From 822ec5fcb7db341aae656e2bfe4d8ab69013a48a Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Mon, 14 Oct 2024 03:30:59 +0200 Subject: [PATCH] Add node001 --- hosts.auto.tfvars | 15 ++++++++------- inventory/group_vars/all/main.yml | 1 - inventory/serguzim.net.yml | 14 ++++++++++++++ playbooks/serguzim.net.yml | 9 ++++++++- playbooks/unlock-backup.yml | 9 +++++++++ roles/software/tasks/main.yml | 25 ++++++++++++++++++++++++- services.auto.tfvars | 12 ++++++------ 7 files changed, 69 insertions(+), 16 deletions(-) create mode 100644 playbooks/unlock-backup.yml diff --git a/hosts.auto.tfvars b/hosts.auto.tfvars index c677d22..ad5a5d6 100644 --- a/hosts.auto.tfvars +++ b/hosts.auto.tfvars @@ -1,11 +1,12 @@ hosts = { - #"node001" = { - # hostname = "node001" - # rdns = "node001.serguzim.net" - # provider = "contabo" - # ipv4_address = "144.91.106.67", - # ipv6_address = "2a02:c207:2051:6620::1" - #}, + "node001" = { + hostname = "node001" + rdns = "node001.serguzim.net" + provider = "hetzner" + image = "debian-12" + server_type = "cx32" + datacenter = "fsn1-dc14" + }, "node002" = { hostname = "node002" rdns = "node002.serguzim.net" diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml index b21e7c7..16c1369 100644 --- a/inventory/group_vars/all/main.yml +++ b/inventory/group_vars/all/main.yml @@ -20,7 +20,6 @@ container_registry: services_path: /opt/services/ common_services: - - always - backup - lego - caddy diff --git a/inventory/serguzim.net.yml b/inventory/serguzim.net.yml index 262b65d..2133f54 100644 --- a/inventory/serguzim.net.yml +++ b/inventory/serguzim.net.yml @@ -2,12 +2,26 @@ all: children: serguzim_net: hosts: + node001: node002: node003: hosts: local-dev: ansible_connection: local + node001: + ansible_host: "{{ opentofu.hosts.node001.fqdn_vpn }}" + ansible_port: "{{ vault_hosts.node001.ansible_port }}" + ansible_user: "{{ vault_hosts.node001.ansible_user }}" + interactive_user: "{{ vault_hosts.node001.interactive_user }}" + host_vpn: + domain: "{{ opentofu.hosts.node001.fqdn_vpn }}" + ip: "{{ opentofu.hosts.node001.ipv4_address_vpn }}" + host_backup: + hc_uid: "{{ opentofu.healthchecksio.backup.node001.id }}" + hc_url: "{{ opentofu.healthchecksio.backup.node001.ping_url }}" + gatus_token: "{{ vault_hosts.node001.backup.gatus_token }}" + node002: ansible_host: "{{ opentofu.hosts.node002.fqdn_vpn }}" ansible_port: "{{ vault_hosts.node002.ansible_port }}" diff --git a/playbooks/serguzim.net.yml b/playbooks/serguzim.net.yml index 79927c7..41b1ba5 100644 --- a/playbooks/serguzim.net.yml +++ b/playbooks/serguzim.net.yml @@ -10,7 +10,14 @@ apply: tags: software tags: software - when: "inventory_hostname == 'node003'" + when: "inventory_hostname != 'node002'" + + - name: Run always role + ansible.builtin.include_role: + name: always + apply: + tags: always + tags: always - name: Include service roles ansible.builtin.include_role: diff --git a/playbooks/unlock-backup.yml b/playbooks/unlock-backup.yml new file mode 100644 index 0000000..78fea7c --- /dev/null +++ b/playbooks/unlock-backup.yml @@ -0,0 +1,9 @@ +--- +- name: Unlock backups + hosts: serguzim_net + become: true + tasks: + - name: Change password + ansible.builtin.shell: + cmd: autorestic unlock --force && autorestic exec -va unlock + chdir: "{{ (services_path, 'backup') | path_join }}" diff --git a/roles/software/tasks/main.yml b/roles/software/tasks/main.yml index 604a15c..db3db7f 100644 --- a/roles/software/tasks/main.yml +++ b/roles/software/tasks/main.yml @@ -8,10 +8,33 @@ - name: Install docker ansible.builtin.import_tasks: docker.yml -- name: Install jq +- name: Install jq and bzip2 apt: pkg: - jq + - bzip2 state: latest update_cache: true become: true + +- name: check if autorestic is installed + stat: + path: /usr/local/bin/autorestic + register: autorestic_status + +- name: Install autorestic + when: not autorestic_status.stat.exists + shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash + args: + executable: /bin/bash + become: true + +- name: check if restic is installed + stat: + path: /usr/local/bin/restic + register: restic_status + +- name: Install restic + when: not restic_status.stat.exists + command: autorestic install + become: true diff --git a/services.auto.tfvars b/services.auto.tfvars index f3ab3fb..2fa660b 100644 --- a/services.auto.tfvars +++ b/services.auto.tfvars @@ -1,7 +1,7 @@ services = { "acme_dns" = { name = "acme_dns" - host = "node003" + host = "node001" dns = [{ domain = "serguzim.me" target = "acme" @@ -34,7 +34,7 @@ services = { "extra_services" = { name = "extra_services" - host = "node003" + host = "node001" auth = false database = false s3 = false @@ -361,7 +361,7 @@ services = { "shlink" = { name = "shlink" - host = "node003" + host = "node001" dns = [ { domain = "msrg.cc" @@ -474,7 +474,7 @@ services = { "tinytinyrss" = { name = "tinytinyrss" - host = "node003" + host = "node001" dns = [{ domain = "serguzim.me" target = "rss" @@ -490,7 +490,7 @@ services = { "umami" = { name = "umami" - host = "node003" + host = "node001" dns = [{ domain = "serguzim.me" target = "analytics" @@ -527,7 +527,7 @@ services = { "wiki_js" = { name = "wiki_js" - host = "node003" + host = "node001" dns = [{ domain = "serguzim.me" target = "wiki"