slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first draft
Some checks failed
ansible-lint / lint-everything (push) Failing after 1m10s
Details

Browse Source
This commit is contained in:
VC
2025-03-21 09:06:39 +01:00
parent 064c28f0a7
commit 7ea0dc4cb8
30 changed files with 122 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
inventory/host_vars/baybay-ponay.mateu.be.yml → inventory/host_vars/baybay-ponay.yml
View File

0
inventory/host_vars/bt.dmz.mateu.be.yml → inventory/host_vars/bt.yml
View File

0
inventory/host_vars/frederica.dmz.mateu.be.yml → inventory/host_vars/frederica.yml
View File

0
inventory/host_vars/garage1.dmz.mateu.be.yml → inventory/host_vars/garage1.yml
View File

0
inventory/host_vars/git1.dmz.mateu.be.yml → inventory/host_vars/git1.yml
View File

0
inventory/host_vars/jabber.dmz.mateu.be.yml → inventory/host_vars/jabber.yml
View File

0
inventory/host_vars/mail.dmz.mateu.be.yml → inventory/host_vars/mail.yml
View File

0
inventory/host_vars/masto1.dmz.mateu.be.yml → inventory/host_vars/masto1.yml
View File

0
inventory/host_vars/munin.dmz.mateu.be.yml → inventory/host_vars/munin.yml
View File

0
inventory/host_vars/muse-HP-EliteBook-820-G2.home.arpa.yml → inventory/host_vars/muse-HP-EliteBook-820-G2.yml
View File

0
inventory/host_vars/pinkypie.home.arpa.yml → inventory/host_vars/pinkypie.yml
View File

0
inventory/host_vars/pt1.dmz.mateu.be.yml → inventory/host_vars/pt1.yml
View File

0
inventory/host_vars/vlt1.dmz.mateu.be.yml → inventory/host_vars/vlt1.yml
View File

0
inventory/host_vars/voice1.dmz.mateu.be.yml → inventory/host_vars/voice1.yml
View File

0
inventory/host_vars/voice3.dmz.mateu.be.yml → inventory/host_vars/voice3.yml
View File

0
inventory/host_vars/web1.dmz.mateu.be.yml → inventory/host_vars/web1.yml
View File

0
inventory/host_vars/web2.dmz.mateu.be.yml → inventory/host_vars/web2.yml
View File

0
inventory/host_vars/web3.dmz.mateu.be.yml → inventory/host_vars/web3.yml
View File

190
inventory/production.yml
View File

@@ -1,190 +0,0 @@
---
router:
hosts:
machinbox.mateu.be:
physicalservers:
hosts:
frederica.dmz.mateu.be:
serenor.dmz.mateu.be:
hypervisors:
hosts:
serenor.dmz.mateu.be:
nasservers:
hosts:
frederica.dmz.mateu.be:
zfsservers:
hosts:
serenor.dmz.mateu.be:
frederica.dmz.mateu.be:
resticservers:
hosts:
baybay-ponay.mateu.be:
bt.dmz.mateu.be:
es1.dmz.mateu.be:
frederica.dmz.mateu.be:
garage1.dmz.mateu.be:
git1.dmz.mateu.be:
jabber.dmz.mateu.be:
mail.dmz.mateu.be:
masto1.dmz.mateu.be:
muse-HP-EliteBook-820-G2.home.arpa:
pinkypie.home.arpa:
pt1.dmz.mateu.be:
voice1.dmz.mateu.be:
vlt1.dmz.mateu.be:
web[1:3].dmz.mateu.be:
garageservers:
children:
garage_prd_cluster:
hosts:
garage1.dmz.mateu.be:
garage_bck_cluster:
hosts:
frederica.dmz.mateu.be:
elasticsearchservers:
hosts:
es1.dmz.mateu.be:
nut:
children:
nut_client:
hosts:
serenor.dmz.mateu.be:
frederica.dmz.mateu.be:
nut_server:
hosts:
serenor.dmz.mateu.be:
webservers:
hosts:
bt.dmz.mateu.be:
garage1.dmz.mateu.be:
git1.dmz.mateu.be:
jabber.dmz.mateu.be:
mail.dmz.mateu.be:
masto1.dmz.mateu.be:
pt1.dmz.mateu.be:
voice3.dmz.mateu.be:
munin.dmz.mateu.be:
vlt1.dmz.mateu.be:
web[1:3].dmz.mateu.be:
peertubeservers:
hosts:
pt1.dmz.mateu.be:
phpservers:
hosts:
web[1:3].dmz.mateu.be:
mariadbservers:
hosts:
web[2:3].dmz.mateu.be:
pgsqlservers:
hosts:
masto1.dmz.mateu.be:
pt1.dmz.mateu.be:
web1.dmz.mateu.be:
git1.dmz.mateu.be:
giteaservers:
hosts:
git1.dmz.mateu.be:
actrunnerservers:
hosts:
git1.dmz.mateu.be:
mastodonservers:
hosts:
masto1.dmz.mateu.be:
rorservers:
hosts:
masto1.dmz.mateu.be:
mailservers:
hosts:
mail.dmz.mateu.be:
xmppservers:
hosts:
jabber.dmz.mateu.be:
loadbalancers:
hosts:
haproxy.dmz.mateu.be:
transmission:
hosts:
bt.dmz.mateu.be:
mumbleservers:
hosts:
voice1.dmz.mateu.be:
icecastservers:
hosts:
voice3.dmz.mateu.be:
rsyslogservers:
hosts:
syslog.dmz.mateu.be:
vaultservers:
hosts:
vlt1.dmz.mateu.be:
muninservers:
hosts:
munin.dmz.mateu.be:
disabled_loadbalanced_webservers:
hosts:
disabled_system:
hosts:
baybay-ponay.mateu.be:
machinbox.mateu.be:
muse-HP-EliteBook-820-G2.home.arpa:
pinkypie.home.arpa:
disabled_munin:
hosts:
baybay-ponay.mateu.be:
muse-HP-EliteBook-820-G2.home.arpa:
pinkypie.home.arpa:
disabled_syslog:
hosts:
baybay-ponay.mateu.be:
machinbox.mateu.be:
muse-HP-EliteBook-820-G2.home.arpa:
pinkypie.home.arpa:
# Those are not servers and should not be configured as such
disabled_server_conf:
hosts:
baybay-ponay.mateu.be:
muse-HP-EliteBook-820-G2.home.arpa:
pinkypie.home.arpa:
ftpservers:
hosts:
ftp.dmz.mateu.be:
domservers:
hosts:
dom.dmz.mateu.be:
unifiservers:
hosts:
unifi.dmz.mateu.be:

28
inventory/proxmox.yml Normal file
View File

@@ -0,0 +1,28 @@
---
plugin: community.general.proxmox
url: https://serenor.dmz.mateu.be:8006
user: !vault |
$ANSIBLE_VAULT;1.1;AES256
32383264316162623632343363653539363432386663393431643463313038373736353332306636
3032376462316331333337313136653137323436396536380a633038323762303461626332346632
38643362643638333339626232386465626161303336613139646364356661383430316436636639
6130383863636331610a666662643565393664613533366237646539663230313631623431643261
3238
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343833663162373334373732653433373866376635396633356637656235373233613531376433
3033353465313336356562336137623836356163666334650a306131393434656130383239353765
38656165633861623863363966383435633331666565616464396336653161626136356130623539
3061636531363338380a313265653134333264303730323464306565393838363630626266376237
30363735303434323062636437663761346534666266353334396531303561346165
validate_certs: false
want_facts: true
want_proxmox_nodes_ansible_host: true
keyed_groups:
- key: proxmox_tags_parsed
separator: ""
compose:
ansible_host: proxmox_hostname ~ '.dmz.mateu.be'

83
inventory/static.yml Normal file
View File

@@ -0,0 +1,83 @@
---
all:
hosts:
machinbox:
ansible_host: machinbox.mateu.be
frederica:
ansible_host: frederica.dmz.mateu.be
baybay-ponay:
ansible_host: baybay-ponay.mateu.be
muse-HP-EliteBook-820-G2:
ansible_host: muse-HP-EliteBook-820-G2.home.arpa
pinkypie:
ansible_host: pinkypie.home.arpa
router:
hosts:
machinbox:
physicalservers:
hosts:
frederica:
serenor:
hypervisors:
children:
proxmox_nodes:
nasservers:
hosts:
frederica:
zfsservers:
hosts:
serenor:
frederica:
garageservers:
children:
garage_prd_cluster:
garage_bck_cluster:
hosts:
frederica:
nut:
children:
nut_client:
hosts:
serenor:
frederica:
nut_server:
hosts:
serenor:
disabled_loadbalanced_webservers:
hosts:
disabled_system:
hosts:
baybay-ponay:
machinbox:
muse-HP-EliteBook-820-G2:
pinkypie:
disabled_munin:
hosts:
baybay-ponay:
muse-HP-EliteBook-820-G2:
pinkypie:
disabled_syslog:
hosts:
baybay-ponay:
machinbox:
muse-HP-EliteBook-820-G2:
pinkypie:
# Those are not servers and should not be configured as such
disabled_server_conf:
hosts:
baybay-ponay:
muse-HP-EliteBook-820-G2:
pinkypie:

2
playbooks/bittorrent.yml
View File

@@ -1,7 +1,7 @@
---
- name: Deploy transmission
hosts: transmission
hosts: btservers
diff: true
roles:
- transmission

2
playbooks/firewall.yml
View File

@@ -1,7 +1,7 @@
---
- name: Retrieve network info
hosts: all:!disabled_server_conf:!machinbox.mateu.be
hosts: all:!disabled_server_conf:!machinbox
gather_facts: true
gather_subset:
- network

2
playbooks/loadbalancinghttp.yml
View File

@@ -8,7 +8,7 @@
tasks: []
- name: Deploy haproxy
hosts: loadbalancers
hosts: lbservers
diff: true
roles:
- haproxy

2
playbooks/smtprelay.yml
View File

@@ -1,7 +1,7 @@
---
- name: Deploy smtp relay
hosts: all:!disabled_server_conf:!machinbox.mateu.be:!mail.dmz.mateu.be
hosts: all:!disabled_server_conf:!machinbox:!mail
diff: true
roles:
- smtprelay

4
playbooks/webapps.yml
View File

@@ -1,7 +1,7 @@
---
- name: Install libertus webapplications
hosts: web1.dmz.mateu.be
hosts: web1
diff: true
roles:
- role: bac
@@ -20,7 +20,7 @@
tags: [never, nextcloud]
- name: Install dojo webapplications
hosts: web2.dmz.mateu.be
hosts: web2
diff: true
roles:
- wordpress

2
playbooks/webservers.yml
View File

@@ -1,7 +1,7 @@
---
- name: Retrieve network info
hosts: loadbalancers
hosts: lbservers
gather_facts: true
gather_subset:
- network

4
roles/munin_client/tasks/main.yml
View File

@@ -41,7 +41,7 @@
update_cache: true
notify:
- Restart munin-node
when: "'webservers' in group_names or 'loadbalancers' in group_names"
when: "'webservers' in group_names or 'lbservers' in group_names"
# for HAProxy servers
- name: Add haproxy backend module
@@ -51,7 +51,7 @@
state: link
notify:
- Restart munin-node
when: "'loadbalancers' in group_names"
when: "'lbservers' in group_names"
# For MariaDB servers
- name: Install MariaDB servers

2
roles/munin_client/templates/munin-node.conf.j2
View File

@@ -34,7 +34,7 @@ ignore_file \.pod$
# Set this if the client doesn't report the correct hostname when
# telnetting to localhost, port 4949
#
host_name {{ inventory_hostname }}
host_name {{ ansible_host }}
# A list of addresses that are allowed to connect. This must be a
# regular expression, since Net::Server does not understand CIDR-style

2
roles/restic/vars/main.yml
View File

@@ -6,4 +6,4 @@ restic_architecture: "amd64"
restic_system: "{{ ansible_facts['system'] | lower }}"
restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2"
restic_repository: "{{ restic_s3_url }}/{{ inventory_hostname }}"
restic_repository: "{{ restic_s3_url }}/{{ ansible_host }}"