Merge branch 'master' of ssh://gitea.mewissen.site:22422/rene/ansible-pull

ansible.cfg

@@ -1,6 +1,6 @@
 [defaults]
 inventory = /opt/ansible-pull/hosts
-log_path = /var/log/ansible.log
+log_path = ~/ansible.log
 retry_files_enabled = False
 [inventory]
 enable_plugins = ini

host_vars/glustertest02

@@ -1 +0,0 @@
-glustertest01

host_vars/glustertest02.universe.local.yml

@@ -0,0 +1 @@
+glustertest01.universe.local.yml

host_vars/glustertest03

@@ -1 +0,0 @@
-glustertest01

host_vars/glustertest03.universe.local.yml

@@ -0,0 +1 @@
+glustertest01.universe.local.yml

host_vars/mail.universe.local.yml

@@ -1,9 +1,11 @@
+hostname: mail.universe.local
 postfix: true
 postgrey: true
 dovecot: true
 pigeonhole: true
 fetchmail: true
 mpop: true
+npm_cert: "npm-29"
 
 mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
 nginx_proxy_manager_cert_id: npm-1

host_vars/mariadb02

@@ -1 +0,0 @@
-mariadb01

host_vars/mariadb02.universe.local.yml

@@ -0,0 +1 @@
+mariadb01.universe.local.yml

host_vars/mariadb03

@@ -1 +0,0 @@
-mariadb01

host_vars/mariadb03.universe.local.yml

@@ -0,0 +1 @@
+mariadb01.universe.local.yml

host_vars/unbound02.universe.local.yml

@@ -0,0 +1 @@
+unbound01.universe.local.yml

host_vars/unbound02.yml

@@ -1 +0,0 @@
-unbound01.yml

hosts

@@ -1,17 +1,18 @@
 [base]
-VM-debian11-template
+VM-debian11-template.universe.local
 
 [cluster:children]
 glustertest
 
 [server]
-pve
+pve.universe.local
-netbox
+netbox.universe.local
-Samba-AD-DC
+Samba-AD-DC.universe.local
-librenms
+librenms.universe.local
-grafana
+grafana.universe.local
-haproxy01
+backup.universe.local
-haproxy02
+haproxy01.universe.local
+haproxy02.universe.local
 
 [server:children]
 cluster
@@ -30,9 +31,9 @@ webserver
 
 [database]
 coruscant.universe.local
-mariadb01
+mariadb01.universe.local
-mariadb02
+mariadb02.universe.local
-mariadb03
+mariadb03.universe.local
 
 [development]
 endor.universe.local
@@ -41,23 +42,23 @@ tuxedo-book-xp1511.universe.local
 
 [dhcpserver]
 coruscant.universe.local
-dhcp-kea
+dhcp-kea.universe.local
 
 [docker]
-docker01
+docker01.universe.local
-docker02
+docker02.universe.local
 
 [fileserver]
 coruscant.universe.local
-samba-ad-dc
+samba-ad-dc.universe.local
 
 [glustertest]
-glustertest01
+glustertest01.universe.local
-glustertest02
+glustertest02.universe.local
-glustertest03
+glustertest03.universe.local
 
 [icinga_master]
-icinga
+icinga.universe.local
 
 [icinga_satellite]
 
@@ -71,12 +72,12 @@ mewimeet.de jitsi_fqdn=mewimeet.de
 [mailserver]
 coruscant.universe.local
 mail.mewissen.site
-mailcow
+mailcow.universe.local
 mail.universe.local
 
 [mastodon]
 mewitoot.de
-ubuntu-test
+ubuntu-test.universe.local
 
 [mobile]
 tuxedo-book-xp1511.universe.local
@@ -85,9 +86,9 @@ tuxedo-book-xp1511.universe.local
 coruscant.universe.local
 mewimeet.de
 mewitoot.de
-ns1
+ns1.universe.local
-unbound01
+unbound01.universe.local
-unbound02
+unbound02.universe.local
 
 [photo_editing]
 endor.universe.local
@@ -107,8 +108,8 @@ tuxedo-book-xp1511.universe.local
 
 [webserver]
 coruscant.universe.local
-nextcloud
+nextcloud.universe.local
-webserver
+webserver.universe.local
 
 [workstation:children]
 development

roles/base/tasks/software/packages_utilities.yml

@@ -17,6 +17,7 @@
       - ranger
       - sudo
       - rsync
+      - tldr
       - tmux
       - traceroute
       - vifm

roles/base/tasks/users/root.yml

@@ -20,7 +20,7 @@
     user: root
     state: present
     key: '{{ item }}'
-    key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'
+    key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"'
   with_file:
     - public_keys/backup_ed25519.pub
 

roles/mailserver/tasks/configure_postfix.yml

@@ -18,8 +18,8 @@
     - {key: "maillog_file", value: "/var/log/postfix.log"}                                                                                                
     - {key: "message_size_limit", value: "0"}                                                                                                             
     - {key: "milter_default_action", value: "accept"}                                                                                                     
-    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"}                                                                                     
+    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant, $myhostname'"}                                                                                     
-    - {key: "myhostname", value: "kashyyyk.universe.local"}                                                                                               
+    - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"}                                                                                               
     - {key: "mynetworks", value: "'{{ mynetworks }}'"}                           
     - {key: "mynetworks_style", value: "subnet"}                                                                                                          
     - {key: "readme_directory", value: "no"}                                                                                                              
@@ -50,12 +50,12 @@
     - {key: "smtpd_sasl_type", value: "dovecot"}
     - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
     - {key: "smtpd_tls_auth_only", value: "yes"}
-    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
+    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"}
     - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
     - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
     - {key: "smtpd_tls_eecdh_grade", value: "strong"}
     - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
-    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
+    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"}
     - {key: "smtpd_tls_loglevel", value: "1"}
     - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
     - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}

roles/server/tasks/main.yml

@@ -7,7 +7,7 @@
   ignore_errors: True
 
 - block:
-  - include_tasks: utilities/mta.yml
+  - include_tasks: utilities/mail_transfer_agent.yml
   - include_tasks: utilities/netdata.yml
     when: netdata is defined and netdata == true
   - include_tasks: utilities/snmpd.yml

roles/server/tasks/system_setup/cron.yml

@@ -4,7 +4,35 @@
     state: latest
   when: ansible_distribution == "Archlinux"
 
-- name: server | system_setup | cron
+- name: server | system_setup | cron (VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: present
+  when:
+   - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest"
+   - ansible_virtualization_type == "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (non VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: absent
+  when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (generic)
   tags: cron
   cron:
     name: "{{ item.title }}"
@@ -13,5 +41,4 @@
     minute: "{{ item.minute }}"
     job: "{{ item.job }}"
   loop:
-    - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 }
+    - { title: "Send me a list of upgradeable packages", job: "{{ check_update_cmd }}", hour: 0, minute: 0 }
-    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }

roles/server/vars/Archlinux.yml

@@ -3,6 +3,7 @@ snmpd_package: net-snmp
 snmpd_user_file: "/var/net-snmp/snmpd.conf"
 wireguard_package: wireguard-tools
 openssh_server_package: openssh
+check_update_cmd: "/root/bin/cron_pacman"
 
 glusterfs_packages:
   - package: glusterfs

roles/server/vars/Debian.yml

@@ -3,6 +3,7 @@ snmpd_package: snmpd
 snmpd_user_file: "/var/lib/snmp/snmpd.conf"
 wireguard_package: wireguard
 openssh_server_package: openssh-server
+check_update_cmd: "apt list --upgradable"
 
 glusterfs_packages:
   - package: glusterfs-common

update.yml

@@ -0,0 +1,31 @@
+---
+- hosts: all
+  tasks:
+    - name: "update git url"  
+      become: yes
+      command:
+        cmd: "git remote set-url origin ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git"
+        chdir: "{{ ansible_user_dir }}/dotfiles"
+    - name: "git default settings"
+      become: yes
+      command:
+        cmd: "git config pull.rebase false"
+        chdir: "{{ ansible_user_dir }}/dotfiles"
+    # - name: "git pull"
+    #   become: yes
+    #   command:
+    #     cmd: "git pull"
+    #     chdir: "{{ ansible_user_dir }}/dotfiles"
+    - name: "add cronjob for ansible"
+      become: yes
+      cron:
+        name: "ansible provision"
+        user: "{{ ansible_user_id }}"
+        job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master'
+        state: present
+        minute: 0
+        hour: 1
+    - name: "update ansible-pull once"
+      become: yes
+      command:
+        cmd: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master'