salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.9iron.club:salt/ansible

Browse Source
This commit is contained in:
Salt 2020-09-25 01:56:42 -05:00
commit 89b6e30bdb
13 changed files with 86 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,10 +1,10 @@
# Salt's Ansible Scripts
# Salt's Ansible Repo
A collection of Ansible scripts to manage all of my machines.
A collection of Ansible configuration to manage all of my machines.
## Quickstart
To quickly get a machine up and running, add it to the inventory, role it out, and `./provision.yml` it. The playbook assures a sane running environment and then sets up ansible-pull on a timer that immediately triggers. Leave it be, come back 10 minutes later and polish it up as required.
To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles.
## Overview

16
inventory/group_vars/9iron.club.yml
View File

@ -84,13 +84,15 @@ gitea:
62303264653836656162366362316461656363353539343632616462626231643632
# Grafana
grafana:
mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376335363732633132326630323161393861323833323631613630343262383137656138356262
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663
db:
hostname: 172.31.47.215
pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376335363732633132326630323161393861323833323631613630343262383137656138356262
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663
url: "monitor.9iron.club"
webroot: "/var/www/grafana"
config_repo: "https://git.9iron.club/salt/grafana"

1
roles/ansible/tasks/main.yml
View File

@ -32,6 +32,7 @@
vars:
packages:
- ansible
- ansible-base
- ansible-lint
- name: Assure root .ssh directory
file:

5
roles/base-backups/templates/9iron-backup.service
View File

@ -1,11 +1,14 @@
# vim:ft=dosini:
[Unit]
Description=9iron backup service
StartLimitIntervalSec=3600
StartLimitBurst=5
[Service]
Type=oneshot
MemoryMax=256M
ExecStart=/opt/backups/backup.sh
Restart=on-failure
RestartSec=90
[Install]
WantedBy=multi-user.target

3
roles/common/handlers/main.yml
View File

@ -6,6 +6,3 @@
name: cron
state: restarted
become: yes
- name: regen initramfs
command: /usr/sbin/update-initramfs -c -k all
become: yes

3
roles/desktop-common/handlers/main.yml
View File

@ -9,3 +9,6 @@
name: sshd.service
state: restarted
become: yes
- name: regen initramfs
command: /usr/sbin/update-initramfs -c -k all
become: yes

85
roles/desktop-common/tasks/packages.yml
View File

@ -25,16 +25,14 @@
apt_repository:
repo: "{{ item }}"
loop:
# Spotify
- "deb http://repository.spotify.com stable non-free"
# Monodevelop
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main"
# Element
- "deb https://packages.riot.im/debian/ default main"
# Debs
- "deb http://repository.spotify.com stable non-free" # Spotify
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop
- "deb https://packages.riot.im/debian/ default main" # Element
# First-party PPAs
- "ppa:phoerious/keepassxc" # KeepassXC
# Third-party PPAs
- "ppa:system76-dev/stable"
- "ppa:system76-dev/stable" # Love my lemp9
- "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit
- "ppa:kgilmer/speed-ricer" # Rice rice rice
- "ppa:lutris-team/lutris" # Lutris is kickass
@ -52,22 +50,22 @@
- build-essential
- cmake
- debhelper
- devscripts
- devscripts # Tons of cool shit in here, mostly for packaging tho
- dh-make
- earlyoom
- fastboot
- ffmpeg
- git
- imagemagick
- libinput-tools
- libinput-tools # Allows for libinput debugging
- lua-check # I am good ComputerCraft guy
- neofetch
- neofetch # I never use it but whatever I guess
- network-manager-openconnect
- network-manager-openvpn
- network-manager-vpnc # For default route configuration
- npm
- npm # I'm sorry
- openjdk-8-jre # For Minecraft
- pbuilder
- pbuilder # Deb creation tool that does it all in a container
- pwgen
- python3-appdirs
- python3-eyed3
@ -75,10 +73,10 @@
- python3-pyqt5
- python3-usb # fuselee-gelee
- python3-venv
- qt5-default # For Multimc, should be installed on Kubuntu
- qt5-default # For Multimc, should be installed on Kubuntu by default regardless
- traceroute
- tree
- units
- units # How many bytes are in a mile?
- vim
- wamerican # Dictionaries because I have like two scripts that use them
- wamerican-large
@ -96,76 +94,77 @@
# DE
- bspwm
- compton
- conky-all
- conky-all # Why this is in several packages is beyond me
- dunst
- hsetroot
- i3lock
- hsetroot # Works around a bug with Compton and a gray root window
- i3lock # Don't actually use this anymore (wew ksmserver)
- ibus
- ibus-mozc
- kubuntu-desktop
- ibus-mozc # Jap
- kubuntu-desktop # Sanity
- mozc-utils-gui
- nitrogen
- papirus-icon-theme
- pavucontrol-qt
- polybar
- qt5ct
- xbacklight
- xbacklight # This works on literally none of my machines but fuck it
# Desktop applications
- barrier
- cantata
- barrier # FOSS Synergy
- cantata # MPD client
- chromium-browser
- chromium-chromedriver # Because Selenium
- clonezilla
- dolphin-emu-master
- dolphin-plugins
- element-desktop
- filelight
- filelight # Sweet disk usage util
- filezilla
- firefox
- g810-led
- g810-led # For Logitech peripherals
- gimp
- inkscape
- joy2key
- inkscape # I use it for like two things
- joy2key # Neat little wrapper to bind joypad keys to keyboard keys
- joystick
- kcolorchooser
- kde-config-plymouth
- kdenlive
- kde-config-plymouth # Realistically not required, but whatever
- kdenlive # For the one video I edit a year
- kdepim
- keepassxc
- krita
- libnotify-bin
- krita # I don't ever end up using this, maybe I'll pick it up for spritework
- libnotify-bin # Used for several of my scripts
- libretro-desmume
- libretro-mgba
- libretro-mupen64plus
- libretro-snes9x
- lutris
- mesa-vulkan-drivers
- mono-complete
- mono-complete # Initial installation of this package may take an eternity
- monodevelop
- mpv
- mupen64plus-qt
- nextcloud-desktop
- obs-studio
- plymouth-theme-spinner
- pulseeffects
- plymouth-theme-spinner # Gives us the good UEFI logo bootup
- pulseeffects # I need to be an echoey boi
- q4wine
- qbittorrent
- rdesktop
- rdesktop # CLI RDP client, works real nice
- redshift
- retroarch
- rofi
- scrot
- scrot # For scripted screenshots
- spotify-client
- steam-installer
- syncthing-gtk
- telegram-desktop
- torbrowser-launcher
- torbrowser-launcher # Sometimes it's bugged but it's still nice to have
- virt-manager
- vulkan-tools
- vulkan-utils
- winetricks
- xdotool
- zim
# Other architectures, misc
- "libgl1-mesa-dri:i386"
- "mesa-vulkan-drivers:i386"
# Games
@ -174,7 +173,7 @@
apt:
name:
- firmware-manager
- kamoso
- kamoso # Camera util
- system76-acpi-dkms
- system76-dkms
- system76-firmware
@ -184,7 +183,7 @@
- name: Install Focal-exclusive desktop applications
apt:
name:
- piper
- piper # Peripheral LED management
when: ansible_distribution_release == "focal"
- name: Install packages without recommends
apt:
@ -200,6 +199,8 @@
- "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb"
- "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb"
- "https://zoom.us/client/latest/zoom_amd64.deb"
# We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout
ignore_errors: yes
- name: Install desktop applications through pip3
pip:
executable: "/usr/bin/pip3"
@ -208,11 +209,7 @@
- pmbootstrap
- protontricks
- youtube-dl
- name: Install desktop applications through Snap
snap:
name:
- sengi
- scrcpy # Remote Android viewing
# Just in case we have legacy apps floating around
- name: Remove Snap applications
snap:
name:
@ -220,6 +217,8 @@
- pixelorama
- riot-web
- slack
- scrcpy
- sengi
- spotify
state: absent
- name: Remove desktop applications through APT

1
roles/gitea/meta/main.yml
View File

@ -2,5 +2,4 @@
allow_duplicates: no
dependencies:
- role: apache-php
- role: mysql
- role: redis

1
roles/gitea/templates/gitea.service
View File

@ -2,7 +2,6 @@
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
Requires=mariadb.service
Requires=redis.service
[Service]

1
roles/grafana/meta/main.yml
View File

@ -2,4 +2,3 @@
allow_duplicates: no
dependencies:
- role: apache-php
- role: mysql

28
roles/grafana/tasks/main.yml
View File

@ -3,22 +3,24 @@
---
- name: Install, configure, and start Grafana
block:
- name: Create and configure DB
- name: Set up PostgreSQL
block:
- name: Create DB user
postgresql_user:
name: grafana
password: "{{ grafana.db.pass }}"
login_host: "{{ grafana.db.hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create DB
mysql_db:
postgresql_db:
name: grafana
login_user: root
login_password: "{{ mysql.root_password }}"
state: present
- name: Create user
mysql_user:
name: grafana
host: localhost
password: "{{ grafana.mysql_password }}"
priv: "grafana.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql.root_password }}"
owner: grafana
encoding: UNICODE
login_host: "{{ grafana.db.hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
tags: [ postgresql ]
- name: Configure Grafana
block:
- name: Create configuration directories

6
roles/grafana/templates/grafana.ini
View File

@ -73,12 +73,12 @@ http_port = 3001
# as separate properties or as on string using the url properties.
# Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql
host = 127.0.0.1:3306
type = postgres
host = {{ grafana.db.hostname }}:5432
name = grafana
user = grafana
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = {{ grafana.mysql_password }}
password = {{ grafana.db.pass }}
# Use either URL or the previous fields to configure the database
# Example: mysql://user:secret@host:port/database

6
roles/nextcloud/templates/backup.sh
View File

@ -44,8 +44,14 @@ fi
# WE MAKE BACKUP NOW SERGEI
if cd "{{ nextcloud_webroot }}"; then
date="$(date -Iseconds)"
{% if aws.backup_bucket is defined %}
# We have an AWS bucket to back straight up to
log "Piping data backup straight to S3"
tar czh "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" | aws s3 cp - "s3://{{ aws.backup_bucket }}/{{ nextcloud.url }}/{{ nextcloud.url }}-$date-data.tar.gz" --storage-class STANDARD
{% else %}
log "Creating data backup"
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
{% endif %}
log "Creating webroot backup"
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
else