salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: salt:ccad04d544a8dccf52c967181ce0e05dbbdd3938
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite
..
compare: salt:3051d8a299f46cfbf2a7d2a5ad8a33c96f514f0e
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite

No commits in common. "ccad04d544a8dccf52c967181ce0e05dbbdd3938" and "3051d8a299f46cfbf2a7d2a5ad8a33c96f514f0e" have entirely different histories.
ccad04d544 ... 3051d8a299

10 changed files with 143 additions and 136 deletions
Show Stats Expand all files Collapse all files

8
.gitlab-ci.yml
View File

@ -33,7 +33,7 @@ before_script:
zerotier-cli info && \ zerotier-cli info && \
zerotier-cli listnetworks zerotier-cli listnetworks
# Get ready for execution # Get ready for execution
- ansible-galaxy install -r requirements.yml - ansible-galaxy install -r roles/requirements.yml -p roles
after_script: after_script:
- | - |
[ -n "$ZEROTIER_NETWORK_ID" ] && \ [ -n "$ZEROTIER_NETWORK_ID" ] && \
@ -64,18 +64,18 @@ Test:
Play_Against_Pis: Play_Against_Pis:
stage: play stage: play
script: script:
- ansible-playbook -l tags_pis site.yml --vault-password-file /vaultpw || error="$?" - ansible-playbook -l pis site.yml --vault-password-file /vaultpw || error="$?"
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
- if [ -n "$error" ]; then echo "Return code $error"; false; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi
Play_Against_Desktops: Play_Against_Desktops:
stage: play stage: play
script: script:
- ansible-playbook -l tags_desktop site.yml --vault-password-file /vaultpw || error="$?" - ansible-playbook -l desktop site.yml --vault-password-file /vaultpw || error="$?"
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
- if [ -n "$error" ]; then echo "Return code $error"; false; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi
Play_Against_Production: Play_Against_Production:
stage: play stage: play
script: script:
- ansible-playbook -l tags_prod site.yml --vault-password-file /vaultpw || error="$?" - ansible-playbook -l prod site.yml --vault-password-file /vaultpw || error="$?"
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
- if [ -n "$error" ]; then echo "Return code $error"; false; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi

2
contrib/docker.sh
View File

@ -48,7 +48,7 @@ if [ -n "$ANSIBLE_SSH_KEY" ]; then
chown ansible. /etc/ansible chown ansible. /etc/ansible
sudo -u ansible rsync -aHS /etc/ansible.orig/ /etc/ansible/ --exclude .git sudo -u ansible rsync -aHS /etc/ansible.orig/ /etc/ansible/ --exclude .git
printf '\e[37mInstalling roles...\e[0m\n' printf '\e[37mInstalling roles...\e[0m\n'
sudo -u ansible ansible-galaxy install -r requirements.yml sudo -u ansible ansible-galaxy install -r roles/requirements.yml -p roles
cd /etc/ansible cd /etc/ansible
# Drop to the ansible user # Drop to the ansible user

70
inventory/hosts.yml
View File

@ -1,15 +1,55 @@
plugin: netbox.netbox.nb_inventory # vim:ft=ansible:
token: !vault | all:
$ANSIBLE_VAULT;1.1;AES256 vars:
31656630386363323836663537383930346336393061363461653532323561386632343063353161 ansible_user: ansible
6630636535373331633762363738613232636366663430330a356333623466623230616433373036 ansible_become: yes
35386162633961616438383332346165323930333662376665616531613837316333653361313332 children:
3065343761343338340a336266316339616134336332376336326332663435323937343531636238 home:
37323530333463383062396363616263386430356438306133393130626365333932323734383165 children:
3064663435626339393836353837643730333266366436373033 pis:
api_endpoint: "https://netbox.desu.ltd" vars:
group_by: docker_apt_arch: arm64
- device_roles children:
- tags pistorage:
device_query_filters: hosts:
- has_primary_ip: "true" pi-storage-1.desu.ltd:
pik8s:
children:
pik8s_masters:
vars:
kubernetes_role: master
hosts:
pi-kub-master-1.desu.ltd:
pik8s_nodes:
vars:
kubernetes_role: node
hosts:
pi-kub-node-1.desu.ltd:
keepalived_state: MASTER
keepalived_priority: 50
pi-kub-node-2.desu.ltd:
keepalived_priority: 49
pi-kub-node-3.desu.ltd:
keepalived_priority: 48
pi-kub-node-4.desu.ltd:
keepalived_priority: 47
pi-kub-node-5.desu.ltd:
keepalived_priority: 46
desktop:
hosts:
dsk-ryzen-0.desu.ltd:
lap-s76-lemp9-0.desu.ltd:
prod:
children:
db:
hosts:
psql1.desu.ltd:
web:
hosts:
web1.desu.ltd:
web2.desu.ltd:
web3.desu.ltd:
game:
hosts:
game1.desu.ltd:
game2.desu.ltd:

55
inventory/hosts.yml.old
View File

@ -1,55 +0,0 @@
# vim:ft=ansible:
all:
vars:
ansible_user: ansible
ansible_become: yes
children:
home:
children:
pis:
vars:
docker_apt_arch: arm64
children:
pistorage:
hosts:
pi-storage-1.desu.ltd:
pik8s:
children:
pik8s_masters:
vars:
kubernetes_role: master
hosts:
pi-kub-master-1.desu.ltd:
pik8s_nodes:
vars:
kubernetes_role: node
hosts:
pi-kub-node-1.desu.ltd:
keepalived_state: MASTER
keepalived_priority: 50
pi-kub-node-2.desu.ltd:
keepalived_priority: 49
pi-kub-node-3.desu.ltd:
keepalived_priority: 48
pi-kub-node-4.desu.ltd:
keepalived_priority: 47
pi-kub-node-5.desu.ltd:
keepalived_priority: 46
desktop:
hosts:
dsk-ryzen-0.desu.ltd:
lap-s76-lemp9-0.desu.ltd:
prod:
children:
db:
hosts:
psql1.desu.ltd:
web:
hosts:
web1.desu.ltd:
web2.desu.ltd:
web3.desu.ltd:
game:
hosts:
game1.desu.ltd:
game2.desu.ltd:

2
playbooks/desktop.yml
View File

@ -2,7 +2,7 @@
# vim:ft=ansible: # vim:ft=ansible:
--- ---
# Home desktops # Home desktops
- hosts: tags_desktop - hosts: desktop
tasks: tasks:
- name: assure pi-storage-1 nfs mountpoint - name: assure pi-storage-1 nfs mountpoint
file: path=/nfs/pi-storage-1.desu.ltd state=directory owner=root mode=0755 file: path=/nfs/pi-storage-1.desu.ltd state=directory owner=root mode=0755

2
playbooks/game.yml
View File

@ -2,7 +2,7 @@
# vim:ft=ansible: # vim:ft=ansible:
# Game servers # Game servers
--- ---
- hosts: tags_game - hosts: game
roles: roles:
- role: backup - role: backup
vars: vars:

6
playbooks/pik8s.yml
View File

@ -2,7 +2,7 @@
# vim:ft=ansible: # vim:ft=ansible:
--- ---
# k8s # k8s
- hosts: tag_pik8s - hosts: pik8s
gather_facts: no gather_facts: no
tasks: tasks:
- name: install nfs-common - name: install nfs-common
@ -17,13 +17,13 @@
- docker - docker
- kubelet - kubelet
tags: [ k8s, motd ] tags: [ k8s, motd ]
- hosts: tag_pik8s-master - hosts: pik8s_masters
gather_facts: no gather_facts: no
tasks: tasks:
- name: install openshift - name: install openshift
pip: name=openshift state=latest pip: name=openshift state=latest
tags: [ k8s, packages, pip ] tags: [ k8s, packages, pip ]
- hosts: tag_pik8s-node - hosts: pik8s_nodes
gather_facts: no gather_facts: no
roles: roles:
- role: keepalived - role: keepalived

2
playbooks/pis.yml
View File

@ -2,7 +2,7 @@
# vim:ft=ansible: # vim:ft=ansible:
--- ---
# General configuration # General configuration
- hosts: tags_pis - hosts: pis
roles: roles:
- role: zerotier - role: zerotier
tags: [ pis, zerotier ] tags: [ pis, zerotier ]

55
requirements.yml
View File

@ -1,55 +0,0 @@
# vim:ft=ansible
# To install, use pip-style invocation:
# ansible-galaxy install -r requirements.yml
collections:
- netbox.netbox
roles:
# Upstream: https://github.com/willshersystems/ansible-sshd
- name: sshd
src: willshersystems.sshd
version: v0.12.0
# Upstream: https://github.com/bertvv/ansible-role-dhcp
- name: dhcp
src: bertvv.dhcp
version: master
# Upstream: https://github.com/geerlingguy/ansible-role-nfs
- name: nfs
src: geerlingguy.nfs
version: 2.0.0
# Upstream: https://github.com/geerlingguy/ansible-role-docker
- name: docker
src: geerlingguy.docker
version: 3.0.0
# Upstream: https://github.com/geerlingguy/ansible-role-kubernetes
- name: k8s
src: geerlingguy.kubernetes
version: 5.0.1
# Upstream: https://github.com/geerlingguy/ansible-role-postgresql
- name: postgresql
src: geerlingguy.postgresql
version: 2.2.1
# Upstream: https://github.com/geerlingguy/ansible-role-certbot
- name: certbot
src: geerlingguy.certbot
version: 3.1.0
# Upstream: https://github.com/geerlingguy/ansible-role-apache
- name: apache
src: geerlingguy.apache
version: 3.1.0
# Upstream: https://github.com/geerlingguy/ansible-role-php
- name: php
src: geerlingguy.php
version: 4.5.1
# Upstream: https://github.com/thomas-maurice/ansible-role-gitea
- name: gitea
src: thomas_maurice.ansible_role_gitea
version: master
# Upstream: https://github.com/nkakouros-original/ansible-role-nextcloud
- name: nextcloud
src: nkakouros.nextcloud
version: master
# Upstream: https://github.com/bplower/ansible-factorio
- name: factorio
src: bplower.factorio
version: master

77
roles/requirements.yml Normal file
View File

@ -0,0 +1,77 @@
# vim:ft=ansible
# To install, use pip-style invocation:
# ansible-galaxy install -r requirements.yml
# MAD PROPS to geerlingguy; if for some reason you end up reading this, hit me
# up and I'll buy you a beer or a pizza or something.
# SSHD
# Upstream: https://github.com/willshersystems/ansible-sshd
- src: willshersystems.sshd
version: v0.12.0
name: sshd
# DHCP
# Upstream: https://github.com/bertvv/ansible-role-dhcp
- src: bertvv.dhcp
version: master
name: dhcp
# NFS
# Upstream: https://github.com/geerlingguy/ansible-role-nfs
- src: geerlingguy.nfs
version: 2.0.0
name: nfs
# Orchestration
# Upstream: https://github.com/geerlingguy/ansible-role-docker
- src: geerlingguy.docker
version: 3.0.0
name: docker
# Upstream: https://github.com/geerlingguy/ansible-role-kubernetes
- src: geerlingguy.kubernetes
version: 5.0.1
name: k8s
# DB Server stuff
# Upstream: https://github.com/geerlingguy/ansible-role-postgresql
- src: geerlingguy.postgresql
version: 2.2.1
name: postgresql
# Monitoring
# TODO: Find something that doesn't suck
# Webserver stuff
# Upstream: https://github.com/geerlingguy/ansible-role-certbot
- src: geerlingguy.certbot
version: 3.1.0
name: certbot
# Upstream: https://github.com/geerlingguy/ansible-role-apache
- src: geerlingguy.apache
version: 3.1.0
name: apache
# Upstream: https://github.com/geerlingguy/ansible-role-php
- src: geerlingguy.php
version: 4.5.1
name: php
# Web applications
# Upstream: https://github.com/thomas-maurice/ansible-role-gitea
- src: thomas_maurice.ansible_role_gitea
version: master
name: gitea
# Upstream: https://github.com/nkakouros-original/ansible-role-nextcloud
- src: nkakouros.nextcloud
version: master
name: nextcloud
# Upstream: https://github.com/ONLYOFFICE/ansible-role-documentserver
- src: onlyoffice.documentserver
version: v1.0.3
name: onlyoffice
# Game Servers
# Upstream: https://github.com/bplower/ansible-factorio
- src: bplower.factorio
version: master
name: factorio