diff --git a/ansible.cfg b/ansible.cfg index 76cabbb..f899f07 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,6 @@ [defaults] inventory = /opt/ansible-pull/hosts -log_path = /var/log/ansible.log +log_path = ~/ansible.log retry_files_enabled = False [inventory] enable_plugins = ini diff --git a/host_vars/glustertest01 b/host_vars/glustertest01.universe.local.yml similarity index 100% rename from host_vars/glustertest01 rename to host_vars/glustertest01.universe.local.yml diff --git a/host_vars/glustertest02 b/host_vars/glustertest02 deleted file mode 120000 index 9683f9f..0000000 --- a/host_vars/glustertest02 +++ /dev/null @@ -1 +0,0 @@ -glustertest01 \ No newline at end of file diff --git a/host_vars/glustertest02.universe.local.yml b/host_vars/glustertest02.universe.local.yml new file mode 120000 index 0000000..b34fe42 --- /dev/null +++ b/host_vars/glustertest02.universe.local.yml @@ -0,0 +1 @@ +glustertest01.universe.local.yml \ No newline at end of file diff --git a/host_vars/glustertest03 b/host_vars/glustertest03 deleted file mode 120000 index 9683f9f..0000000 --- a/host_vars/glustertest03 +++ /dev/null @@ -1 +0,0 @@ -glustertest01 \ No newline at end of file diff --git a/host_vars/glustertest03.universe.local.yml b/host_vars/glustertest03.universe.local.yml new file mode 120000 index 0000000..b34fe42 --- /dev/null +++ b/host_vars/glustertest03.universe.local.yml @@ -0,0 +1 @@ +glustertest01.universe.local.yml \ No newline at end of file diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml index df908db..89c6cde 100644 --- a/host_vars/mail.universe.local.yml +++ b/host_vars/mail.universe.local.yml @@ -1,9 +1,11 @@ +hostname: mail.universe.local postfix: true postgrey: true dovecot: true pigeonhole: true fetchmail: true mpop: true +npm_cert: "npm-29" mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24' nginx_proxy_manager_cert_id: npm-1 \ No newline at end of file diff --git a/host_vars/mailcow.yml b/host_vars/mailcowuniverse.local.yml similarity index 100% rename from host_vars/mailcow.yml rename to host_vars/mailcowuniverse.local.yml diff --git a/host_vars/mariadb01 b/host_vars/mariadb01.universe.local.yml similarity index 100% rename from host_vars/mariadb01 rename to host_vars/mariadb01.universe.local.yml diff --git a/host_vars/mariadb02 b/host_vars/mariadb02 deleted file mode 120000 index de15b25..0000000 --- a/host_vars/mariadb02 +++ /dev/null @@ -1 +0,0 @@ -mariadb01 \ No newline at end of file diff --git a/host_vars/mariadb02.universe.local.yml b/host_vars/mariadb02.universe.local.yml new file mode 120000 index 0000000..5b8ac36 --- /dev/null +++ b/host_vars/mariadb02.universe.local.yml @@ -0,0 +1 @@ +mariadb01.universe.local.yml \ No newline at end of file diff --git a/host_vars/mariadb03 b/host_vars/mariadb03 deleted file mode 120000 index de15b25..0000000 --- a/host_vars/mariadb03 +++ /dev/null @@ -1 +0,0 @@ -mariadb01 \ No newline at end of file diff --git a/host_vars/mariadb03.universe.local.yml b/host_vars/mariadb03.universe.local.yml new file mode 120000 index 0000000..5b8ac36 --- /dev/null +++ b/host_vars/mariadb03.universe.local.yml @@ -0,0 +1 @@ +mariadb01.universe.local.yml \ No newline at end of file diff --git a/host_vars/nextcloud b/host_vars/nextcloud.universe.local.yml similarity index 100% rename from host_vars/nextcloud rename to host_vars/nextcloud.universe.local.yml diff --git a/host_vars/pve b/host_vars/pve.universe.local.yml similarity index 100% rename from host_vars/pve rename to host_vars/pve.universe.local.yml diff --git a/host_vars/unbound01.yml b/host_vars/unbound01.universe.local.yml similarity index 100% rename from host_vars/unbound01.yml rename to host_vars/unbound01.universe.local.yml diff --git a/host_vars/unbound02.universe.local.yml b/host_vars/unbound02.universe.local.yml new file mode 120000 index 0000000..b1ea95f --- /dev/null +++ b/host_vars/unbound02.universe.local.yml @@ -0,0 +1 @@ +unbound01.universe.local.yml \ No newline at end of file diff --git a/host_vars/unbound02.yml b/host_vars/unbound02.yml deleted file mode 120000 index bcd1b3b..0000000 --- a/host_vars/unbound02.yml +++ /dev/null @@ -1 +0,0 @@ -unbound01.yml \ No newline at end of file diff --git a/host_vars/webserver b/host_vars/webserver.universe.local.yml similarity index 100% rename from host_vars/webserver rename to host_vars/webserver.universe.local.yml diff --git a/hosts b/hosts index 2dae1f5..5790b80 100644 --- a/hosts +++ b/hosts @@ -1,17 +1,18 @@ [base] -VM-debian11-template +VM-debian11-template.universe.local [cluster:children] glustertest [server] -pve -netbox -Samba-AD-DC -librenms -grafana -haproxy01 -haproxy02 +pve.universe.local +netbox.universe.local +Samba-AD-DC.universe.local +librenms.universe.local +grafana.universe.local +backup.universe.local +haproxy01.universe.local +haproxy02.universe.local [server:children] cluster @@ -30,9 +31,9 @@ webserver [database] coruscant.universe.local -mariadb01 -mariadb02 -mariadb03 +mariadb01.universe.local +mariadb02.universe.local +mariadb03.universe.local [development] endor.universe.local @@ -41,23 +42,23 @@ tuxedo-book-xp1511.universe.local [dhcpserver] coruscant.universe.local -dhcp-kea +dhcp-kea.universe.local [docker] -docker01 -docker02 +docker01.universe.local +docker02.universe.local [fileserver] coruscant.universe.local -samba-ad-dc +samba-ad-dc.universe.local [glustertest] -glustertest01 -glustertest02 -glustertest03 +glustertest01.universe.local +glustertest02.universe.local +glustertest03.universe.local [icinga_master] -icinga +icinga.universe.local [icinga_satellite] @@ -71,12 +72,12 @@ mewimeet.de jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local mail.mewissen.site -mailcow +mailcow.universe.local mail.universe.local [mastodon] mewitoot.de -ubuntu-test +ubuntu-test.universe.local [mobile] tuxedo-book-xp1511.universe.local @@ -85,9 +86,9 @@ tuxedo-book-xp1511.universe.local coruscant.universe.local mewimeet.de mewitoot.de -ns1 -unbound01 -unbound02 +ns1.universe.local +unbound01.universe.local +unbound02.universe.local [photo_editing] endor.universe.local @@ -107,8 +108,8 @@ tuxedo-book-xp1511.universe.local [webserver] coruscant.universe.local -nextcloud -webserver +nextcloud.universe.local +webserver.universe.local [workstation:children] development diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index acca0df..e893ba2 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -17,6 +17,7 @@ - ranger - sudo - rsync + - tldr - tmux - traceroute - vifm diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index eba7330..b7e080e 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -20,7 +20,7 @@ user: root state: present key: '{{ item }}' - key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"' + key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"' with_file: - public_keys/backup_ed25519.pub diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index 9ee9c18..550117b 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -18,8 +18,8 @@ - {key: "maillog_file", value: "/var/log/postfix.log"} - {key: "message_size_limit", value: "0"} - {key: "milter_default_action", value: "accept"} - - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - - {key: "myhostname", value: "kashyyyk.universe.local"} + - {key: "mydestination", value: "'localhost, kashyyyk, coruscant, $myhostname'"} + - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"} - {key: "mynetworks", value: "'{{ mynetworks }}'"} - {key: "mynetworks_style", value: "subnet"} - {key: "readme_directory", value: "no"} @@ -50,12 +50,12 @@ - {key: "smtpd_sasl_type", value: "dovecot"} - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"} - {key: "smtpd_tls_auth_only", value: "yes"} - - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"} + - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"} - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} - {key: "smtpd_tls_eecdh_grade", value: "strong"} - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"} - - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"} + - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"} - {key: "smtpd_tls_loglevel", value: "1"} - {key: "smtpd_tls_mandatory_ciphers", value: "high"} - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"} diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 66edcf9..a591e41 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -7,7 +7,7 @@ ignore_errors: True - block: - - include_tasks: utilities/mta.yml + - include_tasks: utilities/mail_transfer_agent.yml - include_tasks: utilities/netdata.yml when: netdata is defined and netdata == true - include_tasks: utilities/snmpd.yml diff --git a/roles/server/tasks/system_setup/cron.yml b/roles/server/tasks/system_setup/cron.yml index 2bd129c..bd4bcdd 100644 --- a/roles/server/tasks/system_setup/cron.yml +++ b/roles/server/tasks/system_setup/cron.yml @@ -4,7 +4,35 @@ state: latest when: ansible_distribution == "Archlinux" -- name: server | system_setup | cron +- name: server | system_setup | cron (VM) + tags: cron + cron: + name: "{{ item.title }}" + user: root + hour: "{{ item.hour }}" + minute: "{{ item.minute }}" + job: "{{ item.job }}" + state: present + when: + - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest" + - ansible_virtualization_type == "kvm" + loop: + - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } + +- name: server | system_setup | cron (non VM) + tags: cron + cron: + name: "{{ item.title }}" + user: root + hour: "{{ item.hour }}" + minute: "{{ item.minute }}" + job: "{{ item.job }}" + state: absent + when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "kvm" + loop: + - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } + +- name: server | system_setup | cron (generic) tags: cron cron: name: "{{ item.title }}" @@ -13,5 +41,4 @@ minute: "{{ item.minute }}" job: "{{ item.job }}" loop: - - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 } - - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } \ No newline at end of file + - { title: "Send me a list of upgradeable packages", job: "{{ check_update_cmd }}", hour: 0, minute: 0 } \ No newline at end of file diff --git a/roles/server/tasks/utilities/mta.yml b/roles/server/tasks/utilities/mail_transfer_agent.yml similarity index 100% rename from roles/server/tasks/utilities/mta.yml rename to roles/server/tasks/utilities/mail_transfer_agent.yml diff --git a/roles/server/vars/Archlinux.yml b/roles/server/vars/Archlinux.yml index b43f913..3a9bcd2 100644 --- a/roles/server/vars/Archlinux.yml +++ b/roles/server/vars/Archlinux.yml @@ -3,6 +3,7 @@ snmpd_package: net-snmp snmpd_user_file: "/var/net-snmp/snmpd.conf" wireguard_package: wireguard-tools openssh_server_package: openssh +check_update_cmd: "/root/bin/cron_pacman" glusterfs_packages: - package: glusterfs \ No newline at end of file diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 3b6cb19..fcf63df 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -3,6 +3,7 @@ snmpd_package: snmpd snmpd_user_file: "/var/lib/snmp/snmpd.conf" wireguard_package: wireguard openssh_server_package: openssh-server +check_update_cmd: "apt list --upgradable" glusterfs_packages: - package: glusterfs-common diff --git a/update.yml b/update.yml new file mode 100644 index 0000000..0da78e8 --- /dev/null +++ b/update.yml @@ -0,0 +1,31 @@ +--- +- hosts: all + tasks: + - name: "update git url" + become: yes + command: + cmd: "git remote set-url origin ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git" + chdir: "{{ ansible_user_dir }}/dotfiles" + - name: "git default settings" + become: yes + command: + cmd: "git config pull.rebase false" + chdir: "{{ ansible_user_dir }}/dotfiles" + # - name: "git pull" + # become: yes + # command: + # cmd: "git pull" + # chdir: "{{ ansible_user_dir }}/dotfiles" + - name: "add cronjob for ansible" + become: yes + cron: + name: "ansible provision" + user: "{{ ansible_user_id }}" + job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' + state: present + minute: 0 + hour: 1 + - name: "update ansible-pull once" + become: yes + command: + cmd: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' \ No newline at end of file