Merge branch 'master' of ssh://gitea.mewissen.site:22422/rene/ansible-pull

2022-11-21 13:48:10 +01:00
parent 81aea710f1 1b3cc5d9bc
commit 309b1d1ff0
29 changed files with 105 additions and 41 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,6 @@
 [defaults]
 inventory = /opt/ansible-pull/hosts
-log_path = /var/log/ansible.log
+log_path = ~/ansible.log
 retry_files_enabled = False
 [inventory]
 enable_plugins = ini
--- a/host_vars/glustertest01.universe.local.yml
+++ b/host_vars/glustertest01.universe.local.yml
--- a/host_vars/glustertest02
+++ b/host_vars/glustertest02
@@ -1 +0,0 @@
-glustertest01
--- a/host_vars/glustertest02.universe.local.yml
+++ b/host_vars/glustertest02.universe.local.yml
@@ -0,0 +1 @@
+glustertest01.universe.local.yml
--- a/host_vars/glustertest03
+++ b/host_vars/glustertest03
@@ -1 +0,0 @@
-glustertest01
--- a/host_vars/glustertest03.universe.local.yml
+++ b/host_vars/glustertest03.universe.local.yml
@@ -0,0 +1 @@
+glustertest01.universe.local.yml
--- a/host_vars/mail.universe.local.yml
+++ b/host_vars/mail.universe.local.yml
@@ -1,9 +1,11 @@
+hostname: mail.universe.local
 postfix: true
 postgrey: true
 dovecot: true
 pigeonhole: true
 fetchmail: true
 mpop: true
+npm_cert: "npm-29"

 mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
 nginx_proxy_manager_cert_id: npm-1
--- a/host_vars/mailcowuniverse.local.yml
+++ b/host_vars/mailcowuniverse.local.yml
--- a/host_vars/mariadb01.universe.local.yml
+++ b/host_vars/mariadb01.universe.local.yml
--- a/host_vars/mariadb02
+++ b/host_vars/mariadb02
@@ -1 +0,0 @@
-mariadb01
--- a/host_vars/mariadb02.universe.local.yml
+++ b/host_vars/mariadb02.universe.local.yml
@@ -0,0 +1 @@
+mariadb01.universe.local.yml
--- a/host_vars/mariadb03
+++ b/host_vars/mariadb03
@@ -1 +0,0 @@
-mariadb01
--- a/host_vars/mariadb03.universe.local.yml
+++ b/host_vars/mariadb03.universe.local.yml
@@ -0,0 +1 @@
+mariadb01.universe.local.yml
--- a/host_vars/nextcloud.universe.local.yml
+++ b/host_vars/nextcloud.universe.local.yml
--- a/host_vars/pve.universe.local.yml
+++ b/host_vars/pve.universe.local.yml
--- a/host_vars/unbound01.universe.local.yml
+++ b/host_vars/unbound01.universe.local.yml
--- a/host_vars/unbound02.universe.local.yml
+++ b/host_vars/unbound02.universe.local.yml
@@ -0,0 +1 @@
+unbound01.universe.local.yml
--- a/host_vars/unbound02.yml
+++ b/host_vars/unbound02.yml
@@ -1 +0,0 @@
-unbound01.yml
--- a/host_vars/webserver.universe.local.yml
+++ b/host_vars/webserver.universe.local.yml
--- a/53
+++ b/53
@@ -1,17 +1,18 @@
 [base]
-VM-debian11-template
+VM-debian11-template.universe.local

 [cluster:children]
 glustertest

 [server]
-pve
-netbox
-Samba-AD-DC
-librenms
-grafana
-haproxy01
-haproxy02
+pve.universe.local
+netbox.universe.local
+Samba-AD-DC.universe.local
+librenms.universe.local
+grafana.universe.local
+backup.universe.local
+haproxy01.universe.local
+haproxy02.universe.local

 [server:children]
 cluster
@@ -30,9 +31,9 @@ webserver

 [database]
 coruscant.universe.local
-mariadb01
-mariadb02
-mariadb03
+mariadb01.universe.local
+mariadb02.universe.local
+mariadb03.universe.local

 [development]
 endor.universe.local
@@ -41,23 +42,23 @@ tuxedo-book-xp1511.universe.local

 [dhcpserver]
 coruscant.universe.local
-dhcp-kea
+dhcp-kea.universe.local

 [docker]
-docker01
-docker02
+docker01.universe.local
+docker02.universe.local

 [fileserver]
 coruscant.universe.local
-samba-ad-dc
+samba-ad-dc.universe.local

 [glustertest]
-glustertest01
-glustertest02
-glustertest03
+glustertest01.universe.local
+glustertest02.universe.local
+glustertest03.universe.local

 [icinga_master]
-icinga
+icinga.universe.local

 [icinga_satellite]

@@ -71,12 +72,12 @@ mewimeet.de jitsi_fqdn=mewimeet.de
 [mailserver]
 coruscant.universe.local
 mail.mewissen.site
-mailcow
+mailcow.universe.local
 mail.universe.local

 [mastodon]
 mewitoot.de
-ubuntu-test
+ubuntu-test.universe.local

 [mobile]
 tuxedo-book-xp1511.universe.local
@@ -85,9 +86,9 @@ tuxedo-book-xp1511.universe.local
 coruscant.universe.local
 mewimeet.de
 mewitoot.de
-ns1
-unbound01
-unbound02
+ns1.universe.local
+unbound01.universe.local
+unbound02.universe.local

 [photo_editing]
 endor.universe.local
@@ -107,8 +108,8 @@ tuxedo-book-xp1511.universe.local

 [webserver]
 coruscant.universe.local
-nextcloud
-webserver
+nextcloud.universe.local
+webserver.universe.local

 [workstation:children]
 development
--- a/roles/base/tasks/software/packages_utilities.yml
+++ b/roles/base/tasks/software/packages_utilities.yml
@@ -17,6 +17,7 @@
      - ranger
      - sudo
      - rsync
+      - tldr
      - tmux
      - traceroute
      - vifm
--- a/roles/base/tasks/users/root.yml
+++ b/roles/base/tasks/users/root.yml
@@ -20,7 +20,7 @@
    user: root
    state: present
    key: '{{ item }}'
-    key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'
+    key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"'
  with_file:
    - public_keys/backup_ed25519.pub

--- a/roles/mailserver/tasks/configure_postfix.yml
+++ b/roles/mailserver/tasks/configure_postfix.yml
@@ -18,8 +18,8 @@
    - {key: "maillog_file", value: "/var/log/postfix.log"}                                                                                                
    - {key: "message_size_limit", value: "0"}                                                                                                             
    - {key: "milter_default_action", value: "accept"}                                                                                                     
-    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"}                                                                                     
-    - {key: "myhostname", value: "kashyyyk.universe.local"}                                                                                               
+    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant, $myhostname'"}                                                                                     
+    - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"}                                                                                               
    - {key: "mynetworks", value: "'{{ mynetworks }}'"}                           
    - {key: "mynetworks_style", value: "subnet"}                                                                                                          
    - {key: "readme_directory", value: "no"}                                                                                                              
@@ -50,12 +50,12 @@
    - {key: "smtpd_sasl_type", value: "dovecot"}
    - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
    - {key: "smtpd_tls_auth_only", value: "yes"}
-    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
+    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"}
    - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
    - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
    - {key: "smtpd_tls_eecdh_grade", value: "strong"}
    - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
-    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
+    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"}
    - {key: "smtpd_tls_loglevel", value: "1"}
    - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
    - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -7,7 +7,7 @@
  ignore_errors: True

 - block:
-  - include_tasks: utilities/mta.yml
+  - include_tasks: utilities/mail_transfer_agent.yml
  - include_tasks: utilities/netdata.yml
    when: netdata is defined and netdata == true
  - include_tasks: utilities/snmpd.yml
--- a/roles/server/tasks/system_setup/cron.yml
+++ b/roles/server/tasks/system_setup/cron.yml
@@ -4,7 +4,35 @@
    state: latest
  when: ansible_distribution == "Archlinux"

- name: server | system_setup | cron
+- name: server | system_setup | cron (VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: present
+  when:
+   - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest"
+   - ansible_virtualization_type == "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (non VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: absent
+  when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (generic)
  tags: cron
  cron:
    name: "{{ item.title }}"
@@ -13,5 +41,4 @@
    minute: "{{ item.minute }}"
    job: "{{ item.job }}"
  loop:
-    - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 }
-    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+    - { title: "Send me a list of upgradeable packages", job: "{{ check_update_cmd }}", hour: 0, minute: 0 }
--- a/roles/server/tasks/utilities/mail_transfer_agent.yml
+++ b/roles/server/tasks/utilities/mail_transfer_agent.yml
--- a/roles/server/vars/Archlinux.yml
+++ b/roles/server/vars/Archlinux.yml
@@ -3,6 +3,7 @@ snmpd_package: net-snmp
 snmpd_user_file: "/var/net-snmp/snmpd.conf"
 wireguard_package: wireguard-tools
 openssh_server_package: openssh
+check_update_cmd: "/root/bin/cron_pacman"

 glusterfs_packages:
  - package: glusterfs
--- a/roles/server/vars/Debian.yml
+++ b/roles/server/vars/Debian.yml
@@ -3,6 +3,7 @@ snmpd_package: snmpd
 snmpd_user_file: "/var/lib/snmp/snmpd.conf"
 wireguard_package: wireguard
 openssh_server_package: openssh-server
+check_update_cmd: "apt list --upgradable"

 glusterfs_packages:
  - package: glusterfs-common
--- a/update.yml
+++ b/update.yml
@@ -0,0 +1,31 @@
+---
+- hosts: all
+  tasks:
+    - name: "update git url"  
+      become: yes
+      command:
+        cmd: "git remote set-url origin ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git"
+        chdir: "{{ ansible_user_dir }}/dotfiles"
+    - name: "git default settings"
+      become: yes
+      command:
+        cmd: "git config pull.rebase false"
+        chdir: "{{ ansible_user_dir }}/dotfiles"
+    # - name: "git pull"
+    #   become: yes
+    #   command:
+    #     cmd: "git pull"
+    #     chdir: "{{ ansible_user_dir }}/dotfiles"
+    - name: "add cronjob for ansible"
+      become: yes
+      cron:
+        name: "ansible provision"
+        user: "{{ ansible_user_id }}"
+        job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master'
+        state: present
+        minute: 0
+        hour: 1
+    - name: "update ansible-pull once"
+      become: yes
+      command:
+        cmd: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master'