Merge branch 'master' of git.9iron.club:salt/ansible
This commit is contained in:
commit
89b6e30bdb
@ -1,10 +1,10 @@
|
|||||||
# Salt's Ansible Scripts
|
# Salt's Ansible Repo
|
||||||
|
|
||||||
A collection of Ansible scripts to manage all of my machines.
|
A collection of Ansible configuration to manage all of my machines.
|
||||||
|
|
||||||
## Quickstart
|
## Quickstart
|
||||||
|
|
||||||
To quickly get a machine up and running, add it to the inventory, role it out, and `./provision.yml` it. The playbook assures a sane running environment and then sets up ansible-pull on a timer that immediately triggers. Leave it be, come back 10 minutes later and polish it up as required.
|
To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles.
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
|
@ -84,13 +84,15 @@ gitea:
|
|||||||
62303264653836656162366362316461656363353539343632616462626231643632
|
62303264653836656162366362316461656363353539343632616462626231643632
|
||||||
# Grafana
|
# Grafana
|
||||||
grafana:
|
grafana:
|
||||||
mysql_password: !vault |
|
db:
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
hostname: 172.31.47.215
|
||||||
65376335363732633132326630323161393861323833323631613630343262383137656138356262
|
pass: !vault |
|
||||||
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
38393539623437376133363063633238383031326431653737346564323837343265653431633962
|
65376335363732633132326630323161393861323833323631613630343262383137656138356262
|
||||||
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
|
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
|
||||||
33303465616532313339393634386166363162393661393037323835323035386663
|
38393539623437376133363063633238383031326431653737346564323837343265653431633962
|
||||||
|
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
|
||||||
|
33303465616532313339393634386166363162393661393037323835323035386663
|
||||||
url: "monitor.9iron.club"
|
url: "monitor.9iron.club"
|
||||||
webroot: "/var/www/grafana"
|
webroot: "/var/www/grafana"
|
||||||
config_repo: "https://git.9iron.club/salt/grafana"
|
config_repo: "https://git.9iron.club/salt/grafana"
|
||||||
|
@ -32,6 +32,7 @@
|
|||||||
vars:
|
vars:
|
||||||
packages:
|
packages:
|
||||||
- ansible
|
- ansible
|
||||||
|
- ansible-base
|
||||||
- ansible-lint
|
- ansible-lint
|
||||||
- name: Assure root .ssh directory
|
- name: Assure root .ssh directory
|
||||||
file:
|
file:
|
||||||
|
@ -1,11 +1,14 @@
|
|||||||
# vim:ft=dosini:
|
# vim:ft=dosini:
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=9iron backup service
|
Description=9iron backup service
|
||||||
|
StartLimitIntervalSec=3600
|
||||||
|
StartLimitBurst=5
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
|
||||||
MemoryMax=256M
|
MemoryMax=256M
|
||||||
ExecStart=/opt/backups/backup.sh
|
ExecStart=/opt/backups/backup.sh
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=90
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -6,6 +6,3 @@
|
|||||||
name: cron
|
name: cron
|
||||||
state: restarted
|
state: restarted
|
||||||
become: yes
|
become: yes
|
||||||
- name: regen initramfs
|
|
||||||
command: /usr/sbin/update-initramfs -c -k all
|
|
||||||
become: yes
|
|
||||||
|
@ -9,3 +9,6 @@
|
|||||||
name: sshd.service
|
name: sshd.service
|
||||||
state: restarted
|
state: restarted
|
||||||
become: yes
|
become: yes
|
||||||
|
- name: regen initramfs
|
||||||
|
command: /usr/sbin/update-initramfs -c -k all
|
||||||
|
become: yes
|
||||||
|
@ -25,16 +25,14 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "{{ item }}"
|
repo: "{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
# Spotify
|
# Debs
|
||||||
- "deb http://repository.spotify.com stable non-free"
|
- "deb http://repository.spotify.com stable non-free" # Spotify
|
||||||
# Monodevelop
|
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop
|
||||||
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main"
|
- "deb https://packages.riot.im/debian/ default main" # Element
|
||||||
# Element
|
|
||||||
- "deb https://packages.riot.im/debian/ default main"
|
|
||||||
# First-party PPAs
|
# First-party PPAs
|
||||||
- "ppa:phoerious/keepassxc" # KeepassXC
|
- "ppa:phoerious/keepassxc" # KeepassXC
|
||||||
# Third-party PPAs
|
# Third-party PPAs
|
||||||
- "ppa:system76-dev/stable"
|
- "ppa:system76-dev/stable" # Love my lemp9
|
||||||
- "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit
|
- "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit
|
||||||
- "ppa:kgilmer/speed-ricer" # Rice rice rice
|
- "ppa:kgilmer/speed-ricer" # Rice rice rice
|
||||||
- "ppa:lutris-team/lutris" # Lutris is kickass
|
- "ppa:lutris-team/lutris" # Lutris is kickass
|
||||||
@ -52,22 +50,22 @@
|
|||||||
- build-essential
|
- build-essential
|
||||||
- cmake
|
- cmake
|
||||||
- debhelper
|
- debhelper
|
||||||
- devscripts
|
- devscripts # Tons of cool shit in here, mostly for packaging tho
|
||||||
- dh-make
|
- dh-make
|
||||||
- earlyoom
|
- earlyoom
|
||||||
- fastboot
|
- fastboot
|
||||||
- ffmpeg
|
- ffmpeg
|
||||||
- git
|
- git
|
||||||
- imagemagick
|
- imagemagick
|
||||||
- libinput-tools
|
- libinput-tools # Allows for libinput debugging
|
||||||
- lua-check # I am good ComputerCraft guy
|
- lua-check # I am good ComputerCraft guy
|
||||||
- neofetch
|
- neofetch # I never use it but whatever I guess
|
||||||
- network-manager-openconnect
|
- network-manager-openconnect
|
||||||
- network-manager-openvpn
|
- network-manager-openvpn
|
||||||
- network-manager-vpnc # For default route configuration
|
- network-manager-vpnc # For default route configuration
|
||||||
- npm
|
- npm # I'm sorry
|
||||||
- openjdk-8-jre # For Minecraft
|
- openjdk-8-jre # For Minecraft
|
||||||
- pbuilder
|
- pbuilder # Deb creation tool that does it all in a container
|
||||||
- pwgen
|
- pwgen
|
||||||
- python3-appdirs
|
- python3-appdirs
|
||||||
- python3-eyed3
|
- python3-eyed3
|
||||||
@ -75,10 +73,10 @@
|
|||||||
- python3-pyqt5
|
- python3-pyqt5
|
||||||
- python3-usb # fuselee-gelee
|
- python3-usb # fuselee-gelee
|
||||||
- python3-venv
|
- python3-venv
|
||||||
- qt5-default # For Multimc, should be installed on Kubuntu
|
- qt5-default # For Multimc, should be installed on Kubuntu by default regardless
|
||||||
- traceroute
|
- traceroute
|
||||||
- tree
|
- tree
|
||||||
- units
|
- units # How many bytes are in a mile?
|
||||||
- vim
|
- vim
|
||||||
- wamerican # Dictionaries because I have like two scripts that use them
|
- wamerican # Dictionaries because I have like two scripts that use them
|
||||||
- wamerican-large
|
- wamerican-large
|
||||||
@ -96,76 +94,77 @@
|
|||||||
# DE
|
# DE
|
||||||
- bspwm
|
- bspwm
|
||||||
- compton
|
- compton
|
||||||
- conky-all
|
- conky-all # Why this is in several packages is beyond me
|
||||||
- dunst
|
- dunst
|
||||||
- hsetroot
|
- hsetroot # Works around a bug with Compton and a gray root window
|
||||||
- i3lock
|
- i3lock # Don't actually use this anymore (wew ksmserver)
|
||||||
- ibus
|
- ibus
|
||||||
- ibus-mozc
|
- ibus-mozc # Jap
|
||||||
- kubuntu-desktop
|
- kubuntu-desktop # Sanity
|
||||||
- mozc-utils-gui
|
- mozc-utils-gui
|
||||||
- nitrogen
|
- nitrogen
|
||||||
- papirus-icon-theme
|
- papirus-icon-theme
|
||||||
- pavucontrol-qt
|
- pavucontrol-qt
|
||||||
- polybar
|
- polybar
|
||||||
- qt5ct
|
- qt5ct
|
||||||
- xbacklight
|
- xbacklight # This works on literally none of my machines but fuck it
|
||||||
# Desktop applications
|
# Desktop applications
|
||||||
- barrier
|
- barrier # FOSS Synergy
|
||||||
- cantata
|
- cantata # MPD client
|
||||||
- chromium-browser
|
- chromium-browser
|
||||||
- chromium-chromedriver # Because Selenium
|
- chromium-chromedriver # Because Selenium
|
||||||
- clonezilla
|
- clonezilla
|
||||||
- dolphin-emu-master
|
- dolphin-emu-master
|
||||||
- dolphin-plugins
|
- dolphin-plugins
|
||||||
- element-desktop
|
- element-desktop
|
||||||
- filelight
|
- filelight # Sweet disk usage util
|
||||||
- filezilla
|
- filezilla
|
||||||
- firefox
|
- firefox
|
||||||
- g810-led
|
- g810-led # For Logitech peripherals
|
||||||
- gimp
|
- gimp
|
||||||
- inkscape
|
- inkscape # I use it for like two things
|
||||||
- joy2key
|
- joy2key # Neat little wrapper to bind joypad keys to keyboard keys
|
||||||
- joystick
|
- joystick
|
||||||
- kcolorchooser
|
- kcolorchooser
|
||||||
- kde-config-plymouth
|
- kde-config-plymouth # Realistically not required, but whatever
|
||||||
- kdenlive
|
- kdenlive # For the one video I edit a year
|
||||||
- kdepim
|
- kdepim
|
||||||
- keepassxc
|
- keepassxc
|
||||||
- krita
|
- krita # I don't ever end up using this, maybe I'll pick it up for spritework
|
||||||
- libnotify-bin
|
- libnotify-bin # Used for several of my scripts
|
||||||
- libretro-desmume
|
- libretro-desmume
|
||||||
- libretro-mgba
|
- libretro-mgba
|
||||||
- libretro-mupen64plus
|
- libretro-mupen64plus
|
||||||
- libretro-snes9x
|
- libretro-snes9x
|
||||||
- lutris
|
- lutris
|
||||||
- mesa-vulkan-drivers
|
- mesa-vulkan-drivers
|
||||||
- mono-complete
|
- mono-complete # Initial installation of this package may take an eternity
|
||||||
- monodevelop
|
- monodevelop
|
||||||
- mpv
|
- mpv
|
||||||
- mupen64plus-qt
|
- mupen64plus-qt
|
||||||
- nextcloud-desktop
|
- nextcloud-desktop
|
||||||
- obs-studio
|
- obs-studio
|
||||||
- plymouth-theme-spinner
|
- plymouth-theme-spinner # Gives us the good UEFI logo bootup
|
||||||
- pulseeffects
|
- pulseeffects # I need to be an echoey boi
|
||||||
- q4wine
|
- q4wine
|
||||||
- qbittorrent
|
- qbittorrent
|
||||||
- rdesktop
|
- rdesktop # CLI RDP client, works real nice
|
||||||
- redshift
|
- redshift
|
||||||
- retroarch
|
- retroarch
|
||||||
- rofi
|
- rofi
|
||||||
- scrot
|
- scrot # For scripted screenshots
|
||||||
- spotify-client
|
- spotify-client
|
||||||
- steam-installer
|
- steam-installer
|
||||||
- syncthing-gtk
|
- syncthing-gtk
|
||||||
- telegram-desktop
|
- telegram-desktop
|
||||||
- torbrowser-launcher
|
- torbrowser-launcher # Sometimes it's bugged but it's still nice to have
|
||||||
- virt-manager
|
- virt-manager
|
||||||
- vulkan-tools
|
- vulkan-tools
|
||||||
- vulkan-utils
|
- vulkan-utils
|
||||||
- winetricks
|
- winetricks
|
||||||
- xdotool
|
- xdotool
|
||||||
- zim
|
- zim
|
||||||
|
# Other architectures, misc
|
||||||
- "libgl1-mesa-dri:i386"
|
- "libgl1-mesa-dri:i386"
|
||||||
- "mesa-vulkan-drivers:i386"
|
- "mesa-vulkan-drivers:i386"
|
||||||
# Games
|
# Games
|
||||||
@ -174,7 +173,7 @@
|
|||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- firmware-manager
|
- firmware-manager
|
||||||
- kamoso
|
- kamoso # Camera util
|
||||||
- system76-acpi-dkms
|
- system76-acpi-dkms
|
||||||
- system76-dkms
|
- system76-dkms
|
||||||
- system76-firmware
|
- system76-firmware
|
||||||
@ -184,7 +183,7 @@
|
|||||||
- name: Install Focal-exclusive desktop applications
|
- name: Install Focal-exclusive desktop applications
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- piper
|
- piper # Peripheral LED management
|
||||||
when: ansible_distribution_release == "focal"
|
when: ansible_distribution_release == "focal"
|
||||||
- name: Install packages without recommends
|
- name: Install packages without recommends
|
||||||
apt:
|
apt:
|
||||||
@ -200,6 +199,8 @@
|
|||||||
- "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb"
|
- "https://downloads.slack-edge.com/linux_releases/slack-desktop-4.8.0-amd64.deb"
|
||||||
- "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb"
|
- "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb"
|
||||||
- "https://zoom.us/client/latest/zoom_amd64.deb"
|
- "https://zoom.us/client/latest/zoom_amd64.deb"
|
||||||
|
# We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout
|
||||||
|
ignore_errors: yes
|
||||||
- name: Install desktop applications through pip3
|
- name: Install desktop applications through pip3
|
||||||
pip:
|
pip:
|
||||||
executable: "/usr/bin/pip3"
|
executable: "/usr/bin/pip3"
|
||||||
@ -208,11 +209,7 @@
|
|||||||
- pmbootstrap
|
- pmbootstrap
|
||||||
- protontricks
|
- protontricks
|
||||||
- youtube-dl
|
- youtube-dl
|
||||||
- name: Install desktop applications through Snap
|
# Just in case we have legacy apps floating around
|
||||||
snap:
|
|
||||||
name:
|
|
||||||
- sengi
|
|
||||||
- scrcpy # Remote Android viewing
|
|
||||||
- name: Remove Snap applications
|
- name: Remove Snap applications
|
||||||
snap:
|
snap:
|
||||||
name:
|
name:
|
||||||
@ -220,6 +217,8 @@
|
|||||||
- pixelorama
|
- pixelorama
|
||||||
- riot-web
|
- riot-web
|
||||||
- slack
|
- slack
|
||||||
|
- scrcpy
|
||||||
|
- sengi
|
||||||
- spotify
|
- spotify
|
||||||
state: absent
|
state: absent
|
||||||
- name: Remove desktop applications through APT
|
- name: Remove desktop applications through APT
|
||||||
|
@ -2,5 +2,4 @@
|
|||||||
allow_duplicates: no
|
allow_duplicates: no
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: apache-php
|
- role: apache-php
|
||||||
- role: mysql
|
|
||||||
- role: redis
|
- role: redis
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
Description=Gitea (Git with a cup of tea)
|
Description=Gitea (Git with a cup of tea)
|
||||||
After=syslog.target
|
After=syslog.target
|
||||||
After=network.target
|
After=network.target
|
||||||
Requires=mariadb.service
|
|
||||||
Requires=redis.service
|
Requires=redis.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -2,4 +2,3 @@
|
|||||||
allow_duplicates: no
|
allow_duplicates: no
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: apache-php
|
- role: apache-php
|
||||||
- role: mysql
|
|
||||||
|
@ -3,22 +3,24 @@
|
|||||||
---
|
---
|
||||||
- name: Install, configure, and start Grafana
|
- name: Install, configure, and start Grafana
|
||||||
block:
|
block:
|
||||||
- name: Create and configure DB
|
- name: Set up PostgreSQL
|
||||||
block:
|
block:
|
||||||
|
- name: Create DB user
|
||||||
|
postgresql_user:
|
||||||
|
name: grafana
|
||||||
|
password: "{{ grafana.db.pass }}"
|
||||||
|
login_host: "{{ grafana.db.hostname }}"
|
||||||
|
login_user: "{{ psql.ansible.user }}"
|
||||||
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
- name: Create DB
|
- name: Create DB
|
||||||
mysql_db:
|
postgresql_db:
|
||||||
name: grafana
|
name: grafana
|
||||||
login_user: root
|
owner: grafana
|
||||||
login_password: "{{ mysql.root_password }}"
|
encoding: UNICODE
|
||||||
state: present
|
login_host: "{{ grafana.db.hostname }}"
|
||||||
- name: Create user
|
login_user: "{{ psql.ansible.user }}"
|
||||||
mysql_user:
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
name: grafana
|
tags: [ postgresql ]
|
||||||
host: localhost
|
|
||||||
password: "{{ grafana.mysql_password }}"
|
|
||||||
priv: "grafana.*:ALL,GRANT"
|
|
||||||
login_user: root
|
|
||||||
login_password: "{{ mysql.root_password }}"
|
|
||||||
- name: Configure Grafana
|
- name: Configure Grafana
|
||||||
block:
|
block:
|
||||||
- name: Create configuration directories
|
- name: Create configuration directories
|
||||||
|
@ -73,12 +73,12 @@ http_port = 3001
|
|||||||
# as separate properties or as on string using the url properties.
|
# as separate properties or as on string using the url properties.
|
||||||
|
|
||||||
# Either "mysql", "postgres" or "sqlite3", it's your choice
|
# Either "mysql", "postgres" or "sqlite3", it's your choice
|
||||||
type = mysql
|
type = postgres
|
||||||
host = 127.0.0.1:3306
|
host = {{ grafana.db.hostname }}:5432
|
||||||
name = grafana
|
name = grafana
|
||||||
user = grafana
|
user = grafana
|
||||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||||
password = {{ grafana.mysql_password }}
|
password = {{ grafana.db.pass }}
|
||||||
|
|
||||||
# Use either URL or the previous fields to configure the database
|
# Use either URL or the previous fields to configure the database
|
||||||
# Example: mysql://user:secret@host:port/database
|
# Example: mysql://user:secret@host:port/database
|
||||||
|
@ -44,8 +44,14 @@ fi
|
|||||||
# WE MAKE BACKUP NOW SERGEI
|
# WE MAKE BACKUP NOW SERGEI
|
||||||
if cd "{{ nextcloud_webroot }}"; then
|
if cd "{{ nextcloud_webroot }}"; then
|
||||||
date="$(date -Iseconds)"
|
date="$(date -Iseconds)"
|
||||||
|
{% if aws.backup_bucket is defined %}
|
||||||
|
# We have an AWS bucket to back straight up to
|
||||||
|
log "Piping data backup straight to S3"
|
||||||
|
tar czh "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" | aws s3 cp - "s3://{{ aws.backup_bucket }}/{{ nextcloud.url }}/{{ nextcloud.url }}-$date-data.tar.gz" --storage-class STANDARD
|
||||||
|
{% else %}
|
||||||
log "Creating data backup"
|
log "Creating data backup"
|
||||||
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
|
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
|
||||||
|
{% endif %}
|
||||||
log "Creating webroot backup"
|
log "Creating webroot backup"
|
||||||
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
|
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user