justin
/
Ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moved file around

This commit is contained in:
Justin 2025-04-14 14:13:11 -05:00
parent bf94693d29
commit 659d653e90
13 changed files with 580 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
docker/docker-certs-enable.yaml Normal file
View File

@ -0,0 +1,52 @@
---
- name: "Docker Certs enable"
hosts: "{{ my_hosts | d([]) }}"
become: true
vars:
certs_path: "/root/docker-certs"
tasks:
- name: Check if docker certs are existing
ansible.builtin.stat:
path: "{{ certs_path }}"
register: certs_dir
- name: Fail if docker certs are not existing
ansible.builtin.fail:
msg: "Docker certificates are not existing in /root/docker-certs."
when: not certs_dir.stat.exists
- name: Get machine's primary internal ip address from eth0 interface
ansible.builtin.setup:
register: ip_address
- name: Set machine's primary internal ip address
ansible.builtin.set_fact:
ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}"
- name: Check if ip_address is a valid ip address
ansible.builtin.assert:
that:
- ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
fail_msg: "ip_address is not a valid ip address."
success_msg: "ip_address is a valid ip address."
- name: Change docker daemon to use certs
ansible.builtin.lineinfile:
path: /lib/systemd/system/docker.service
line: >
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
-H tcp://{{ ip_address }}:2376 --tlsverify --tlscacert={{ certs_path }}/ca.pem
--tlscert={{ certs_path }}/server-cert.pem --tlskey={{ certs_path }}/server-key.pem
regexp: '^ExecStart='
state: present
- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true
- name: Restart docker daemon
ansible.builtin.systemd:
name: docker
state: restarted
enabled: true

158
docker/docker-certs.yaml Normal file
View File

@ -0,0 +1,158 @@
---
- name: "Docker Certs"
hosts: "{{ my_hosts | d([]) }}"
become: true
vars:
certs_path: "/root/docker-certs"
cert_validity_days: 3650
cn_domain: "your-domain.tld"
tasks:
- name: Check if docker certs are existing
ansible.builtin.stat:
path: "{{ certs_path }}"
register: certs_dir
- name: Create docker certs directory (if needed)
ansible.builtin.file:
path: "{{ certs_path }}"
state: directory
mode: '0700'
when: not certs_dir.stat.exists
- name: Check if docker certs directory is empty
ansible.builtin.command: ls -A "{{ certs_path }}"
register: certs_list
when: certs_dir.stat.exists
changed_when: false
ignore_errors: true
- name: Fail if docker certs already exist
ansible.builtin.fail:
msg: "Docker certificates already exist in /root/docker-certs."
when: certs_list.stdout | default('') != ''
- name: Get machine's primary internal ip address from eth0 interface
ansible.builtin.setup:
register: ip_address
- name: Set machine's primary internal ip address
ansible.builtin.set_fact:
ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}"
- name: Check if ip_address is a valid ip address
ansible.builtin.assert:
that:
- ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
fail_msg: "ip_address is not a valid ip address."
success_msg: "ip_address is a valid ip address."
- name: Generate CA private key
ansible.builtin.command:
cmd: >
openssl genrsa -out "{{ certs_path }}/ca-key.pem" 4096
args:
creates: "{{ certs_path }}/ca-key.pem"
- name: Generate CA certificate
ansible.builtin.command:
cmd: >
openssl req -sha256 -new -x509
-subj "/CN={{ cn_domain }}"
-days "{{ cert_validity_days }}"
-key "{{ certs_path }}/ca-key.pem"
-out "{{ certs_path }}/ca.pem"
args:
creates: "{{ certs_path }}/ca.pem"
- name: Generate server private key
ansible.builtin.command:
cmd: >
openssl genrsa -out "{{ certs_path }}/server-key.pem" 4096
creates: "{{ certs_path }}/server-key.pem"
- name: Generate server certificate signing request
ansible.builtin.command:
cmd: >
openssl req -sha256 -new
-subj "/CN={{ inventory_hostname }}"
-key "{{ certs_path }}/server-key.pem"
-out "{{ certs_path }}/server.csr"
creates: "{{ certs_path }}/server.csr"
- name: Generate server certificate extension file
ansible.builtin.shell: |
echo "subjectAltName = DNS:{{ inventory_hostname }},IP:{{ ip_address }},IP:127.0.0.1" >> "{{ certs_path }}/extfile.cnf"
echo "extendedKeyUsage = serverAuth" >> "{{ certs_path }}/extfile.cnf"
args:
creates: "{{ certs_path }}/extfile.cnf"
- name: Generate server certificate
ansible.builtin.command:
cmd: >
openssl x509 -req -days "{{ cert_validity_days }}" -sha256
-in "{{ certs_path }}/server.csr"
-CA "{{ certs_path }}/ca.pem"
-CAkey "{{ certs_path }}/ca-key.pem"
-CAcreateserial -out "{{ certs_path }}/server-cert.pem"
-extfile "{{ certs_path }}/extfile.cnf"
creates: "{{ certs_path }}/server-cert.pem"
- name: Generate client private key
ansible.builtin.command:
cmd: >
openssl genrsa -out "{{ certs_path }}/key.pem" 4096
creates: "{{ certs_path }}/key.pem"
- name: Generate client certificate signing request
ansible.builtin.command:
cmd: >
openssl req -sha256 -new
-subj "/CN=client"
-key "{{ certs_path }}/key.pem"
-out "{{ certs_path }}/client.csr"
creates: "{{ certs_path }}/client.csr"
- name: Generate client certificate extension file
ansible.builtin.shell: |
echo "extendedKeyUsage = clientAuth" >> "{{ certs_path }}/client-extfile.cnf"
args:
creates: "{{ certs_path }}/client-extfile.cnf"
- name: Generate client certificate
ansible.builtin.command:
cmd: >
openssl x509 -req -days "{{ cert_validity_days }}"
-sha256 -in "{{ certs_path }}/client.csr"
-CA "{{ certs_path }}/ca.pem"
-CAkey "{{ certs_path }}/ca-key.pem"
-CAcreateserial -out "{{ certs_path }}/cert.pem"
-extfile "{{ certs_path }}/client-extfile.cnf"
creates: "{{ certs_path }}/cert.pem"
- name: Remove client certificate signing request
ansible.builtin.file:
path: "{{ certs_path }}/server.csr"
state: absent
- name: Remove client certificate signing request
ansible.builtin.file:
path: "{{ certs_path }}/client.csr"
state: absent
- name: Remove server certificate extension file
ansible.builtin.file:
path: "{{ certs_path }}/extfile.cnf"
state: absent
- name: Remove client certificate extension file
ansible.builtin.file:
path: "{{ certs_path }}/client-extfile.cnf"
state: absent
- name: Set permissions for docker certs
ansible.builtin.file:
path: "{{ certs_path }}"
mode: '0700'
recurse: true
follow: true

35
docker/inst-docker-ubuntu.yaml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Install docker
hosts: "{{ my_hosts | d([]) }}"
become: true
tasks:
- name: Install docker dependencies
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
update_cache: true
- name: Add docker gpg key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
keyring: /etc/apt/keyrings/docker.gpg
- name: Add docker repository
ansible.builtin.apt_repository:
filename: docker
repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename | lower }} stable
state: present
- name: Install docker engine
ansible.builtin.apt:
name:
- docker-ce
- docker-buildx-plugin
- docker-compose-plugin
update_cache: true

14
docker/maint-docker-clean.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Clean docker
hosts: "{{ my_hosts | d([]) }}"
tasks:
- name: Prune non-dangling images
community.docker.docker_prune:
containers: false
images: true
images_filters:
dangling: false
networks: false
volumes: false
builder_cache: false

4
git-update.yaml
View File

@ -6,6 +6,8 @@
- name: Git Pull
ansible.builtin.git:
repo: https://git.ki5bhv.com/justin/Ansible.git
dest: /home/justin/ansible
dest: /home/justin/Ansible
single_branch: yes
version: main
:

23
ubuntu/config-add-sshkey.yaml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Add ssh key
hosts: all
become: true
tasks:
- name: create id_rsa
file:
path: "~/.ssh/id_rsa.pub"
state: touch
- name: Install public keys
ansible.posix.authorized_key:
user: "{{ lookup('env', 'USER') }}"
state: present
key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
- name: Change sudoers file
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s

19
ubuntu/inst-vm-core.yaml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Install core packages for virtual machines
hosts: "{{ my_hosts | d([]) }}"
become: true
tasks:
- name: Install packages
ansible.builtin.apt:
name:
- prometheus-node-exporter
- nfs-common
- qemu-guest-agent
update_cache: true
- name: Start guest qemu-guest-agent
ansible.builtin.service:
name: qemu-guest-agent
state: started
enabled: true

110
ubuntu/install_nvim.yaml Normal file
View File

@ -0,0 +1,110 @@
---
- name: Installing Nvim
hosts: localhost
tasks:
- name: make sure git is installed
become: yes
apt:
update_cache: yes
name: git
state: latest
- name: Pulling from github
ansible.builtin.command:
cmd: "curl -LO https://github.com/neovim/neovim/releases/latest/download/nvim-linux-x86_64.tar.gz --output-dir /tmp"
- name: Removing and older verson
become: true
ansible.builtin.command:
cmd: "sudo rm -rf /opt/nvim"
- name: Unziping Nvim
become: true
ansible.builtin.command:
cmd: "sudo tar -C /opt -xzf /tmp/nvim-linux-x86_64.tar.gz"
- name: Setting the path
ansible.builtin.lineinfile:
line: 'export PATH="$PATH:/opt/nvim-linux-x86_64/bin"'
path: "~/.bashrc"
insertafter: EOF
- name: Check if there is a config
ansible.builtin.stat:
path: /home/justin/.config/nvim
register: nvim_config
- name: Checking if there is a backup Nvim config
ansible.builtin.stat:
path: /home/justin/.config/nvim.bak
register: nvim_backup_config
- name: Removing backup config
ansible.builtin.command:
cmd: "rm -r /home/justin/.config/nvim.bak"
when: nvim_backup_config.stat.exists
- name: Backup configs
ansible.builtin.command:
cmd: "mv /home/justin/.config/nvim /home/justin/.config/nvim.bak"
when: nvim_config.stat.exists
- name: Pulling config
ansible.builtin.command:
cmd: "git clone https://github.com/LazyVim/starter ~/.config/nvim"
- name: removing the git file
ansible.builtin.command:
cmd: "rm -rf /home/justin/.config/nvim/.git"
- name: Cleanup
ansible.builtin.command:
cmd: "rm /tmp/nvim-linux-x86_64.tar.gz"
- name: installing unzip
become: true
when: ansible_pkg_mgr == "apt"
ansible.builtin.apt:
name: unzip
state: latest
- name: Check if Font folder is there
ansible.builtin.stat:
path: ~/.local/share/fonts
register: fonts_folder
- name: Making font folder
ansible.builtin.command:
cmd: "mkdir /home/justin/.local/share/fonts"
when: fonts_folder.stat.exists != True
- name: Nerd font zip
ansible.builtin.command:
cmd: "curl -LO https://github.com/ryanoasis/nerd-fonts/releases/download/v3.3.0/3270.zip --output-dir /tmp"
- name: Unzipping
ansible.builtin.command:
cmd: "unzip /tmp/3270.zip -d /home/justin/.local/share/fonts/ "
- name: Font Cleanup
ansible.builtin.command:
cmd: "rm /tmp/3270.zip"
- name: installing font config
become: true
when: ansible_pkg_mgr == "apt"
ansible.builtin.apt:
name: fontconfig
state: latest
- name: Set Fonts
ansible.builtin.command:
cmd: "fc-cache -fv"
- name: installing fzf for nvim
become: true
when: ansible_pkg_mgr == "apt"
ansible.builtin.apt:
name: fzf
state: latest

25
ubuntu/maint-diskspace.yaml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Check disk space
hosts: "all"
tasks:
- name: Check disk space available
ansible.builtin.shell:
cmd: |
set -euo pipefail
df -Ph / | awk 'NR==2 {print $5}'
executable: /bin/bash
changed_when: false
check_mode: false
register: disk_usage
- name: Diskspace is over 80%
ansible.builtin.debug:
msg: "Disk is over 80%"
when: disk_usage.stdout[:-1]|int>80
- name: Posting
ansible.builtin.command:
cmd: 'curl -d "Disk space on {{ inventory_hostname }} is above 80%!" ntfy.ki5bhv.com/server'
when: disk_usage.stdout[:-1]|int>80

16
ubuntu/maint-reboot-required.yaml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Check if system reboot is required
hosts: "all"
become: true
tasks:
- name: Check if system reboot is required
become: true
ansible.builtin.stat:
path: /run/reboot-required
register: reboot_required
- name: Report if reboot is required
ansible.builtin.command:
cmd: 'curl -d "Reboot is required for {{inventory_hostname}}" ntfy.ki5bhv.com/server'
when: reboot_required.stat.exists

11
ubuntu/plex.yaml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Update Plex Sever
hosts: media.ki5bhv.com
become: yes
tasks:
- name: Ensure Plex is at the latest version
apt:
update_cache: yes
name: plexmediaserver
state: latest

28
ubuntu/update-cloudflace-tunnel.yaml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Update cloud Flare Tunnel
hosts: cloudflare-tunnel.ki5bhv.com
tasks:
- name: Pull the newest package
ansible.builtin.command:
cmd: "curl --location --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb"
- name: installing package
become: true
ansible.builtin.command:
cmd: "dpkg -i cloudflared.deb"
- name: Restart the service
become: true
ansible.builtin.command:
cmd: "systemctl restart cloudflared.service"
- name: check before cleanup
ansible.builtin.stat:
path: cloudflared.deb
register: cloudflaredfile
- name: Cleanup
when: cloudflaredfile.stat.exists
ansible.builtin.command:
cmd: "rm cloudflared.deb"

86
ubuntu/update.yaml Normal file
View File

@ -0,0 +1,86 @@
---
- name: Send Start update
hosts: localhost
tasks:
- name: send ntfy
ansible.builtin.command:
cmd: 'curl -d "Starting updating with ansible" ntfy.ki5bhv.com/server'
- name: Proxmox Update and upgrade apt packages
hosts: proxmox
become: yes
tasks:
- name: Update packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
update_cache: true
- name: Installing proxmox guest agent
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
name: qemu-guest-agent
state: latest
- name: Enable proxmox agent
ansible.builtin.command:
cmd: systemctl enable qemu-guest-agent
- name: Restart proxmox agent
ansible.builtin.command:
cmd: systemctl restart qemu-guest-agent
- name: Upgrade packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
upgrade: dist
- name: Clean up packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
autoclean: true
autoremove: true
- name: Hardware Update and upgrade apt packages
hosts: hardware
become: yes
tasks:
- name: Update packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
update_cache: true
- name: Upgrade packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
upgrade: dist
- name: Clean up packages with apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
autoclean: true
autoremove: true
- name: installing net-tools on all
hosts: all
become: yes
tasks:
- name: running apt
when: ansible_pkg_mgr == 'apt'
ansible.builtin.apt:
name: net-tools
state: latest
- name: Send completed update
hosts: localhost
tasks:
- name: send ntfy
ansible.builtin.command:
cmd: 'curl -d "Updated with ansible" ntfy.ki5bhv.com/server'