ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit 5c94298442359fd2928e72581a52d4c46f409f33
parent 52d72c8217b6f1b99514f8161244d5dc885a4020
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Feb 2021 10:52:13 +0100

fritzboxExporter: add role
3 files changed, 198 insertions(+), 0 deletions(-)
A
roles/fritzboxExporter/files/nftables-rule.nft
|
8
++++++++
A
roles/fritzboxExporter/tasks/main.yaml
|
155
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
roles/fritzboxExporter/templates/nginx-vhost.conf.j2
|
35
+++++++++++++++++++++++++++++++++++
diff --git a/roles/fritzboxExporter/files/nftables-rule.nft b/roles/fritzboxExporter/files/nftables-rule.nft
@@ -0,0 +1,7 @@
+#!/usr/sbin/nft -f
+
+table inet firewall {
+    chain inbound {
+        tcp dport 1234 accept comment "fritzbox-exporter"
+    }
+}+
\ No newline at end of file
diff --git a/roles/fritzboxExporter/tasks/main.yaml b/roles/fritzboxExporter/tasks/main.yaml
@@ -0,0 +1,155 @@
+---
+
+# check
+
+- fail: msg="This Role only works on Alpine!"
+  when:
+    - services.fritzboxExporter.enable is defined and services.fritzboxExporter.enable is true
+    - ansible_distribution != "Alpine" 
+
+- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!"
+  when:
+    - services.fritzboxExporter.enable is defined and services.fritzboxExporter.enable is true
+    - system.enableOwnRepos is false
+
+
+# install 
+
+- name: "[Alpine] Install package: fritzbox-exporter"
+  apk:
+    name: fritzbox-exporter
+    state: present
+    update_cache: yes
+  when: 
+    - ansible_distribution == "Alpine" 
+    - services.fritzboxExporter.enable is true
+
+
+# configure
+- name: "[nginx] Create vhost" 
+  template:
+    src: nginx-vhost.conf.j2
+    dest: /etc/nginx/conf.d/fritzbox-exporter.conf
+    mode: 0644
+    owner: nginx
+    group: nginx
+  when: 
+    - services.fritzboxExporter.enable is true
+
+- name: "[OpenRC] Restart service: nginx"
+  service:
+    name: nginx
+    state: restarted
+  when: 
+    - services.fritzboxExporter.enable is true
+    - ansible_service_mgr == "openrc"
+
+- name: "[systemd] Restart service: nginx"
+  systemd:
+    name: nginx
+    state: restarted
+  when: 
+    - services.fritzboxExporter.enable is true
+    - ansible_service_mgr == "systemd"
+
+
+
+# firewall
+
+- name: "[nftables] Create rule for: fritzbox-exporter"
+  copy:
+    src: nftables-rule.nft
+    dest: /etc/nftables.d/fritzbox-exporter.nft
+  when:
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is true
+
+- name: "[OpenRC] Restart service: nftables"
+  service:
+    name: nftables
+    state: restarted
+  when:
+    - ansible_service_mgr == "openrc"
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is true
+
+- name: "[systemd] Restart service: nftables"
+  systemd:
+    name: nftables
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is true
+
+# start and enable
+
+- name: "[OpenRC] Enable and restart service: fritzbox-exporter"
+  service:
+    name: fritzbox-exporter
+    enabled: yes
+    state: started
+  when: 
+    - ansible_service_mgr == "openrc"
+    - services.fritzboxExporter.enable is true
+
+
+# stop
+
+- name: "[OpenRC] Disable and stop service: fritzbox-exporter"
+  service:
+    name: fritzbox-exporter
+    enabled: no
+    state: stopped
+  when: 
+    - ansible_service_mgr == "openrc"
+    - services.fritzboxExporter.enable is false
+
+
+#defirewall
+
+- name: "[nftables] Delete rule for: fritzbox-exporter"
+  file:
+    path: /etc/nftables.d/fritzbox-exporter.nft
+    state: absent 
+  when:
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is false
+
+- name: "[OpenRC] Restart service: nftables"
+  service:
+    name: nftables
+    state: restarted
+  when:
+    - ansible_service_mgr == "openrc"
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is false
+
+- name: "[systemd] Restart service: nftables"
+  systemd:
+    name: nftables
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+    - network.nftables.enable is true
+    - services.fritzboxExporter.enable is false
+
+# remove
+
+- name: "[Alpine] Remove package: fritzbox-exporter"
+  apk:
+    name: fritzbox-exporter
+    state: absent
+  when: 
+    - ansible_distribution == "Alpine" 
+    - services.fritzboxExporter.enable is false
+
+
+# remove leftover files
+
+- name: "Remove directory: /etc/nginx/conf.d/fritzbox-exporter.conf"
+  file:
+    path: /etc/nginx/conf.d/fritzbox-exporter.conf
+    state: absent
+  when: 
+    - services.fritzboxExporter.enable is false
diff --git a/roles/fritzboxExporter/templates/nginx-vhost.conf.j2 b/roles/fritzboxExporter/templates/nginx-vhost.conf.j2
@@ -0,0 +1,35 @@
+#
+# !!! This file is managed by Ansible !!!
+#
+
+{% if  services.fritzboxExporter.nginx.sslOnly is not defined or services.fritzboxExporter.nginx.sslOnly is false %}
+server {
+	listen 80 ;
+	listen [::]:80;
+	
+	server_name {{ services.fritzboxExporter.nginx.domain }};
+
+	location / {
+		proxy_pass http://localhost:1234/;
+		include /etc/nginx/proxy.conf;
+	}
+}
+
+{% endif %}
+{% if services.fritzboxExporter.nginx.ssl.enable is true %}
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	ssl_certificate "{{ services.fritzboxExporter.nginx.ssl.cert }}";
+	ssl_certificate_key "{{ services.fritzboxExporter.nginx.ssl.privkey }}";
+	include /etc/nginx/ssl.conf;
+	
+	server_name {{ services.fritzboxExporter.nginx.domain }};
+
+	location / {
+		proxy_pass http://localhost:1234/;
+		include /etc/nginx/proxy.conf;
+	}
+}
+{% endif %}