serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add node001

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-14 03:30:59 +02:00
parent e68f2f2cec
commit 822ec5fcb7
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
7 changed files with 69 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts.auto.tfvars
View file

@ -1,11 +1,12 @@
hosts = { hosts = {
#"node001" = { "node001" = {
# hostname = "node001" hostname = "node001"
# rdns = "node001.serguzim.net" rdns = "node001.serguzim.net"
# provider = "contabo" provider = "hetzner"
# ipv4_address = "144.91.106.67", image = "debian-12"
# ipv6_address = "2a02:c207:2051:6620::1" server_type = "cx32"
#}, datacenter = "fsn1-dc14"
},
"node002" = { "node002" = {
hostname = "node002" hostname = "node002"
rdns = "node002.serguzim.net" rdns = "node002.serguzim.net"

1
inventory/group_vars/all/main.yml
View file

@ -20,7 +20,6 @@ container_registry:
services_path: /opt/services/ services_path: /opt/services/
common_services: common_services:
- always
- backup - backup
- lego - lego
- caddy - caddy

14
inventory/serguzim.net.yml
View file

@ -2,12 +2,26 @@ all:
children: children:
serguzim_net: serguzim_net:
hosts: hosts:
node001:
node002: node002:
node003: node003:
hosts: hosts:
local-dev: local-dev:
ansible_connection: local ansible_connection: local
node001:
ansible_host: "{{ opentofu.hosts.node001.fqdn_vpn }}"
ansible_port: "{{ vault_hosts.node001.ansible_port }}"
ansible_user: "{{ vault_hosts.node001.ansible_user }}"
interactive_user: "{{ vault_hosts.node001.interactive_user }}"
host_vpn:
domain: "{{ opentofu.hosts.node001.fqdn_vpn }}"
ip: "{{ opentofu.hosts.node001.ipv4_address_vpn }}"
host_backup:
hc_uid: "{{ opentofu.healthchecksio.backup.node001.id }}"
hc_url: "{{ opentofu.healthchecksio.backup.node001.ping_url }}"
gatus_token: "{{ vault_hosts.node001.backup.gatus_token }}"
node002: node002:
ansible_host: "{{ opentofu.hosts.node002.fqdn_vpn }}" ansible_host: "{{ opentofu.hosts.node002.fqdn_vpn }}"
ansible_port: "{{ vault_hosts.node002.ansible_port }}" ansible_port: "{{ vault_hosts.node002.ansible_port }}"

9
playbooks/serguzim.net.yml
View file

@ -10,7 +10,14 @@
apply: apply:
tags: software tags: software
tags: software tags: software
when: "inventory_hostname == 'node003'" when: "inventory_hostname != 'node002'"
- name: Run always role
ansible.builtin.include_role:
name: always
apply:
tags: always
tags: always
- name: Include service roles - name: Include service roles
ansible.builtin.include_role: ansible.builtin.include_role:

9
playbooks/unlock-backup.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Unlock backups
hosts: serguzim_net
become: true
tasks:
- name: Change password
ansible.builtin.shell:
cmd: autorestic unlock --force && autorestic exec -va unlock
chdir: "{{ (services_path, 'backup') | path_join }}"

25
roles/software/tasks/main.yml
View file

@ -8,10 +8,33 @@
- name: Install docker - name: Install docker
ansible.builtin.import_tasks: docker.yml ansible.builtin.import_tasks: docker.yml
- name: Install jq - name: Install jq and bzip2
apt: apt:
pkg: pkg:
- jq - jq
- bzip2
state: latest state: latest
update_cache: true update_cache: true
become: true become: true
- name: check if autorestic is installed
stat:
path: /usr/local/bin/autorestic
register: autorestic_status
- name: Install autorestic
when: not autorestic_status.stat.exists
shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
args:
executable: /bin/bash
become: true
- name: check if restic is installed
stat:
path: /usr/local/bin/restic
register: restic_status
- name: Install restic
when: not restic_status.stat.exists
command: autorestic install
become: true

12
services.auto.tfvars
View file

@ -1,7 +1,7 @@
services = { services = {
"acme_dns" = { "acme_dns" = {
name = "acme_dns" name = "acme_dns"
host = "node003" host = "node001"
dns = [{ dns = [{
domain = "serguzim.me" domain = "serguzim.me"
target = "acme" target = "acme"
@ -34,7 +34,7 @@ services = {
"extra_services" = { "extra_services" = {
name = "extra_services" name = "extra_services"
host = "node003" host = "node001"
auth = false auth = false
database = false database = false
s3 = false s3 = false
@ -361,7 +361,7 @@ services = {
"shlink" = { "shlink" = {
name = "shlink" name = "shlink"
host = "node003" host = "node001"
dns = [ dns = [
{ {
domain = "msrg.cc" domain = "msrg.cc"
@ -474,7 +474,7 @@ services = {
"tinytinyrss" = { "tinytinyrss" = {
name = "tinytinyrss" name = "tinytinyrss"
host = "node003" host = "node001"
dns = [{ dns = [{
domain = "serguzim.me" domain = "serguzim.me"
target = "rss" target = "rss"
@ -490,7 +490,7 @@ services = {
"umami" = { "umami" = {
name = "umami" name = "umami"
host = "node003" host = "node001"
dns = [{ dns = [{
domain = "serguzim.me" domain = "serguzim.me"
target = "analytics" target = "analytics"
@ -527,7 +527,7 @@ services = {
"wiki_js" = { "wiki_js" = {
name = "wiki_js" name = "wiki_js"
host = "node003" host = "node001"
dns = [{ dns = [{
domain = "serguzim.me" domain = "serguzim.me"
target = "wiki" target = "wiki"