diff --git a/.gitmodules b/.gitmodules index 402b62a..16694ad 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,39 +1,36 @@ -[submodule "roles/database"] - path = roles/database - url = https://git.redxen.eu/RedXen/ansible-database -[submodule "roles/common"] - path = roles/common - url = https://git.redxen.eu/RedXen/ansible-common -[submodule "roles/dns"] - path = roles/dns - url = https://git.redxen.eu/RedXen/ansible-dns -[submodule "roles/web"] - path = roles/web - url = https://git.redxen.eu/RedXen/ansible-web -[submodule "roles/monitoring"] - path = roles/monitoring - url = https://git.redxen.eu/RedXen/ansible-monitoring -[submodule "roles/git"] - path = roles/git - url = https://git.redxen.eu/RedXen/ansible-git -[submodule "roles/mumble"] - path = roles/mumble - url = https://git.redxen.eu/RedXen/ansible-mumble +[submodule "roles/unbound"] + path = roles/unbound + url = https://git.redxen.eu/RedXen/ansible-unbound +[submodule "roles/haproxy"] + path = roles/haproxy + url = https://git.redxen.eu/RedXen/ansible-haproxy [submodule "roles/wireguard"] path = roles/wireguard url = https://git.redxen.eu/RedXen/ansible-wireguard +[submodule "roles/apt"] + path = roles/apt + url = https://git.redxen.eu/RedXen/ansible-apt +[submodule "roles/file"] + path = roles/file + url = https://git.redxen.eu/RedXen/ansible-file +[submodule "roles/firewall"] + path = roles/firewall + url = https://git.redxen.eu/RedXen/ansible-firewall +[submodule "roles/systemd"] + path = roles/systemd + url = https://git.redxen.eu/RedXen/ansible-systemd +[submodule "roles/vault"] + path = roles/vault + url = https://git.redxen.eu/RedXen/ansible-vault [submodule "roles/tor"] path = roles/tor url = https://git.redxen.eu/RedXen/ansible-tor -[submodule "roles/minecraft"] - path = roles/minecraft - url = https://git.redxen.eu/RedXen/ansible-minecraft -[submodule "roles/pleroma"] - path = roles/pleroma - url = https://git.redxen.eu/RedXen/ansible-pleroma -[submodule "roles/seedbox"] - path = roles/seedbox - url = https://git.redxen.eu/RedXen/ansible-seedbox -[submodule "roles/ircd"] - path = roles/ircd - url = https://git.redxen.eu/RedXen/ansible-ircd +[submodule "roles/postgresql"] + path = roles/postgresql + url = https://git.redxen.eu/RedXen/ansible-postgresql +[submodule "roles/redis"] + path = roles/redis + url = https://git.redxen.eu/RedXen/ansible-redis +[submodule "roles/influxdb"] + path = roles/influxdb + url = https://git.redxen.eu/RedXen/ansible-influxdb diff --git a/ansible.cfg b/ansible.cfg index ef00069..5545f66 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,3 +3,4 @@ gathering = smart fact_caching = jsonfile fact_caching_connection = ~/.ansible-fax fact_caching_timeout = 86400 +hash_behavior=merge diff --git a/backend.yml b/backend.yml new file mode 100644 index 0000000..6952263 --- /dev/null +++ b/backend.yml @@ -0,0 +1,22 @@ +--- +- hosts: backend + vars: + apt_packages: + - { package: "postgresql", state: present } + - { package: "python3-psycopg2", state: present } + - { package: "redis", state: present } + - { package: "influxdb", state: present } + systemd: + services: + - { name: "postgres@12-main", enabled: true, action: reloaded } + - { name: "redis", enabled: true, action: restarted } + - { name: "influxdb", enabled: true, action: restarted } + overrides: + - "influxdb" + roles: + - vault + - apt + - postgresql + - influxdb + - redis + - systemd diff --git a/common.yml b/common.yml deleted file mode 100644 index a19e92d..0000000 --- a/common.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: all - roles: - - common diff --git a/database.yml b/database.yml deleted file mode 100644 index 16fabc2..0000000 --- a/database.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: database - roles: - - database diff --git a/dns.yml b/dns.yml index 2df978f..277f6e7 100644 --- a/dns.yml +++ b/dns.yml @@ -1,4 +1,7 @@ --- - hosts: dns roles: - - dns + - apt + - unbound + - systemd + - firewall diff --git a/frontend.yml b/frontend.yml new file mode 100644 index 0000000..7ed83ae --- /dev/null +++ b/frontend.yml @@ -0,0 +1,6 @@ +--- +- hosts: frontend + roles: + - apt + - haproxy + - systemd diff --git a/git.yml b/git.yml deleted file mode 100644 index e7ec085..0000000 --- a/git.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: git - roles: - - git diff --git a/group_vars/all b/group_vars/all index 3058bf5..5e00228 100644 --- a/group_vars/all +++ b/group_vars/all @@ -32,6 +32,11 @@ services: postgres: host: "postgres.redxen.localhost" port: 5432 + databases: + - grafana + - pleroma + - gitea + - murmur redis: host: "redis.redxen.localhost" port: 6379 diff --git a/ircd.yml b/ircd.yml deleted file mode 100644 index 8b55dc9..0000000 --- a/ircd.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: ircd - roles: - - ircd diff --git a/minecraft.yml b/minecraft.yml deleted file mode 100644 index 4e15e34..0000000 --- a/minecraft.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: minecraft - roles: - - minecraft diff --git a/monitoring.yml b/monitoring.yml deleted file mode 100644 index cf88804..0000000 --- a/monitoring.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: monitoring - roles: - - monitoring diff --git a/mumble.yml b/mumble.yml deleted file mode 100644 index 7ed582c..0000000 --- a/mumble.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: mumble - roles: - - mumble diff --git a/net.yml b/net.yml new file mode 100644 index 0000000..de9b5a3 --- /dev/null +++ b/net.yml @@ -0,0 +1,25 @@ +--- +- hosts: net + vars: + file: + - { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory } + - { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory } + apt_packages: + - { package: "tor", state: present } + - { package: "wireguard-tools", state: present } + - { package: "wireguard", state: present } + systemd: + services: + - { name: "tor@default", enabled: true, action: restarted } + - { name: "wg-quick@wg0", enabled: true, action: restarted } + firewall: + - { port: "{{ services.wireguard.port }}", ipv: "v4", proto: "tcp" } + - { port: "{{ services.wireguard.port }}", ipv: "v6", proto: "tcp" } + roles: + - vault + - file + - apt + - wireguard + - tor + - systemd + - firewall diff --git a/pleroma.yml b/pleroma.yml deleted file mode 100644 index cdafc18..0000000 --- a/pleroma.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: pleroma - roles: - - pleroma diff --git a/production b/production index 9e13735..5d49578 100644 --- a/production +++ b/production @@ -1,11 +1,11 @@ n0 n1 -[web] +[frontend] n0 n1 -[database] +[backend] n0 [monitoring] @@ -15,24 +15,17 @@ n0 n0 n1 -[git] +[dev] n0 -[mumble] -n0 -n1 - -[wireguard] +[net] n0 -[tor] -n0 - -[minecraft] +[games] n0 [seedbox] n0 -[pleroma] +[social] n0 diff --git a/roles/common b/roles/common deleted file mode 160000 index 4256189..0000000 --- a/roles/common +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 42561893f32b7c9cfcdcaacb50202badb4207b58 diff --git a/roles/database b/roles/database deleted file mode 160000 index c724c33..0000000 --- a/roles/database +++ /dev/null @@ -1 +0,0 @@ -Subproject commit c724c33058fa856ad39a5c547147bad8f69328ae diff --git a/roles/dns b/roles/dns deleted file mode 160000 index 7e4eba3..0000000 --- a/roles/dns +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7e4eba3ac9525edfed9a69b0f16ea0f343a2491e diff --git a/roles/git b/roles/git deleted file mode 160000 index 8138afd..0000000 --- a/roles/git +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8138afd23714239c283d7ec7dbe3d1932084125a diff --git a/roles/ircd b/roles/ircd deleted file mode 160000 index 15d48d1..0000000 --- a/roles/ircd +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 15d48d1b6226b68115283ed764868c80a5a77807 diff --git a/roles/minecraft b/roles/minecraft deleted file mode 160000 index cd9b292..0000000 --- a/roles/minecraft +++ /dev/null @@ -1 +0,0 @@ -Subproject commit cd9b29238316025b7f059b81a9abe319932f37d0 diff --git a/roles/monitoring b/roles/monitoring deleted file mode 160000 index c7b5c38..0000000 --- a/roles/monitoring +++ /dev/null @@ -1 +0,0 @@ -Subproject commit c7b5c388b81fde50ba2b6fc96b1e24344dd71dee diff --git a/roles/mumble b/roles/mumble deleted file mode 160000 index fb85a1d..0000000 --- a/roles/mumble +++ /dev/null @@ -1 +0,0 @@ -Subproject commit fb85a1d3fc0d0e3fb321620da1b599cca48aa344 diff --git a/roles/pleroma b/roles/pleroma deleted file mode 160000 index 601f404..0000000 --- a/roles/pleroma +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 601f4041a0ba471604f9d6ee9329dfb934f10968 diff --git a/roles/seedbox b/roles/seedbox deleted file mode 160000 index cb39925..0000000 --- a/roles/seedbox +++ /dev/null @@ -1 +0,0 @@ -Subproject commit cb39925ad6cb4d5d85e8b175766a9e6b3142a073 diff --git a/roles/tor b/roles/tor deleted file mode 160000 index ecc6fc9..0000000 --- a/roles/tor +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ecc6fc928de5ada2564f3be2187d4bc7db9857b9 diff --git a/roles/web b/roles/web deleted file mode 160000 index be37b98..0000000 --- a/roles/web +++ /dev/null @@ -1 +0,0 @@ -Subproject commit be37b988c474a852c1d4f8d58f9ab09497873636 diff --git a/roles/wireguard b/roles/wireguard deleted file mode 160000 index 01d272f..0000000 --- a/roles/wireguard +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 01d272f0522d01f681c0180ffa0a80322a91d302 diff --git a/seedbox.yml b/seedbox.yml deleted file mode 100644 index 592ca3e..0000000 --- a/seedbox.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: seedbox - roles: - - seedbox diff --git a/tor.yml b/tor.yml deleted file mode 100644 index 1a0602b..0000000 --- a/tor.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: tor - roles: - - tor diff --git a/web.yml b/web.yml deleted file mode 100644 index 94eaccb..0000000 --- a/web.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: web - roles: - - web diff --git a/wireguard.yml b/wireguard.yml deleted file mode 100644 index ff76432..0000000 --- a/wireguard.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: wireguard - roles: - - wireguard