From 499fd26efa2558cc553ec8e051ba5a782a34e629 Mon Sep 17 00:00:00 2001 From: Salt Date: Sat, 19 Sep 2020 07:34:57 -0500 Subject: [PATCH 01/14] Move regen initramfs handler to desktop-common --- roles/common/handlers/main.yml | 3 --- roles/desktop-common/handlers/main.yml | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index 94b9541..fb91194 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -6,6 +6,3 @@ name: cron state: restarted become: yes -- name: regen initramfs - command: /usr/sbin/update-initramfs -c -k all - become: yes diff --git a/roles/desktop-common/handlers/main.yml b/roles/desktop-common/handlers/main.yml index 7f641c5..4c70994 100644 --- a/roles/desktop-common/handlers/main.yml +++ b/roles/desktop-common/handlers/main.yml @@ -9,3 +9,6 @@ name: sshd.service state: restarted become: yes +- name: regen initramfs + command: /usr/sbin/update-initramfs -c -k all + become: yes From d51662ca69b48eef4a61ca8d2b1fbc5e2611e3b0 Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 20 Sep 2020 11:12:41 -0500 Subject: [PATCH 02/14] Make package installation on desktop more lenient --- roles/desktop-common/tasks/packages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/desktop-common/tasks/packages.yml b/roles/desktop-common/tasks/packages.yml index c0bb6cb..23376c2 100644 --- a/roles/desktop-common/tasks/packages.yml +++ b/roles/desktop-common/tasks/packages.yml @@ -200,6 +200,8 @@ - "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb" - "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb" - "https://zoom.us/client/latest/zoom_amd64.deb" + # We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout + ignore_errors: yes - name: Install desktop applications through pip3 pip: executable: "/usr/bin/pip3" From 6234276ac4768a846c153a27ea56a8f75ca6caa3 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 15:05:56 -0500 Subject: [PATCH 03/14] Remove Sengi, remove snap stanza in desktop packages GOOBIE BLOAT GOBLIN --- roles/desktop-common/tasks/packages.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/desktop-common/tasks/packages.yml b/roles/desktop-common/tasks/packages.yml index 23376c2..fb6aa28 100644 --- a/roles/desktop-common/tasks/packages.yml +++ b/roles/desktop-common/tasks/packages.yml @@ -210,11 +210,6 @@ - pmbootstrap - protontricks - youtube-dl - - name: Install desktop applications through Snap - snap: - name: - - sengi - - scrcpy # Remote Android viewing - name: Remove Snap applications snap: name: @@ -222,6 +217,8 @@ - pixelorama - riot-web - slack + - scrcpy # Remote Android viewing + - sengi - spotify state: absent - name: Remove desktop applications through APT From 6ef6d551b65094b20a4df973c708128a5da22dba Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 15:16:38 -0500 Subject: [PATCH 04/14] Annotate all the things --- roles/desktop-common/tasks/packages.yml | 71 ++++++++++++------------- 1 file changed, 35 insertions(+), 36 deletions(-) diff --git a/roles/desktop-common/tasks/packages.yml b/roles/desktop-common/tasks/packages.yml index fb6aa28..b2b36dc 100644 --- a/roles/desktop-common/tasks/packages.yml +++ b/roles/desktop-common/tasks/packages.yml @@ -25,16 +25,14 @@ apt_repository: repo: "{{ item }}" loop: - # Spotify - - "deb http://repository.spotify.com stable non-free" - # Monodevelop - - "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" - # Element - - "deb https://packages.riot.im/debian/ default main" + # Debs + - "deb http://repository.spotify.com stable non-free" # Spotify + - "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop + - "deb https://packages.riot.im/debian/ default main" # Element # First-party PPAs - "ppa:phoerious/keepassxc" # KeepassXC # Third-party PPAs - - "ppa:system76-dev/stable" + - "ppa:system76-dev/stable" # Love my lemp9 - "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit - "ppa:kgilmer/speed-ricer" # Rice rice rice - "ppa:lutris-team/lutris" # Lutris is kickass @@ -52,22 +50,22 @@ - build-essential - cmake - debhelper - - devscripts + - devscripts # Tons of cool shit in here, mostly for packaging tho - dh-make - earlyoom - fastboot - ffmpeg - git - imagemagick - - libinput-tools + - libinput-tools # Allows for libinput debugging - lua-check # I am good ComputerCraft guy - - neofetch + - neofetch # I never use it but whatever I guess - network-manager-openconnect - network-manager-openvpn - network-manager-vpnc # For default route configuration - - npm + - npm # I'm sorry - openjdk-8-jre # For Minecraft - - pbuilder + - pbuilder # Deb creation tool that does it all in a container - pwgen - python3-appdirs - python3-eyed3 @@ -75,10 +73,10 @@ - python3-pyqt5 - python3-usb # fuselee-gelee - python3-venv - - qt5-default # For Multimc, should be installed on Kubuntu + - qt5-default # For Multimc, should be installed on Kubuntu by default regardless - traceroute - tree - - units + - units # How many bytes are in a mile? - vim - wamerican # Dictionaries because I have like two scripts that use them - wamerican-large @@ -96,76 +94,77 @@ # DE - bspwm - compton - - conky-all + - conky-all # Why this is in several packages is beyond me - dunst - - hsetroot - - i3lock + - hsetroot # Works around a bug with Compton and a gray root window + - i3lock # Don't actually use this anymore (wew ksmserver) - ibus - - ibus-mozc - - kubuntu-desktop + - ibus-mozc # Jap + - kubuntu-desktop # Sanity - mozc-utils-gui - nitrogen - papirus-icon-theme - pavucontrol-qt - polybar - qt5ct - - xbacklight + - xbacklight # This works on literally none of my machines but fuck it # Desktop applications - - barrier - - cantata + - barrier # FOSS Synergy + - cantata # MPD client - chromium-browser - chromium-chromedriver # Because Selenium - clonezilla - dolphin-emu-master - dolphin-plugins - element-desktop - - filelight + - filelight # Sweet disk usage util - filezilla - firefox - - g810-led + - g810-led # For Logitech peripherals - gimp - - inkscape - - joy2key + - inkscape # I use it for like two things + - joy2key # Neat little wrapper to bind joypad keys to keyboard keys - joystick - kcolorchooser - - kde-config-plymouth - - kdenlive + - kde-config-plymouth # Realistically not required, but whatever + - kdenlive # For the one video I edit a year - kdepim - keepassxc - - krita - - libnotify-bin + - krita # I don't ever end up using this, maybe I'll pick it up for spritework + - libnotify-bin # Used for several of my scripts - libretro-desmume - libretro-mgba - libretro-mupen64plus - libretro-snes9x - lutris - mesa-vulkan-drivers - - mono-complete + - mono-complete # Initial installation of this package may take an eternity - monodevelop - mpv - mupen64plus-qt - nextcloud-desktop - obs-studio - - plymouth-theme-spinner - - pulseeffects + - plymouth-theme-spinner # Gives us the good UEFI logo bootup + - pulseeffects # I need to be an echoey boi - q4wine - qbittorrent - - rdesktop + - rdesktop # CLI RDP client, works real nice - redshift - retroarch - rofi - - scrot + - scrot # For scripted screenshots - spotify-client - steam-installer - syncthing-gtk - telegram-desktop - - torbrowser-launcher + - torbrowser-launcher # Sometimes it's bugged but it's still nice to have - virt-manager - vulkan-tools - vulkan-utils - winetricks - xdotool - zim + # Other architectures, misc - "libgl1-mesa-dri:i386" - "mesa-vulkan-drivers:i386" # Games From cccae82c049287e6960bec8ad67c1981ea61592f Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 15:18:57 -0500 Subject: [PATCH 05/14] Annotate more things --- roles/desktop-common/tasks/packages.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/desktop-common/tasks/packages.yml b/roles/desktop-common/tasks/packages.yml index b2b36dc..b459ca3 100644 --- a/roles/desktop-common/tasks/packages.yml +++ b/roles/desktop-common/tasks/packages.yml @@ -173,7 +173,7 @@ apt: name: - firmware-manager - - kamoso + - kamoso # Camera util - system76-acpi-dkms - system76-dkms - system76-firmware @@ -183,7 +183,7 @@ - name: Install Focal-exclusive desktop applications apt: name: - - piper + - piper # Peripheral LED management when: ansible_distribution_release == "focal" - name: Install packages without recommends apt: @@ -209,6 +209,7 @@ - pmbootstrap - protontricks - youtube-dl + # Just in case we have legacy apps floating around - name: Remove Snap applications snap: name: @@ -216,7 +217,7 @@ - pixelorama - riot-web - slack - - scrcpy # Remote Android viewing + - scrcpy - sengi - spotify state: absent From ab3db510ab0ba85f38b945e15f77ba0a4e449bce Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 16:37:58 -0500 Subject: [PATCH 06/14] Migrate Grafana to postgres --- inventory/group_vars/9iron.club.yml | 16 +++++++++------- roles/grafana/meta/main.yml | 1 - roles/grafana/tasks/main.yml | 28 +++++++++++++++------------- roles/grafana/templates/grafana.ini | 6 +++--- 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/inventory/group_vars/9iron.club.yml b/inventory/group_vars/9iron.club.yml index 5cfb3bc..3bdb9cf 100644 --- a/inventory/group_vars/9iron.club.yml +++ b/inventory/group_vars/9iron.club.yml @@ -84,13 +84,15 @@ gitea: 62303264653836656162366362316461656363353539343632616462626231643632 # Grafana grafana: - mysql_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65376335363732633132326630323161393861323833323631613630343262383137656138356262 - 3730386139393739373738626535376636666135646463350a623331333032346434343465666234 - 38393539623437376133363063633238383031326431653737346564323837343265653431633962 - 6665346237666165330a643635653863356633623535383063366632336437313730626233346664 - 33303465616532313339393634386166363162393661393037323835323035386663 + db: + hostname: 172.31.47.215 + pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65376335363732633132326630323161393861323833323631613630343262383137656138356262 + 3730386139393739373738626535376636666135646463350a623331333032346434343465666234 + 38393539623437376133363063633238383031326431653737346564323837343265653431633962 + 6665346237666165330a643635653863356633623535383063366632336437313730626233346664 + 33303465616532313339393634386166363162393661393037323835323035386663 url: "monitor.9iron.club" webroot: "/var/www/grafana" config_repo: "https://git.9iron.club/salt/grafana" diff --git a/roles/grafana/meta/main.yml b/roles/grafana/meta/main.yml index d5f3152..7e415bc 100644 --- a/roles/grafana/meta/main.yml +++ b/roles/grafana/meta/main.yml @@ -2,4 +2,3 @@ allow_duplicates: no dependencies: - role: apache-php - - role: mysql diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index e5d2f20..25f346c 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -3,22 +3,24 @@ --- - name: Install, configure, and start Grafana block: - - name: Create and configure DB + - name: Set up PostgreSQL block: + - name: Create DB user + postgresql_user: + name: grafana + password: "{{ grafana.db.pass }}" + login_host: "{{ grafana.db.hostname }}" + login_user: "{{ psql.ansible.user }}" + login_password: "{{ psql.ansible.pass }}" - name: Create DB - mysql_db: + postgresql_db: name: grafana - login_user: root - login_password: "{{ mysql.root_password }}" - state: present - - name: Create user - mysql_user: - name: grafana - host: localhost - password: "{{ grafana.mysql_password }}" - priv: "grafana.*:ALL,GRANT" - login_user: root - login_password: "{{ mysql.root_password }}" + owner: grafana + encoding: UNICODE + login_host: "{{ grafana.db.hostname }}" + login_user: "{{ psql.ansible.user }}" + login_password: "{{ psql.ansible.pass }}" + tags: [ postgresql ] - name: Configure Grafana block: - name: Create configuration directories diff --git a/roles/grafana/templates/grafana.ini b/roles/grafana/templates/grafana.ini index 9701fd6..87e5a92 100644 --- a/roles/grafana/templates/grafana.ini +++ b/roles/grafana/templates/grafana.ini @@ -73,12 +73,12 @@ http_port = 3001 # as separate properties or as on string using the url properties. # Either "mysql", "postgres" or "sqlite3", it's your choice -type = mysql -host = 127.0.0.1:3306 +type = postgres +host = {{ grafana.db.hostname }}:5432 name = grafana user = grafana # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -password = {{ grafana.mysql_password }} +password = {{ grafana.db.pass }} # Use either URL or the previous fields to configure the database # Example: mysql://user:secret@host:port/database From 9b2f928850efe7912e2356deb043786e0a5d9b29 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 16:39:23 -0500 Subject: [PATCH 07/14] Gitea no longer depends on mysql either --- roles/gitea/meta/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml index 5c2dd26..e6d6535 100644 --- a/roles/gitea/meta/main.yml +++ b/roles/gitea/meta/main.yml @@ -2,5 +2,4 @@ allow_duplicates: no dependencies: - role: apache-php - - role: mysql - role: redis From c054cbec87f0c7dffe0c70cebbdc475332500811 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 16:45:51 -0500 Subject: [PATCH 08/14] Gitea does NOT need mysql --- roles/gitea/templates/gitea.service | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/gitea/templates/gitea.service b/roles/gitea/templates/gitea.service index 8be0ef0..b699cd0 100644 --- a/roles/gitea/templates/gitea.service +++ b/roles/gitea/templates/gitea.service @@ -2,7 +2,6 @@ Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target -Requires=mariadb.service Requires=redis.service [Service] From 27d8b9f88bedf16f16f321c643fefc4c0593c11e Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 17:14:16 -0500 Subject: [PATCH 09/14] Add fancy templating to Nextcloud backups Because I, regrettably, do not have backups for the past like month because data got huge --- roles/nextcloud/templates/backup.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/nextcloud/templates/backup.sh b/roles/nextcloud/templates/backup.sh index f20c9b4..421aea2 100644 --- a/roles/nextcloud/templates/backup.sh +++ b/roles/nextcloud/templates/backup.sh @@ -44,8 +44,14 @@ fi # WE MAKE BACKUP NOW SERGEI if cd "{{ nextcloud_webroot }}"; then date="$(date -Iseconds)" +{% if aws.backup_bucket is defined %} + # We have an AWS bucket to back straight up to + log "Piping data backup straight to S3" + tar czh "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" | aws s3 cp - "s3://{{ aws.backup_bucket }}/{{ nextcloud.url }}/{{ nextcloud.url }}-$date-data.tar.gz" --storage-class STANDARD +{% else %} log "Creating data backup" tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" +{% endif %} log "Creating webroot backup" tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}" else From 54d187ce90229ca7cf36d8d9abb3603e8db2d293 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 17:25:39 -0500 Subject: [PATCH 10/14] Update incorrect README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 556b54a..c47f14d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A collection of Ansible scripts to manage all of my machines. ## Quickstart -To quickly get a machine up and running, add it to the inventory, role it out, and `./provision.yml` it. The playbook assures a sane running environment and then sets up ansible-pull on a timer that immediately triggers. Leave it be, come back 10 minutes later and polish it up as required. +To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles. ## Overview From 1f96abe1beecf469025b236e35a42f4b517238d6 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 17:36:57 -0500 Subject: [PATCH 11/14] Update more README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c47f14d..888ad42 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Salt's Ansible Scripts +# Salt's Ansible Repo -A collection of Ansible scripts to manage all of my machines. +A collection of Ansible stuff to manage all of my machines. ## Quickstart From 2c7af2421306fa714d821a414200a7eb7eb2175f Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 22 Sep 2020 17:51:34 -0500 Subject: [PATCH 12/14] This is mostly a test commit for repo migration --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 888ad42..74ed790 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Salt's Ansible Repo -A collection of Ansible stuff to manage all of my machines. +A collection of Ansible configuration to manage all of my machines. ## Quickstart From 75e152b5bf6481c46febd218c9920faf94bbb3e8 Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 23 Sep 2020 20:37:03 -0500 Subject: [PATCH 13/14] Add some redundancy to 9iron backups --- roles/base-backups/templates/9iron-backup.service | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/base-backups/templates/9iron-backup.service b/roles/base-backups/templates/9iron-backup.service index 888ff21..034f56a 100644 --- a/roles/base-backups/templates/9iron-backup.service +++ b/roles/base-backups/templates/9iron-backup.service @@ -1,11 +1,14 @@ # vim:ft=dosini: [Unit] Description=9iron backup service +StartLimitIntervalSec=3600 +StartLimitBurst=5 [Service] -Type=oneshot MemoryMax=256M ExecStart=/opt/backups/backup.sh +Restart=on-failure +RestartSec=90 [Install] WantedBy=multi-user.target From 8dbfd5ddaa50301a86b1b362941cd2430e04e7a5 Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 23 Sep 2020 20:39:26 -0500 Subject: [PATCH 14/14] Add new ansible package Gah the 2.10 upgrade sucked --- roles/ansible/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml index 0ae8893..79abf1a 100644 --- a/roles/ansible/tasks/main.yml +++ b/roles/ansible/tasks/main.yml @@ -32,6 +32,7 @@ vars: packages: - ansible + - ansible-base - ansible-lint - name: Assure root .ssh directory file: