starten_aktivieren + become: yes + systemd: + name: apt-cacher-ng + enabled: yes + state: restarted diff --git a/roles/mgrote.acng/tasks/main.yml b/roles/mgrote.acng/tasks/main.yml new file mode 100644 index 00000000..06a834a6 --- /dev/null +++ b/roles/mgrote.acng/tasks/main.yml @@ -0,0 +1,12 @@ + - name: apt-cacher-ng installieren + become: yes + apt: + name: apt-cacher-ng + state: present + + - name: acng.conf kopieren + become: yes + template: + src: "acng.conf" + dest: "/etc/apt-cacher-ng/acng.conf" + notify: acng_starten_aktivieren diff --git a/roles/mgrote.acng/templates/acng.conf b/roles/mgrote.acng/templates/acng.conf new file mode 100644 index 00000000..16480f67 --- /dev/null +++ b/roles/mgrote.acng/templates/acng.conf @@ -0,0 +1,529 @@ +# This is a configuration file for apt-cacher-ng, a smart caching proxy for +# software package downloads. It's supposed to be in a directory specified by +# the -c option of apt-cacher-ng, see apt-cacher-ng(8) for details. +# RULES: +# Letter case in variable names does not matter, names and values should be +# separated with colons. For boolean variables, zero number is considered false, +# non-zero considered true. If a default value is not explicitly mentioned in +# the description, the commented value assignments mostly represent the default +# values of the particular variables. + +# Storage directory for downloaded data and related maintenance activity. +# +CacheDir: /var/cache/apt-cacher-ng + +# Log file directory, can be set empty to disable logging +# +LogDir: /var/log/apt-cacher-ng + +# A place to look for additional configuration and resource files if they are not +# found in the configuration directory +# +SupportDir: /usr/lib/apt-cacher-ng + +# TCP server port for incoming http (or HTTP proxy) connections. +# Can be set to 9999 to emulate apt-proxy. Value of 0 turns off TCP server +# (SocketPath must be set in this case). +# +Port:{{ acng_server_port }} + +# Addresses or hostnames to listen on. Multiple addresses must be separated by +# spaces. Each entry must be an exact local address which is associated with a +# local interface. DNS resolution is performed using getaddrinfo(3) for all +# available protocols (IPv4, IPv6, ...). Using a protocol specific format will +# create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will +# listen only to IPv4. +# +# Default: listens on all interfaces and protocols +# +# BindAddress: localhost 127.0.0.1 apt-cacher-ng apt-cacher-ng.grote.local + +# The specification of another HTTP proxy which shall be used for downloads. +# It can include user name and password but see the manual for limitations. +# +# Default: uses direct connection +# +# Proxy: http://www-proxy.example.net:3128 +# Proxy: https://username:proxypassword@proxy.example.net:3129 + +# Repository remapping. See manual for details. +# In this example, some backends files might be generated during package +# installation using information collected on the system. +# Examples: +Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives +Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives +Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here +Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here +Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux +Remap-fedora: file:fedora_mirrors # Fedora Linux +Remap-epel: file:epel_mirrors # Fedora EPEL +Remap-slrep: file:sl_mirrors # Scientific Linux +Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives +Remap-secdeb: security.debian.org ; security.debian.org deb.debian.org/debian-security + +# Virtual page accessible in a web browser to see statistics and status +# information, i.e. under http://localhost:3142/acng-report.html +# NOTE: This option must be configured to run maintenance jobs (even when used +# via acngtool in cron scripts). The AdminAuth option can be used to restrict +# access to sensitive areas on that page. +# +# Default: not set, should be set by the system administrator +# +ReportPage: acng-report.html + +# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be +# used with inetd (via bridge tool in.acng from apt-cacher-ng package). +# +# Default: not set, UNIX socket bridge is disabled. +# +# SocketPath:/var/run/apt-cacher-ng/socket + +# If set to 1, makes log files be written to disk on every new line. Default +# is 0, buffers are flushed after the client disconnects. Technically, +# it's a convenience alias for the Debug option, see below for details. +# +# UnbufferLogs: 0 + +# Enables extended client information in log entries. When set to 0, only +# activity type, time and transfer sizes are logged. +# +# VerboseLog: 1 + +# Don't detach from the starting console. +# +# ForeGround: 0 + +# Store the pid of the daemon process in the specified text file. +# Default: disabled +# + PidFile: /var/run/apt-cacher-ng/pid + +# Forbid outgoing connections and work without an internet connection or +# respond with 503 error where it's not possible. +# +# Offlinemode: 0 + +# Forbid downloads from locations that are directly specified in the user +# request, i.e. all downloads must be processed by the preconfigured remapping +# backends (see above). +# +# ForceManaged: 0 + +# Days before considering an unreferenced file expired (to be deleted). +# WARNING: if the value is set too low and particular index files are not +# available for some days (mirror downtime) then there is a risk of removal of +# still useful package files. +# +ExThreshold: {{ acng_exthreshold }} + +# If the expiration is run daily, it sometimes does not make much sense to do +# it because the expected changes (i.e. removal of expired files) don't justify +# the extra processing time or additional downloads for expiration operation +# itself. This discrepancy might be especially worse if the local client +# installations are small or are rarely updated but the daily changes of +# the remote archive metadata are heavy. +# +# The following option enables a possible trade-off: the expiration run is +# suppressed until a certain amount of data has been downloaded through +# apt-cacher-ng since the last expiration execution (which might indicate that +# packages were replaced with newer versions). +# +# The number can have a suffix (k,K,m,M for Kb,KiB,Mb,MiB) +# +# ExStartTradeOff: 500m + +# Stop expiration when a critical problem appears, issue like a failed update +# of an index file in the preparation step. +# +# WARNING: don't set this option to zero or empty without considering possible +# consequences like a sudden and complete cache data loss. +# +# ExAbortOnProblems: 1 + +# Number of failed nightly expiration runs which are considered acceptable and +# do not trigger an error notification to the admin (e.g. via daily cron job) +# before the (day) count is reached. Might be useful with whacky internet +# connections. +# +# Default: a guessed value, 1 if ExThreshold is 5 or more, 0 otherwise. +# +# ExSuppressAdminNotification: 1 + +# Modify file names to work around limitations of some file systems. +# WARNING: experimental feature, subject to change +# +# StupidFs: 0 + +# Experimental feature for apt-listbugs: pass-through SOAP requests and +# responses to/from bugs.debian.org. +# Default: guessed value, true unless ForceManaged is enabled +# +# ForwardBtsSoap: 1 + +# There is a small in-memory cache for DNS resolution data, expired by +# this timeout (in seconds). Internal caching is disabled if set to a value +# less than zero. +# +# DnsCacheSeconds: 1800 + +############################################################################### +# +# WARNING: don't modify thread and file matching parameters without a clear +# idea of what is happening behind the scene! +# +# Max. count of connection threads kept ready (for faster response in the +# future). Should be a sane value between 0 and average number of connections, +# and depend on the amount of spare RAM. +# MaxStandbyConThreads: 8 +# +# Hard limit of active thread count for incoming connections, i.e. operation +# is refused when this value is reached (below zero = unlimited). +# MaxConThreads: -1 +# +# Pigeonholing files (like static vs. volatile contents) is done by (extended) +# regular expressions. +# +# The following patterns are available for the purposes detailed, where +# the latter takes precedence over the former: +# - «PFilePattern» for static data that doesn't change silently on the server. +# - «VFilePattern» for volatile data that may change like every hour. Files +# that match both PFilePattern and VfilePattern will be treated as volatile. +# - Static data with file names that match VFilePattern may be overriden being +# treated as volatile by making it match the special static data pattern, +# «SPfilePattern». +# - «SVfilePattern» or the "special volatile data" pattern is for the +# convenience of specifying any exceptions to matches with SPfilePattern, +# for cases where data must still be treated as volatile. +# - «WfilePattern» specifies a "whitelist pattern" for the regular expiration +# job, telling it to keep the files even if they are not referenced by +# others, like crypto signatures with which clients begin their downloads. +# +# There are two versions. The pattern variables mentioned above should not be +# set without good reason, because they would override the built-in defaults +# (that might impact updates to future versions of apt-cacher-ng). There are +# also versions of those patterns ending with Ex, which may be modified by the +# local administrator. They are evaluated in addition to the regular patterns +# at runtime. +# +# To see examples of the expected syntax, run: apt-cacher-ng -p debug=1 +# +# PfilePatternEx: +# VfilePatternEx: +# SPfilePatternEx: +# SVfilePatternEx: +# WfilePatternEx: +# +############################################################################### + +# A bitmask type value declaring the loging verbosity and behavior of the error +# log writing. Non-zero value triggers at least faster log file flushing. +# +# Some higher bits only working with a special debug build of apt-cacher-ng, +# see the manual for details. +# +# WARNING: this can write significant amount of data into apt-cacher.err logfile. +# +# Default: 0 +# +# Debug:3 + +# Usually, general purpose proxies like Squid expose the IP address of the +# client user to the remote server using the X-Forwarded-For HTTP header. This +# behaviour can be optionally turned on with the Expose-Origin option. +# +# ExposeOrigin: 0 + +# When logging the originating IP address, trust the information supplied by +# the client in the X-Forwarded-For header. +# +# LogSubmittedOrigin: 0 + +# The version string reported to the peer, to be displayed as HTTP client (and +# version) in the logs of the mirror. +# +# WARNING: Expect side effects! Some archives use this header to guess +# capabilities of the client (i.e. allow redirection and/or https links) and +# change their behaviour accordingly but ACNG might not support the expected +# features. +# +# Default: +# +# UserAgent: Yet Another HTTP Client/1.2.3p4 + +# In some cases the Import and Expiration tasks might create fresh volatile +# data for internal use by reconstructing them using patch files. This +# by-product might be recompressed with bzip2 and with some luck the resulting +# file becomes identical to the *.bz2 file on the server which can be used by +# APT when requesting a complete version of this file. +# The downside of this feature is higher CPU load on the server during +# the maintenance tasks, and the outcome might have not much value in a LAN +# where all clients update their data often and regularly and therefore usually +# don't need the full version of the index file. +# +# RecompBz2: 0 + +# Network timeout for outgoing connections, in seconds. +# +# NetworkTimeout: 60 + +# Sometimes it makes sense to not store the data in cache and just return the +# package data to client while it comes in. The following DontCache* parameters +# can enable this behaviour for certain URL types. The tokens are extended +# regular expressions which the URLs are evaluated against. +# +# DontCacheRequested is applied to the URL as it comes in from the client. +# Example: exclude packages built with kernel-package for x86 +# DontCacheRequested: linux-.*_10\...\.Custo._i386 +# Example usecase: exclude popular private IP ranges from caching +# DontCacheRequested: 192.168.0 ^10\..* 172.30 +# +# DontCacheResolved is applied to URLs after mapping to the target server. If +# multiple backend servers are specified then it's only matched against the +# download link for the FIRST possible source (due to implementation limits). +# +# Example usecase: all Ubuntu stuff comes from a local mirror (specified as +# backend), don't cache it again: +# DontCacheResolved: ubuntumirror.local.net +# +# DontCache directive sets (overrides) both, DontCacheResolved and +# DontCacheRequested. Provided for convenience, see those directives for +# details. +# +# Example: +# DontCache: .*.local.university.int + +# Default permission set of freshly created files and directories, as octal +# numbers (see chmod(1) for details). +# Can by limited by the umask value (see umask(2) for details) if it's set in +# the environment of the starting shell, e.g. in apt-cacher-ng init script or +# in its configuration file. +# +# DirPerms: 00755 +# FilePerms: 00664 + +# It's possible to use use apt-cacher-ng as a regular web server with a limited +# feature set, i.e. directory browsing, downloads of any files, Content-Type +# based on /etc/mime.types, but without sorting, CGI execution, index page +# redirection and other funny things. +# To get this behavior, mappings between virtual directories and real +# directories on the server must be defined with the LocalDirs directive. +# Virtual and real directories are separated by spaces, multiple pairs are +# separated by semi-colons. Real directories must be absolute paths. +# NOTE: Since the names of that key directories share the same namespace as +# repository names (see Remap-...) it is administrator's job to avoid conflicts +# between them or explicitly create them. +# +# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm +LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng + +# Precache a set of files referenced by specified index files. This can be used +# to create a partial mirror usable for offline work. There are certain limits +# and restrictions on the path specification, see manual and the cache control +# web site for details. A list of (maybe) relevant index files could be +# retrieved via "apt-get --print-uris update" on a client machine. +# +# Example: +# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages* + +# Arbitrary set of data to append to request headers sent over the wire. Should +# be a well formated HTTP headers part including newlines (DOS style) which +# can be entered as escape sequences (\r\n). +# +# RequestAppendix: X-Tracking-Choice: do-not-track\r\n + +# Specifies the IP protocol families to use for remote connections. Order does +# matter, first specified are considered first. Possible combinations: +# v6 v4 +# v4 v6 +# v6 +# v4 +# Default: use native order of the system's TCP/IP stack, influenced by the +# BindAddress value. +# +# ConnectProto: v6 v4 + +# Regular expiration algorithm finds package files which are no longer listed +# in any index file and removes them of them after a safety period. +# This option allows to keep more versions of a package in the cache after +# the safety period is over. +# +# KeepExtraVersions: 0 + +# Optionally uses TCP access control provided by libwrap, see hosts_access(5) +# for details. Daemon name is apt-cacher-ng. +# +# Default: guessed on startup by looking for explicit mention of apt-cacher-ng +# in /etc/hosts.allow or /etc/hosts.deny files. +# +# UseWrap: 0 + +# If many machines from the same local network attempt to update index files +# (apt-get update) at nearly the same time, the known state of these index file +# is temporarily frozen and multiple requests receive the cached response +# without contacting the remote server again. This parameter (in seconds) +# specifies the length of this period before these (volatile) files are +# considered outdated. +# Setting this value too low transfers more data and increases remote server +# load, setting this too high (more than a couple of minutes) increases the +# risk of delivering inconsistent responses to the clients. +# +# FreshIndexMaxAge: 27 + +# Usually the users are not allowed to specify custom TCP ports of remote +# mirrors in the requests, only the default HTTP port can be used (as +# workaround, proxy administrator can create Remap- rules with custom ports). +# This restriction can be disabled by specifying a list of allowed ports or 0 +# for any port. +# +# AllowUserPorts: 80 + +# Normally the HTTP redirection responses are forwarded to the original caller +# (i.e. APT) which starts a new download attempt from the new URL. This +# solution is ok for client configurations with proxy mode but doesn't work +# well with configurations using URL prefixes in sources.list. To work around +# this the server can restart its own download with a redirection URL, +# configured with the following option. The downside is that this might be used +# to circumvent download source policies by malicious users. +# The RedirMax option specifies how many such redirects the server is allowed +# to follow per request, 0 disables the internal redirection. +# Default: guessed on startup, 0 if ForceManaged is used and 5 otherwise. +# +# RedirMax: 5 + +# There some broken HTTP servers and proxy servers in the wild which don't +# support the If-Range header correctly and return incorrect data when the +# contents of a (volatile) file changed. Setting VfileUseRangeOps to zero +# disables Range-based requests while retrieving volatile files, using +# If-Modified-Since and requesting the complete file instead. Setting it to +# a negative value removes even If-Modified-Since headers. +# +# VfileUseRangeOps: 1 + +# Allow data pass-through mode for certain hosts when requested by the client +# using a CONNECT request. This is particularly useful to allow access to SSL +# sites (https proxying). The string is a regular expression which should cover +# the server name with port and must be correctly formated and terminated. +# Examples: +# PassThroughPattern: private-ppa\.launchpad\.net:443$ +# PassThroughPattern: .* # this would allow CONNECT to everything +# +# Default: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$ +# PassThroughPattern: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$ + +# It's possible that an evil client requests a volatile file but does not +# retrieve the response and keeps the connection effectively stuck over +# many hours, blocking the particular file for other download attempts (which +# leads to not reporting file changes on server side to other users). The work +# around is the use of alternative file descriptors inside of apt-cacher-ng, +# however this might cost some extra download traffic due to worse cache usage. +# The ResponseFreezeDetectTime value specifies when a file descriptor in the +# mentioned state is to be considered defect and will require special handling. +# Default time is 500 seconds. +# +# ResponseFreezeDetectTime: 500 + +# Keep outgoing connections alive and reuse them for later downloads from +# the same server as long as possible. +# +# ReuseConnections: 1 + +# Maximum number of requests sent in a batch to remote servers before the first +# response is expected. Using higher values can greatly improve average +# throughput depending on network latency and the implementation of remote +# servers. Makes most sense when also enabled on the client side, see apt.conf +# documentation for details. +# +# Default: 10 if ReuseConnections is set, 1 otherwise +# +# PipelineDepth: 10 + +# Path to the system directory containing trusted CA certificates used for +# outgoing connections, see OpenSSL documentation for details. +# +# CApath: /etc/ssl/certs +# +# Path to a single trusted trusted CA certificate used for outgoing +# connections, see OpenSSL documentation for details. +# +# CAfile: + +# There are different ways to detect that an upstream proxy is broken and turn +# off its use and connect directly. The first is through a custom command - +# when it returns successfully, the proxy is used, otherwise not and the +# command will be rerun only after a specified period. +# Another way is to try to connect to the proxy first and detect a connection +# timeout. The connection will then be made without HTTP proxy for the life +# time of the particular download stream and it may also affect other other +# parallel downloads. +# NOTE: this operation modes are still experimental and are subject to change! +# Unwanted side effects may occur with multiple simultaneous user connections +# or with specific per-repository proxy settings. +# +# Shell command, default: not set. Executed with the default shell and +# permissions of the apt-cacher-ng's process user. Examples: +# /bin/ip route | grep -q 192.168.117 +# /usr/sbin/arp | grep -q 00:22:1f:51:8e:c1 +# +# OptProxyCheckCommand: ... +# +# Check intervall, in seconds. +# +# OptProxyCheckInterval: 99 +# +# Conection timeout in seconds, default: negative, means disabled. +# +# OptProxyTimeout: -1 + +# It's possible to limit the processing speed of download agents to set an +# overall download speed limit. Unit: KiB/s, Default: unlimited. +# +# MaxDlSpeed: 500 + +# In special corner cases, download clients attempt to download random chunks +# of a files headers, i.e. the first kilobytes. The "don't get client stuck" +# policy converts this usually to a 200 response starting the body from the +# beginning but that confuses some clients. When this option is set to a +# certain value, this modifies the behaviour and allows to start a file +# download where the distance between available data and the specified range +# lies within that bounds. This can look like random lag for the user but +# should be harmless apart from that. +# +# MaxInresponsiveDlSize: 64000 + +# In mobile environments having an adhoc connection with a redirection to some +# id verification side, this redirect might damage the cache since the data is +# involuntarily stored as package data. There is a mechanism which attempts to +# detect a such situation and mitigate the mentioned effects by not storing the +# data and also dropping the DNS cache. The trigger is the occurrence of a +# specific SUBSTRING in the content type field of the final download target +# (i.e. the auth web site) and at least one followed redirection. +# +# BadRedirDetectMime: text/html + +# When a BUS signal is received (typically on IO errors), a shell command can be +# executed before the daemon is terminated. +# Example: +# BusAction: ls -l /proc/$PPID/ | mail -s SIGBUS! root + +# Only set this value for debugging purposes. It disables SSL security checks +# like strict host verification. 0 means no, any other value can have +# differrent meaning in the future. +# +# NoSSLChecks: 0 + +# Setting this value means: on file downloads from/via cache, tag relevant +# files. And when acngtool runs the shrink command, it will look at the day +# when the file was retrieved from cache last time (and not when it was +# originally downloaded). +# +# TrackFileUse: 0 + +# Controls preallocation of file system space where this feature is supported. +# This might reduce disk fragmentation and therefore improve later read +# performance. However, write performance can be reduced which could be +# exploited by malicious users. +# The value defines a size limit of how much to report to the OS as expected +# file size (starting from the beginning of the file). +# Set to zero to disable this feature completely. Default: one megabyte +# +# ReserveSpace: 1048576 diff --git a/roles/mgrote.ansible/README.md b/roles/mgrote.ansible/README.md new file mode 100644 index 00000000..da1f405a --- /dev/null +++ b/roles/mgrote.ansible/README.md @@ -0,0 +1,8 @@ +## mgrote.ansible + +### Beschreibung +Installiert ansible und konfiguriert es damit "cowsay" nicht benutzt wird. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [ ] Debian diff --git a/roles/mgrote.ansible/defaults/main.yml b/roles/mgrote.ansible/defaults/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/mgrote.ansible/handlers/main.yml b/roles/mgrote.ansible/handlers/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/mgrote.ansible/meta/main.yml b/roles/mgrote.ansible/meta/main.yml new file mode 100644 index 00000000..97888f33 --- /dev/null +++ b/roles/mgrote.ansible/meta/main.yml @@ -0,0 +1,14 @@ +--- +dependencies: + - role: geerlingguy.pip +galaxy_info: + author: mgrote + description: configures an ansible-host + min_ansible_version: 2.0 + license: GPLv3 + platforms: + - name: Ubuntu + versions: + - all + galaxy_tags: + - system diff --git a/roles/mgrote.ansible/tasks/main.yml b/roles/mgrote.ansible/tasks/main.yml new file mode 100644 index 00000000..0c6a09b9 --- /dev/null +++ b/roles/mgrote.ansible/tasks/main.yml @@ -0,0 +1,14 @@ + - name: ansible installieren + become: yes + apt: + name: + - ansible + - yamllint + state: present + + - name: ansible-lint und yaml-lint installieren + become: yes + pip: + name: + - ansible-lint + state: present diff --git a/roles/mgrote.apcupsd/README.md b/roles/mgrote.apcupsd/README.md new file mode 100644 index 00000000..5f538dc7 --- /dev/null +++ b/roles/mgrote.apcupsd/README.md @@ -0,0 +1,21 @@ +## mgrote.apcupsd + +### Beschreibung +Installiert APCUPSD fuer eine APC UPS mit USB Verbindung. +Benoetigt mgrote.postfix-gmail. + +### Funktioniert auf +- [x] ProxMox 6.1 + +### Variablen + Defaults +##### Wohin gehen die Benachrichtigungsmails bei Stromausfall +empfaenger_mail: michael.grote@posteo.de + +##### Zeitspanne in Sekunden, ab der der Systemdienst einen Stromausfall annimmt. Nuetzlich, um sehr kurze Ausfaelle ignorieren zu koennen. +ONBATTERYDELAY: 10 + +##### Durch die USV gemeldete Restkapazitaet in Prozent, ab der der Rechner heruntergefahren wird +BATTERYLEVEL: 50 + +##### apcupsd will shutdown the system during a power failure when the remaining runtime on batteries as internally calculated by the UPS falls below the specified minutes. +MINUTES: 10 diff --git a/roles/mgrote.apcupsd/defaults/main.yml b/roles/mgrote.apcupsd/defaults/main.yml new file mode 100644 index 00000000..ac3d1d33 --- /dev/null +++ b/roles/mgrote.apcupsd/defaults/main.yml @@ -0,0 +1,4 @@ +--- + ONBATTERYDELAY: 10 + BATTERYLEVEL: 50 + MINUTES: 10 diff --git a/roles/mgrote.apcupsd/handlers/main.yml b/roles/mgrote.apcupsd/handlers/main.yml new file mode 100644 index 00000000..7ac7b84b --- /dev/null +++ b/roles/mgrote.apcupsd/handlers/main.yml @@ -0,0 +1,9 @@ + - name: restart_apcupsd #wird aufgerufen wenn apcupsd.conf_kopieren nach aenderungen den status "changed hat" + become: yes + systemd: + name: apcupsd + state: restarted + enabled: yes + + - name: apc_access_mail + shell: /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }} diff --git a/roles/mgrote.apcupsd/meta/main.yml b/roles/mgrote.apcupsd/meta/main.yml new file mode 100644 index 00000000..c0512f74 --- /dev/null +++ b/roles/mgrote.apcupsd/meta/main.yml @@ -0,0 +1,14 @@ +--- +dependencies: + - role: mgrote.postfix-gmail +galaxy_info: + author: mgrote + description: installs apcupsd + min_ansible_version: 2.0 + license: GPLv3 + platforms: + - name: Proxmox + versions: + - all + galaxy_tags: + - system diff --git a/roles/mgrote.apcupsd/tasks/main.yml b/roles/mgrote.apcupsd/tasks/main.yml new file mode 100644 index 00000000..60e2df75 --- /dev/null +++ b/roles/mgrote.apcupsd/tasks/main.yml @@ -0,0 +1,30 @@ + - name: apcupsd installieren + apt: + name: + - apcupsd + - apcupsd-cgi + - apcupsd-doc + state: present + become: yes + notify: apc_access_mail + + - name: apcupsd kopieren + become: yes + template: + src: "apcupsd" + dest: "/etc/default/apcupsd" + + - name: empfaenger_mail_setzen + become: yes + lineinfile: + path: /etc/apcupsd/apccontrol #wo + regexp: export SYSADMIN=root #suche nach + line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch... + backrefs: yes #verhindert das die zeile bei "nicht zutreffen" am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters + + - name: apcupsd.conf_kopieren + become: yes + template: + src: "apcupsd.conf" + dest: "/etc/apcupsd/apcupsd.conf" + notify: restart_apcupsd #benachrchtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird" diff --git a/roles/mgrote.apcupsd/templates/apcupsd b/roles/mgrote.apcupsd/templates/apcupsd new file mode 100644 index 00000000..4493e22b --- /dev/null +++ b/roles/mgrote.apcupsd/templates/apcupsd @@ -0,0 +1 @@ +ISCONFIGURED=yes diff --git a/roles/mgrote.apcupsd/templates/apcupsd.conf b/roles/mgrote.apcupsd/templates/apcupsd.conf new file mode 100644 index 00000000..0b9f9e2b --- /dev/null +++ b/roles/mgrote.apcupsd/templates/apcupsd.conf @@ -0,0 +1,12 @@ +## apcupsd.conf v1.1 ## +UPSCABLE usb + +UPSTYPE usb +DEVICE + +UPSNAME APC-BX950U-GR + + +ONBATTERYDELAY {{ ONBATTERYDELAY }} +BATTERYLEVEL {{ BATTERYLEVEL }} +MINUTES {{ MINUTES }} diff --git a/roles/mgrote.create_users/README.md b/roles/mgrote.create_users/README.md new file mode 100644 index 00000000..52722eeb --- /dev/null +++ b/roles/mgrote.create_users/README.md @@ -0,0 +1,12 @@ +## mgrote.create_users + +### Beschreibung +erstellt Nutzer. +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [x] Debian + +### Variablen + Defaults +##### Nutzer anlegen +base_users: + - { name: 'mg', password: 'hallowelt', groups: 'sudo, ssh'} diff --git a/roles/mgrote.create_users/defaults/main.yml b/roles/mgrote.create_users/defaults/main.yml new file mode 100644 index 00000000..d35c4d91 --- /dev/null +++ b/roles/mgrote.create_users/defaults/main.yml @@ -0,0 +1,3 @@ +--- + base_users: + - { name: 'mg', password: 'hallowelt', groups: 'sudo, ssh'} diff --git a/roles/mgrote.create_users/handlers/main.yml b/roles/mgrote.create_users/handlers/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/mgrote.create_users/tasks/main.yml b/roles/mgrote.create_users/tasks/main.yml new file mode 100644 index 00000000..30c554ba --- /dev/null +++ b/roles/mgrote.create_users/tasks/main.yml @@ -0,0 +1,46 @@ + - name: Erstelle Nutzer + become: yes + user: + name: "{{ item.name }}" + groups: "{{ item.groups }}" + state: present + shell: /bin/bash + password: "{{ item.password | password_hash('sha512') }}" + update_password: on_create + loop: "{{ base_users }}" + no_log: true + +# - name: check if sudo file exists +# become: yes +# stat: +# path: "/home/{{ item.name }}/.sudo_as_admin_successful" +# loop: "{{ base_users }}" +# no_log: true +# register: "sudo_as_admin_successful_existiert" + +# - name: dbug +# debug: +# msg: "{{ sudo_as_admin_successful_existiert }}" + + - name: touch ".sudo_as_admin_successful" + become: yes +# when: sudo_as_admin_successful_existiert.stat.exists == False + file: + path: /home/{{ item.name }}/.sudo_as_admin_successful + state: touch + access_time: preserve + modification_time: preserve + loop: "{{ base_users }}" + no_log: true + # entfernt: + # To run a command as administrator (user "root"), use "sudo ". + # See "man sudo_root" for details. + # unter der motd, bevor man sich das erstmal mit sudo angemeldet hat + + - name: create .selected_editor + become: yes + template: + src: ".selected_editor" + dest: "/home/{{ item.name }}/.selected_editor" + loop: "{{ base_users }}" + no_log: true diff --git a/roles/mgrote.create_users/templates/.selected_editor b/roles/mgrote.create_users/templates/.selected_editor new file mode 100644 index 00000000..67f9f4d6 --- /dev/null +++ b/roles/mgrote.create_users/templates/.selected_editor @@ -0,0 +1,2 @@ +# Generated by /usr/bin/select-editor +SELECTED_EDITOR="/bin/nano" diff --git a/roles/mgrote.cv4pve-autosnap/README.md b/roles/mgrote.cv4pve-autosnap/README.md new file mode 100644 index 00000000..172c02ce --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/README.md @@ -0,0 +1,24 @@ +## mgrote.cv4pve + +### Beschreibung +Installiert [cv4pve-autosnap](https://github.com/Corsinvest/cv4pve-autosnap). +Legt einen cronjob und das logfile an. + +### Funktioniert auf +- [x] ProxMox 6.1 + +### Variablen + Defaults +##### Version + cv4pve_version: "v1.9.3" +##### Cron Minute + cv4pve_cron_minute: "39" +##### Cron Stunde + cv4pve_cron_hour: "5" +##### API-Token (vorher erstellen) + cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX" +##### API-User (vorher erstellen) + cv4pve_api_user: "root@pam!test2" +##### VMs + cv4pve_vmid: all +##### Anzahl Snpshots zum aufheben + cv4pve_keed_snapshots: 3 diff --git a/roles/mgrote.cv4pve-autosnap/defaults/main.yml b/roles/mgrote.cv4pve-autosnap/defaults/main.yml new file mode 100644 index 00000000..75c7c277 --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/defaults/main.yml @@ -0,0 +1,8 @@ +--- + cv4pve_version: "v1.9.3" + cv4pve_cron_minute: "39" + cv4pve_cron_hour: "5" + cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX" + cv4pve_api_user: "root@pam!test2" + cv4pve_vmid: all + cv4pve_keed_snapshots: 3 diff --git a/roles/mgrote.cv4pve-autosnap/handlers/main.yml b/roles/mgrote.cv4pve-autosnap/handlers/main.yml new file mode 100644 index 00000000..925b52cb --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/handlers/main.yml @@ -0,0 +1,6 @@ + - name: "smbd neustarten" + become: yes + systemd: + name: smbd + enabled: yes + state: restarted diff --git a/roles/mgrote.cv4pve-autosnap/meta/main.yml b/roles/mgrote.cv4pve-autosnap/meta/main.yml new file mode 100644 index 00000000..677ce366 --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/meta/main.yml @@ -0,0 +1,17 @@ +--- +dependencies: +#- role: hedii.youtube-dl +# vars: +# youtubedl_executable_path: "/usr/local/bin/youtube-dl" +# youtubedl_update: true +galaxy_info: + author: mgrote + description: XXX + min_ansible_version: 2.0 + license: GPLv3 + platforms: + - name: Ubuntu + versions: + - all + galaxy_tags: + - system diff --git a/roles/mgrote.cv4pve-autosnap/tasks/main.yml b/roles/mgrote.cv4pve-autosnap/tasks/main.yml new file mode 100644 index 00000000..ec7533fd --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/tasks/main.yml @@ -0,0 +1,73 @@ +--- + - name: create directories + become: yes + file: + path: "{{ item }}" + state: directory + loop: + - '/tmp/cv4pve' + - '/usr/local/bin/cv4pve' + + - name: download archives + become: yes + get_url: ## hier variable für version + url: https://github.com/Corsinvest/cv4pve-autosnap/releases/download/{{ cv4pve_version }}/cv4pve-autosnap-linux-x64.zip + dest: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip + mode: '0775' + + - name: Extract archives + become: yes + unarchive: + src: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip + dest: /usr/local/bin/cv4pve + remote_src: yes + mode: a+x + + - name: copy bash-script + become: yes + template: + src: "cv4pve-script.sh" + dest: "/usr/local/bin/cv4pve/cv4pve-script.sh" + mode: a+x + + - name: create cronjob + become: yes + cron: + name: cv4pve-autosnap + state: present + job: "/usr/local/bin/cv4pve/cv4pve-script.sh" + minute: "{{ cv4pve_cron_minute }}" + hour: "{{ cv4pve_cron_hour }}" + + - name: Create log + become: true + file: + path: /var/log/cv4pve-autosnap.log + state: touch + owner: root + group: root + mode: 0644 + access_time: preserve + modification_time: preserve + + - name: Add Log to be Rotated + become: true + blockinfile: + path: /etc/logrotate.d/cv4pve-autosnap + state: present + create: yes + owner: root + group: root + mode: 0644 + block: | + /var/log/cv4pve-autosnap.log { + su root root + create 0640 root root + rotate 4 + weekly + compress + missingok + notifempty + dateext + dateyesterday + } diff --git a/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh b/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh new file mode 100644 index 00000000..8013af60 --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh @@ -0,0 +1,23 @@ +#!/bin/bash +LOCKDIR=${HOME}/.cache +function exlock() { + exec {lock_fd}>${LOCKDIR}/$(basename $0).lock + flock -nx "$lock_fd" + if [[ $? == 1 ]]; then + exit 1 + fi +} +function unlock() { + rm "${LOCKDIR}/$(basename $0).lock" + [[ -n $1 ]] && exit $1 + exit +} + +exlock +( +echo $(date) +/usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keed_snapshots }}" --state +/usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="all" status +) >> /var/log/cv4pve-autosnap.log 2>&1 + +unlock diff --git a/roles/mgrote.deactivate_ssh_password_login/README.md b/roles/mgrote.deactivate_ssh_password_login/README.md new file mode 100644 index 00000000..7957eaf0 --- /dev/null +++ b/roles/mgrote.deactivate_ssh_password_login/README.md @@ -0,0 +1,9 @@ +## mgrote.deactivate_ssh_password_login + +### Beschreibung +Deaktiviert den SSH LogIn mit Passwort + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [x] Debian +- [x ] ProxMox 6.1 diff --git a/roles/mgrote.deactivate_ssh_password_login/handlers/main.yml b/roles/mgrote.deactivate_ssh_password_login/handlers/main.yml new file mode 100644 index 00000000..a97f0dcb --- /dev/null +++ b/roles/mgrote.deactivate_ssh_password_login/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: restart_sshd + become: yes + systemd: + name: sshd + enabled: yes + state: restarted diff --git a/roles/mgrote.deactivate_ssh_password_login/tasks/main.yml b/roles/mgrote.deactivate_ssh_password_login/tasks/main.yml new file mode 100644 index 00000000..427bffb3 --- /dev/null +++ b/roles/mgrote.deactivate_ssh_password_login/tasks/main.yml @@ -0,0 +1,10 @@ +--- + - name: prohibit ssh login with password + become: yes + lineinfile: + path: /etc/ssh/sshd_config + regexp: '#PasswordAuthentication yes' + line: 'PasswordAuthentication no' + state: present + backrefs: yes + notify: restart_sshd diff --git a/roles/mgrote.deploy_ssh_keys/README.md b/roles/mgrote.deploy_ssh_keys/README.md new file mode 100644 index 00000000..9485070f --- /dev/null +++ b/roles/mgrote.deploy_ssh_keys/README.md @@ -0,0 +1,15 @@ +## mgrote.deploy_ssh_keys + +### Beschreibung +Deployed einen ssh key in die authorized_keys. +Erlaubt dem Nutzer passwortloses "sudo" + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [ ] ProxMox 6.1 + +### Variablen + Defaults +##### Nutzer + ssh_user: mg +##### Key + ssh_pubkey: ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBZc+/pULaZefCgjKGL1zXIFFlw== mg@irantu diff --git a/roles/mgrote.deploy_ssh_keys/defaults/main.yml b/roles/mgrote.deploy_ssh_keys/defaults/main.yml new file mode 100644 index 00000000..4b43d255 --- /dev/null +++ b/roles/mgrote.deploy_ssh_keys/defaults/main.yml @@ -0,0 +1,3 @@ +--- + ssh_user: mg + ssh_pubkey: ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBZc+/pULaZefCgjKGL1zXIFFlw== mg@irantu diff --git a/roles/mgrote.deploy_ssh_keys/tasks/main.yml b/roles/mgrote.deploy_ssh_keys/tasks/main.yml new file mode 100644 index 00000000..4ae5014d --- /dev/null +++ b/roles/mgrote.deploy_ssh_keys/tasks/main.yml @@ -0,0 +1,22 @@ +--- + - name: create .ssh directory + become: yes + file: + path: "/home/{{ ssh_user }}/.ssh" + state: directory + + - name: touch file + become: yes + file: + path: "/home/{{ ssh_user }}/.ssh/authorized_keys" + state: touch + modification_time: preserve + access_time: preserve + + - name: put pubkey + become: yes + lineinfile: + path: "/home/{{ ssh_user }}/.ssh/authorized_keys" + line: "{{ ssh_pubkey }}" + state: present + backup: yes diff --git a/roles/mgrote.dokuwiki/README.md b/roles/mgrote.dokuwiki/README.md new file mode 100644 index 00000000..0e3a88f8 --- /dev/null +++ b/roles/mgrote.dokuwiki/README.md @@ -0,0 +1,36 @@ +## mgrote.dokuwiki + +### Beschreibung +Installiert Dokuwiki (mit apache2 und php-fpm). +Es werden keine Einstellungen gesetzt +### Funktioniert auf +- [x] Ubuntu (>=18.04) + +### Variablen + Defaults +##### Pfad zu Dokuwiki + dokuwiki_install_path: /var/www/dokuwiki +##### Soll IMMER ein Update/Neuer Download durchgeführt werden +- Muss für den ersten Lauf aktiviert sein! + dokuwiki_update: true +##### install.php behalten (für Ersteinrichtung) + dokuwiki_install: false +### Beispiel Playbook +```yaml +--- +- hosts: dokuwiki + roles: + - { role: mgrote.dokuwiki, tags: "dokuwiki" } +``` + + +### Einrichtung danach... +#### entweder mit dem Assistenten einrichten +--> http://dokuwiki-test.grote.lan/install.php +#### oder die alten Dateien verwenden +Nach dem ausführen des Playbooks +alles in `/var/www/dokuwiki` löschen +`rm -rf * /var/www/dokuwiki/` +die alten Dateien nach "/var/www/dokuwiki" kopieren +`mv /home/mg/dokuwiki /var/www/` +die Dateirechte richtig setzen +`chown -R www-data /var/www/dokuwiki/` diff --git a/roles/mgrote.dokuwiki/defaults/main.yml b/roles/mgrote.dokuwiki/defaults/main.yml new file mode 100644 index 00000000..c6d2fbc4 --- /dev/null +++ b/roles/mgrote.dokuwiki/defaults/main.yml @@ -0,0 +1,4 @@ +--- + dokuwiki_install_path: /var/www/dokuwiki + dokuwiki_update: false + dokuwiki_install: false diff --git a/roles/mgrote.dokuwiki/handlers/main.yml b/roles/mgrote.dokuwiki/handlers/main.yml new file mode 100644 index 00000000..b04ed67b --- /dev/null +++ b/roles/mgrote.dokuwiki/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: restart_apache2 + become: yes + systemd: + name: apache2 + state: restarted + enabled: yes diff --git a/roles/mgrote.dokuwiki/meta/main.yml b/roles/mgrote.dokuwiki/meta/main.yml new file mode 100644 index 00000000..7c642ac9 --- /dev/null +++ b/roles/mgrote.dokuwiki/meta/main.yml @@ -0,0 +1,13 @@ +--- +dependencies: +galaxy_info: + author: mgrote + description: install_dokuwiki + min_ansible_version: 2.0 + license: GPLv3 + platforms: + - name: Ubuntu + versions: + - all + galaxy_tags: + - system diff --git a/roles/mgrote.dokuwiki/tasks/main.yml b/roles/mgrote.dokuwiki/tasks/main.yml new file mode 100644 index 00000000..e87de482 --- /dev/null +++ b/roles/mgrote.dokuwiki/tasks/main.yml @@ -0,0 +1,91 @@ + - name: install packages + become: yes + apt: + name: + - php + - php-mbstring + - php-xml + - apache2 + - libapache2-mod-php + - php-xml + - php-gd + state: present + + # aktiviert das module rewrite = a2enmod rewrite + - name: activate a2enmod rewrite + become: yes + apache2_module: + state: present + name: rewrite + + - name: Download latest dokuwiki + become: yes + get_url: + url: https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz + dest: /tmp/dokuwiki-stable.tgz + when: dokuwiki_update # noqa 601 # entspricht when: dokuwiki_update == true; noqa sorgt dafür dass das beispiel nicht "gemeldet" wird + + - name: create dokuwiki install path + become: yes + file: + path: "{{ dokuwiki_install_path }}" + state: directory + owner: www-data + group: www-data + + - name: Unarchive dokuwiki-stable.tgz to {{ dokuwiki_install_path }} + become: yes + unarchive: + src: /tmp/dokuwiki-stable.tgz + dest: "{{ dokuwiki_install_path }}" + owner: www-data + remote_src: yes + list_files: yes + extra_opts: [--strip-components=1] # entfernt die erste Ebene des Archives + when: dokuwiki_update + + - name: Remove default plugins + become: yes + file: + path: '{{ dokuwiki_install_path }}/lib/plugins/{{ item }}' + state: absent + with_items: + - authpdo + - authmysql + - authpgsql + - authad + when: dokuwiki_update + + - name: Change file ownership, group and permissions + become: yes + file: + path: "{{ dokuwiki_install_path }}" + owner: www-data + group: www-data + + - name: copy apache2.conf + become: yes + template: + src: "apache2.conf" + dest: "/etc/apache2/apache2.conf" + notify: restart_apache2 + + - name: copy 000-default.conf + become: yes + template: + src: "000-default.conf" + dest: "/etc/apache2/sites-enabled/000-default.conf" + notify: restart_apache2 + + - name: remove tmp files + become: yes + file: + path: /tmp/dokuwiki-stable.tgz + state: absent + + - name: remove install.php + become: yes + file: + path: '{{ dokuwiki_install_path }}/install.php' + state: absent + when: not dokuwiki_install # noqa 601 # entspricht when: dokuwiki_update == true; noqa sorgt dafür dass das beispiel nicht "gemeldet" wird # entspricht == false diff --git a/roles/mgrote.dokuwiki/templates/000-default.conf b/roles/mgrote.dokuwiki/templates/000-default.conf new file mode 100644 index 00000000..34527592 --- /dev/null +++ b/roles/mgrote.dokuwiki/templates/000-default.conf @@ -0,0 +1,31 @@ + + # The ServerName directive sets the request scheme, hostname and port that + # the server uses to identify itself. This is used when creating + # redirection URLs. In the context of virtual hosts, the ServerName + # specifies what hostname must appear in the request's Host: header to + # match this virtual host. For the default virtual host (this file) this + # value is not decisive as it is used as a last resort host regardless. + # However, you must set it for any further virtual host explicitly. + #ServerName www.example.com + + ServerAdmin webmaster@localhost + DocumentRoot {{ dokuwiki_install_path }} + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/roles/mgrote.dokuwiki/templates/apache2.conf b/roles/mgrote.dokuwiki/templates/apache2.conf new file mode 100644 index 00000000..18c8f20a --- /dev/null +++ b/roles/mgrote.dokuwiki/templates/apache2.conf @@ -0,0 +1,227 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/roles/mgrote.dotfiles/README.md b/roles/mgrote.dotfiles/README.md new file mode 100644 index 00000000..bb523a97 --- /dev/null +++ b/roles/mgrote.dotfiles/README.md @@ -0,0 +1,22 @@ +## mgrote.dotfiles + +### Beschreibung +Klont ein git-repo, und symlinked die darin enthaltenen Dateien in ein Verzeichnis. + +### Funktioniert auf +- [ ] Ubuntu (>=18.04) +- [ ] ProxMox 6.1 + +### Variablen + Defaults +##### Remote Repository + dotfiles_remote_repo: "https://github.com/quotengrote/dotfiles" +##### User + dotfiles_user: "mg" +##### Where to Link + dotfiles_link_target: "/home/mg" +##### Local Repo + dotfiles_local_repo_directory: "/home/mg/dotfiles-repo" +##### Which files should be linked + dotfiles_files_to_copy: + - .tmux.conf + - .bash_aliases diff --git a/roles/mgrote.dotfiles/defaults/main.yml b/roles/mgrote.dotfiles/defaults/main.yml new file mode 100644 index 00000000..45563fd4 --- /dev/null +++ b/roles/mgrote.dotfiles/defaults/main.yml @@ -0,0 +1,8 @@ +--- + dotfiles_local_repo_directory: "/home/mg/dotfiles-repo" + dotfiles_user: "mg" + dotfiles_link_target: "/home/mg" + dotfiles_remote_repo: "https://github.com/quotengrote/dotfiles" + dotfiles_files_to_copy: + - .tmux.conf + - .bash_aliases diff --git a/roles/mgrote.dotfiles/tasks/main.yml b/roles/mgrote.dotfiles/tasks/main.yml new file mode 100644 index 00000000..7d29ea97 --- /dev/null +++ b/roles/mgrote.dotfiles/tasks/main.yml @@ -0,0 +1,27 @@ +- name: create repo-directory + become: true + file: + path: "{{ dotfiles_local_repo_directory }}" + state: directory +# noqa [401] +- name: clone repository + become: true + git: + repo: "{{ dotfiles_remote_repo }}" + dest: "{{ dotfiles_local_repo_directory }}" + clone: yes + force: yes + depth: 1 + version: HEAD + tags: + - skip_ansible_lint + +- name: create symlinks for files from repo + become: true + file: + src: "{{ dotfiles_local_repo_directory }}/{{ item }}" + dest: "{{ dotfiles_link_target }}/{{ item }}" + owner: "{{ dotfiles_user }}" + state: link + force: yes + with_items: "{{ dotfiles_files_to_copy }}" diff --git a/roles/mgrote.ecc-rasdaemon/README.md b/roles/mgrote.ecc-rasdaemon/README.md new file mode 100644 index 00000000..25f25c53 --- /dev/null +++ b/roles/mgrote.ecc-rasdaemon/README.md @@ -0,0 +1,11 @@ +## mgrote.ecc-rasdaemon + +### Beschreibung +Installiert rasdaemon. +Logt ECC-Errors nach "/var/log/rasdaemon.log" + +### Funktioniert auf +- [x] ProxMox 6.1 + +### Siehe auch +- https://www.setphaserstostun.org/posts/monitoring-ecc-memory-on-linux-with-rasdaemon/ diff --git a/roles/mgrote.ecc-rasdaemon/handlers/main.yml b/roles/mgrote.ecc-rasdaemon/handlers/main.yml new file mode 100644 index 00000000..2083e2d9 --- /dev/null +++ b/roles/mgrote.ecc-rasdaemon/handlers/main.yml @@ -0,0 +1,4 @@ +--- + - name: labels + become: yes + shell: '/usr/sbin/ras-mc-ctl --guess-labels >> /var/log/rasdaemon.log' diff --git a/roles/mgrote.ecc-rasdaemon/tasks/main.yml b/roles/mgrote.ecc-rasdaemon/tasks/main.yml new file mode 100644 index 00000000..87f1e80a --- /dev/null +++ b/roles/mgrote.ecc-rasdaemon/tasks/main.yml @@ -0,0 +1,66 @@ + - name: Install rasdaemon + become: true + package: + name: + - rasdaemon + - logrotate + state: present + notify: labels + + - name: Enable rasdaemon service + become: true + service: + name: rasdaemon + enabled: true + + - name: Start rasdaemon service + become: true + service: + name: rasdaemon + state: started + + - name: Create rasdaemon log + become: true + file: + path: /var/log/rasdaemon.log + state: touch + access_time: preserve + modification_time: preserve + + - name: Add rasdaemon Log to be Rotated + become: true + blockinfile: + path: /etc/logrotate.d/rasdaemon + state: present + create: yes + owner: root + group: root + mode: 0644 + block: | + /var/log/rasdaemon.log { + su root root + create 0640 root root + rotate 4 + weekly + compress + missingok + notifempty + dateext + dateyesterday + } + + - name: rasdaemon-cron kopieren + become: yes + template: + src: rasdaemon-cron.sh + dest: "/usr/local/bin/rasdaemon-cron.sh" + mode: a+x + + - name: create cronjob + become: yes + cron: + name: rasdaemon-log + state: present + job: /usr/local/bin/rasdaemon-cron.sh + minute: "5" + hour: "4,8,12,16,20,0" diff --git a/roles/mgrote.ecc-rasdaemon/templates/rasdaemon-cron.sh b/roles/mgrote.ecc-rasdaemon/templates/rasdaemon-cron.sh new file mode 100644 index 00000000..156e1133 --- /dev/null +++ b/roles/mgrote.ecc-rasdaemon/templates/rasdaemon-cron.sh @@ -0,0 +1,13 @@ +#!/bin/bash +##################### +## https://www.tothenew.com/blog/foolproof-your-bash-script-some-best-practices/ +set -o nounset +set -o errexit +# trap ctrl-c and call ctrl_c() +trap ctrl_c INT +( +echo "--------------------------------------------------" +echo $(date) +/usr/sbin/ras-mc-ctl --status +/usr/sbin/ras-mc-ctl --errors +) >> /var/log/rasdaemon.log 2>&1 diff --git a/roles/mgrote.fail2ban/README.md b/roles/mgrote.fail2ban/README.md new file mode 100644 index 00000000..3822b54e --- /dev/null +++ b/roles/mgrote.fail2ban/README.md @@ -0,0 +1,22 @@ +## mgrote. + +### Beschreibung + +### Funktioniert auf +- [ ] Ubuntu (>=18.04) +- [ ] Debian + +- [ ] ProxMox 6.1 + +### Variablen + Defaults +##### Erklaerung +befehl... + + + +## Checkliste fuer Rolle +- [ ] Variablen in Doku +- [ ] Cron immer als Var +- [ ] dependencies als Meta +- [ ] defaults wenn moeglich fuer alle Vars +- [ ] Beispiel-Playbook diff --git a/roles/mgrote.fail2ban/defaults/main.yml b/roles/mgrote.fail2ban/defaults/main.yml new file mode 100644 index 00000000..e69366ae --- /dev/null +++ b/roles/mgrote.fail2ban/defaults/main.yml @@ -0,0 +1,5 @@ +--- + # Werte in Sekunden + f2b_bantime: 60 + f2b_findtime: 600 + f2b_maxretry: 5 diff --git a/roles/mgrote.fail2ban/handlers/main.yml b/roles/mgrote.fail2ban/handlers/main.yml new file mode 100644 index 00000000..33852c6b --- /dev/null +++ b/roles/mgrote.fail2ban/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: restart_f2b + become: yes + systemd: + name: fail2ban + enabled: yes + state: restarted diff --git a/roles/mgrote.fail2ban/meta/main.yml b/roles/mgrote.fail2ban/meta/main.yml new file mode 100644 index 00000000..fbdfc873 --- /dev/null +++ b/roles/mgrote.fail2ban/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: mgrote.postfix-gmail diff --git a/roles/mgrote.fail2ban/tasks/main.yml b/roles/mgrote.fail2ban/tasks/main.yml new file mode 100644 index 00000000..710d26a3 --- /dev/null +++ b/roles/mgrote.fail2ban/tasks/main.yml @@ -0,0 +1,22 @@ +--- + - name: install fail2ban-packages + become: yes + apt: + name: fail2ban + state: present + + - name: copy jail.local + become: yes + template: + src: jail.local + dest: /etc/fail2ban/jail.local + mode: 0750 + notify: restart_f2b + + - name: copy sendmail-common.local + become: yes + template: + src: sendmail-common.local + dest: /etc/fail2ban/action.d/sendmail-common.local + mode: 0750 + notify: restart_f2b diff --git a/roles/mgrote.fail2ban/templates/jail.local b/roles/mgrote.fail2ban/templates/jail.local new file mode 100644 index 00000000..8bc1041f --- /dev/null +++ b/roles/mgrote.fail2ban/templates/jail.local @@ -0,0 +1,23 @@ +[DEFAULT] +ignorself = true +ignoreip = 127.0.0.1/8 ::1 +bantime = {{ f2b_bantime }} +findtime = {{ f2b_findtime }} +maxretry = {{ f2b_maxretry }} + +# Mail Reporting +destemail = michael.grote@posteo.de +sender = michael.grote@gmail.com + +# to ban & send an e-mail with whois report to the destemail. +#action = %(action_mw)s + +# same as action_mw but also send relevant log lines +action = %(action_mwl)s + +# JAILS +[sshd] +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log diff --git a/roles/mgrote.fail2ban/templates/sendmail-common.local b/roles/mgrote.fail2ban/templates/sendmail-common.local new file mode 100644 index 00000000..3f32cfcd --- /dev/null +++ b/roles/mgrote.fail2ban/templates/sendmail-common.local @@ -0,0 +1,3 @@ +[Definition] +actionstart = +actionstop = diff --git a/roles/mgrote.fileserver_smb/Notizen.md b/roles/mgrote.fileserver_smb/Notizen.md new file mode 100644 index 00000000..e1939041 --- /dev/null +++ b/roles/mgrote.fileserver_smb/Notizen.md @@ -0,0 +1,207 @@ + path = /media/share + writeable = yes + browseable = yes + public = yes + create mask = 0644 + directory mask = 0755 + force user = shareuser + fuer alle + + + + + + + + + + + + + + - name: Erstelle SAMBA-Shares + template: + src: smb.conf + dest: /etc/samba/smb.conf + validate: 'testparm -s %s' + notify: smbd neustarten + + + + - name: Testing Iteration + copy: + dest: /etc/samba/smb.conf + content: | + {% for freigaben in [freigaben] %} + [{{ item.freigabename }}] + read only = no + browseable = yes + public = yes + writable = yes + available = yes + valid users {{ item.erlaubte_user }} + path = /shares/{{ item.ordnername }} + + {% endfor %} + + + +(% for freigaben in {{ freigaben }} %) + +{{ item.freigabename }} +read only = no + +(% endfor %) + + + valid users {{ item.erlaubte_user }} + + +[mg] + path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/mg + hide special files = Yes + create mask = 0664 + directory mask = 0775 + force create mode = 0664 + force directory mode = 0775 + inherit acls = Yes + read only = No + valid users = michaelgrote win10 + write list = michaelgrote win10 + vfs objects = recycle + recycle:maxsize = 0 + recycle:exclude_dir = + recycle:exclude = + recycle:subdir_mode = 0700 + recycle:directory_mode = 0777 + recycle:touch = yes + recycle:versions = yes + recycle:keeptree = yes + recycle:repository = .recycle/%U + + + +[aptcacherng] + path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/aptcacherng + hide special files = Yes + create mask = 0664 + directory mask = 0775 + force create mode = 0664 + force directory mode = 0775 + inherit permissions = Yes + read only = No + + + + +[Backup] + path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/Backup + hide special files = Yes + create mask = 0664 + directory mask = 0775 + force create mode = 0664 + force directory mode = 0775 + inherit acls = Yes + read only = No + valid users = annemariedroessler michaelgrote restic toolserver win10 + write list = annemariedroessler michaelgrote restic toolserver win10 + vfs objects = recycle + recycle:maxsize = 0 + recycle:exclude_dir = + recycle:exclude = + recycle:subdir_mode = 0700 + recycle:directory_mode = 0777 + recycle:touch = yes + recycle:versions = yes + recycle:keeptree = yes + recycle:repository = .recycle/%U + + +[amd] + path = /srv/7050c4a3-98ad-41bd-804d-a85c94b16468/amd + hide special files = Yes + create mask = 0664 + directory mask = 0775 + force create mode = 0664 + force directory mode = 0775 + inherit acls = Yes + read list = michaelgrote win10 + read only = No + valid users = michaelgrote annemariedroessler win10 + write list = annemariedroessler + vfs objects = recycle + recycle:maxsize = 0 + recycle:exclude_dir = + recycle:exclude = + recycle:subdir_mode = 0700 + recycle:directory_mode = 0777 + recycle:touch = yes + recycle:versions = yes + recycle:keeptree = yes + recycle:repository = .recycle/%U + + + + + + + + + + + server string = %h server + log file = /var/log/samba/log.%m + logging = syslog + max log size = 1000 + panic action = /usr/share/samba/panic-action %d + disable spoolss = Yes + load printers = No + printcap name = /dev/null + map to guest = Bad User + pam password change = Yes + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + passwd program = /usr/bin/passwd %u + socket options = TCP_NODELAY IPTOS_LOWDELAY + dns proxy = No + idmap config * : backend = tdb + printing = bsd + acl allow execute always = Yes + create mask = 0777 + directory mask = 0777 + aio read size = 16384 + aio write size = 16384 + allocation roundup size = 4096 + use sendfile = Yes + + + + +Variable precedence +docs + +From 2.0 on, from lowest priority to highest - in other words, if a variable is defined in two places, the place that’s farther down in this list takes precedence. + +role defaults [1] +inventory file or script group vars [2] +inventory group_vars/all [3] +playbook group_vars/all [3] +inventory group_vars/* [3] +playbook group_vars/* [3] +inventory file or script host vars [2] +inventory host_vars/* +playbook host_vars/* +host facts / cached set_facts [4] +inventory host_vars/* [3] +playbook host_vars/* [3] +host facts +play vars +play vars_prompt +play vars_files +role vars (defined in role/vars/main.yml) +block vars (only for tasks in block) +task vars (only for the task) +include_vars +set_facts / registered vars +role (and include_role) params +include params +extra vars (defined on command line with -e, always win precedence) diff --git a/roles/mgrote.fileserver_smb/README.md b/roles/mgrote.fileserver_smb/README.md new file mode 100644 index 00000000..2ec87225 --- /dev/null +++ b/roles/mgrote.fileserver_smb/README.md @@ -0,0 +1,33 @@ +## mgrote.fileserver + +### Beschreibung +Installiert und Konfiguriert einen Fileserver mit Samba. +#### Rechte +Rechte im Dateisystem sind + - `chown -R root:users /shares/` + - `chmod -R 777 /shares/` + - alle Nutzer sind Mitglied der Gruppe "users" + - in Samba(global) + - `force user = root` + - `force group = users` + +Damit werden die Nutzer mit Ihrem Konto auf die SAMBA-Freigabe berechtigt, aber die Lese/Schreiboperationen auf dem Dateisystem als "root" durchgefuehrt. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [ ] Debian + + +### Variablen +Es sind keine "defaults" gesetzt! +##### Anzulegende Nutzer mit Name, Gruppe, Passwort + smb_nutzer: + - { name: 'andreasgrote', groups: 'nutzer', password: 'hallowelt' } +##### um existierende Nutzer zu loeschen + smb_nutzer_loeschen: + - { name: '' } +##### zu erstellende Freigaben: mit Name, Ordnername, Basis-Ordner, Nutzer die lesen und schreiben duerfen + smb_freigaben: + - { freigabename: 'Backup', ordnername: 'Backup', base_folder: '/shares', lese_nutzer: '', schreibe_nutzer: 'annemariedroessler mg restic toolserver win10' } +##### Welche "Arbeitsgruppe" + smb_workgroup: WORKGROUP diff --git a/roles/mgrote.fileserver_smb/defaults/main.yml b/roles/mgrote.fileserver_smb/defaults/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/mgrote.fileserver_smb/handlers/main.yml b/roles/mgrote.fileserver_smb/handlers/main.yml new file mode 100644 index 00000000..be151c27 --- /dev/null +++ b/roles/mgrote.fileserver_smb/handlers/main.yml @@ -0,0 +1,13 @@ + - name: "smbd neustarten" + become: yes + systemd: + name: smbd + enabled: yes + state: restarted + + - name: set_samba_passwords + become: yes + shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/ + with_items: + - "{{ smb_nutzer }}" + no_log: True diff --git a/roles/mgrote.fileserver_smb/tasks/main.yml b/roles/mgrote.fileserver_smb/tasks/main.yml new file mode 100644 index 00000000..bd82b597 --- /dev/null +++ b/roles/mgrote.fileserver_smb/tasks/main.yml @@ -0,0 +1,54 @@ + - name: SAMBA installieren + become: yes + apt: + name: + - samba + - cifs-utils + - samba-common + - samba-common-bin + - samba-vfs-modules + state: present + + - name: Erstelle Linux-Gruppen # vat /etc/group #kommt aus vars im playbook + become: yes + group: + name: "{{ item.groups }}" + state: present + loop: "{{ smb_nutzer }}" + no_log: True + + - name: Erstelle Linux-Nutzer #kommt aus vars im playbook + become: yes + user: + name: "{{ item.name }}" + group: "{{ item.groups }}" + state: present + loop: "{{ smb_nutzer }}" + no_log: True + notify: set_samba_passwords + + - name: Loesche alte Linux-Nutzer #kommt aus vars im playbook + become: yes + user: + name: "{{ item.name }}" + state: absent + loop: "{{ smb_nutzer_loeschen }}" + + - name: Erstelle Freigabeordner + become: yes + file: + path: "{{ item.ordnerpfad }}" + state: directory + mode: 0777 + loop: "{{ smb_freigaben }}" + + - name: "Konfiguriere Freigaben" + become: yes + template: + src: smb.conf.j2 + dest: /etc/samba/smb.conf + validate: 'testparm -s %s' + with_items: + - "{{ smb_freigaben }}" + notify: smbd neustarten + no_log: True diff --git a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 new file mode 100644 index 00000000..f11ee0f5 --- /dev/null +++ b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 @@ -0,0 +1,76 @@ +#======================= Global Settings ======================= +[global] +workgroup = {{ smb_workgroup }} +server string = %h server +dns proxy = no +log level = 1 +log file = /var/log/samba/log +max log size = 1000 +logging = syslog +panic action = /usr/share/samba/panic-action %d +encrypt passwords = true +passdb backend = tdbsam +obey pam restrictions = no +unix password sync = no +passwd program = /usr/bin/passwd %u +passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . +pam password change = yes +socket options = TCP_NODELAY IPTOS_LOWDELAY +guest account = nobody +load printers = no +disable spoolss = yes +printing = bsd +printcap name = /dev/null +unix extensions = yes +wide links = no +create mask = 0777 +directory mask = 0777 +map to guest = Bad User +use sendfile = yes +aio read size = 16384 +aio write size = 16384 +local master = yes +time server = no +wins support = no +acl allow execute always = yes +allocation roundup size = 4096 + +force user = root +force group = users + + +#======================= ZFS Snapshots ======================= +vfs objects = shadow_copy2 +shadow: snapdir = .zfs/snapshot +shadow: sort = desc +shadow: format = _%Y-%m-%d_%H:%M:%S +shadow: snapprefix = ^autosnap +shadow: delimiter = _ +shadow: localtime = no + +#======================= Share Definitions ======================= +{% for item in smb_freigaben %} + +[{{ item.freigabename }}] + path = {{ item.ordnerpfad }} + guest ok = no + read only = no + browseable = yes + inherit acls = yes + inherit permissions = no + ea support = no + store dos attributes = no + printable = no + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + hide special files = yes + follow symlinks = yes + hide dot files = yes + valid users = {{ item.lese_nutzer}} {{ item.schreibe_nutzer}} + invalid users = + read list ={{ item.lese_nutzer}} + write list = {{ item.schreibe_nutzer}} + +{% endfor %} diff --git a/roles/mgrote.grafana/README.md b/roles/mgrote.grafana/README.md new file mode 100644 index 00000000..a6f4400b --- /dev/null +++ b/roles/mgrote.grafana/README.md @@ -0,0 +1,25 @@ +## mgrote. + +### Beschreibung + +### Funktioniert auf +- [ ] Ubuntu (>=18.04) +- [ ] Debian + +- [ ] ProxMox 6.1 + +### Variablen + Defaults +##### Erklaerung +befehl... + + + +## Checkliste fuer Rolle +- [ ] Variablen in Doku +- [ ] Cron immer als Var +- [ ] dependencies als Meta +- [ ] defaults wenn moeglich fuer alle Vars + + +port 3000 +admin:admin diff --git a/roles/mgrote.grafana/defaults/main.yml b/roles/mgrote.grafana/defaults/main.yml new file mode 100644 index 00000000..b4301119 --- /dev/null +++ b/roles/mgrote.grafana/defaults/main.yml @@ -0,0 +1,8 @@ +--- + grafana_http_port: 3000 + grafana_url: "http://tig.grote.lan:3000" + grafana_server: "tig.grote.lan" + grafana_influx_url: "http://tig.grote.lan:8086" + grafana_user: admin + grafana_password: hallowelt + grafana_telegraf_database_name: telegraf diff --git a/roles/mgrote.grafana/handlers/main.yml b/roles/mgrote.grafana/handlers/main.yml new file mode 100644 index 00000000..f9a9e956 --- /dev/null +++ b/roles/mgrote.grafana/handlers/main.yml @@ -0,0 +1,10 @@ +--- + - name: enable_grafana_service + service: + name: grafana-server + enabled: yes + + - name: restart_grafana_service + service: + name: grafana-server + state: restarted diff --git a/roles/mgrote.grafana/tasks/main.yml b/roles/mgrote.grafana/tasks/main.yml new file mode 100644 index 00000000..c9bcf615 --- /dev/null +++ b/roles/mgrote.grafana/tasks/main.yml @@ -0,0 +1,51 @@ +--- + - name: Install necessary packages + apt: + name: apt-transport-https + state: present + update_cache: yes + + - name: add apt-key + apt_key: + url: https://packages.grafana.com/gpg.key + state: present + + - name: grafana-repository hinzufuegen + become: yes + apt_repository: + repo: 'deb https://packages.grafana.com/oss/deb stable main' + state: present + filename: grafana_repo + update_cache: yes + + - name: Install grafana + apt: + name: grafana + state: present + update_cache: yes + notify: + - restart_grafana_service + - enable_grafana_service + + - name: templating grafana.ini + template: + src: grafana.ini + dest: /etc/grafana/grafana.ini + notify: + - restart_grafana_service + + - name: start_grafana_service + service: + name: grafana-server + state: started + + - name: Create influxdb datasource + grafana_datasource: + name: "{{ grafana_telegraf_database_name }}" + grafana_url: "{{ grafana_url }}" + grafana_user: "{{ grafana_user }}" + grafana_password: "{{ grafana_password }}" + ds_type: "influxdb" + ds_url: "{{ grafana_influx_url }}" + database: "{{ grafana_telegraf_database_name }}" + state: present diff --git a/roles/mgrote.grafana/templates/grafana.ini b/roles/mgrote.grafana/templates/grafana.ini new file mode 100644 index 00000000..261caac4 --- /dev/null +++ b/roles/mgrote.grafana/templates/grafana.ini @@ -0,0 +1,762 @@ +##################### Grafana Configuration Example ##################### +# +# Everything has defaults so you only need to uncomment things you want to +# change + +# possible values : production, development +;app_mode = production + +# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty +;instance_name = ${HOSTNAME} + +#################################### Paths #################################### +[paths] +# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) +;data = /var/lib/grafana + +# Temporary files in `data` directory older than given duration will be removed +;temp_data_lifetime = 24h + +# Directory where grafana can store logs +;logs = /var/log/grafana + +# Directory where grafana will automatically scan and look for plugins +;plugins = /var/lib/grafana/plugins + +# folder that contains provisioning config files that grafana will apply on startup and while running. +;provisioning = conf/provisioning + +#################################### Server #################################### +[server] +# Protocol (http, https, h2, socket) +;protocol = http + +# The ip address to bind to, empty will bind to all interfaces +;http_addr = + +# The http port to use +http_port = {{ grafana_http_port }} + +# The public facing domain name used to access grafana from a browser +;domain = localhost + +# Redirect to correct domain if host header does not match domain +# Prevents DNS rebinding attacks +;enforce_domain = false + +# The full public facing url you use in browser, used for redirects and emails +# If you use reverse proxy and sub path specify full url (with sub path) +;root_url = %(protocol)s://%(domain)s:%(http_port)s/ + +# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. +;serve_from_sub_path = false + +# Log web requests +;router_logging = false + +# the path relative working path +;static_root_path = public + +# enable gzip +;enable_gzip = false + +# https certs & key file +;cert_file = +;cert_key = + +# Unix socket path +;socket = + +#################################### Database #################################### +[database] +# You can configure the database connection by specifying type, host, name, user and password +# as separate properties or as on string using the url properties. + +# Either "mysql", "postgres" or "sqlite3", it's your choice +;type = sqlite3 +;host = 127.0.0.1:3306 +;name = grafana +;user = root +# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" +;password = + +# Use either URL or the previous fields to configure the database +# Example: mysql://user:secret@host:port/database +;url = + +# For "postgres" only, either "disable", "require" or "verify-full" +;ssl_mode = disable + +;ca_cert_path = +;client_key_path = +;client_cert_path = +;server_cert_name = + +# For "sqlite3" only, path relative to data_path setting +;path = grafana.db + +# Max idle conn setting default is 2 +;max_idle_conn = 2 + +# Max conn setting default is 0 (mean not set) +;max_open_conn = + +# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) +;conn_max_lifetime = 14400 + +# Set to true to log the sql calls and execution times. +;log_queries = + +# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared) +;cache_mode = private + +#################################### Cache server ############################# +[remote_cache] +# Either "redis", "memcached" or "database" default is "database" +;type = database + +# cache connectionstring options +# database: will use Grafana primary database. +# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. +# memcache: 127.0.0.1:11211 +;connstr = + +#################################### Data proxy ########################### +[dataproxy] + +# This enables data proxy logging, default is false +;logging = false + +# How long the data proxy waits before timing out, default is 30 seconds. +# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set. +;timeout = 30 + +# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. +;send_user_header = false + +#################################### Analytics #################################### +[analytics] +# Server reporting, sends usage counters to stats.grafana.org every 24 hours. +# No ip addresses are being tracked, only simple counters to track +# running instances, dashboard and error counts. It is very helpful to us. +# Change this option to false to disable reporting. +;reporting_enabled = true + +# Set to false to disable all checks to https://grafana.net +# for new vesions (grafana itself and plugins), check is used +# in some UI views to notify that grafana or plugin update exists +# This option does not cause any auto updates, nor send any information +# only a GET request to http://grafana.com to get latest versions +;check_for_updates = true + +# Google Analytics universal tracking code, only enabled if you specify an id here +;google_analytics_ua_id = + +# Google Tag Manager ID, only enabled if you specify an id here +;google_tag_manager_id = + +#################################### Security #################################### +[security] +# disable creation of admin user on first start of grafana +;disable_initial_admin_creation = false + +# default admin user, created on startup +;admin_user = admin + +# default admin password, can be changed before first start of grafana, or in profile settings +;admin_password = admin + +# used for signing +;secret_key = SW2YcwTIb9zpOOhoPsMm + +# disable gravatar profile images +;disable_gravatar = false + +# data source proxy whitelist (ip_or_domain:port separated by spaces) +;data_source_proxy_whitelist = + +# disable protection against brute force login attempts +;disable_brute_force_login_protection = false + +# set to true if you host Grafana behind HTTPS. default is false. +;cookie_secure = false + +# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" +;cookie_samesite = lax + +# set to true if you want to allow browsers to render Grafana in a ,