From d363094ff3f118d2211a7148ebd5ed8fcd632d6f Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 12:48:55 +0100 Subject: [PATCH 01/11] added new host --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 19fc1f2..d48057d 100644 --- a/hosts +++ b/hosts @@ -10,6 +10,7 @@ netbox Samba-AD-DC librenms grafana +backup [server:children] cluster From 9e61ed5e9120f26b311eaab89cf20897ec02e8e7 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 12:49:18 +0100 Subject: [PATCH 02/11] renamed task and file --- roles/server/tasks/main.yml | 2 +- .../server/tasks/utilities/{mta.yml => mail_transfer_agent.yml} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename roles/server/tasks/utilities/{mta.yml => mail_transfer_agent.yml} (100%) diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 66edcf9..a591e41 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -7,7 +7,7 @@ ignore_errors: True - block: - - include_tasks: utilities/mta.yml + - include_tasks: utilities/mail_transfer_agent.yml - include_tasks: utilities/netdata.yml when: netdata is defined and netdata == true - include_tasks: utilities/snmpd.yml diff --git a/roles/server/tasks/utilities/mta.yml b/roles/server/tasks/utilities/mail_transfer_agent.yml similarity index 100% rename from roles/server/tasks/utilities/mta.yml rename to roles/server/tasks/utilities/mail_transfer_agent.yml From d032abd0348ccb81ed0f93a07c3090cbbf70fc3c Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 13:36:35 +0100 Subject: [PATCH 03/11] made cronjobs VM and distro dependent --- roles/server/tasks/system_setup/cron.yml | 33 +++++++++++++++++++++--- roles/server/vars/Archlinux.yml | 1 + roles/server/vars/Debian.yml | 1 + 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/roles/server/tasks/system_setup/cron.yml b/roles/server/tasks/system_setup/cron.yml index 2bd129c..bd4bcdd 100644 --- a/roles/server/tasks/system_setup/cron.yml +++ b/roles/server/tasks/system_setup/cron.yml @@ -4,7 +4,35 @@ state: latest when: ansible_distribution == "Archlinux" -- name: server | system_setup | cron +- name: server | system_setup | cron (VM) + tags: cron + cron: + name: "{{ item.title }}" + user: root + hour: "{{ item.hour }}" + minute: "{{ item.minute }}" + job: "{{ item.job }}" + state: present + when: + - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest" + - ansible_virtualization_type == "kvm" + loop: + - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } + +- name: server | system_setup | cron (non VM) + tags: cron + cron: + name: "{{ item.title }}" + user: root + hour: "{{ item.hour }}" + minute: "{{ item.minute }}" + job: "{{ item.job }}" + state: absent + when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "kvm" + loop: + - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } + +- name: server | system_setup | cron (generic) tags: cron cron: name: "{{ item.title }}" @@ -13,5 +41,4 @@ minute: "{{ item.minute }}" job: "{{ item.job }}" loop: - - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 } - - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 } \ No newline at end of file + - { title: "Send me a list of upgradeable packages", job: "{{ check_update_cmd }}", hour: 0, minute: 0 } \ No newline at end of file diff --git a/roles/server/vars/Archlinux.yml b/roles/server/vars/Archlinux.yml index b43f913..3a9bcd2 100644 --- a/roles/server/vars/Archlinux.yml +++ b/roles/server/vars/Archlinux.yml @@ -3,6 +3,7 @@ snmpd_package: net-snmp snmpd_user_file: "/var/net-snmp/snmpd.conf" wireguard_package: wireguard-tools openssh_server_package: openssh +check_update_cmd: "/root/bin/cron_pacman" glusterfs_packages: - package: glusterfs \ No newline at end of file diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 3b6cb19..fcf63df 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -3,6 +3,7 @@ snmpd_package: snmpd snmpd_user_file: "/var/lib/snmp/snmpd.conf" wireguard_package: wireguard openssh_server_package: openssh-server +check_update_cmd: "apt list --upgradable" glusterfs_packages: - package: glusterfs-common From 100b6a149d48df93f38807e0fa8758c0100af5cf Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 14:03:44 +0100 Subject: [PATCH 04/11] changed fixed vars to definable ones --- host_vars/mail.universe.local.yml | 1 + roles/mailserver/tasks/configure_postfix.yml | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml index 6ba3a0f..4d1000e 100644 --- a/host_vars/mail.universe.local.yml +++ b/host_vars/mail.universe.local.yml @@ -4,5 +4,6 @@ dovecot: true pigeonhole: true fetchmail: true mpop: true +npm_cert: "npm-29" mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24' \ No newline at end of file diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index 04d3e82..23f140d 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -19,7 +19,7 @@ - {key: "message_size_limit", value: "0"} - {key: "milter_default_action", value: "accept"} - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - - {key: "myhostname", value: "kashyyyk.universe.local"} + - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"} - {key: "mynetworks", value: "'{{ mynetworks }}'"} - {key: "mynetworks_style", value: "subnet"} - {key: "readme_directory", value: "no"} @@ -50,12 +50,12 @@ - {key: "smtpd_sasl_type", value: "dovecot"} - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"} - {key: "smtpd_tls_auth_only", value: "yes"} - - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"} + - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"} - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} - {key: "smtpd_tls_eecdh_grade", value: "strong"} - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"} - - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"} + - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"} - {key: "smtpd_tls_loglevel", value: "1"} - {key: "smtpd_tls_mandatory_ciphers", value: "high"} - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"} From b7b744da426e602e387d8577c5073007f1530262 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 14:46:30 +0100 Subject: [PATCH 05/11] changed hostname for postfix --- host_vars/mail.universe.local.yml | 1 + roles/mailserver/tasks/configure_postfix.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml index 4d1000e..f9e0a6e 100644 --- a/host_vars/mail.universe.local.yml +++ b/host_vars/mail.universe.local.yml @@ -1,3 +1,4 @@ +hostname: mail.universe.local postfix: true postgrey: true dovecot: true diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index 23f140d..550117b 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -18,7 +18,7 @@ - {key: "maillog_file", value: "/var/log/postfix.log"} - {key: "message_size_limit", value: "0"} - {key: "milter_default_action", value: "accept"} - - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} + - {key: "mydestination", value: "'localhost, kashyyyk, coruscant, $myhostname'"} - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"} - {key: "mynetworks", value: "'{{ mynetworks }}'"} - {key: "mynetworks_style", value: "subnet"} From a9f527c4aeec9e89c4ce1305f8f09929afbc2466 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 14:46:42 +0100 Subject: [PATCH 06/11] new tool --- roles/base/tasks/software/packages_utilities.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index acca0df..e893ba2 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -17,6 +17,7 @@ - ranger - sudo - rsync + - tldr - tmux - traceroute - vifm From f04364a694a1f5a6f240c2b6174a70894c211d9c Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 14:46:58 +0100 Subject: [PATCH 07/11] new backup server ip for ssh key --- roles/base/tasks/users/root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index eba7330..b7e080e 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -20,7 +20,7 @@ user: root state: present key: '{{ item }}' - key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"' + key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"' with_file: - public_keys/backup_ed25519.pub From 7d1b56fc2c15123f5a24bd9659a1d8b04e0976e8 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 16:20:47 +0100 Subject: [PATCH 08/11] moved everything to FQDNs --- ...est01 => glustertest01.universe.local.yml} | 0 host_vars/glustertest02 | 1 - host_vars/glustertest02.universe.local.yml | 1 + host_vars/glustertest03 | 1 - host_vars/glustertest03.universe.local.yml | 1 + ...{mailcow.yml => mailcowuniverse.local.yml} | 0 ...mariadb01 => mariadb01.universe.local.yml} | 0 host_vars/mariadb02 | 1 - host_vars/mariadb02.universe.local.yml | 1 + host_vars/mariadb03 | 1 - host_vars/mariadb03.universe.local.yml | 1 + ...nextcloud => nextcloud.universe.local.yml} | 0 host_vars/{pve => pve.universe.local.yml} | 0 ...und01.yml => unbound01.universe.local.yml} | 0 host_vars/unbound02.universe.local.yml | 1 + host_vars/unbound02.yml | 1 - ...webserver => webserver.universe.local.yml} | 0 hosts | 86 +++++++++---------- 18 files changed, 48 insertions(+), 48 deletions(-) rename host_vars/{glustertest01 => glustertest01.universe.local.yml} (100%) delete mode 120000 host_vars/glustertest02 create mode 120000 host_vars/glustertest02.universe.local.yml delete mode 120000 host_vars/glustertest03 create mode 120000 host_vars/glustertest03.universe.local.yml rename host_vars/{mailcow.yml => mailcowuniverse.local.yml} (100%) rename host_vars/{mariadb01 => mariadb01.universe.local.yml} (100%) delete mode 120000 host_vars/mariadb02 create mode 120000 host_vars/mariadb02.universe.local.yml delete mode 120000 host_vars/mariadb03 create mode 120000 host_vars/mariadb03.universe.local.yml rename host_vars/{nextcloud => nextcloud.universe.local.yml} (100%) rename host_vars/{pve => pve.universe.local.yml} (100%) rename host_vars/{unbound01.yml => unbound01.universe.local.yml} (100%) create mode 120000 host_vars/unbound02.universe.local.yml delete mode 120000 host_vars/unbound02.yml rename host_vars/{webserver => webserver.universe.local.yml} (100%) diff --git a/host_vars/glustertest01 b/host_vars/glustertest01.universe.local.yml similarity index 100% rename from host_vars/glustertest01 rename to host_vars/glustertest01.universe.local.yml diff --git a/host_vars/glustertest02 b/host_vars/glustertest02 deleted file mode 120000 index 9683f9f..0000000 --- a/host_vars/glustertest02 +++ /dev/null @@ -1 +0,0 @@ -glustertest01 \ No newline at end of file diff --git a/host_vars/glustertest02.universe.local.yml b/host_vars/glustertest02.universe.local.yml new file mode 120000 index 0000000..b34fe42 --- /dev/null +++ b/host_vars/glustertest02.universe.local.yml @@ -0,0 +1 @@ +glustertest01.universe.local.yml \ No newline at end of file diff --git a/host_vars/glustertest03 b/host_vars/glustertest03 deleted file mode 120000 index 9683f9f..0000000 --- a/host_vars/glustertest03 +++ /dev/null @@ -1 +0,0 @@ -glustertest01 \ No newline at end of file diff --git a/host_vars/glustertest03.universe.local.yml b/host_vars/glustertest03.universe.local.yml new file mode 120000 index 0000000..b34fe42 --- /dev/null +++ b/host_vars/glustertest03.universe.local.yml @@ -0,0 +1 @@ +glustertest01.universe.local.yml \ No newline at end of file diff --git a/host_vars/mailcow.yml b/host_vars/mailcowuniverse.local.yml similarity index 100% rename from host_vars/mailcow.yml rename to host_vars/mailcowuniverse.local.yml diff --git a/host_vars/mariadb01 b/host_vars/mariadb01.universe.local.yml similarity index 100% rename from host_vars/mariadb01 rename to host_vars/mariadb01.universe.local.yml diff --git a/host_vars/mariadb02 b/host_vars/mariadb02 deleted file mode 120000 index de15b25..0000000 --- a/host_vars/mariadb02 +++ /dev/null @@ -1 +0,0 @@ -mariadb01 \ No newline at end of file diff --git a/host_vars/mariadb02.universe.local.yml b/host_vars/mariadb02.universe.local.yml new file mode 120000 index 0000000..5b8ac36 --- /dev/null +++ b/host_vars/mariadb02.universe.local.yml @@ -0,0 +1 @@ +mariadb01.universe.local.yml \ No newline at end of file diff --git a/host_vars/mariadb03 b/host_vars/mariadb03 deleted file mode 120000 index de15b25..0000000 --- a/host_vars/mariadb03 +++ /dev/null @@ -1 +0,0 @@ -mariadb01 \ No newline at end of file diff --git a/host_vars/mariadb03.universe.local.yml b/host_vars/mariadb03.universe.local.yml new file mode 120000 index 0000000..5b8ac36 --- /dev/null +++ b/host_vars/mariadb03.universe.local.yml @@ -0,0 +1 @@ +mariadb01.universe.local.yml \ No newline at end of file diff --git a/host_vars/nextcloud b/host_vars/nextcloud.universe.local.yml similarity index 100% rename from host_vars/nextcloud rename to host_vars/nextcloud.universe.local.yml diff --git a/host_vars/pve b/host_vars/pve.universe.local.yml similarity index 100% rename from host_vars/pve rename to host_vars/pve.universe.local.yml diff --git a/host_vars/unbound01.yml b/host_vars/unbound01.universe.local.yml similarity index 100% rename from host_vars/unbound01.yml rename to host_vars/unbound01.universe.local.yml diff --git a/host_vars/unbound02.universe.local.yml b/host_vars/unbound02.universe.local.yml new file mode 120000 index 0000000..b1ea95f --- /dev/null +++ b/host_vars/unbound02.universe.local.yml @@ -0,0 +1 @@ +unbound01.universe.local.yml \ No newline at end of file diff --git a/host_vars/unbound02.yml b/host_vars/unbound02.yml deleted file mode 120000 index bcd1b3b..0000000 --- a/host_vars/unbound02.yml +++ /dev/null @@ -1 +0,0 @@ -unbound01.yml \ No newline at end of file diff --git a/host_vars/webserver b/host_vars/webserver.universe.local.yml similarity index 100% rename from host_vars/webserver rename to host_vars/webserver.universe.local.yml diff --git a/hosts b/hosts index 31b6ce8..d5b6efa 100644 --- a/hosts +++ b/hosts @@ -1,39 +1,39 @@ [base] -VM-debian11-template +VM-debian11-template.universe.local [cluster:children] -glustertest +glustertest.universe.local [server] -pve -netbox -Samba-AD-DC -librenms -grafana -backup -haproxy01 -haproxy02 +pve.universe.local +netbox.universe.local +Samba-AD-DC.universe.local +librenms.universe.local +grafana.universe.local +backup.universe.local +haproxy01.universe.local +haproxy02.universe.local [server:children] -cluster -database -dhcpserver -docker -fileserver -icinga -jitsimeet -mailserver -mastodon -nameserver -printspooler -proxyserver -webserver +cluster.universe.local +database.universe.local +dhcpserver.universe.local +docker.universe.local +fileserver.universe.local +icinga.universe.local +jitsimeet.universe.local +mailserver.universe.local +mastodon.universe.local +nameserver.universe.local +printspooler.universe.local +proxyserver.universe.local +webserver.universe.local [database] coruscant.universe.local -mariadb01 -mariadb02 -mariadb03 +mariadb01.universe.local +mariadb02.universe.local +mariadb03.universe.local [development] endor.universe.local @@ -42,23 +42,23 @@ tuxedo-book-xp1511.universe.local [dhcpserver] coruscant.universe.local -dhcp-kea +dhcp-kea.universe.local [docker] -docker01 -docker02 +docker01.universe.local +docker02.universe.local [fileserver] coruscant.universe.local -samba-ad-dc +samba-ad-dc.universe.local [glustertest] -glustertest01 -glustertest02 -glustertest03 +glustertest01.universe.local +glustertest02.universe.local +glustertest03.universe.local [icinga_master] -icinga +icinga.universe.local [icinga_satellite] @@ -72,12 +72,12 @@ mewimeet.de jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local mail.mewissen.site -mailcow +mailcow.universe.local mail.universe.local [mastodon] mewitoot.de -ubuntu-test +ubuntu-test.universe.local [mobile] tuxedo-book-xp1511.universe.local @@ -86,9 +86,9 @@ tuxedo-book-xp1511.universe.local coruscant.universe.local mewimeet.de mewitoot.de -ns1 -unbound01 -unbound02 +ns1.universe.local +unbound01.universe.local +unbound02.universe.local [photo_editing] endor.universe.local @@ -108,11 +108,11 @@ tuxedo-book-xp1511.universe.local [webserver] coruscant.universe.local -nextcloud -webserver +nextcloud.universe.local +webserver.universe.local [workstation:children] -development -mobile +development.universe.local +mobile.universe.local photo_editing video_editing From 94e665bb9038b9d5dd3d3fabfa98745d0bd275c6 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 16:39:42 +0100 Subject: [PATCH 09/11] fixed group members --- hosts | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/hosts b/hosts index d5b6efa..5790b80 100644 --- a/hosts +++ b/hosts @@ -2,7 +2,7 @@ VM-debian11-template.universe.local [cluster:children] -glustertest.universe.local +glustertest [server] pve.universe.local @@ -15,19 +15,19 @@ haproxy01.universe.local haproxy02.universe.local [server:children] -cluster.universe.local -database.universe.local -dhcpserver.universe.local -docker.universe.local -fileserver.universe.local -icinga.universe.local -jitsimeet.universe.local -mailserver.universe.local -mastodon.universe.local -nameserver.universe.local -printspooler.universe.local -proxyserver.universe.local -webserver.universe.local +cluster +database +dhcpserver +docker +fileserver +icinga +jitsimeet +mailserver +mastodon +nameserver +printspooler +proxyserver +webserver [database] coruscant.universe.local @@ -112,7 +112,7 @@ nextcloud.universe.local webserver.universe.local [workstation:children] -development.universe.local -mobile.universe.local +development +mobile photo_editing video_editing From b6882eb594d7279ea7d7ad1d1e41c4a97621988d Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 17:58:03 +0100 Subject: [PATCH 10/11] changed log path --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 76cabbb..f899f07 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,6 @@ [defaults] inventory = /opt/ansible-pull/hosts -log_path = /var/log/ansible.log +log_path = ~/ansible.log retry_files_enabled = False [inventory] enable_plugins = ini From 1b3cc5d9bc0cdc248a32f8333a4097deb57b992b Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 19 Nov 2022 17:58:21 +0100 Subject: [PATCH 11/11] added playbook to update all hosts at once --- update.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 update.yml diff --git a/update.yml b/update.yml new file mode 100644 index 0000000..0da78e8 --- /dev/null +++ b/update.yml @@ -0,0 +1,31 @@ +--- +- hosts: all + tasks: + - name: "update git url" + become: yes + command: + cmd: "git remote set-url origin ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git" + chdir: "{{ ansible_user_dir }}/dotfiles" + - name: "git default settings" + become: yes + command: + cmd: "git config pull.rebase false" + chdir: "{{ ansible_user_dir }}/dotfiles" + # - name: "git pull" + # become: yes + # command: + # cmd: "git pull" + # chdir: "{{ ansible_user_dir }}/dotfiles" + - name: "add cronjob for ansible" + become: yes + cron: + name: "ansible provision" + user: "{{ ansible_user_id }}" + job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' + state: present + minute: 0 + hour: 1 + - name: "update ansible-pull once" + become: yes + command: + cmd: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' \ No newline at end of file