ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit a14bbb2c527b454853c6b00f3fafc7c5cd655ac9
parent 259549e818492b8b584d61fdbe5684ead20af74a
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 28 Feb 2021 22:52:17 +0100

add quitschi
3 files changed, 122 insertions(+), 0 deletions(-)
A
configuration/quitschi.yml
|
102
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
inventory
|
3
+++
M
playbook.yml
|
17
+++++++++++++++++
diff --git a/configuration/quitschi.yml b/configuration/quitschi.yml
@@ -0,0 +1,102 @@
+system:
+  hostname: quitschi
+  domain: ctu.cx
+  timezone: Europe/Berlin
+  alpineVersion: v3.13
+  enableOwnRepos: true
+  enableSudo: true
+  useNTP: true
+  extraPackages:
+    - iftop
+    - iotop
+    - htop
+    - rsync
+    - mtr
+    - bind-tools
+    - tar
+    - unzip
+    - wget
+    - curl
+  fstab:
+    - device: UUID=34aba55f-c986-4fec-aa9e-78032b28d3d6
+      path: /
+      fstype: ext4
+      options: rw,relatime 
+      checks: 0 1
+    - device: UUID=62813457-7966-4ee1-b71d-2be42a60586f
+      path: /boot
+      fstype: ext4
+      options: rw,relatime
+      checks: 0 2
+  nameservers:
+    - 1.1.1.1
+    - 8.8.8.8
+  users:
+    - name: leah
+      groups: "wheel"
+      password: "{{ lookup('diskcache', 'passwordstore', 'Server/leah.password')}}"
+      allowedSshKeys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829
+
+network:
+  nftables:
+    enable: true
+  interfaces:
+    - name: lo
+      loopback: true
+    - name: eth0
+      ipv4:
+        address: 75.119.137.201
+        gateway: 75.119.128.1
+        netmask: 255.255.255.0
+      ipv6:
+        address: 2a02:c206:3007:0378::1
+        gateway: fe80::1
+        netmask: 64
+
+files:
+  /var/lib/websites:
+    state:   "directory"
+    mode:    "0755"
+    owner:   "leah"
+    group:   "nginx"
+
+services:
+  openssh:
+    enable: true
+    port: 22
+    permitRootLogin: true
+    passwordAuthentication: false
+
+  prometheus_node_exporter:
+    enable: true
+
+  postgresql:
+    enable: true
+
+  vnstat:
+    enable: true
+
+  acme_redirect:
+    enable: true
+    email: lets-encrypt@ctu.cx
+    certs:
+      quitschi.ctu.cx:
+        renewTasks:
+          - sudo rc-service nginx restart
+
+  nginx:
+    enable: true
+    user: nginx
+    group: nginx
+    sslOnly: true
+    vhosts:
+      quitschi.ctu.cx:
+        defaultServer: true
+        ssl:
+          enable: true
+          cert: "/var/lib/acme-redirect/live/quitschi.ctu.cx/fullchain"
+          privkey: "/var/lib/acme-redirect/live/quitschi.ctu.cx/privkey"
+        locations:
+          - path: /node-exporter
+            proxy: http://127.0.0.1:9100/metrics
diff --git a/inventory b/inventory
@@ -10,6 +10,9 @@ wanderduene.ctu.cx
 [desastro]
 desastro.ctu.cx
 
+[quitschi]
+quitschi.ctu.cx
+
 [lollo]
 lollo.ctu.cx
 
diff --git a/playbook.yml b/playbook.yml
@@ -79,6 +79,23 @@
     - role: rest-server       # supports: alpine, arch(untested)
       tags: [ backup, rest-server, restic ]
 
+- hosts: quitschi
+  name:  Install quitschi
+  vars_files: configuration/quitschi.yml
+  roles: 
+    - role: common            # supports: alpine, arch
+      tags: common
+    - role: openssh
+      tags: [ openssh, common ]
+    - role: files             # supports: alpine, arch
+      tags: files
+    - role: bind              # supports: alpine, arch(untested)
+      tags: bind
+    - role: vnstat
+      tags: vnstat
+    - role: nginx             # supports: alpine, arch
+      tags: nginx
+
 - hosts: joguhrtbecher
   name: Install joguhrtbecher
   vars_files: configuration/joguhrtbecher.yml