diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index b3fbb3f..5579c57 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -15,6 +15,3 @@ ansible_become_pass: !vault | 36343435646561643662373138613237626461373330346566356132636366623731643838383633 3765666163656264340a663138623535626161376666323862373131383637356231323737313564 6430 - -woodpecker_server: 'ci.rustybever.be:9000' -woodpecker_secret: "{{ vault_woodpecker_secret }}" diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 2aaf6ac..f4da912 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,10 +1,6 @@ $ANSIBLE_VAULT;1.1;AES256 -65396664323038303134303832613939623230323365613162313835623462663137623231643466 -3661303536326134636662636237326337653535613565380a643035326434656334363432633037 -31626233633935616234376334336138353833613962653632313639383932613638316238636436 -3066656463396530340a356634316630363866373834393035336663373264613031646231666538 -63366666336236313236653831316433346335356430366364303739666532623835373931376636 -63386434346265626331306461393330316164396632383462613537343664616266643938646632 -66316362623730313039666161353232313265613463653762666533356532633333616631343235 -66646339643366663365323165383830353562643266353935386334383134623933353162653666 -6432 +37303338366435366664333235623930303461666537326463613536303263353233303631653061 +3365613139333035616434376464386436653863366338650a366363336438313364646432626335 +32396334643064326531393930666263643163636163316430616434363139316665323262616538 +3665633530616432350a326439636231383765666365386433313432373432373938656638373636 +34323166343965616330366265353462626132356565316637313430343462363163 diff --git a/nas.yml b/nas.yml index 7730b2b..9cbb433 100644 --- a/nas.yml +++ b/nas.yml @@ -41,10 +41,3 @@ roles: - rclone tags: rclone - -- name: Install Woodpecker agent - hosts: nas - become: yes - roles: - - woodpecker - tags: woodpecker diff --git a/roles/caddy/files/Caddyfile b/roles/caddy/files/Caddyfile index 8d16237..fdb27ea 100644 --- a/roles/caddy/files/Caddyfile +++ b/roles/caddy/files/Caddyfile @@ -8,7 +8,9 @@ # this machine's public IP, then replace ":80" below with your # domain name. -import *.Caddyfile +media.roosens.me { + reverse_proxy localhost:8096 +} # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile diff --git a/roles/caddy/handlers/main.yml b/roles/caddy/handlers/main.yml index 860dc15..ddf490e 100644 --- a/roles/caddy/handlers/main.yml +++ b/roles/caddy/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: caddy-reload +- name: reload-caddy service: name: caddy state: reloaded diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index ddbcacd..f3eb347 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -25,7 +25,7 @@ owner: root group: root mode: '644' - notify: caddy-reload + notify: reload-caddy - name: Ensure Caddy service is running & enabled service: diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index bb1ea27..efe7bbf 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,13 +1,10 @@ -- name: Ensure common packages are installed +- name: Install packages apt: name: # Needed for handling GPG keys for repositories - debian-keyring - debian-archive-keyring - apt-transport-https - - ca-certificates - - lsb-release - - gnupg # Easy to edit files - vim @@ -19,24 +16,9 @@ # Disk monitoring - smartmontools - - # Periodic tasks - - cron state: present -- name: Ensure cron service is enabled - service: - name: cron - state: started - enabled: true - -- name: Ensure fail2ban service is enabled - service: - name: fail2ban - state: started - enabled: true - -- name: Ensure Vim config is present +- name: Install Vim config get_url: url: 'https://r8r.be/vim' dest: '{{ item.dest }}' @@ -48,3 +30,9 @@ dest: "/home/debian/.vimrc" - user: root dest: "/root/.vimrc" + +- name: Enable fail2ban + service: + name: fail2ban + state: started + enabled: true diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 5f20a61..b37a479 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -9,6 +9,15 @@ - runc state: absent +- name: Install Docker PPA dependencies. + apt: + name: + - apt-transport-https + - ca-certificates + - gnupg + - lsb-release + state: present + - name: Add Docker GPG key. apt_key: url: https://download.docker.com/linux/ubuntu/gpg @@ -17,7 +26,7 @@ - name: Add Docker PPA. apt_repository: # https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933 - repo: deb [arch=arm64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable + repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable state: present - name: Install Docker, docker-compose & cron. @@ -41,4 +50,4 @@ name: Prune the Docker system. hour: 4 minute: 0 - job: docker system prune -af + job: docker system prune -f diff --git a/roles/jellyfin/files/jellyfin.Caddyfile b/roles/jellyfin/files/jellyfin.Caddyfile deleted file mode 100644 index d803d5e..0000000 --- a/roles/jellyfin/files/jellyfin.Caddyfile +++ /dev/null @@ -1,3 +0,0 @@ -media.roosens.me { - reverse_proxy localhost:8096 -} diff --git a/roles/jellyfin/meta/main.yml b/roles/jellyfin/meta/main.yml deleted file mode 100644 index 1dbd0f6..0000000 --- a/roles/jellyfin/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: caddy diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml index 7ac1304..48b969b 100644 --- a/roles/jellyfin/tasks/main.yml +++ b/roles/jellyfin/tasks/main.yml @@ -50,11 +50,3 @@ state: started enabled: true -- name: Ensure Jellyfin Caddyfile is present - copy: - src: 'jellyfin.Caddyfile' - dest: '/etc/caddy/jellyfin.Caddyfile' - owner: root - group: root - mode: '0644' - notify: caddy-reload diff --git a/roles/samba/handlers/main.yml b/roles/samba/handlers/main.yml index ccde2aa..48e1e38 100644 --- a/roles/samba/handlers/main.yml +++ b/roles/samba/handlers/main.yml @@ -7,4 +7,4 @@ - name: smbpasswd-lambroek shell: cmd: "smbpasswd -sa lambroek" - stdin: "{{ lambroek_password }}\n{{ lambroek_password }}\n" + stdin: "{{ lambroek_password }}\n{{ lambroek_password }}" diff --git a/roles/woodpecker/files/woodpecker-agent.service b/roles/woodpecker/files/woodpecker-agent.service deleted file mode 100644 index d1801a7..0000000 --- a/roles/woodpecker/files/woodpecker-agent.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Woodpecker Agent -Documentation=https://woodpecker-ci.org/ -After=network.target network-online.target -Requires=network-online.target - -[Service] -Type=exec -User=woodpecker -Group=woodpecker -ExecStart=/usr/local/bin/woodpecker-agent -Restart=always -EnvironmentFile=/etc/woodpecker/woodpecker-agent.env - -[Install] -WantedBy=multi-user.target diff --git a/roles/woodpecker/handlers/main.yml b/roles/woodpecker/handlers/main.yml deleted file mode 100644 index a9933a7..0000000 --- a/roles/woodpecker/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: woodpecker-agent-restart - ansible.builtin.service: - name: 'woodpecker-agent' - state: 'restarted' diff --git a/roles/woodpecker/meta/main.yml b/roles/woodpecker/meta/main.yml deleted file mode 100644 index cb7d8e0..0000000 --- a/roles/woodpecker/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: docker diff --git a/roles/woodpecker/tasks/main.yml b/roles/woodpecker/tasks/main.yml deleted file mode 100644 index f6fda97..0000000 --- a/roles/woodpecker/tasks/main.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Create download directory - ansible.builtin.file: - path: '/home/debian/woodpecker-agent-1.0.1' - state: directory - mode: '0755' - -- name: Download agent tarball - ansible.builtin.unarchive: - src: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v1.0.1/woodpecker-agent_linux_arm64.tar.gz' - remote_src: true - dest: '/home/debian/woodpecker-agent-1.0.1' - creates: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent' - include: - - 'woodpecker-agent' - register: res - -- name: Move binary to correct location - ansible.builtin.copy: - src: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent' - remote_src: true - dest: '/usr/local/bin/woodpecker-agent' - owner: 'root' - group: 'root' - mode: '0755' - when: 'res.changed' - -- name: Ensure system group exists - group: - name: 'woodpecker' - gid: 200 - system: true - state: present - -- name: Ensure system user exists - user: - name: 'woodpecker' - group: 'woodpecker' - uid: 200 - system: true - create_home: false - -- name: Ensure woodpecker directory is present - file: - path: '/etc/woodpecker' - state: directory - mode: '0755' - owner: 'woodpecker' - group: 'woodpecker' - -- name: Ensure agent environment file is present - template: - src: 'woodpecker-agent.env.j2' - dest: '/etc/woodpecker/woodpecker-agent.env' - owner: 'woodpecker' - group: 'woodpecker' - mode: '0644' - notify: woodpecker-agent-restart - -- name: Ensure service file is present - copy: - src: 'woodpecker-agent.service' - dest: '/lib/systemd/system/woodpecker-agent.service' - owner: 'root' - group: 'root' - mode: '0644' - register: res - -- name: systemd-reload - ansible.builtin.systemd_service: - daemon_reload: true - when: 'res.changed' - -- name: Ensure agent service is enabled - ansible.builtin.service: - name: 'woodpecker-agent' - state: started - enabled: true diff --git a/roles/woodpecker/templates/woodpecker-agent.env.j2 b/roles/woodpecker/templates/woodpecker-agent.env.j2 deleted file mode 100644 index 1314a2b..0000000 --- a/roles/woodpecker/templates/woodpecker-agent.env.j2 +++ /dev/null @@ -1,4 +0,0 @@ -WOODPECKER_SERVER={{ woodpecker_server }} -WOODPECKER_AGENT_SECRET={{ woodpecker_secret }} -WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/woodpecker-agent.conf -WOODPECKER_BACKEND=docker