diff options
Diffstat (limited to 'skillz')
-rw-r--r-- | skillz/cloud-install.yml | 10 | ||||
-rw-r--r-- | skillz/common.yml | 10 | ||||
-rw-r--r-- | skillz/generic.yml | 5 | ||||
-rw-r--r-- | skillz/group_vars/all.yml | 26 | ||||
-rw-r--r-- | skillz/host_vars/sk-2019.yml | 21 | ||||
-rw-r--r-- | skillz/host_vars/sk-2019vm.yml | 21 | ||||
-rw-r--r-- | skillz/host_vars/sk-cloudio.yml | 82 | ||||
-rw-r--r-- | skillz/host_vars/sk-testvm.yml | 20 | ||||
-rw-r--r-- | skillz/host_vars/sk-tomnext-nc.yml | 24 | ||||
-rw-r--r-- | skillz/host_vars/sk-tomnext.yml | 21 | ||||
-rw-r--r-- | skillz/host_vars/sk-torrent.yml | 10 | ||||
-rw-r--r-- | skillz/image-generate.yml | 20 | ||||
-rw-r--r-- | skillz/iso-generate.yml | 10 | ||||
-rw-r--r-- | skillz/iso-install.yml | 10 | ||||
-rw-r--r-- | skillz/openwrt-deploy.yml | 9 | ||||
-rw-r--r-- | skillz/sk-2019.yml | 139 | ||||
-rw-r--r-- | skillz/sk-2019vm.yml | 39 | ||||
-rw-r--r-- | skillz/sk-cloudio.yml | 31 | ||||
-rw-r--r-- | skillz/sk-testvm.yml | 151 | ||||
-rw-r--r-- | skillz/sk-tomnext-hp.yml | 6 | ||||
-rw-r--r-- | skillz/sk-tomnext-nc.yml | 24 | ||||
-rw-r--r-- | skillz/sk-tomnext.yml | 39 | ||||
-rw-r--r-- | skillz/sk-torrent.yml | 10 | ||||
-rw-r--r-- | skillz/usb-generate.yml | 10 | ||||
-rw-r--r-- | skillz/usb-install.yml | 10 | ||||
-rw-r--r-- | skillz/vm-deploy.yml | 18 | ||||
-rw-r--r-- | skillz/vm-install.yml | 11 |
27 files changed, 787 insertions, 0 deletions
diff --git a/skillz/cloud-install.yml b/skillz/cloud-install.yml new file mode 100644 index 00000000..72db81d9 --- /dev/null +++ b/skillz/cloud-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + +- import_playbook: ../common/cloud-install.yml diff --git a/skillz/common.yml b/skillz/common.yml new file mode 100644 index 00000000..af4b4fda --- /dev/null +++ b/skillz/common.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: "{{ install_hostname }}" + roles: + - role: apt-repo/base + when: ansible_pkg_mgr == "apt" + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp diff --git a/skillz/generic.yml b/skillz/generic.yml new file mode 100644 index 00000000..bc8866c5 --- /dev/null +++ b/skillz/generic.yml @@ -0,0 +1,5 @@ +--- +- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}" + hosts: "{{ myhosts }}" + roles: + - role: "{{ myrole }}" diff --git a/skillz/group_vars/all.yml b/skillz/group_vars/all.yml new file mode 100644 index 00000000..bace9df0 --- /dev/null +++ b/skillz/group_vars/all.yml @@ -0,0 +1,26 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +39333835343437643137363564396365316439626562616635373336383136393961366164373439 +6134633733313738636562666461653861346439323231300a343935313134326635643464626565 +61643764393538666235356530633236366431313236646664323561633032353966633262376435 +3532393163636264390a336634653935663361333433626231633764356666616632356166653434 +34623165613963373261343161653739323836626234333135366239623861396136656464343934 +62383134626161666633613937616132356330373364366235363362396532353638663437363563 +65646634643238653130396363323464656162666162343365666330633037363531316531396365 +32383765623666643561613465373038396266656465356263623135633631303130396466363031 +63383633636136366439313731363839336635386664383364376466323464363032303133623038 +62613639313531643666326539663864636364623161356563616231326237646130303961383666 +32366332303464363734306535633239636539653863383135383066653730386330626430303730 +61653634653935623837323639626261313166326235636232626162386430616135626536373437 +65656339383161333166353466643436656463653237303566303665343937386534393039663836 +62656237303863323564383331343665376663363131386238356633356662633537663866336531 +62376163316662613439666161343461396434306632633333376362346362386163373639333163 +66636661316530653336383562366237633230383635386362303435613466313963376634616138 +32376534313430643564366362353062336339343737306466386662623463393063363935333435 +61666137323339633932666364346266393561303631663932386166626136356439323863636637 +63326136633938616539623938313738656635656161396562326162336530623230336438313863 +63346162613235316435393137313935643637393765666561303261333265313031343231306133 +33663164393338613433303261323265616639396130613330313662303532323361656535666635 +37613836323239633139616435313361383138356463353033353639363365663934356561626331 +33663830343463306534343439633565343433633765323538353861636433303634303330643234 +64393032323434616533663038626466356532383735366331333933653635343966333463353435 +3663 diff --git a/skillz/host_vars/sk-2019.yml b/skillz/host_vars/sk-2019.yml new file mode 100644 index 00000000..29633d0e --- /dev/null +++ b/skillz/host_vars/sk-2019.yml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +65356433653063643165336636353364333339626236303637353639346166623666333136663466 +3637633166353765393636323931336338616435383736620a393565653533643732323661336433 +36636164633535303531343362383439633038323539346331666333333964616164636362363666 +6230313331636566630a636539306135343532643234323566656635353836383865373865643337 +32313739663638336232313462663261383632313866663131626330353766613338346231363131 +65616564353865633930623732323262393232343161633764633430316437303138323635333335 +31383361313861646537636133346137393362663566653936626137663839353430373265353262 +33653432366234366531376163613762383961323333303864656335313265363163613666396534 +65366136353765323165636438663336653137363136636565313934643262303939353563663635 +32643336623564386464353065346134303063346533353833363334626535663137333164383961 +39343161316433386233373866366138666664316332613039633531653564343137313961636436 +30613131323635633833613762346538373533316566616639326461626366343663366238333661 +31636462626539663965613063633832656235343562616533383531353133383137333032643564 +39613234353061323131643530613430303233336331653136363836636639383761633635393636 +39393539393066323238636334316537333239353837343934633364323937306634336233363863 +61383661316438386338653735626162613732613634333464393739633061666566623531626166 +30636262343633313730346462373738396535383164666266396265366635653866306464663234 +32646232666135313264656538633834363931643232626431383539613462626364363763616437 +31633761326535613363653861316534363236336332313961343532623434363737326434356439 +66626335616634613364 diff --git a/skillz/host_vars/sk-2019vm.yml b/skillz/host_vars/sk-2019vm.yml new file mode 100644 index 00000000..6ffcff58 --- /dev/null +++ b/skillz/host_vars/sk-2019vm.yml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +31323764346661386139383032303266363633313764666462623534643433396631333062366631 +3435663166366366663734383739323731356161623835300a666335373262383065636665646136 +30653035393231643134623464383531623430633663666461306437383831326635363163623765 +3465323635376166620a343933626435323765373837313063363036326236653330353434303566 +66333664616362303533663764383939633366656166303936646263613934663139626365633137 +36633536333336643433643962616635646330383237326165343239633338313465636236373832 +65366331636464613434646266623166653932363239346339613934333732383765616566396232 +61333066353632346138663464393033316563336239326237613630303738396166373835643931 +36366436346461343735623338343938623234643039643239383463333966376363653035333966 +63363561376134656636333538313034356565616465333566633732643138316234326666343762 +61303230396163356538316661313763656563663063636238633239393661346264353563313165 +64376435323161316436333335343336363333303361613535646238353236353333366338386633 +65613036303162653136613935373266393631656431643830303637316438653233376130326461 +36616434343765386261326233376663396364346233343734363062653039396162396533626533 +30323438313865366136393233393438316430653931383630316333623430393733333535643735 +65643838633532353433343262356237333432343531336366323832356665306133656139373564 +37383531333030643432333137396332373036626134396332623530666636396162323237396636 +66656461373038316334313165633636663137323661353733343536656262323033623466346466 +62383835323066653063636566623765306362616166666130356361623964656330656236396165 +31663930633232653838 diff --git a/skillz/host_vars/sk-cloudio.yml b/skillz/host_vars/sk-cloudio.yml new file mode 100644 index 00000000..8596b411 --- /dev/null +++ b/skillz/host_vars/sk-cloudio.yml @@ -0,0 +1,82 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +38373935316661656666663139653966636234643337653432343830376332386533323164323337 +3066393834633363656537383433343365346330636136360a333462373465393939383634303439 +36376238303837373763643235663330353662323165636233623534623065303961356630623536 +3335613565396430640a333930656531666530393836633432363762366439343535366266333933 +61313839373139303835633234376330623634313666643964633432613432316437363930666331 +37363065663437396234613735363337343563303064343033356562633061353433386435663630 +34633761646566373435643563666436303766346430313131643334666235363062353864313037 +35623130386465613335623132623236373431636632343563653836383237326131306134636464 +65663363613661303262363334393639323132343664363863653564626537643432393465313238 +64623836626537366339616339393938353336626134333734303738316162633065623464323832 +61303965326133323063623663333664313933653233373864383231393730616163656164643935 +61353636633734613638616637393938326530393330306463303339666135626534663465373032 +66353662333631363036353234626366306636323135643334613461393763306161633934303538 +65386135353436336462336165316138383562316664306430373763336161303933393234393466 +64646262366533363038663931623161333130643164346565373064666631303434323331386632 +61373163356566353962303161396261613834643265636433393032383739386331313134663266 +34396265666435626564383063376632373038343030366336343638656437626663653232353932 +35386361633933316263666263323534633737393337303939626564346231363162353136323561 +61313134343163303434323965616333613465393632393266666237613164386663373731333231 +39646636353163653933353765646563656466306437386135663530346134316163323239376338 +39393138383930643231323766643364643738633766353331656532316336366363376462653335 +31343935303238613034336436343137373331323766303139393437623137616563613430633433 +32626431653634333861623335643963353337323435653538343036306463623765666234353930 +32663665323661396161333162386538336633303036336665336139386638643463376361356234 +35653431343630643662306634346239643063306562363266336262363662383264383930396265 +63646632383932323335666164376661613132616665356135356535303961333437363039343132 +65363233336634383234303237323534636261333132326639393261643162393330386366383965 +36306538343363623064356132623236353338303866353666336666396264333864363836633233 +32646434303839616639333538346561373961363438326336663365306366623836663930616138 +31366133626135636665613663653131343766343766373530366637323333393237663430626535 +63633935626265383866643437383236363264396334313164666433353863373834316134386235 +33666335303739316131323431623836633030653134303736353730636637323362316562383933 +36353161346662396138303265616231633161663165656662343930643537363366373765613233 +37346430653465303063636363636565306337623939373539313837376139373062623561616232 +63643461393530366366313630313364306230663537333061356364383364663663316561393932 +33333638376530336633643836373231353839643366626661636330366534363661333765343833 +63336138656461373939396233306139306563653337386232383435313135396461653731386434 +64353835663863396633616262663866653264376530396261656666373138316636323038346330 +61633761353065663062323938353538643338363130613932353461366535326462613162643833 +62663062623438353862616436643363303063343337336537386635373537333330356537306631 +63663439343435313732363636376162613030663930646334623237323065623632346461653730 +34663937656130373066366666643539376661633062356331666436366239346165653164643132 +32396131326533363264616135386639313132663030373363343364323965313539323063333761 +34373162643736383633623736323731653537653338316164623064663865663032376238643834 +64613032656365326162633237633130353963633131353130656330663863663733653766323561 +36323139303738326264393833313761363937643262383933633366366634336261343536663565 +33316166313130626537393939363037616165303933393230333632306430623438643363663433 +39346333623061663166353138373963316263393332303862333764393435613233613965333965 +62333230323266333430633365623739633436633635383339373332333934353734313530353533 +35333964623532306363373461396462363733633837363132356638353266666634363035656665 +31333966666166373239346139623632346165393163643334626534623765643533653761303662 +32373765393332303131666230616232623432303036633362393230626666323566393762333538 +36366539313732373430343464656439623432303664383632613362366339636462616635613834 +62643962666634636365373132613634613462313938316566623265353730366436366631383431 +32623039656537613630613636323639623334613830653931326464326234623938653532303764 +65633535333062313738393330303832306530633130353737653961633566613963643065323033 +64646563346332343537623939646435663836656266633061373332313636366338633464373639 +33663732313262356133393363336361623636326231616631333633313230346362643163376130 +61393338313761623765353164656530643533643661663235353366373039323934313466346238 +61346661616237343164633137663134636631383563383038303330663664343066386135316433 +65626135643564653038653531313065393731666162383365386333626130636435613339333130 +64643538666565383965396263316365353234636634303563333435363865306662656631306166 +61633035306562336565656138313233396266656161666438366537663132613333666636366631 +63376636336237626233333937343236393166633733373534353131633036633239633234643536 +63353535306561343962303331306330633934323264326138613161633639616263333734663634 +38393964636137633862343066343538333938363733653866323161643834393363663539613630 +33643737663536373265356437346463656361303461626265393730663837633632363963373130 +31353164306563346239333736303636333336323065656231633038636137396463363638626630 +35656137616536363732376139663561646638663262376433643366373965323837623433323233 +31626131653766626537316430303564336263396239653964663936393433343831383132303530 +35643539366339393839653664666464643739393134666234333733613532363161663630373033 +32636665313461363932333533393133343762383561353863656536303565623564343262343337 +36653536366534653037633830323537653637326163303131616162303961393735623839353831 +30353134646639343531396437643831366239393066653433323135613033333162376364636639 +63313432643663613061333335333664626233626331663338626334613564386365653461383030 +32346130373965396164653663643933363235616534663031336430323838326265636563643839 +37646239653835366433646331633861633330663438323737653764663338643632353832383238 +33663831323062623036643039656534326234313161373836383966376564306231616162643831 +36623832346636306135333439656466303039396435613731393535376165613534623832633034 +61383133356332383730346630356131663263313532616661333139323133356666333966333762 +3731 diff --git a/skillz/host_vars/sk-testvm.yml b/skillz/host_vars/sk-testvm.yml new file mode 100644 index 00000000..6081d56b --- /dev/null +++ b/skillz/host_vars/sk-testvm.yml @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +35666266336366353336306161626463373466323434316163653235623464626134316237333961 +3139623939363464366539646365323136393939316333630a373365623838663038306438636537 +63663830653332316132353033326638663332363636623131666266313065323430346634333339 +6339336365343265660a353637373133323634646463396137353130663731623265663064653337 +66363135376339363862316134373631643765383935333030323938653337396435356361353638 +35346665376262306565393339646238353230363439333762306633316331643963653466313961 +32613063306437633333386265663562616563616664613962633564373563326539363866313763 +30613232353663643066613732316564666361646163366437323765633935656238336632323733 +65386135656435313466653666623233303661343530613932373961643634346562393532663462 +31353262323133363537303035383639353334323935613831376637613964663635306637643037 +62303134633064616531353039383336363563376365326234323835643233306139363032663536 +63373534323731366365393632623432326561303863616261306233616436383266646361356636 +64383831363863363738633065386435343935633137613964316237666566313430623061636439 +31646661333161623465316564323835653062343730343331353339363664663331303735346162 +63646531646430303630356132376232656639313163376631373135313237633334646135653239 +37386437633432376564383964636266623230363834633239356565376530633838333533346335 +66383966313862353130663334383535376464613638366330303962656336613765656362393335 +37643066353734303733346234633736653663376639656633306635363061623163376139616564 +646461383234653235356164626537326664 diff --git a/skillz/host_vars/sk-tomnext-nc.yml b/skillz/host_vars/sk-tomnext-nc.yml new file mode 100644 index 00000000..b7b7c529 --- /dev/null +++ b/skillz/host_vars/sk-tomnext-nc.yml @@ -0,0 +1,24 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +38303565323764636435626633373138303637383839656366303532313266356665306666376534 +6566623963643964613133306334396336333566646631310a366430303430306563626530323636 +64316438663337653135353935373038393931393261653133336164383436653665666132383233 +3566353365376265630a316166653133336338336330303161393932666335393361346435623733 +39383137396232613937633863306437666263623638633663343966333339376665666439653663 +62633536633937373230346636356134623066373436613839306635353262363062313036666262 +36333330363161623939613431363135653337643030323233666566633132636234346638346337 +35366165663866313230633831643839356335623734306262663663336530356437623536373265 +64646136303831363364636261363333383564643339636662366336646662663837653865363333 +62633331376636663638656362643262373163623764663034363839633433666661623164633532 +37346532323961613133623661663363383963626561383033303961633162376631643730383434 +37356261373736313036613864626362633631663534376665626238353033613831636364326137 +61663033653663633533376361646330383339343733653836303163306638376139323331323164 +32636133343333396564666563393239306239633739336361346466366565303433323230303562 +64663535303665303739633833316639346262626237376130326162376363316236396536316466 +63616436636262363062653162316335393465653263373132646237386565636232376266366435 +65643964346332393832353163363038313237313038363030306161373836666562613831333033 +61303332616261616437386266336664356636303633646134386236396238363061636330616266 +66303131326431343132316232363863343233666163366362643763303162393238346432616632 +39343138383538626561356635633562336531623039313336323138363965656536613935336436 +39306638316339323033653861616533396339313764613264613365396664613230306237646562 +35396233356638313339656331323763636330373334613631626130306331336432633334323032 +386630346436653564616130323562323530 diff --git a/skillz/host_vars/sk-tomnext.yml b/skillz/host_vars/sk-tomnext.yml new file mode 100644 index 00000000..2e8aec35 --- /dev/null +++ b/skillz/host_vars/sk-tomnext.yml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +32633430643636636263663937653962346365323663323335326366363134386163373532643666 +3462383534633339623538646230653639393534343536360a343665316266613464333066626631 +36393863383832303761386566343430343138343230643761623761396239633839666266356265 +6164333761343338620a623432663562626332656136626537396230303766616631373733383566 +34356561613066356666646631373466316162383063386262646435343935356135623261393439 +38656639643366346338326136306239323637336237363532353334623639363539333131653935 +33306239313131326531613466613330346430376639666564383263643031666636326263346462 +63626135393338386166666539386337633361393334666238393833373437313739636465393161 +34633266633862303937346366363634613165313635646164663131393634376330386464316666 +31396433383761316431343036383134303732653765613330303863333934333839643764346331 +61623038303638313632343038306464653030663933313462656438303564363433356438303637 +65666363633166306630333866323034396131313866653338346465653637653564323363376531 +35636263623039356437333563636131373237623034393362653736356265363261306132373738 +39656437353561323633323565646464333361303530333530646234663036653937663231616237 +65313061613638393131666430306464366564383963346334646365366234663737633363303963 +35336663343936663661326638333136616432383831306333643363663761363937626466393331 +31343538353735626464643162306164623963613937656136393934663761633435376636303861 +33646432643963313131353639396432653337626232653262346133313564373766396537356362 +33373466393462376137323264616662343962376463303030616335303431386131613565356365 +38653564303532373566 diff --git a/skillz/host_vars/sk-torrent.yml b/skillz/host_vars/sk-torrent.yml new file mode 100644 index 00000000..18a8fa1e --- /dev/null +++ b/skillz/host_vars/sk-torrent.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.2;AES256;skillz +37333061623432316463656165303235356636626364393138613735333631646137313866383866 +6236313162353066383439613737393934616638316637370a626434626230373836313963336234 +33636230396235313934646634373034616564656339653066656166353936643236346235333038 +6334353930333062390a333531373932633331393636386630636162363962373538376133633036 +36363236633862303933663565653361646533396565646136613539363166376232386239343863 +62666331333634373962336466376339653531356637383930363866363031326533323730646435 +61303239613733326531636331626363343232663135343333343139623864653761373961343962 +31346233326638646133333133336538333361646261623436316238326530336464663761343361 +6137 diff --git a/skillz/image-generate.yml b/skillz/image-generate.yml new file mode 100644 index 00000000..1b11f1eb --- /dev/null +++ b/skillz/image-generate.yml @@ -0,0 +1,20 @@ +--- +- name: generate os image + hosts: "{{ install_hostnames }}" + connection: local + gather_facts: no + roles: + - role: "installer/{{ install_distro }}/image" + post_tasks: + - pause: + seconds: 0 + prompt: | + The resulting images can be found here: + + {% for host in play_hosts %} + {{ host }}: + {% for image in hostvars[host].output_images %} + - {{ image }} + {% endfor %} + + {% endfor %} diff --git a/skillz/iso-generate.yml b/skillz/iso-generate.yml new file mode 100644 index 00000000..584b8914 --- /dev/null +++ b/skillz/iso-generate.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostnames }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + +- import_playbook: ../common/iso-generate.yml diff --git a/skillz/iso-install.yml b/skillz/iso-install.yml new file mode 100644 index 00000000..5defe6d3 --- /dev/null +++ b/skillz/iso-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + +- import_playbook: ../common/iso-install.yml diff --git a/skillz/openwrt-deploy.yml b/skillz/openwrt-deploy.yml new file mode 100644 index 00000000..e7cc49fa --- /dev/null +++ b/skillz/openwrt-deploy.yml @@ -0,0 +1,9 @@ +--- +- name: generate os image + hosts: "{{ install_hostname }}" + connection: local + gather_facts: no + roles: + - role: installer/openwrt/image + +- import_playbook: ../common/openwrt-deploy.yml diff --git a/skillz/sk-2019.yml b/skillz/sk-2019.yml new file mode 100644 index 00000000..3d555ba5 --- /dev/null +++ b/skillz/sk-2019.yml @@ -0,0 +1,139 @@ +--- +- name: Basic Setup + hosts: sk-2019 + roles: + # - role: apt-repo/base + # - role: core/base + # - role: core/sshd/base + # - role: core/zsh + - role: core/cpu-microcode + # - role: core/users + - role: storage/luks/base + - role: storage/zfs/base + - role: apt-repo/spreadspace + - role: storage/zfs/sanoid + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in luks_devices.items() %} + echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + systemctl restart mariadb.service + systemctl restart apache2.service + + - name: install ispconfig fix systemd service unit + copy: + dest: /etc/systemd/system/fix-fstab.service + content: | + [Unit] + Description=fix fstab entries made by ispconfig + + [Service] + Type=oneshot + ExecStart=/usr/bin/sed s/bind,nobootwait/bind,nofail/ -i /etc/fstab + + - name: install ispconfig fix systemd service unit + copy: + dest: /etc/systemd/system/fix-fstab.timer + content: | + [Unit] + Description=fix fstab entries made by ispconfig + + [Timer] + OnCalendar=*-*-* *:*:00 + + [Install] + WantedBy=timers.target + + - name: enable and start fstab fix + systemd: + name: fix-fstab.timer + daemon_reload: yes + enabled: yes + state: started + + ### the machine reboots often - make it so that no manual intervention is necessary + ### of course this makes encrypting the disks a little bit silly... + - name: create base dir for crypto volume key files + file: + path: /etc/cryptsetup-keys.d/ + state: directory + mode: 0500 + + - name: generate key files for crypto volumes + loop: "{{ luks_devices | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key" + content: "{{ item.value.passphrase }}" + mode: 0400 + notify: rebuild initramfs + + - name: generate crypttab + copy: + dest: /etc/crypttab + content: | + # ansible generated + {% for name, volume in luks_devices.items() %} + {{ name }} {{ volume.device }} /etc/cryptsetup-keys.d/{{ name }}.key luks + {% endfor %} + notify: rebuild initramfs + + handlers: + - name: rebuild initramfs + command: dpkg-reconfigure initramfs-tools + + +### TODO: +# +# zfs create -o quota=30G -o compress=lz4 storage/mysql +# zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup +# zfs create -o quota=300G -o compress=lz4 storage/vmail +# zfs create -o quota=600G -o compress=lz4 storage/www +# zfs create -o quota=40G -o compress=lz4 storage/log +# zfs create -o quota=50G -o compress=lz4 storage/configz +# zfs create -o quota=20G -o compress=lz4 storage/backup +# +# mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# +### add to /etc/fstab: +## +## /srv/storage/mysql /var/lib/mysql none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/automysqlbackup /var/lib/automysqlbackup none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/vmail /var/vmail none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/www /var/www none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/log /var/log/ispconfig none defaults,bind,x-systemd.automount,nofail 0 0 +## /srv/storage/backup /var/backup none defaults,bind,x-systemd.automount,nofail 0 0 +# +# mount -a +# + + +########### manual post-boot + +# cat /etc/fstab | grep "^/var/log" | awk '{ system("umount "$2) }' +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# umount /srv/storage/www/clients/client2/web2/web/shared/fileadmin/wolke +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# mount | grep systemd-1 | awk '{ print($3) }' | grep "^/var" | xargs umount +# rm -rf /srv/storage/* diff --git a/skillz/sk-2019vm.yml b/skillz/sk-2019vm.yml new file mode 100644 index 00000000..d7c42245 --- /dev/null +++ b/skillz/sk-2019vm.yml @@ -0,0 +1,39 @@ +--- +- name: Basic Setup + hosts: sk-2019vm + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/users + - role: storage/luks/base + - role: storage/zfs/base + - role: storage/zfs/sanoid + - role: vm/host/base + - role: vm/host/network + - role: installer/debian/base + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in luks_devices.items() %} + echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + rm -f /run/libvirt/qemu/autostarted + systemctl restart libvirtd.service diff --git a/skillz/sk-cloudio.yml b/skillz/sk-cloudio.yml new file mode 100644 index 00000000..15e8bfec --- /dev/null +++ b/skillz/sk-cloudio.yml @@ -0,0 +1,31 @@ +--- +- name: Basic Setup + hosts: sk-cloudio + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + +- name: Payload Setup + hosts: sk-cloudio + roles: + - role: core/users + - role: storage/zfs/base + - role: apt-repo/spreadspace + - role: storage/zfs/sanoid + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: x509/acmetool/base + - role: nginx/base + - role: mail/postfix/base + - role: apps/nextcloud + - role: apps/collabora/code + - role: apps/onlyoffice + #- role: apps/etherpad-lite + - role: apps/coturn + - role: apps/jitsi/meet + - role: apps/keycloak + #- role: apps/pigallery2 + - role: apps/wikijs diff --git a/skillz/sk-testvm.yml b/skillz/sk-testvm.yml new file mode 100644 index 00000000..74ba2053 --- /dev/null +++ b/skillz/sk-testvm.yml @@ -0,0 +1,151 @@ +--- +- name: Basic Setup + hosts: sk-testvm + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + +- name: Payload Setup + hosts: sk-testvm + vars: + acme_client: uacme + # acme_client: acmetool + # cert_provider: "{{ acme_client }}" + # cert_provider: static + # cert_provider: selfsigned + cert_provider: static-ca + roles: + - role: apt-repo/spreadspace + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: "x509/{{ cert_provider }}/base" + - role: nginx/base + - role: nginx/auth/sso/base + - role: nginx/auth/sso/backend + - role: nginx/vhost + nginx_vhost: + default: yes + name: nosuchsite + template: generic + tls: + certificate_provider: "{{ cert_provider }}" + certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__default', default={}) }}" + hsts: no + hostnames: + - testvm.elev8.at + locations: + '/': + root: /var/www/default + index: index.html + - role: nginx/vhost + nginx_vhost: + name: login + template: generic + tls: + certificate_provider: "{{ cert_provider }}" + certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}" + hsts: no + hostnames: + - login.spreadspace.org + - login.spreadspace.com + - login.spreadspace.net + - login.spreadspace.systems + locations: + '/': + proxy_pass: http://127.0.0.1:8082 + - role: nginx/vhost + nginx_vhost: + name: test + template: generic + tls: + certificate_provider: "{{ cert_provider }}" + certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}" + hsts: no + hostnames: + - test.spreadspace.org + - test.spreadspace.com + - test.spreadspace.net + - test.spreadspace.systems + extra_directives: | + include snippets/sso-spreadspace.conf; + locations: + '/': + # proxy_pass: http://127.0.0.1:8080 + root: /var/www/test + index: index.html + extra_directives: | + #auth_request_set $username $upstream_http_x_username; + #proxy_set_header Remote-User $username; + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + # - role: apps/mumble + # mumble_version: v1.4.287-4 + # mumble_instance: spreadspace + # mumble_hostnames: + # - test.spreadspace.org + # - test.spreadspace.com + # - test.spreadspace.net + # - test.spreadspace.systems + # mumble_superuser_password: "very-secret" + # mumble_config_options: + # bonjour: false + # sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" + # welcometext: "Welcome to the spreadspace Mumble Test-Server" + # rememberchannel: true + # mumble_tls: + # certificate_provider: "{{ cert_provider }}" + # certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}" + # - role: apps/coturn + # coturn_version: 4.6.2-r4 + # coturn_realm: spreadspace + # coturn_hostnames: + # - test.spreadspace.org + # - test.spreadspace.com + # - test.spreadspace.net + # - test.spreadspace.systems + # coturn_auth_secret: "somewhat-secret" + # coturn_tls: + # certificate_provider: "{{ cert_provider }}" + # certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}" + post_tasks: + - name: make sure document root directories exist + loop: + - test + - default + file: + path: "/var/www/{{ item }}" + state: directory + + - name: install index.html for default server + copy: + dest: /var/www/default/index.html + content: | + <html> + <head> + <title>No Such Site</title> + </head> + <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;"> + <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;"> + <h2 style="">You have reached testvm.elev8.at, nothing to see here.</h2> + </div> + </body> + </html> + + + - name: install index.html for test server + copy: + dest: /var/www/test/index.html + content: | + <html> + <head> + <title>This is Test</title> + </head> + <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;"> + <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;"> + <h2 style="">If you can read this the test was successful.</h2> + </div> + </body> + </html> diff --git a/skillz/sk-tomnext-hp.yml b/skillz/sk-tomnext-hp.yml new file mode 100644 index 00000000..b0c38093 --- /dev/null +++ b/skillz/sk-tomnext-hp.yml @@ -0,0 +1,6 @@ +--- +- name: do nothing + hosts: sk-tomnext-hp + tasks: + - debug: + msg: this host is not managed by ansible ... nothing to do here diff --git a/skillz/sk-tomnext-nc.yml b/skillz/sk-tomnext-nc.yml new file mode 100644 index 00000000..9b756a18 --- /dev/null +++ b/skillz/sk-tomnext-nc.yml @@ -0,0 +1,24 @@ +--- +- name: Basic Setup + hosts: sk-tomnext-nc + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + +- name: Payload Setup + hosts: sk-tomnext-nc + roles: + - role: core/users + - role: storage/zfs/base + - role: apt-repo/spreadspace + - role: storage/zfs/sanoid + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: x509/acmetool/base + - role: nginx/base + - role: mail/postfix/base + - role: apps/nextcloud + - role: apps/collabora/code + - role: apps/onlyoffice diff --git a/skillz/sk-tomnext.yml b/skillz/sk-tomnext.yml new file mode 100644 index 00000000..8ad69918 --- /dev/null +++ b/skillz/sk-tomnext.yml @@ -0,0 +1,39 @@ +--- +- name: Basic Setup + hosts: sk-tomnext + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/users + - role: storage/luks/base + - role: storage/zfs/base + - role: storage/zfs/sanoid + - role: vm/host/base + - role: vm/host/network + - role: installer/debian/base + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in luks_devices.items() %} + echo -e "opening crypto volume: \033[1;37m{{ name }}\033[0m" + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + rm -f /run/libvirt/qemu/autostarted + systemctl restart libvirtd.service diff --git a/skillz/sk-torrent.yml b/skillz/sk-torrent.yml new file mode 100644 index 00000000..e6a176c1 --- /dev/null +++ b/skillz/sk-torrent.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: sk-torrent + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/users + - role: skillz/torrent diff --git a/skillz/usb-generate.yml b/skillz/usb-generate.yml new file mode 100644 index 00000000..7f633f1e --- /dev/null +++ b/skillz/usb-generate.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostnames }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + +- import_playbook: ../common/usb-generate.yml diff --git a/skillz/usb-install.yml b/skillz/usb-install.yml new file mode 100644 index 00000000..0f62bc85 --- /dev/null +++ b/skillz/usb-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + +- import_playbook: ../common/usb-install.yml diff --git a/skillz/vm-deploy.yml b/skillz/vm-deploy.yml new file mode 100644 index 00000000..8530b14a --- /dev/null +++ b/skillz/vm-deploy.yml @@ -0,0 +1,18 @@ +--- +- name: generate os image + hosts: "{{ install_hostname }}" + connection: local + gather_facts: no + roles: + - role: "installer/{{ install_distro }}/image" + +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + vm_host: "{{ vm_host | default({}) }}" + +- import_playbook: ../common/vm-deploy.yml diff --git a/skillz/vm-install.yml b/skillz/vm-install.yml new file mode 100644 index 00000000..da6a29a5 --- /dev/null +++ b/skillz/vm-install.yml @@ -0,0 +1,11 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install: "{{ install | default({}) }}" + network: "{{ network | default({}) }}" + vm_host: "{{ vm_host | default({}) }}" + +- import_playbook: ../common/vm-install.yml |