ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 29c74bd2b2aaea2bb20d8923b1258dec93710b33
parent e2910cd9c634ee9740d39f2c388b847edda8f0d7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Mar 2021 13:21:03 +0100

add host stasicontainer

3 files changed, 85 insertions(+), 0 deletions(-)
A
configuration/stasicontainer.yml
|
63
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
inventory
|
3
+++
M
playbook.yml
|
19
+++++++++++++++++++
diff --git a/configuration/stasicontainer.yml b/configuration/stasicontainer.yml
@@ -0,0 +1,63 @@
+system:
+  hostname: stasicontainer
+  domain: home.ctu.cx
+  timezone: Europe/Berlin
+  enableOwnRepos: true
+  enableSudo: true
+  useNTP: true
+  extraPackages:
+    - iftop
+    - iotop
+    - htop
+    - rsync
+    - mtr
+    - traceroute
+    - dnsutils
+    - tar
+    - unzip
+    - wget
+    - curl
+  users:
+    - name: leah
+      groups: "wheel"
+      shell: /usr/bin/bash
+      password: "{{ lookup('diskcache', 'passwordstore', 'Server/leah.password')}}"
+      allowedSshKeys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local
+
+services:
+  openssh:
+    enable: true
+    port: 22
+    permitRootLogin: true
+    passwordAuthentication: false
+
+  prometheus_node_exporter:
+    enable: true
+
+  vnstat:
+    enable: true
+
+  acme_redirect:
+    enable: true
+    email: lets-encrypt@ctu.cx
+    renew_if_days_left: 30
+    certs:
+      stasicontainer.home.ctu.cx:
+        renewTasks:
+          - systemctl restart nginx
+
+  nginx:
+    enable: true
+    sslOnly: true
+    vhosts:
+      stasicontainer.home.ctu.cx:
+        defaultserver: true
+        ssl:
+          enable: true
+          cert: "/var/lib/acme-redirect/live/stasicontainer.home.ctu.cx/fullchain"
+          privkey: "/var/lib/acme-redirect/live/stasicontainer.home.ctu.cx/privkey"
+        locations:
+          - path: /node-exporter
+            proxy: http://127.0.0.1:9100/metrics

diff --git a/inventory b/inventory
@@ -16,6 +16,9 @@ quitschi.ctu.cx
 [lollo]
 lollo.ctu.cx
 
+[stasicontainer]
+stasicontainer.home.ctu.cx
+
 [joguhrtbecher]
 #10.10.0.78
 #c4y72xuu85nwkhkx.myfritz.net 

diff --git a/playbook.yml b/playbook.yml
@@ -154,6 +154,25 @@
     - role: smartied
       tags: [ smartied, smarthome ]
 
+- hosts: stasicontainer
+  name:  Install stasicontainer
+  vars_files: configuration/stasicontainer.yml
+  roles: 
+    - role: common
+      tags: common
+    - role: openssh
+      tags: [ openssh, common ]
+    - role: files
+      tags: files
+    - role: systemd-timers
+      tags: timers
+    - role: systemd-networkd
+      tags: systemd-networkd
+    - role: vnstat
+      tags: vnstat
+    - role: nginx
+      tags: nginx
+
 - hosts: luna
   name:  Install luna
   vars_files: configuration/luna.yml