Fix pre-commit hooks and move directories
roles/ and inventory/ are now in playbooks/ also fixed issues reported by ansible-lint
This commit is contained in:
parent
dc398ddb6e
commit
4104057771
123 changed files with 91 additions and 39 deletions
6
.gitignore
vendored
6
.gitignore
vendored
|
@ -7,8 +7,8 @@ dns/services.json
|
|||
secrets.auto.tfvars
|
||||
.terraform
|
||||
|
||||
inventory/group_vars/all/serguzim.net.yml
|
||||
inventory/group_vars/all/opentofu.yml
|
||||
inventory/group_vars/all/all_services.yml
|
||||
playbooks/inventory/group_vars/all/serguzim.net.yml
|
||||
playbooks/inventory/group_vars/all/opentofu.yml
|
||||
playbooks/inventory/group_vars/all/all_services.yml
|
||||
|
||||
infrastructure.svg
|
||||
|
|
|
@ -4,4 +4,10 @@ repos:
|
|||
hooks:
|
||||
- id: ansible-lint
|
||||
args:
|
||||
- playbooks/tasks/
|
||||
- playbooks/serguzim.net.yml
|
||||
- playbooks/for-ansible-lint.yml
|
||||
- repo: https://github.com/gitleaks/gitleaks
|
||||
rev: v8.20.1
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
|
|
12
Makefile
12
Makefile
|
@ -9,28 +9,28 @@ PWD := $(shell pwd)
|
|||
|
||||
.FORCE:
|
||||
|
||||
./inventory/group_vars/all/all_services.yml: .FORCE
|
||||
./playbooks/inventory/group_vars/all/all_services.yml: .FORCE
|
||||
tofu output --json \
|
||||
| yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \
|
||||
> ./inventory/group_vars/all/all_services.yml
|
||||
> ./playbooks/inventory/group_vars/all/all_services.yml
|
||||
|
||||
./inventory/group_vars/all/opentofu.yml: .FORCE
|
||||
./playbooks/inventory/group_vars/all/opentofu.yml: .FORCE
|
||||
tofu output --json \
|
||||
| yq -y '{opentofu: with_entries(.value |= .value)}' \
|
||||
> ./inventory/group_vars/all/opentofu.yml
|
||||
> ./playbooks/inventory/group_vars/all/opentofu.yml
|
||||
|
||||
./dns/hosts.json: .FORCE
|
||||
tofu output --json \
|
||||
| jq 'with_entries(.value |= .value).hosts' \
|
||||
> ./dns/hosts.json
|
||||
|
||||
./dns/services.json: ./inventory/group_vars/all/all_services.yml
|
||||
./dns/services.json: ./playbooks/inventory/group_vars/all/all_services.yml
|
||||
ansible-playbook \
|
||||
-e services_json_file=$(PWD)/dns/services.json \
|
||||
playbooks/create_services_for_dnscontrol.yml
|
||||
|
||||
|
||||
output: ./dns/hosts.json ./dns/services.json ./inventory/group_vars/all/opentofu.yml
|
||||
output: ./dns/hosts.json ./dns/services.json ./playbooks/inventory/group_vars/all/opentofu.yml
|
||||
|
||||
|
||||
./types-dnscontrol.d.ts:
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
[defaults]
|
||||
inventory = ./inventory
|
||||
roles_path = ./roles
|
41
playbooks/for-ansible-lint.yml
Normal file
41
playbooks/for-ansible-lint.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- name: Run all roles
|
||||
hosts: serguzim_net
|
||||
vars:
|
||||
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}"
|
||||
roles:
|
||||
- acme_dns
|
||||
- always
|
||||
- authentik
|
||||
- backup
|
||||
- caddy
|
||||
- extra_services
|
||||
- faas
|
||||
- forgejo
|
||||
- forgejo_runner
|
||||
- gatus
|
||||
- healthcheck
|
||||
- homebox
|
||||
- immich
|
||||
- influxdb
|
||||
- jellyfin
|
||||
- lego
|
||||
- linkwarden
|
||||
- mailcowdockerized
|
||||
- minecraft_2
|
||||
- minio
|
||||
- ntfy
|
||||
- postgresql
|
||||
- reitanlage_oranienburg
|
||||
- shlink
|
||||
- software
|
||||
- synapse
|
||||
- tandoor
|
||||
- teamspeak_fallback
|
||||
- telegraf
|
||||
- tinytinyrss
|
||||
- umami
|
||||
- vikunja
|
||||
- watchtower
|
||||
- wiki_js
|
||||
- woodpecker
|
|
@ -13,8 +13,8 @@
|
|||
become: true
|
||||
|
||||
- name: Get all healthcheck timers
|
||||
ansible.builtin.shell:
|
||||
cmd: "systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
|
||||
ansible.builtin.shell: # noqa: command-instead-of-module
|
||||
cmd: "set -o pipefail && systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
|
||||
register: systemd_timers_result
|
||||
changed_when: false
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
- name: Get all lego timers
|
||||
ansible.builtin.shell:
|
||||
cmd: "systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
|
||||
cmd: "set -o pipefail && systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
|
||||
register: systemd_timers_result
|
||||
changed_when: false
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
- name: Install required system packages
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
|
@ -8,39 +8,39 @@
|
|||
- python3-pip
|
||||
- virtualenv
|
||||
- python3-setuptools
|
||||
state: latest
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: Add Docker GPG apt Key
|
||||
apt_key:
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Add Docker Repository
|
||||
apt_repository:
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Update apt and install docker packages
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-buildx-plugin
|
||||
- docker-compose-plugin
|
||||
state: latest
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: Add user to the Docker group
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: "{{ ansible_user }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
append: true
|
||||
become: true
|
||||
|
||||
- name: Create a network
|
|
@ -1,7 +1,7 @@
|
|||
- name: Install aptitude
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: aptitude
|
||||
state: latest
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
|
@ -9,32 +9,34 @@
|
|||
ansible.builtin.import_tasks: docker.yml
|
||||
|
||||
- name: Install jq and bzip2
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- jq
|
||||
- bzip2
|
||||
state: latest
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: check if autorestic is installed
|
||||
stat:
|
||||
- name: Check if autorestic is installed
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/autorestic
|
||||
register: autorestic_status
|
||||
|
||||
- name: Install autorestic
|
||||
when: not autorestic_status.stat.exists
|
||||
shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
|
||||
ansible.builtin.shell: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
|
||||
args:
|
||||
executable: /bin/bash
|
||||
when: not autorestic_status.stat.exists
|
||||
changed_when: true
|
||||
become: true
|
||||
|
||||
- name: check if restic is installed
|
||||
stat:
|
||||
- name: Check if restic is installed
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/restic
|
||||
register: restic_status
|
||||
|
||||
- name: Install restic
|
||||
ansible.builtin.command: autorestic install
|
||||
when: not restic_status.stat.exists
|
||||
command: autorestic install
|
||||
changed_when: true
|
||||
become: true
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue