diff --git a/ansible.cfg b/ansible.cfg index ffa54b9..387d99f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,3 +1,4 @@ [defaults] vault_password_file = .ansible-password inventory = hosts.ini +roles_path = roles diff --git a/inventory/external.ini b/inventory/external.ini new file mode 100644 index 0000000..16cd285 --- /dev/null +++ b/inventory/external.ini @@ -0,0 +1,14 @@ +; [nas] +; 213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3 + +[ruby] +213.119.99.214 ansible_ssh_port=2222 static_ip=192.168.0.2 + +[gitea] +213.119.99.214 ansible_ssh_port=2222 static_ip=192.168.0.2 + +[web] +213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3 + +; [actual] +; 213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3 diff --git a/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml similarity index 100% rename from group_vars/all/vars.yml rename to inventory/group_vars/all/vars.yml diff --git a/group_vars/all/vault.yml b/inventory/group_vars/all/vault.yml similarity index 100% rename from group_vars/all/vault.yml rename to inventory/group_vars/all/vault.yml diff --git a/group_vars/nas/vars.yml b/inventory/group_vars/nas/vars.yml similarity index 100% rename from group_vars/nas/vars.yml rename to inventory/group_vars/nas/vars.yml diff --git a/group_vars/nas/vault.yml b/inventory/group_vars/nas/vault.yml similarity index 100% rename from group_vars/nas/vault.yml rename to inventory/group_vars/nas/vault.yml diff --git a/group_vars/ruby/vars.yml b/inventory/group_vars/ruby/vars.yml similarity index 100% rename from group_vars/ruby/vars.yml rename to inventory/group_vars/ruby/vars.yml diff --git a/group_vars/ruby/vault.yml b/inventory/group_vars/ruby/vault.yml similarity index 100% rename from group_vars/ruby/vault.yml rename to inventory/group_vars/ruby/vault.yml diff --git a/hosts.ini b/inventory/local.ini similarity index 100% rename from hosts.ini rename to inventory/local.ini diff --git a/hosts.template.ini b/inventory/template.ini similarity index 100% rename from hosts.template.ini rename to inventory/template.ini diff --git a/inventory/vagrant.ini b/inventory/vagrant.ini new file mode 100644 index 0000000..2255d85 --- /dev/null +++ b/inventory/vagrant.ini @@ -0,0 +1,2 @@ +[pearl] +192.168.56.2 ansible_ssh_user=vagrant ansible_ssh_private_key_file='.vagrant/machines/pearl/virtualbox/private_key' diff --git a/first_run.yml b/plays/first_run.yml similarity index 100% rename from first_run.yml rename to plays/first_run.yml diff --git a/main.yml b/plays/main.yml similarity index 100% rename from main.yml rename to plays/main.yml diff --git a/nas.yml b/plays/nas.yml similarity index 100% rename from nas.yml rename to plays/nas.yml diff --git a/plays/pearl.yml b/plays/pearl.yml new file mode 100644 index 0000000..5051ec3 --- /dev/null +++ b/plays/pearl.yml @@ -0,0 +1,14 @@ +--- +- hosts: pearl + gather_facts: false + become: true + roles: + - 'any.common.python' + tags: base + +- hosts: pearl + become: true + roles: + # - 'any.common.enable-testing' + - 'any.common.debian-user' + tags: base diff --git a/ruby.yml b/plays/ruby.yml similarity index 100% rename from ruby.yml rename to plays/ruby.yml diff --git a/web.yml b/plays/web.yml similarity index 100% rename from web.yml rename to plays/web.yml diff --git a/roles/any.common.debian-user/files/authorized_keys b/roles/any.common.debian-user/files/authorized_keys new file mode 100644 index 0000000..c63ff39 --- /dev/null +++ b/roles/any.common.debian-user/files/authorized_keys @@ -0,0 +1,5 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkDjXuZn+blanbJAhte8KttrpeCPeT5CGcZ5mlAZv724wTa4qebpwCnf4SK4aFuDQEuCusnia3+X7YWAyCDReNURznAWCtq+b8LGxyIm2hTBbLA1m8sj0xidR/djlUtOwDp9VpSNamUWyiPWJ+WNsPd9xLJ6BK3qRsoFiMN87sO12L7DHHDaMze628Oc+IxFd+VZnH0dPVgitis31f+lXCr8w5qSiEepDJ8Nde8M+Ev1RrPQbR5Q5C+wYxlbY0oPNlGqSrs5i1jJl0BVMI4DlibxatTfuteU5IwcDMQObJr3xJGKNTPswSdzpfJFrLfUBZvsDs94BXEHR2CtxZ4aLQPeLfosWe4zuGvX22p7TzSPx1LkuqIF85Tw1PvK3f7u3l9sozHORAoEA8sFHG+DolqldgjuUgCGpfF/QOY1jkGpbEhq57kKFH+VlFI2XePGQ6299R9RN/Y4S88v14ChLwoLSNWgxK+CgYgB4lbquAIKTKsRla3gkEeziz+qoHPQkD5RcajrWOfSKU4alORpgQerSFZ9zMoz9N2rfTVEzCsVUj0Jiwtd5O7pCX9PWBhz1Nl1ItrRPuFiTSKB05dqsQ1CDZAZMDPJNqotd6QRS5+cKzFLgvU6k/gk08/qV00VM+BxlXkh8PwAhaxNPjMxjzqHx0+xC38FtacuhJiOV91Q== roosensjef@gmail.com + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgHqW7mLuaW8XEFJrg031ES7v7y6Uk5QUp++axTd0wzvt5qfqTox9Hg1Xk5C9hdEfYzS5NCU+uoiInR0aHZ3Cl+yxqi3VqDfO20j6Irrt2SOBB86Gsyu9Brj62xtS0rY/e9rmyULJGUtJEz3UmFvn8fE5hUpGjDg7NByFs8f054pzifWw8F/wOvF5rKo9GqkWeXEUZ456FmowXCQLl5SypQliOsHJDs89NiTVvOxiKQXULBhj8o4c0MyCeFfPWqOutSSAetmbnegEjOTy7f/0IiqB+5713KOh1Bm1/u+3J2IVbRgeG1iTJdDVeIxBGmA1wMLvrBtBRIS0MaKa1Xabo3QTgYPHNGrf2w+GMnuoQ6/tdD6omPWGTHXqtHKEeIW1JrlDyhOo86oCl+l2aveMwhFFGW4nQmW7sfrowyLHdU3BpGl4m7pGa+5sTsHiOGEqEN/a7xikztXkuKacQ8E/y1C8gDXgaX8zFl6VOwR5EfMEMX390tz+R+ErDU81h47tSkwbY3KhunSKwPT8jSMldBttnCIexd+QuQgOlSwXkYVPPmXtPUkfp+4VzWSWeGKAa9k3HtVMIvKdVk9eXDVNnVdaAL+EkHyXOyFVVGa9gJ3ZOWhHMNi2/kHAwWMI9CwRxj7AVk30KGBhPN0wdS9Dt8/0Aa33hWuY2p9DxtNaiNw== roosensjef@gmail.com + +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkcCTP0IE/ANIXJJIMWEg4f5riS8uv3KuypkzQC47XN roosensjef@gmail.com diff --git a/roles/any.common.debian-user/tasks/main.yml b/roles/any.common.debian-user/tasks/main.yml new file mode 100644 index 0000000..34c4a22 --- /dev/null +++ b/roles/any.common.debian-user/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Install sudo. + apt: + name: sudo + state: present + +- name: Create data group. + group: + name: data + gid: 1002 + +- name: Create debian user. + user: + name: debian + groups: + - sudo + - data + append: true + create_home: yes + shell: /bin/bash + password: "{{ debian_pass | password_hash('sha512') }}" + update_password: on_create + +- name: Create SSH directory. + file: + path: /home/debian/.ssh/ + state: directory + owner: debian + group: debian + mode: '700' + +- name: Add authorized SSH keys. + copy: + src: authorized_keys + dest: /home/debian/.ssh/authorized_keys + owner: debian + group: debian + mode: '600' diff --git a/roles/any.common.enable-testing/files/sources.list b/roles/any.common.enable-testing/files/sources.list new file mode 100644 index 0000000..bdb2f58 --- /dev/null +++ b/roles/any.common.enable-testing/files/sources.list @@ -0,0 +1,10 @@ +deb http://deb.debian.org/debian/ trixie main non-free-firmware +deb-src http://deb.debian.org/debian/ trixie main non-free-firmware + +deb http://security.debian.org/debian-security trixie-security main non-free-firmware +deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware + +# trixie-updates, to get updates before a point release is made; +# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports +deb http://deb.debian.org/debian/ trixie-updates main non-free-firmware +deb-src http://deb.debian.org/debian/ trixie-updates main non-free-firmware diff --git a/roles/any.common.enable-testing/tasks/main.yml b/roles/any.common.enable-testing/tasks/main.yml new file mode 100644 index 0000000..2799dd1 --- /dev/null +++ b/roles/any.common.enable-testing/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- ansible.builtin.copy: + src: 'sources.list' + dest: '/etc/apt/sources.list' + owner: 'root' + group: 'root' + mode: '0644' + +- name: Upgrade all packages to the latest version in testing + ansible.builtin.apt: + upgrade: dist + update_cache: yes + cache_valid_time: 3600 + +- name: Clean up unused packages + ansible.builtin.apt: + autoremove: yes diff --git a/roles/any.common.python/tasks/main.yml b/roles/any.common.python/tasks/main.yml new file mode 100644 index 0000000..47e9b89 --- /dev/null +++ b/roles/any.common.python/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: Update package database + raw: apt update +- name: Install Python + raw: apt install --yes python3 diff --git a/roles/any.tools.caddy/files/Caddyfile b/roles/any.tools.caddy/files/Caddyfile new file mode 100644 index 0000000..8d16237 --- /dev/null +++ b/roles/any.tools.caddy/files/Caddyfile @@ -0,0 +1,14 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# Unless the file starts with a global options block, the first +# uncommented line is always the address of your site. +# +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace ":80" below with your +# domain name. + +import *.Caddyfile + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile diff --git a/roles/any.tools.caddy/handlers/main.yml b/roles/any.tools.caddy/handlers/main.yml new file mode 100644 index 0000000..68f2b80 --- /dev/null +++ b/roles/any.tools.caddy/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reload caddy + service: + name: caddy + state: reloaded diff --git a/roles/any.tools.caddy/tasks/main.yml b/roles/any.tools.caddy/tasks/main.yml new file mode 100644 index 0000000..c40fa3a --- /dev/null +++ b/roles/any.tools.caddy/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Add Caddy GPG key + apt_key: + url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key" + state: present + +- name: Add Caddy repositories + apt_repository: + repo: "{{ item }} https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" + filename: 'caddy-stable' + state: present + with_items: + - deb + - deb-src + +- name: Install Caddy + apt: + name: caddy + state: present + +- name: Copy over Caddyfile + copy: + src: Caddyfile + dest: '/etc/caddy/Caddyfile' + owner: root + group: root + mode: '644' + notify: 'reload caddy' + +- name: Ensure Caddy service is running & enabled + service: + name: caddy + state: started + enabled: true +