Merge branch 'master' of git.9iron.club:salt/ansible

This commit is contained in:
Salt 2020-09-25 01:56:42 -05:00
commit 89b6e30bdb
13 changed files with 86 additions and 76 deletions

View File

@ -1,10 +1,10 @@
# Salt's Ansible Scripts # Salt's Ansible Repo
A collection of Ansible scripts to manage all of my machines. A collection of Ansible configuration to manage all of my machines.
## Quickstart ## Quickstart
To quickly get a machine up and running, add it to the inventory, role it out, and `./provision.yml` it. The playbook assures a sane running environment and then sets up ansible-pull on a timer that immediately triggers. Leave it be, come back 10 minutes later and polish it up as required. To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles.
## Overview ## Overview

View File

@ -84,13 +84,15 @@ gitea:
62303264653836656162366362316461656363353539343632616462626231643632 62303264653836656162366362316461656363353539343632616462626231643632
# Grafana # Grafana
grafana: grafana:
mysql_password: !vault | db:
$ANSIBLE_VAULT;1.1;AES256 hostname: 172.31.47.215
65376335363732633132326630323161393861323833323631613630343262383137656138356262 pass: !vault |
3730386139393739373738626535376636666135646463350a623331333032346434343465666234 $ANSIBLE_VAULT;1.1;AES256
38393539623437376133363063633238383031326431653737346564323837343265653431633962 65376335363732633132326630323161393861323833323631613630343262383137656138356262
6665346237666165330a643635653863356633623535383063366632336437313730626233346664 3730386139393739373738626535376636666135646463350a623331333032346434343465666234
33303465616532313339393634386166363162393661393037323835323035386663 38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663
url: "monitor.9iron.club" url: "monitor.9iron.club"
webroot: "/var/www/grafana" webroot: "/var/www/grafana"
config_repo: "https://git.9iron.club/salt/grafana" config_repo: "https://git.9iron.club/salt/grafana"

View File

@ -32,6 +32,7 @@
vars: vars:
packages: packages:
- ansible - ansible
- ansible-base
- ansible-lint - ansible-lint
- name: Assure root .ssh directory - name: Assure root .ssh directory
file: file:

View File

@ -1,11 +1,14 @@
# vim:ft=dosini: # vim:ft=dosini:
[Unit] [Unit]
Description=9iron backup service Description=9iron backup service
StartLimitIntervalSec=3600
StartLimitBurst=5
[Service] [Service]
Type=oneshot
MemoryMax=256M MemoryMax=256M
ExecStart=/opt/backups/backup.sh ExecStart=/opt/backups/backup.sh
Restart=on-failure
RestartSec=90
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -6,6 +6,3 @@
name: cron name: cron
state: restarted state: restarted
become: yes become: yes
- name: regen initramfs
command: /usr/sbin/update-initramfs -c -k all
become: yes

View File

@ -9,3 +9,6 @@
name: sshd.service name: sshd.service
state: restarted state: restarted
become: yes become: yes
- name: regen initramfs
command: /usr/sbin/update-initramfs -c -k all
become: yes

View File

@ -25,16 +25,14 @@
apt_repository: apt_repository:
repo: "{{ item }}" repo: "{{ item }}"
loop: loop:
# Spotify # Debs
- "deb http://repository.spotify.com stable non-free" - "deb http://repository.spotify.com stable non-free" # Spotify
# Monodevelop - "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" - "deb https://packages.riot.im/debian/ default main" # Element
# Element
- "deb https://packages.riot.im/debian/ default main"
# First-party PPAs # First-party PPAs
- "ppa:phoerious/keepassxc" # KeepassXC - "ppa:phoerious/keepassxc" # KeepassXC
# Third-party PPAs # Third-party PPAs
- "ppa:system76-dev/stable" - "ppa:system76-dev/stable" # Love my lemp9
- "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit - "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit
- "ppa:kgilmer/speed-ricer" # Rice rice rice - "ppa:kgilmer/speed-ricer" # Rice rice rice
- "ppa:lutris-team/lutris" # Lutris is kickass - "ppa:lutris-team/lutris" # Lutris is kickass
@ -52,22 +50,22 @@
- build-essential - build-essential
- cmake - cmake
- debhelper - debhelper
- devscripts - devscripts # Tons of cool shit in here, mostly for packaging tho
- dh-make - dh-make
- earlyoom - earlyoom
- fastboot - fastboot
- ffmpeg - ffmpeg
- git - git
- imagemagick - imagemagick
- libinput-tools - libinput-tools # Allows for libinput debugging
- lua-check # I am good ComputerCraft guy - lua-check # I am good ComputerCraft guy
- neofetch - neofetch # I never use it but whatever I guess
- network-manager-openconnect - network-manager-openconnect
- network-manager-openvpn - network-manager-openvpn
- network-manager-vpnc # For default route configuration - network-manager-vpnc # For default route configuration
- npm - npm # I'm sorry
- openjdk-8-jre # For Minecraft - openjdk-8-jre # For Minecraft
- pbuilder - pbuilder # Deb creation tool that does it all in a container
- pwgen - pwgen
- python3-appdirs - python3-appdirs
- python3-eyed3 - python3-eyed3
@ -75,10 +73,10 @@
- python3-pyqt5 - python3-pyqt5
- python3-usb # fuselee-gelee - python3-usb # fuselee-gelee
- python3-venv - python3-venv
- qt5-default # For Multimc, should be installed on Kubuntu - qt5-default # For Multimc, should be installed on Kubuntu by default regardless
- traceroute - traceroute
- tree - tree
- units - units # How many bytes are in a mile?
- vim - vim
- wamerican # Dictionaries because I have like two scripts that use them - wamerican # Dictionaries because I have like two scripts that use them
- wamerican-large - wamerican-large
@ -96,76 +94,77 @@
# DE # DE
- bspwm - bspwm
- compton - compton
- conky-all - conky-all # Why this is in several packages is beyond me
- dunst - dunst
- hsetroot - hsetroot # Works around a bug with Compton and a gray root window
- i3lock - i3lock # Don't actually use this anymore (wew ksmserver)
- ibus - ibus
- ibus-mozc - ibus-mozc # Jap
- kubuntu-desktop - kubuntu-desktop # Sanity
- mozc-utils-gui - mozc-utils-gui
- nitrogen - nitrogen
- papirus-icon-theme - papirus-icon-theme
- pavucontrol-qt - pavucontrol-qt
- polybar - polybar
- qt5ct - qt5ct
- xbacklight - xbacklight # This works on literally none of my machines but fuck it
# Desktop applications # Desktop applications
- barrier - barrier # FOSS Synergy
- cantata - cantata # MPD client
- chromium-browser - chromium-browser
- chromium-chromedriver # Because Selenium - chromium-chromedriver # Because Selenium
- clonezilla - clonezilla
- dolphin-emu-master - dolphin-emu-master
- dolphin-plugins - dolphin-plugins
- element-desktop - element-desktop
- filelight - filelight # Sweet disk usage util
- filezilla - filezilla
- firefox - firefox
- g810-led - g810-led # For Logitech peripherals
- gimp - gimp
- inkscape - inkscape # I use it for like two things
- joy2key - joy2key # Neat little wrapper to bind joypad keys to keyboard keys
- joystick - joystick
- kcolorchooser - kcolorchooser
- kde-config-plymouth - kde-config-plymouth # Realistically not required, but whatever
- kdenlive - kdenlive # For the one video I edit a year
- kdepim - kdepim
- keepassxc - keepassxc
- krita - krita # I don't ever end up using this, maybe I'll pick it up for spritework
- libnotify-bin - libnotify-bin # Used for several of my scripts
- libretro-desmume - libretro-desmume
- libretro-mgba - libretro-mgba
- libretro-mupen64plus - libretro-mupen64plus
- libretro-snes9x - libretro-snes9x
- lutris - lutris
- mesa-vulkan-drivers - mesa-vulkan-drivers
- mono-complete - mono-complete # Initial installation of this package may take an eternity
- monodevelop - monodevelop
- mpv - mpv
- mupen64plus-qt - mupen64plus-qt
- nextcloud-desktop - nextcloud-desktop
- obs-studio - obs-studio
- plymouth-theme-spinner - plymouth-theme-spinner # Gives us the good UEFI logo bootup
- pulseeffects - pulseeffects # I need to be an echoey boi
- q4wine - q4wine
- qbittorrent - qbittorrent
- rdesktop - rdesktop # CLI RDP client, works real nice
- redshift - redshift
- retroarch - retroarch
- rofi - rofi
- scrot - scrot # For scripted screenshots
- spotify-client - spotify-client
- steam-installer - steam-installer
- syncthing-gtk - syncthing-gtk
- telegram-desktop - telegram-desktop
- torbrowser-launcher - torbrowser-launcher # Sometimes it's bugged but it's still nice to have
- virt-manager - virt-manager
- vulkan-tools - vulkan-tools
- vulkan-utils - vulkan-utils
- winetricks - winetricks
- xdotool - xdotool
- zim - zim
# Other architectures, misc
- "libgl1-mesa-dri:i386" - "libgl1-mesa-dri:i386"
- "mesa-vulkan-drivers:i386" - "mesa-vulkan-drivers:i386"
# Games # Games
@ -174,7 +173,7 @@
apt: apt:
name: name:
- firmware-manager - firmware-manager
- kamoso - kamoso # Camera util
- system76-acpi-dkms - system76-acpi-dkms
- system76-dkms - system76-dkms
- system76-firmware - system76-firmware
@ -184,7 +183,7 @@
- name: Install Focal-exclusive desktop applications - name: Install Focal-exclusive desktop applications
apt: apt:
name: name:
- piper - piper # Peripheral LED management
when: ansible_distribution_release == "focal" when: ansible_distribution_release == "focal"
- name: Install packages without recommends - name: Install packages without recommends
apt: apt:
@ -200,6 +199,8 @@
- "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb" - "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb"
- "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb" - "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb"
- "https://zoom.us/client/latest/zoom_amd64.deb" - "https://zoom.us/client/latest/zoom_amd64.deb"
# We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout
ignore_errors: yes
- name: Install desktop applications through pip3 - name: Install desktop applications through pip3
pip: pip:
executable: "/usr/bin/pip3" executable: "/usr/bin/pip3"
@ -208,11 +209,7 @@
- pmbootstrap - pmbootstrap
- protontricks - protontricks
- youtube-dl - youtube-dl
- name: Install desktop applications through Snap # Just in case we have legacy apps floating around
snap:
name:
- sengi
- scrcpy # Remote Android viewing
- name: Remove Snap applications - name: Remove Snap applications
snap: snap:
name: name:
@ -220,6 +217,8 @@
- pixelorama - pixelorama
- riot-web - riot-web
- slack - slack
- scrcpy
- sengi
- spotify - spotify
state: absent state: absent
- name: Remove desktop applications through APT - name: Remove desktop applications through APT

View File

@ -2,5 +2,4 @@
allow_duplicates: no allow_duplicates: no
dependencies: dependencies:
- role: apache-php - role: apache-php
- role: mysql
- role: redis - role: redis

View File

@ -2,7 +2,6 @@
Description=Gitea (Git with a cup of tea) Description=Gitea (Git with a cup of tea)
After=syslog.target After=syslog.target
After=network.target After=network.target
Requires=mariadb.service
Requires=redis.service Requires=redis.service
[Service] [Service]

View File

@ -2,4 +2,3 @@
allow_duplicates: no allow_duplicates: no
dependencies: dependencies:
- role: apache-php - role: apache-php
- role: mysql

View File

@ -3,22 +3,24 @@
--- ---
- name: Install, configure, and start Grafana - name: Install, configure, and start Grafana
block: block:
- name: Create and configure DB - name: Set up PostgreSQL
block: block:
- name: Create DB user
postgresql_user:
name: grafana
password: "{{ grafana.db.pass }}"
login_host: "{{ grafana.db.hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create DB - name: Create DB
mysql_db: postgresql_db:
name: grafana name: grafana
login_user: root owner: grafana
login_password: "{{ mysql.root_password }}" encoding: UNICODE
state: present login_host: "{{ grafana.db.hostname }}"
- name: Create user login_user: "{{ psql.ansible.user }}"
mysql_user: login_password: "{{ psql.ansible.pass }}"
name: grafana tags: [ postgresql ]
host: localhost
password: "{{ grafana.mysql_password }}"
priv: "grafana.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql.root_password }}"
- name: Configure Grafana - name: Configure Grafana
block: block:
- name: Create configuration directories - name: Create configuration directories

View File

@ -73,12 +73,12 @@ http_port = 3001
# as separate properties or as on string using the url properties. # as separate properties or as on string using the url properties.
# Either "mysql", "postgres" or "sqlite3", it's your choice # Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql type = postgres
host = 127.0.0.1:3306 host = {{ grafana.db.hostname }}:5432
name = grafana name = grafana
user = grafana user = grafana
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = {{ grafana.mysql_password }} password = {{ grafana.db.pass }}
# Use either URL or the previous fields to configure the database # Use either URL or the previous fields to configure the database
# Example: mysql://user:secret@host:port/database # Example: mysql://user:secret@host:port/database

View File

@ -44,8 +44,14 @@ fi
# WE MAKE BACKUP NOW SERGEI # WE MAKE BACKUP NOW SERGEI
if cd "{{ nextcloud_webroot }}"; then if cd "{{ nextcloud_webroot }}"; then
date="$(date -Iseconds)" date="$(date -Iseconds)"
{% if aws.backup_bucket is defined %}
# We have an AWS bucket to back straight up to
log "Piping data backup straight to S3"
tar czh "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" | aws s3 cp - "s3://{{ aws.backup_bucket }}/{{ nextcloud.url }}/{{ nextcloud.url }}-$date-data.tar.gz" --storage-class STANDARD
{% else %}
log "Creating data backup" log "Creating data backup"
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
{% endif %}
log "Creating webroot backup" log "Creating webroot backup"
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}" tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
else else