tobiaslehmann/de.lehmann.automation.ansible.main
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A4UDIA-14147 added git installation

Browse Source
This commit is contained in:
Tobias Lehmann 2024-01-26 17:56:00 +01:00
parent aa1e2e4c7a
commit 4388a52e92
14 changed files with 444 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
LICENSE Normal file
View File

@ -0,0 +1,9 @@
MIT License
Copyright (c) 2023 lehmann-automation
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

39
README.md
View File

@ -0,0 +1,39 @@
# de.lehmann.automation.ansible.main
Ansible automation for proxmox server and tools
## Requirements
Some ansible roles are necessary. Run galaxy installer to get the latest role versions
```bash
ansible-galaxy install -f -r ./requriements.yml
```
To get access by ssh ssh config must be adjusted (vi ~/.ssh/config)
```bash
Host git.captica.de
Hostname srvweb01.captica.de
Port 1122
User tobiaslehmann
IdentityFile ~/.ssh/id_ed25519_ansible_container
```
Be sure the root ssh pub key is already installed. If not and password auth is allowed use "--ask-pass" on ansible-playbook!
## Install server
Run playbook to install the serves
```bash
ansible-playbook -v -i inventory/hosts.yml --user=root --ask-vault-pass --extra-vars '@secrets/vault.yml' playbooks/captica-webserver.yml
```
or with tags
```bash
ansible-playbook -v -i inventory/hosts.yml --tags "install,gitea,gist" --user=root --ask-vault-pass --extra-vars '@secrets/vault.yml' playbooks/captica-webserver.yml
```

1
files/ssh/ansible.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOjMLOUrXJbCofUUWAfrel9UOIwy1XhCgpY1hfzF7md root@leh01 for Ansible

1
files/ssh/id_ed25519_ansible.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOjMLOUrXJbCofUUWAfrel9UOIwy1XhCgpY1hfzF7md root@leh01 for Ansible

1
files/ssh/root.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpRyWEd77UUIzCd5myRADg2z8GE4nc/spxxq/JITBdm root@leh01 for tobi

10
inventory/hosts.yml Normal file
View File

@ -0,0 +1,10 @@
all:
vars:
ansible_home: ~/ansible
ansible_become: yes
ansible_become_method: sudo
children:
webserver:
hosts:
git:
ansible_host: 192.168.180.20

64
playbooks/captica-webserver.yml Normal file
View File

@ -0,0 +1,64 @@
#
#
# Automated webserver installation with plesk for captica Webservers
#
# Project: playbooks
# Author: Marc Böhm <marc.boehm@captica.de>
# License: MIT License (see LICENSE.md)
#
# Copyright (c) captica GmbH est. 2021
#
- hosts: "git"
vars:
hostname: git
tools_install_users:
- root
- ansible
ssh_pubkeys_root:
- "../files/ssh/root.pub"
ssh_pubkeys_ansible:
- "../files/ssh/id_ed25519_ansible.pub"
roles:
- linux-base-install
- zsh
- vim
- fzf
- linux-docker
- hosts: "git"
tags:
- gitea
- install
vars:
service_name: gitea
service_directory: /opt/git/gitea
service_volume_dirs:
- appdata
- db
service_user_name: gitea
service_user_id: 1020
service_group_name: gitea
service_group_id: 1020
gitea_version: latest
tasks:
- name: "Install gitea application"
include_tasks: setup-docker-application.yml
- hosts: "git"
tags:
- opengist
- install
vars:
service_name: opengist
service_directory: /opt/git/opengist
service_volume_dirs:
- appdata
- config
service_user_name: opengist
service_user_id: 1025
service_group_name: opengist
service_group_id: 1025
opengist_version: "lates"
tasks:
- name: "Install opengist application"
include_tasks: setup-docker-application.yml

49
playbooks/setup-docker-application.yml Normal file
View File

@ -0,0 +1,49 @@
- name: "Create application service group"
ansible.builtin.group:
name: "{{ service_group_name }}"
state: present
gid: "{{ service_group_id }}"
- name: "Create service user"
user:
name: "{{ service_user_name }}"
password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=16') | string | password_hash('sha512') }}"
uid: "{{ service_user_id }}"
update_password: on_create
shell: /bin/zsh
comment: Service Account
group: "{{ service_group_name }}"
groups: docker
- name: "Create service directory"
ansible.builtin.file:
path: "{{ service_directory }}"
state: directory
mode: '0770'
owner: "{{ service_user_name }}"
group: "{{ service_group_name }}"
- block:
- name: "Create volume directories"
ansible.builtin.file:
path: "{{ service_directory }}/data/{{ item }}"
state: directory
mode: '0770'
owner: "{{ service_user_name }}"
group: "{{ service_group_name }}"
loop: '{{ service_volume_dirs }}'
- name: Copy docker compose config to target
template:
src: "../templates/{{ service_name }}/docker-compose.yml.j2"
dest: "{{ service_directory }}/docker-compose.yml"
mode: '0644'
- name: Copy .env to target
tags: always
template:
src: "../templates/{{ service_name }}/.env.j2"
dest: "{{ service_directory }}/.env"
mode: '0644'
become: yes
become_user: "{{ service_user_name }}"

47
requirements.yml Normal file
View File

@ -0,0 +1,47 @@
# Role requirements
roles:
- name: linux-base-install
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.linux-base-install.git
scm: git
version: main
- name: fzf
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.fzf.git
scm: git
version: main
- name: vim
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.vim.git
scm: git
version: main
- name: zsh
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.zsh.git
scm: git
version: main
- name: linux-docker
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.linux-docker.git
scm: git
version: main
- name: plesk
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.plesk.git
scm: git
version: main
- name: rclone
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.rclone.git
scm: git
version: main
- name: nextcloud-hpb
src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.nextcloud-talk-hpb.git
scm: git
version: main
# Collections requirements
collections:
- name: community.general
version: ">=8.0.0"
source: https://galaxy.ansible.com

22
secrets/vault.yml Normal file
View File

@ -0,0 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
31353763393864643362386461303165343234636237346162616533333437623839326634363831
3431656264666639373932336136383262613563353631310a343233333362646332623265323630
61383864353836396339393334626634323862626438623066323434396365656365303830633937
6332303833356161380a643632396266326533633366303461383565323534616239343530336631
64626135646164396336323832666461346537613636363338383637616330643636636266666231
39633365646166346336646433343037633864613433346361656336356531616262366464653163
61303830303832623862366361666139356465333963313463666365646366653664366132363536
63383438636666356562353265383339653733376163616237373062366131393233323333366463
63386134376664613763346363313034326530643162303431653666643238323831623039316466
35356532636162636432373434646538613033353332376330363437303931366639313630353736
62386338376661633663646430323061653134313137373031363636386139616233333730323332
66643865306635366361363738633833633239383831633033633132393333383937303364306239
34616234633134613735326532323163316136663232623233626537356636393730663432353231
37323639666333383436353865343861623038363065636639643930333466633165653864626431
39333966333931666634313162303134303538313665303163326638656364653162393764336363
64353164333433336361323365626435396165643061353337376263326434636263383135343462
64623331323661663864386163323132306130666531303436383561333135353438616136336139
33626332616332383163663962356639386637373961303963323335356237626262663133343630
30633263653837626538366365353363333832623364653632626639626538353962653064333435
36393937306231656136336462623363663932653965353066303066666634343239666437323435
65636234306135376131616630623138326532343737636163646163653961383161

44
templates/gitea/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,44 @@
version: '3.9'
services:
app:
image: gitea/gitea:{{gitea_version}}
environment:
- USER_UID={{ service_user_id }}
- USER_GID={{ service_group_id }}
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=${DB_NAME}
- GITEA__database__USER=${DB_USER}
- GITEA__database__PASSWD=${DB_PASSWORD}
- ROOT_URL=https://git.lehmannhaus.de/
- SSH_DOMAIN=git.lehmannhaus.de
restart: always
volumes:
- {{ service_directory }}/data/appdata:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- '3000:3000'
- '1122:22'
networks:
- default
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_DB=${DB_NAME}
networks:
- default
volumes:
- {{ service_directory }}/data/db:/var/lib/postgresql/data
networks:
default:
ipam:
driver: default
config:
- subnet: 172.2.0.0/16
gateway: 172.2.0.1

59
templates/mattermost/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,59 @@
version: "3.9"
services:
db:
image: postgres:${POSTGRES_IMAGE_TAG}
restart: ${RESTART_POLICY}
tmpfs:
- /tmp
- /var/run/postgresql
security_opt:
- no-new-privileges:true
networks:
- default
volumes:
- {{ service_directory }}/data/db:/var/lib/postgresql/data
environment:
# timezone inside container
- TZ
# necessary Postgres options/variables
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
app:
depends_on:
- db
image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
restart: ${RESTART_POLICY}
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
ports:
- ${APP_PORT}:8065
- ${CALLS_PORT}:8443/udp
networks:
- default
volumes:
- {{ service_directory }}/data/config:/mattermost/config
- {{ service_directory }}/data/appdata:/mattermost/data
- {{ service_directory }}/data/logs:/mattermost/logs
- {{ service_directory }}/data/plugins:/mattermost/plugins
- {{ service_directory }}/data/plugins_client:/mattermost/client/plugins
- {{ service_directory }}/data/bleve_indexes:/mattermost/bleve-indexes
environment:
# timezone inside container
- TZ
- MM_SQLSETTINGS_DRIVERNAME
- MM_SQLSETTINGS_DATASOURCE
# necessary for bleve
- MM_BLEVESETTINGS_INDEXDIR
networks:
default:
ipam:
driver: default
config:
- subnet: 172.1.0.0/16
gateway: 172.1.0.1

73
templates/nextcloud/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,73 @@
version: '3.9'
services:
db:
image: postgres:14
restart: always
volumes:
- {{ service_directory }}/data/db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD
- POSTGRES_DB
- POSTGRES_USER
networks:
- default
redis:
image: redis:alpine
restart: always
volumes:
- {{ service_directory }}/data/redis:/data
networks:
- default
app:
image: nextcloud:{{nextcloud_version}}
restart: always
ports:
- 127.0.0.1:10080:80
volumes:
- {{ service_directory }}/data/system:/var/www/html
- {{ service_directory }}/data/apps:/var/www/html/custom_apps
- {{ service_directory }}/data/config:/var/www/html/config
- {{ service_directory }}/data/appdata:/var/www/html/data
- {{ service_directory }}/data/themes:/var/www/html/themes
networks:
- default
environment:
- POSTGRES_HOST
- POSTGRES_PASSWORD
- POSTGRES_DB
- POSTGRES_USER
- NEXTCLOUD_ADMIN_PASSWORD
- NEXTCLOUD_ADMIN_USER
- REDIS_HOST
- APACHE_DISABLE_REWRITE_IP
- TRUSTED_PROXIES
- NEXTCLOUD_TRUSTED_DOMAINS
- OVERWRITEPROTOCOL
depends_on:
- db
- redis
cron:
image: nextcloud:{{nextcloud_version}}
restart: always
volumes:
- {{ service_directory }}/data/system:/var/www/html
- {{ service_directory }}/data/apps:/var/www/html/custom_apps
- {{ service_directory }}/data/config:/var/www/html/config
- {{ service_directory }}/data/appdata:/var/www/html/data
- {{ service_directory }}/data/themes:/var/www/html/themes
entrypoint: /cron.sh
depends_on:
- db
- redis
networks:
default:
ipam:
driver: default
config:
- subnet: 172.3.0.0/16
gateway: 172.3.0.1

25
templates/opengist/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,25 @@
version: '3.9'
services:
opengist:
image: ghcr.io/thomiceli/opengist:latest
restart: unless-stopped
ports:
- "6157:6157" # HTTP port
- "1023:2222" # SSH port, can be removed if you don't use SSH
volumes:
- {{ service_directory }}/data/appdata:/opengist"
- {{ service_directory }}/data/config/config.yml:/config.yml"
networks:
- default
environment:
UID: {{ service_user_id }}
GID: {{ service_group_id }}
networks:
default:
ipam:
driver: default
config:
- subnet: 172.4.0.0/16
gateway: 172.4.0.1