Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint
This commit is contained in:
Tobias Reisinger 2024-10-14 18:30:24 +02:00
parent dc398ddb6e
commit 4104057771
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
123 changed files with 91 additions and 39 deletions

6
.gitignore vendored
View file

@ -7,8 +7,8 @@ dns/services.json
secrets.auto.tfvars
.terraform
inventory/group_vars/all/serguzim.net.yml
inventory/group_vars/all/opentofu.yml
inventory/group_vars/all/all_services.yml
playbooks/inventory/group_vars/all/serguzim.net.yml
playbooks/inventory/group_vars/all/opentofu.yml
playbooks/inventory/group_vars/all/all_services.yml
infrastructure.svg

View file

@ -4,4 +4,10 @@ repos:
hooks:
- id: ansible-lint
args:
- playbooks/tasks/
- playbooks/serguzim.net.yml
- playbooks/for-ansible-lint.yml
- repo: https://github.com/gitleaks/gitleaks
rev: v8.20.1
hooks:
- id: gitleaks

View file

@ -9,28 +9,28 @@ PWD := $(shell pwd)
.FORCE:
./inventory/group_vars/all/all_services.yml: .FORCE
./playbooks/inventory/group_vars/all/all_services.yml: .FORCE
tofu output --json \
| yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \
> ./inventory/group_vars/all/all_services.yml
> ./playbooks/inventory/group_vars/all/all_services.yml
./inventory/group_vars/all/opentofu.yml: .FORCE
./playbooks/inventory/group_vars/all/opentofu.yml: .FORCE
tofu output --json \
| yq -y '{opentofu: with_entries(.value |= .value)}' \
> ./inventory/group_vars/all/opentofu.yml
> ./playbooks/inventory/group_vars/all/opentofu.yml
./dns/hosts.json: .FORCE
tofu output --json \
| jq 'with_entries(.value |= .value).hosts' \
> ./dns/hosts.json
./dns/services.json: ./inventory/group_vars/all/all_services.yml
./dns/services.json: ./playbooks/inventory/group_vars/all/all_services.yml
ansible-playbook \
-e services_json_file=$(PWD)/dns/services.json \
playbooks/create_services_for_dnscontrol.yml
output: ./dns/hosts.json ./dns/services.json ./inventory/group_vars/all/opentofu.yml
output: ./dns/hosts.json ./dns/services.json ./playbooks/inventory/group_vars/all/opentofu.yml
./types-dnscontrol.d.ts:

View file

@ -1,3 +0,0 @@
[defaults]
inventory = ./inventory
roles_path = ./roles

View file

@ -0,0 +1,41 @@
---
- name: Run all roles
hosts: serguzim_net
vars:
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}"
roles:
- acme_dns
- always
- authentik
- backup
- caddy
- extra_services
- faas
- forgejo
- forgejo_runner
- gatus
- healthcheck
- homebox
- immich
- influxdb
- jellyfin
- lego
- linkwarden
- mailcowdockerized
- minecraft_2
- minio
- ntfy
- postgresql
- reitanlage_oranienburg
- shlink
- software
- synapse
- tandoor
- teamspeak_fallback
- telegraf
- tinytinyrss
- umami
- vikunja
- watchtower
- wiki_js
- woodpecker

View file

@ -44,7 +44,7 @@ backup_yml:
backends: "{{ vault_backup.backends }}"
locations: "{{ backup_list | map_backup_locations(vault_backup.backends, backup_default_hooks ) }}"
locations: "{{ backup_list | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
global: "{{ backup_global }}"
@ -53,6 +53,6 @@ backup_yml_all:
backends: "{{ vault_backup.backends }}"
locations: "{{ backup_list_all | map_backup_locations(vault_backup.backends, backup_default_hooks ) }}"
locations: "{{ backup_list_all | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
global: "{{ backup_global }}"

View file

@ -13,8 +13,8 @@
become: true
- name: Get all healthcheck timers
ansible.builtin.shell:
cmd: "systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
ansible.builtin.shell: # noqa: command-instead-of-module
cmd: "set -o pipefail && systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
register: systemd_timers_result
changed_when: false

View file

@ -14,7 +14,7 @@
- name: Get all lego timers
ansible.builtin.shell:
cmd: "systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
cmd: "set -o pipefail && systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
register: systemd_timers_result
changed_when: false

View file

@ -1,5 +1,5 @@
- name: Install required system packages
apt:
ansible.builtin.apt:
pkg:
- apt-transport-https
- ca-certificates
@ -8,39 +8,39 @@
- python3-pip
- virtualenv
- python3-setuptools
state: latest
state: present
update_cache: true
become: true
- name: Add Docker GPG apt Key
apt_key:
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
become: true
- name: Add Docker Repository
apt_repository:
ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
become: true
- name: Update apt and install docker packages
apt:
ansible.builtin.apt:
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: latest
state: present
update_cache: true
become: true
- name: Add user to the Docker group
user:
ansible.builtin.user:
name: "{{ ansible_user }}"
groups: docker
append: yes
append: true
become: true
- name: Create a network

View file

@ -1,7 +1,7 @@
- name: Install aptitude
apt:
ansible.builtin.apt:
name: aptitude
state: latest
state: present
update_cache: true
become: true
@ -9,32 +9,34 @@
ansible.builtin.import_tasks: docker.yml
- name: Install jq and bzip2
apt:
ansible.builtin.apt:
pkg:
- jq
- bzip2
state: latest
state: present
update_cache: true
become: true
- name: check if autorestic is installed
stat:
- name: Check if autorestic is installed
ansible.builtin.stat:
path: /usr/local/bin/autorestic
register: autorestic_status
- name: Install autorestic
when: not autorestic_status.stat.exists
shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
ansible.builtin.shell: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
args:
executable: /bin/bash
when: not autorestic_status.stat.exists
changed_when: true
become: true
- name: check if restic is installed
stat:
- name: Check if restic is installed
ansible.builtin.stat:
path: /usr/local/bin/restic
register: restic_status
- name: Install restic
ansible.builtin.command: autorestic install
when: not restic_status.stat.exists
command: autorestic install
changed_when: true
become: true

Some files were not shown because too many files have changed in this diff Show more