Add node001

2024-10-14 03:30:59 +02:00 · 2024-10-14 03:30:59 +02:00 · 822ec5fcb7
commit 822ec5fcb7
parent e68f2f2cec
7 changed files with 69 additions and 16 deletions
--- a/hosts.auto.tfvars
+++ b/hosts.auto.tfvars
@ -1,11 +1,12 @@
 hosts = {
-  #"node001" = {
-  #  hostname = "node001"
-  #  rdns = "node001.serguzim.net"
-  #  provider = "contabo"
-  #  ipv4_address = "144.91.106.67",
-  #  ipv6_address = "2a02:c207:2051:6620::1"
-  #},
+  "node001" = {
+    hostname = "node001"
+    rdns = "node001.serguzim.net"
+    provider = "hetzner"
+    image = "debian-12"
+    server_type = "cx32"
+    datacenter = "fsn1-dc14"
+  },
  "node002" = {
    hostname = "node002"
    rdns = "node002.serguzim.net"
--- a/inventory/group_vars/all/main.yml
+++ b/inventory/group_vars/all/main.yml
@ -20,7 +20,6 @@ container_registry:
 services_path: /opt/services/

 common_services:
-  - always
  - backup
  - lego
  - caddy
--- a/inventory/serguzim.net.yml
+++ b/inventory/serguzim.net.yml
@ -2,12 +2,26 @@ all:
  children:
    serguzim_net:
      hosts:
+        node001:
        node002:
        node003:
  hosts:
    local-dev:
      ansible_connection: local

+    node001:
+      ansible_host: "{{ opentofu.hosts.node001.fqdn_vpn }}"
+      ansible_port: "{{ vault_hosts.node001.ansible_port }}"
+      ansible_user: "{{ vault_hosts.node001.ansible_user }}"
+      interactive_user: "{{ vault_hosts.node001.interactive_user }}"
+      host_vpn:
+        domain: "{{ opentofu.hosts.node001.fqdn_vpn }}"
+        ip: "{{ opentofu.hosts.node001.ipv4_address_vpn }}"
+      host_backup:
+        hc_uid: "{{ opentofu.healthchecksio.backup.node001.id }}"
+        hc_url: "{{ opentofu.healthchecksio.backup.node001.ping_url }}"
+        gatus_token: "{{ vault_hosts.node001.backup.gatus_token }}" 
+
    node002:
      ansible_host: "{{ opentofu.hosts.node002.fqdn_vpn }}"
      ansible_port: "{{ vault_hosts.node002.ansible_port }}"
--- a/playbooks/serguzim.net.yml
+++ b/playbooks/serguzim.net.yml
@ -10,7 +10,14 @@
        apply:
          tags: software
      tags: software
-      when: "inventory_hostname == 'node003'"
+      when: "inventory_hostname != 'node002'"
+
+    - name: Run always role
+      ansible.builtin.include_role:
+        name: always
+        apply:
+          tags: always
+      tags: always

    - name: Include service roles
      ansible.builtin.include_role:
--- a/playbooks/unlock-backup.yml
+++ b/playbooks/unlock-backup.yml
@ -0,0 +1,9 @@
+---
+- name: Unlock backups
+  hosts: serguzim_net
+  become: true
+  tasks:
+  - name: Change password
+    ansible.builtin.shell:
+      cmd: autorestic unlock --force && autorestic exec -va unlock
+      chdir: "{{ (services_path, 'backup') | path_join }}"
--- a/roles/software/tasks/main.yml
+++ b/roles/software/tasks/main.yml
@ -8,10 +8,33 @@
 - name: Install docker
  ansible.builtin.import_tasks: docker.yml

- name: Install jq
+- name: Install jq and bzip2
  apt:
    pkg:
      - jq
+      - bzip2
    state: latest
    update_cache: true
  become: true
+
+- name: check if autorestic is installed
+  stat:
+    path: /usr/local/bin/autorestic
+  register: autorestic_status
+
+- name: Install autorestic
+  when: not autorestic_status.stat.exists
+  shell: wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
+  args:
+    executable: /bin/bash
+  become: true
+
+- name: check if restic is installed
+  stat:
+    path: /usr/local/bin/restic
+  register: restic_status
+
+- name: Install restic
+  when: not restic_status.stat.exists
+  command: autorestic install
+  become: true
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -1,7 +1,7 @@
 services = {
  "acme_dns" = {
    name = "acme_dns"
-    host = "node003"
+    host = "node001"
    dns = [{
      domain = "serguzim.me"
      target = "acme"
@ -34,7 +34,7 @@ services = {

  "extra_services" = {
    name = "extra_services"
-    host = "node003"
+    host = "node001"
    auth = false
    database = false
    s3 = false
@ -361,7 +361,7 @@ services = {

  "shlink" = {
    name = "shlink"
-    host = "node003"
+    host = "node001"
    dns = [
      {
        domain = "msrg.cc"
@ -474,7 +474,7 @@ services = {

  "tinytinyrss" = {
    name = "tinytinyrss"
-    host = "node003"
+    host = "node001"
    dns = [{
      domain = "serguzim.me"
      target = "rss"
@ -490,7 +490,7 @@ services = {

  "umami" = {
    name = "umami"
-    host = "node003"
+    host = "node001"
    dns = [{
      domain = "serguzim.me"
      target = "analytics"
@ -527,7 +527,7 @@ services = {

  "wiki_js" = {
    name = "wiki_js"
-    host = "node003"
+    host = "node001"
    dns = [{
      domain = "serguzim.me"
      target = "wiki"