serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix pre-commit hooks and move directories

Browse source 
roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint
This commit is contained in:
Tobias Reisinger 2024-10-14 18:30:24 +02:00
parent dc398ddb6e
commit 4104057771
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
123 changed files with 91 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitignore vendored
View file

@ -7,8 +7,8 @@ dns/services.json
secrets.auto.tfvars secrets.auto.tfvars
.terraform .terraform
inventory/group_vars/all/serguzim.net.yml playbooks/inventory/group_vars/all/serguzim.net.yml
inventory/group_vars/all/opentofu.yml playbooks/inventory/group_vars/all/opentofu.yml
inventory/group_vars/all/all_services.yml playbooks/inventory/group_vars/all/all_services.yml
infrastructure.svg infrastructure.svg

6
.pre-commit-config.yaml
View file

@ -4,4 +4,10 @@ repos:
hooks: hooks:
- id: ansible-lint - id: ansible-lint
args: args:
- playbooks/tasks/
- playbooks/serguzim.net.yml - playbooks/serguzim.net.yml
- playbooks/for-ansible-lint.yml
- repo: https://github.com/gitleaks/gitleaks
rev: v8.20.1
hooks:
- id: gitleaks

12
Makefile
View file

@ -9,28 +9,28 @@ PWD := $(shell pwd)
.FORCE: .FORCE:
./inventory/group_vars/all/all_services.yml: .FORCE ./playbooks/inventory/group_vars/all/all_services.yml: .FORCE
tofu output --json \ tofu output --json \
| yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \ | yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \
> ./inventory/group_vars/all/all_services.yml > ./playbooks/inventory/group_vars/all/all_services.yml
./inventory/group_vars/all/opentofu.yml: .FORCE ./playbooks/inventory/group_vars/all/opentofu.yml: .FORCE
tofu output --json \ tofu output --json \
| yq -y '{opentofu: with_entries(.value |= .value)}' \ | yq -y '{opentofu: with_entries(.value |= .value)}' \
> ./inventory/group_vars/all/opentofu.yml > ./playbooks/inventory/group_vars/all/opentofu.yml
./dns/hosts.json: .FORCE ./dns/hosts.json: .FORCE
tofu output --json \ tofu output --json \
| jq 'with_entries(.value |= .value).hosts' \ | jq 'with_entries(.value |= .value).hosts' \
> ./dns/hosts.json > ./dns/hosts.json
./dns/services.json: ./inventory/group_vars/all/all_services.yml ./dns/services.json: ./playbooks/inventory/group_vars/all/all_services.yml
ansible-playbook \ ansible-playbook \
-e services_json_file=$(PWD)/dns/services.json \ -e services_json_file=$(PWD)/dns/services.json \
playbooks/create_services_for_dnscontrol.yml playbooks/create_services_for_dnscontrol.yml
output: ./dns/hosts.json ./dns/services.json ./inventory/group_vars/all/opentofu.yml output: ./dns/hosts.json ./dns/services.json ./playbooks/inventory/group_vars/all/opentofu.yml
./types-dnscontrol.d.ts: ./types-dnscontrol.d.ts:

3
ansible.cfg
View file

@ -1,3 +0,0 @@
[defaults]
inventory = ./inventory
roles_path = ./roles

41
playbooks/for-ansible-lint.yml Normal file
View file

@ -0,0 +1,41 @@
---
- name: Run all roles
hosts: serguzim_net
vars:
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}"
roles:
- acme_dns
- always
- authentik
- backup
- caddy
- extra_services
- faas
- forgejo
- forgejo_runner
- gatus
- healthcheck
- homebox
- immich
- influxdb
- jellyfin
- lego
- linkwarden
- mailcowdockerized
- minecraft_2
- minio
- ntfy
- postgresql
- reitanlage_oranienburg
- shlink
- software
- synapse
- tandoor
- teamspeak_fallback
- telegraf
- tinytinyrss
- umami
- vikunja
- watchtower
- wiki_js
- woodpecker

0
inventory/group_vars/all/compose_defaults.yml → playbooks/inventory/group_vars/all/compose_defaults.yml
View file

0
inventory/group_vars/all/main.yml → playbooks/inventory/group_vars/all/main.yml
View file

0
inventory/serguzim.net.yml → playbooks/inventory/serguzim.net.yml
View file

0
roles/_TEMPLATE/tasks/main.yml → playbooks/roles/_TEMPLATE/tasks/main.yml
View file

0
roles/_TEMPLATE/vars/main.yml → playbooks/roles/_TEMPLATE/vars/main.yml
View file

0
roles/acme_dns/tasks/main.yml → playbooks/roles/acme_dns/tasks/main.yml
View file

0
roles/acme_dns/templates/config.cfg.j2 → playbooks/roles/acme_dns/templates/config.cfg.j2
View file

0
roles/acme_dns/vars/main.yml → playbooks/roles/acme_dns/vars/main.yml
View file

0
roles/always/handlers/main.yml → playbooks/roles/always/handlers/main.yml
View file

0
roles/always/tasks/main.yml → playbooks/roles/always/tasks/main.yml
View file

0
roles/authentik/tasks/main.yml → playbooks/roles/authentik/tasks/main.yml
View file

0
roles/authentik/vars/main.yml → playbooks/roles/authentik/vars/main.yml
View file

0
roles/backup/files/backup.timer → playbooks/roles/backup/files/backup.timer
View file

0
roles/backup/files/hooks/immich_database → playbooks/roles/backup/files/hooks/immich_database
View file

0
roles/backup/files/hooks/mailcowdockerized → playbooks/roles/backup/files/hooks/mailcowdockerized
View file

0
roles/backup/files/hooks/postgresql → playbooks/roles/backup/files/hooks/postgresql
View file

0
roles/backup/tasks/hooks.yml → playbooks/roles/backup/tasks/hooks.yml
View file

0
roles/backup/tasks/main.yml → playbooks/roles/backup/tasks/main.yml
View file

0
roles/backup/tasks/systemd.yml → playbooks/roles/backup/tasks/systemd.yml
View file

0
roles/backup/templates/backup.service.j2 → playbooks/roles/backup/templates/backup.service.j2
View file

0
roles/backup/templates/backup.sh.j2 → playbooks/roles/backup/templates/backup.sh.j2
View file

4
roles/backup/vars/main.yml → playbooks/roles/backup/vars/main.yml
View file

@ -44,7 +44,7 @@ backup_yml:
backends: "{{ vault_backup.backends }}" backends: "{{ vault_backup.backends }}"
locations: "{{ backup_list | map_backup_locations(vault_backup.backends, backup_default_hooks ) }}" locations: "{{ backup_list | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
global: "{{ backup_global }}" global: "{{ backup_global }}"
@ -53,6 +53,6 @@ backup_yml_all:
backends: "{{ vault_backup.backends }}" backends: "{{ vault_backup.backends }}"
locations: "{{ backup_list_all | map_backup_locations(vault_backup.backends, backup_default_hooks ) }}" locations: "{{ backup_list_all | map_backup_locations(vault_backup.backends, backup_default_hooks) }}"
global: "{{ backup_global }}" global: "{{ backup_global }}"

0
roles/caddy/defaults/main.yml → playbooks/roles/caddy/defaults/main.yml
View file

0
roles/caddy/files/Dockerfile → playbooks/roles/caddy/files/Dockerfile
View file

0
roles/caddy/files/snippets → playbooks/roles/caddy/files/snippets
View file

0
roles/caddy/tasks/main.yml → playbooks/roles/caddy/tasks/main.yml
View file

0
roles/caddy/templates/Caddyfile.j2 → playbooks/roles/caddy/templates/Caddyfile.j2
View file

0
roles/caddy/vars/main.yml → playbooks/roles/caddy/vars/main.yml
View file

0
roles/extra_services/tasks/main.yml → playbooks/roles/extra_services/tasks/main.yml
View file

0
roles/extra_services/vars/main.yml → playbooks/roles/extra_services/vars/main.yml
View file

0
roles/faas/tasks/main.yml → playbooks/roles/faas/tasks/main.yml
View file

0
roles/faas/vars/main.yml → playbooks/roles/faas/vars/main.yml
View file

0
roles/forgejo/files/templates/custom/extra_links_footer.tmpl → playbooks/roles/forgejo/files/templates/custom/extra_links_footer.tmpl
View file

0
roles/forgejo/tasks/main.yml → playbooks/roles/forgejo/tasks/main.yml
View file

0
roles/forgejo/templates/footer.tmpl.j2 → playbooks/roles/forgejo/templates/footer.tmpl.j2
View file

0
roles/forgejo/vars/main.yml → playbooks/roles/forgejo/vars/main.yml
View file

0
roles/forgejo_runner/files/config.yml → playbooks/roles/forgejo_runner/files/config.yml
View file

0
roles/forgejo_runner/tasks/main.yml → playbooks/roles/forgejo_runner/tasks/main.yml
View file

0
roles/forgejo_runner/tasks/prompt-registration-token.yml → playbooks/roles/forgejo_runner/tasks/prompt-registration-token.yml
View file

0
roles/forgejo_runner/vars/main.yml → playbooks/roles/forgejo_runner/vars/main.yml
View file

0
roles/gatus/tasks/main.yml → playbooks/roles/gatus/tasks/main.yml
View file

0
roles/gatus/vars/main.yml → playbooks/roles/gatus/vars/main.yml
View file

0
roles/healthcheck/files/Dockerfile → playbooks/roles/healthcheck/files/Dockerfile
View file

0
roles/healthcheck/files/data/mail → playbooks/roles/healthcheck/files/data/mail
View file

0
roles/healthcheck/files/data/mailcheck.template.mail → playbooks/roles/healthcheck/files/data/mailcheck.template.mail
View file

0
roles/healthcheck/files/data/matrix → playbooks/roles/healthcheck/files/data/matrix
View file

0
roles/healthcheck/files/data/template.msmtprc → playbooks/roles/healthcheck/files/data/template.msmtprc
View file

0
roles/healthcheck/files/healthcheck@.timer → playbooks/roles/healthcheck/files/healthcheck@.timer
View file

0
roles/healthcheck/tasks/docker.yml → playbooks/roles/healthcheck/tasks/docker.yml
View file

0
roles/healthcheck/tasks/main.yml → playbooks/roles/healthcheck/tasks/main.yml
View file

4
roles/healthcheck/tasks/systemd.yml → playbooks/roles/healthcheck/tasks/systemd.yml
View file

@ -13,8 +13,8 @@
become: true become: true
- name: Get all healthcheck timers - name: Get all healthcheck timers
ansible.builtin.shell: ansible.builtin.shell: # noqa: command-instead-of-module
cmd: "systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'" cmd: "set -o pipefail && systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
register: systemd_timers_result register: systemd_timers_result
changed_when: false changed_when: false

0
roles/healthcheck/templates/docker-compose.yml.j2 → playbooks/roles/healthcheck/templates/docker-compose.yml.j2
View file

0
roles/healthcheck/templates/healthcheck@.service.j2 → playbooks/roles/healthcheck/templates/healthcheck@.service.j2
View file

0
roles/healthcheck/vars/main.yml → playbooks/roles/healthcheck/vars/main.yml
View file

0
roles/homebox/tasks/main.yml → playbooks/roles/homebox/tasks/main.yml
View file

0
roles/homebox/vars/main.yml → playbooks/roles/homebox/vars/main.yml
View file

0
roles/immich/tasks/main.yml → playbooks/roles/immich/tasks/main.yml
View file

0
roles/immich/vars/main.yml → playbooks/roles/immich/vars/main.yml
View file

0
roles/influxdb/tasks/main.yml → playbooks/roles/influxdb/tasks/main.yml
View file

0
roles/influxdb/vars/main.yml → playbooks/roles/influxdb/vars/main.yml
View file

0
roles/jellyfin/tasks/main.yml → playbooks/roles/jellyfin/tasks/main.yml
View file

0
roles/jellyfin/vars/main.yml → playbooks/roles/jellyfin/vars/main.yml
View file

0
roles/lego/files/hook.sh → playbooks/roles/lego/files/hook.sh
View file

0
roles/lego/files/hooks/auth.serguzim.me → playbooks/roles/lego/files/hooks/auth.serguzim.me
View file

0
roles/lego/files/hooks/db.serguzim.me → playbooks/roles/lego/files/hooks/db.serguzim.me
View file

0
roles/lego/files/lego.sh → playbooks/roles/lego/files/lego.sh
View file

0
roles/lego/files/lego@.timer → playbooks/roles/lego/files/lego@.timer
View file

0
roles/lego/tasks/config.yml → playbooks/roles/lego/tasks/config.yml
View file

0
roles/lego/tasks/hooks.yml → playbooks/roles/lego/tasks/hooks.yml
View file

0
roles/lego/tasks/main.yml → playbooks/roles/lego/tasks/main.yml
View file

2
roles/lego/tasks/systemd.yml → playbooks/roles/lego/tasks/systemd.yml
View file

@ -14,7 +14,7 @@
- name: Get all lego timers - name: Get all lego timers
ansible.builtin.shell: ansible.builtin.shell:
cmd: "systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'" cmd: "set -o pipefail && systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
register: systemd_timers_result register: systemd_timers_result
changed_when: false changed_when: false

0
roles/lego/templates/lego@.service.j2 → playbooks/roles/lego/templates/lego@.service.j2
View file

0
roles/lego/vars/main.yml → playbooks/roles/lego/vars/main.yml
View file

0
roles/linkwarden/tasks/main.yml → playbooks/roles/linkwarden/tasks/main.yml
View file

0
roles/linkwarden/vars/main.yml → playbooks/roles/linkwarden/vars/main.yml
View file

0
roles/mailcowdockerized/tasks/main.yml → playbooks/roles/mailcowdockerized/tasks/main.yml
View file

0
roles/mailcowdockerized/vars/main.yml → playbooks/roles/mailcowdockerized/vars/main.yml
View file

0
roles/minecraft_2/tasks/main.yml → playbooks/roles/minecraft_2/tasks/main.yml
View file

0
roles/minecraft_2/vars/main.yml → playbooks/roles/minecraft_2/vars/main.yml
View file

0
roles/minio/tasks/main.yml → playbooks/roles/minio/tasks/main.yml
View file

0
roles/minio/vars/main.yml → playbooks/roles/minio/vars/main.yml
View file

0
roles/ntfy/tasks/main.yml → playbooks/roles/ntfy/tasks/main.yml
View file

0
roles/ntfy/vars/main.yml → playbooks/roles/ntfy/vars/main.yml
View file

0
roles/postgresql/.gitkeep → playbooks/roles/postgresql/.gitkeep
View file

0
roles/reitanlage_oranienburg/tasks/main.yml → playbooks/roles/reitanlage_oranienburg/tasks/main.yml
View file

0
roles/reitanlage_oranienburg/vars/main.yml → playbooks/roles/reitanlage_oranienburg/vars/main.yml
View file

0
roles/shlink/tasks/main.yml → playbooks/roles/shlink/tasks/main.yml
View file

0
roles/shlink/vars/main.yml → playbooks/roles/shlink/vars/main.yml
View file

16
roles/software/tasks/docker.yml → playbooks/roles/software/tasks/docker.yml
View file

@ -1,5 +1,5 @@
- name: Install required system packages - name: Install required system packages
apt: ansible.builtin.apt:
pkg: pkg:
- apt-transport-https - apt-transport-https
- ca-certificates - ca-certificates
@ -8,39 +8,39 @@
- python3-pip - python3-pip
- virtualenv - virtualenv
- python3-setuptools - python3-setuptools
state: latest state: present
update_cache: true update_cache: true
become: true become: true
- name: Add Docker GPG apt Key - name: Add Docker GPG apt Key
apt_key: ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg url: https://download.docker.com/linux/ubuntu/gpg
state: present state: present
become: true become: true
- name: Add Docker Repository - name: Add Docker Repository
apt_repository: ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present state: present
become: true become: true
- name: Update apt and install docker packages - name: Update apt and install docker packages
apt: ansible.builtin.apt:
pkg: pkg:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- docker-buildx-plugin - docker-buildx-plugin
- docker-compose-plugin - docker-compose-plugin
state: latest state: present
update_cache: true update_cache: true
become: true become: true
- name: Add user to the Docker group - name: Add user to the Docker group
user: ansible.builtin.user:
name: "{{ ansible_user }}" name: "{{ ansible_user }}"
groups: docker groups: docker
append: yes append: true
become: true become: true
- name: Create a network - name: Create a network

24
roles/software/tasks/main.yml → playbooks/roles/software/tasks/main.yml
View file

@ -1,7 +1,7 @@
- name: Install aptitude - name: Install aptitude
apt: ansible.builtin.apt:
name: aptitude name: aptitude
state: latest state: present
update_cache: true update_cache: true
become: true become: true
@ -9,32 +9,34 @@
ansible.builtin.import_tasks: docker.yml ansible.builtin.import_tasks: docker.yml
- name: Install jq and bzip2 - name: Install jq and bzip2
apt: ansible.builtin.apt:
pkg: pkg:
- jq - jq
- bzip2 - bzip2
state: latest state: present
update_cache: true update_cache: true
become: true become: true
- name: check if autorestic is installed - name: Check if autorestic is installed
stat: ansible.builtin.stat:
path: /usr/local/bin/autorestic path: /usr/local/bin/autorestic
register: autorestic_status register: autorestic_status
- name: Install autorestic - name: Install autorestic
when: not autorestic_status.stat.exists ansible.builtin.shell: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
args: args:
executable: /bin/bash executable: /bin/bash
when: not autorestic_status.stat.exists
changed_when: true
become: true become: true
- name: check if restic is installed - name: Check if restic is installed
stat: ansible.builtin.stat:
path: /usr/local/bin/restic path: /usr/local/bin/restic
register: restic_status register: restic_status
- name: Install restic - name: Install restic
ansible.builtin.command: autorestic install
when: not restic_status.stat.exists when: not restic_status.stat.exists
command: autorestic install changed_when: true
become: true become: true

0
roles/synapse/files/msrg.cc.log.config → playbooks/roles/synapse/files/msrg.cc.log.config
View file

0
roles/synapse/tasks/main.yml → playbooks/roles/synapse/tasks/main.yml
View file

0
roles/synapse/vars/main.yml → playbooks/roles/synapse/vars/main.yml
View file

0
roles/tandoor/tasks/main.yml → playbooks/roles/tandoor/tasks/main.yml
View file

0
roles/tandoor/vars/main.yml → playbooks/roles/tandoor/vars/main.yml
View file

Some files were not shown because too many files have changed in this diff Show more