ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit 235b25efbd9ddb5b7eef06eefca2d86b447bcac9
parent 544d6fb12e7f463cc6e634920bc9eeb7c23207e9
Author: Isa <hi@f2k1.de>
Date: Sun, 13 Jun 2021 00:17:01 +0200

add new host: repo
3 files changed, 139 insertions(+), 0 deletions(-)
A
configuration/repo.yml
|
123
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
inventory
|
2
++
M
playbook.yml
|
14
++++++++++++++
diff --git a/configuration/repo.yml b/configuration/repo.yml
@@ -0,0 +1,123 @@
+system:
+  hostname: repo
+  domain: ctu.cx
+  timezone: Europe/Berlin
+  alpineVersion: v3.13
+  enableSudo: true
+  enableOwnRepos: true
+  useNTP: true
+  extraPackages:
+    - iftop
+    - htop
+    - rsync
+    - tar
+    - wget
+    - curl
+    - nginx
+    - alpine-sdk
+  fstab:
+    - device: UUID=7f1081f9-440d-4a69-a376-202584e19f6b
+      path: /
+      fstype: ext4
+      options: rw,relatime
+      checks: 0 1
+    - device: UUID=fdeede44-8e0a-4eeb-9d9c-ad9732fe7412
+      path: /boot
+      fstype: ext4
+      options: rw,relatime
+      checks: 0 2
+  nameservers:
+    - 1.1.1.1
+    - 8.8.8.8
+  users:
+    - name: root
+      allowedSshKeys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local
+    - name: isa
+      groups: "wheel"
+      password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32646436343430316239336133663933356637336239653637386638393766376133623335343338
+          3066636233353436326461336561616365613233643965340a383036663337313466316139313061
+          31353232373536646565336563633166366639353563303534633336646532316131363266306335
+          3063393532396238300a393835373462636662303665333035343066376666383637326132346336
+          3966
+      allowedSshKeys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local
+    - name: leah
+      groups: "wheel"
+      password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32646436343430316239336133663933356637336239653637386638393766376133623335343338
+          3066636233353436326461336561616365613233643965340a383036663337313466316139313061
+          31353232373536646565336563633166366639353563303534633336646532316131363266306335
+          3063393532396238300a393835373462636662303665333035343066376666383637326132346336
+          3966
+      allowedSshKeys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local
+
+#secrets: 
+
+network:
+  nftables:
+    enable: true
+  interfaces:
+    - name: lo
+      loopback: true
+    - name: eth0
+      ipv4:
+        address: 188.68.34.93
+        gateway: 188.68.32.1
+        netmask: 255.255.252.0
+      ipv6:
+        address: 2a03:4000:10:854::1
+        gateway: fe80::1
+        netmask: 64
+
+services:
+  openssh:
+    enable: true
+    port: 22
+    permitRootLogin: true
+    passwordAuthentication: false
+
+  prometheus_node_exporter:
+    enable: true
+
+  vnstat:
+    enable: true
+
+  acme_redirect:
+    enable: true
+    email: hi@f2k1.de
+    certs:
+      repo.ctu.cx:
+        renewTasks:
+          - sudo rc-service nginx restart
+
+  nginx:
+    enable: true
+    user: nginx
+    group: nginx
+    sslOnly: true
+    vhosts:
+      localhost:
+        defaultServer: true
+        ssl:
+          enable: true
+          cert: "/var/lib/acme-redirect/live/repo.ctu.cx/fullchain"
+          privkey: "/var/lib/acme-redirect/live/repo.ctu.cx/privkey"
+        locations:
+          - path: /
+            root: /home/isa/packages
+            directoryListing: true
+          - path: /node-exporter
+            proxy: http://127.0.0.1:9100/metrics
+
+
diff --git a/inventory b/inventory
@@ -26,6 +26,8 @@ joguhrtbecher.ctu.cx
 #[joguhrtbecher:vars]
 #ansible_ssh_port=2222
 
+[repo]
+repo.ctu.cx
 
 [osterei]
 185.232.70.80
diff --git a/playbook.yml b/playbook.yml
@@ -246,3 +246,16 @@
       tags: ctucx-gallery
     - role: backup
       tags: backup
+
+- hosts: repo
+  name: Install repo.ctu.cx
+  vars_files: configuration/repo.yml
+  roles:
+    - role: common
+      tags: common
+    - role: openssh
+      tags: [ openssh, common ]
+    - role: vnstat
+      tags: vnstat
+    - role: nginx
+      tags: nginx+
\ No newline at end of file