RedXen/ansible
RedXen
/
ansible
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Add other submodules, fix references and names, add base and development groups

This commit is contained in:
Alex 2020-05-25 21:42:54 +02:00
parent a910ae5ea8
commit d0eea62673
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
21 changed files with 101 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
todo.txt
vault/

12
.gitmodules vendored
View File

@ -61,3 +61,15 @@
[submodule "roles/varnish"]
path = roles/varnish
url = https://git.redxen.eu/RedXen/ansible-varnish/
[submodule "roles/apt-clean"]
path = roles/apt-clean
url = https://git.redxen.eu/RedXen/ansible-apt-clean/
[submodule "roles/common"]
path = roles/common
url = https://git.redxen.eu/RedXen/ansible-common/
[submodule "roles/gitea"]
path = roles/gitea
url = https://git.redxen.eu/RedXen/ansible-gitea/
[submodule "roles/users"]
path = roles/users
url = https://git.redxen.eu/RedXen/ansible-users/

12
backend.yml
View File

@ -8,25 +8,25 @@
- { package: "influxdb", state: present }
systemd:
services:
- { name: "postgres@12-main", enabled: true, action: reloaded }
- { name: "postgresql@12-main", enabled: true, action: reloaded }
- { name: "redis", enabled: true, action: restarted }
- { name: "influxdb", enabled: true, action: restarted }
overrides:
- "influxdb"
postgres:
host: "{{ global.postgres.host }}"
port: "{{ global.postgres.port }}"
host: "{{ global.backend.postgres.host }}"
port: "{{ global.backend.postgres.port }}"
databases:
- grafana
- pleroma
- gitea
- murmur
redis:
host: "{{ global.redis.host }}"
port: "{{ global.redis.port }}"
host: "{{ global.backend.redis.host }}"
port: "{{ global.backend.redis.port }}"
influxdb:
storage: "/var/lib/influxdb"
port: "{{ global.influxdb.port }}"
port: "{{ global.backend.influxdb.port }}"
roles:
- apt
- postgresql

22
base.yml Normal file
View File

@ -0,0 +1,22 @@
---
- hosts: all
vars_files:
- "vault/global.yml"
vars:
apt_packages:
- { package: "iptables-persistent", state: present }
- { package: "netfilter-persistent", state: present }
- { package: "sed", state: present }
- { package: "git", state: present }
- { package: "zsh", state: present }
- { package: "vim", state: present }
- { package: "sudo", state: present }
- { package: "iptables", state: present }
systemd:
services:
- { name: "netfilter-persistent", enabled: true, state: restarted }
roles:
- apt
- apt-clean
- common # This group relies too much on handlers, it's better to use it as it is
- systemd

29
dev.yml Normal file
View File

@ -0,0 +1,29 @@
---
- hosts: dev
vars:
firewall:
- { port: '{{ global.dev.gitea.port.ssh }}', ipv: "v4", proto: "tcp" }
- { port: '{{ global.dev.gitea.port.ssh }}', ipv: "v6", proto: "tcp" }
systemd:
services:
- { name: "gitea", enabled: true, state: restarted }
file:
- { path: "{{ gitea.path.config }}", owner: "git", group: "git", mode: "770", state: directory }
- { path: "{{ gitea.path.data }}", owner: "git", group: "git", mode: "770", state: directory }
gitea:
user: "{{ global.dev.gitea.user }}"
domain: "{{ global.dev.gitea.domain }}"
port:
http: "{{ global.dev.gitea.port.http }}"
ssh: "{{ global.dev.gitea.port.ssh }}"
path:
data: "/mnt/gitea" # TODO: Replace with device UUIDs
config: "/etc/gitea"
users:
- { name: 'git', shell: '/bin/bash', lock: true, system: true, comm: 'Git Version Control' }
roles:
- users
- file
- gitea
- systemd
- firewall

12
dns.yml
View File

@ -8,8 +8,8 @@
- { port: 53, ipv: "v6", proto: "udp" }
systemd:
services:
- { name: "systemd-resolved", state: stopped }
- { name: "unbound", enabled: true, state: reloaded }
- { name: "systemd-resolved", action: stopped }
- { name: "unbound", enabled: true, action: reloaded }
apt_packages:
- { package: "unbound", state: present }
unbound:
@ -25,14 +25,14 @@
internal:
local:
SRV:
- { service: "gitea", port: "{{ global.dev.gitea.port.http }}", group: "git" }
- { service: "gitea", port: "{{ global.dev.gitea.port.http }}", group: "dev" }
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
A: # Wish these would support SRV, would ease a lot of configuration management
- { service: "postgres", group: "database" }
- { service: "redis", group: "database" }
- { service: "influxdb", group: "database" }
- { service: "postgres", group: "backend" }
- { service: "redis", group: "backend" }
- { service: "influxdb", group: "backend" }
remote:
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
public:

4
frontend.yml
View File

@ -22,8 +22,8 @@
ports:
https: 443
tcp:
- {expose: 2442, proxy: 2443, group: "git"} # Gitea SSH
- {expose: 6400, proxy: 6401, group: "mumble"} # Mumble
- {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH
- {expose: 6400, proxy: 6401, group: "social"} # Mumble
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
public:
# These are load balanced, it doesn't matter what IP they point to

15
group_vars/all
View File

@ -18,12 +18,6 @@ global:
port: 8082
transmission:
port: 8081
# TODO: Migrate these VVVVV
monitoring:
grafana:
domain: "dev-stats.redxen.eu"
port: 3000
dev:
gitea:
user: "git"
@ -31,6 +25,9 @@ global:
port:
http: 3200
ssh: 2443
path:
data: "/mnt/gitea" # TODO: Replace with device UUIDs
config: "/etc/gitea"
# TODO: Migrate these VVVVV
monitoring:
grafana:
domain: "dev-stats.redxen.eu"
port: 3000

4
net.yml
View File

@ -13,8 +13,8 @@
- { name: "tor@default", enabled: true, action: restarted }
- { name: "wg-quick@wg0", enabled: true, action: restarted }
firewall:
- { port: "{{ global.net.wireguard.port }}", ipv: "v4", proto: "tcp" }
- { port: "{{ global.net.wireguard.port }}", ipv: "v6", proto: "tcp" }
- { port: "{{ wireguard.port }}", ipv: "v4", proto: "tcp" }
- { port: "{{ wireguard.port }}", ipv: "v6", proto: "tcp" }
tor:
listen:
socks:

3
production
View File

@ -7,6 +7,7 @@ n1
[backend]
n0
n1
[monitoring]
n0
@ -17,9 +18,11 @@ n1
[dev]
n0
n1
[net]
n0
n1
[games]
n0

1
roles/apt-clean Submodule

@ -0,0 +1 @@
Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3

1
roles/common Submodule

@ -0,0 +1 @@
Subproject commit d8ccb3b45aef5ad53651723e12b8dd5b80ce262c

1
roles/gitea Submodule

@ -0,0 +1 @@
Subproject commit 283549c188776183de14e8420bdf1924dd93a8fe

2
roles/hitch

@ -1 +1 @@
Subproject commit df760d20353762064005594cea6955af8a7135f2
Subproject commit 8b50fce6919f9aa1040d8a7df8c54e347450c3e3

2
roles/systemd

@ -1 +1 @@
Subproject commit 92e702c2ee225fead8dfb384284563f084349b3d
Subproject commit af44cfba00b15d8b241cc57a1cd1ed206c997c6f

2
roles/tor

@ -1 +1 @@
Subproject commit eabc27e0a6feae9803a09fcec16ab4ad140688ad
Subproject commit 08b24e8362e1c5b054604d536c288aa448f994eb

2
roles/transmission

@ -1 +1 @@
Subproject commit bed63f6632c8307778aade1102d3cfc6564d6f1b
Subproject commit 099440ed0d25747d7d557c4d2cc9e56c728c357d

2
roles/unbound

@ -1 +1 @@
Subproject commit 23ed80914bd4e1a6845f38d97929359c97e1b667
Subproject commit edf6f225fa5d723faba79ed20130179b70eec160

1
roles/users Submodule

@ -0,0 +1 @@
Subproject commit ec6918d583dc2971561799eb36c09800a247291d

2
roles/wireguard

@ -1 +1 @@
Subproject commit 4e23fa027d86f4e70ade2147cbc771dd1ffb7ffb
Subproject commit 71a400bf7e08c395aabab357ce2e92f01ec61ef9

4
seedbox.yml
View File

@ -1,5 +1,5 @@
---
- hosts: net
- hosts: seedbox
vars:
apt_packages:
- { package: "transmission-daemon", state: present }
@ -41,7 +41,7 @@
roles:
- apt
- darkhttpd
- transmission
- file
- transmission
- sftp-chroot
- systemd