jaydee/ansible
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/jaydee/ansible.git synced 2025-01-23 20:39:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bitwarden

Browse Source
This commit is contained in:
jaydee 2024-11-26 19:37:53 +01:00
parent 4f32b163bf
commit 298b3f2d3f
8 changed files with 515 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
hosts_kestra copy.yml Normal file
View File

@ -0,0 +1,153 @@
---
datacenter:
children:
odroid_cluster:
children:
odroid_master:
hosts:
192.168.77.131:
vars:
testVar: 999
odroid_worker:
hosts:
192.168.77.13[2:5]:
vars:
ansible_ssh_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
localhost1:
hosts:
localhost
vars:
ansible_user: root
morefine:
hosts:
192.168.77.12:
vars:
jaydee_install_mqtt_srv: true
ansible_python_interpreter: auto_silent
ansible_ssh_user: jd
ansible_become_user: root
ansible_become_password: q
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ryzen:
hosts:
192.168.77.15:
vars:
ansible_python_interpreter: auto_silent
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_password: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
omv:
hosts:
192.168.77.189:
vars:
ansible_user: root
ansible_password: lacijaydee
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
amd:
hosts:
192.168.77.4:
vars:
ansible_user: root
ansible_password: l4c1j4yd33Du5lo
ansible_ssh_user: root
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
rhasspy:
hosts:
192.168.77.224
vars:
ansible_user: jd
ansible_ssh_pass: q
ansible_become_password: l4c1j4yd33Du5lo
windows:
hosts:
192.168.77.211
vars:
ansible_user: jd
ansible_password: "q"
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true
mqtt_srv:
children:
servers:
hosts:
rpi5-1.home.lan:
rpi5.home.lan:
omv.home.lan:
rack.home.lan:
m-server.home.lan:
zabbix.home.lan:
192.168.77.101:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
ansible_become_password: l4c1j4yd33Du5lo
ansible_ssh_private_key_file: ssh_key.pem
identity_file: ssh_key.pem
nas:
hosts:
nas.home.lan:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
desktop:
hosts:
morefine.home.lan:
vars:
ansible_ssh_user: jd
ansible_become_user: root
ansible_become_password: q
# ansible_ssh_password: q
ansible_ssh_private_key_file: ssh_key.pem
containers:
children:
servers:
hosts:
rpi5-1.home.lan:
rpi5.home.lan:
m-server.home.lan:
fog.home.lan:
zabbix.home.lan:
omv.home.lan:
192.168.77.101:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
# ansible_ssh_password: l4c1j4yd33Du5lo
ansible_become_password: l4c1j4yd33Du5lo
ansible_ssh_private_key_file: ssh_key.pem
identity_file: ssh_key.pem
ansible_ssh_pass: l4c1j4yd33Du5lo
nas:
hosts:
nas.home.lan:
192.168.77.106:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3

147
hosts_roles.yml Normal file
View File

@ -0,0 +1,147 @@
---
datacenter:
children:
odroid_cluster:
children:
odroid_master:
hosts:
192.168.77.131:
vars:
testVar: 999
odroid_worker:
hosts:
192.168.77.13[2:5]:
vars:
ansible_ssh_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
localhost1:
hosts:
localhost
vars:
ansible_user: root
morefine:
hosts:
192.168.77.12:
vars:
jaydee_install_mqtt_srv: true
ansible_python_interpreter: auto_silent
ansible_ssh_user: jd
ansible_become_user: root
ansible_become_password: q
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ryzen:
hosts:
192.168.77.15:
vars:
ansible_python_interpreter: auto_silent
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_password: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
omv:
hosts:
192.168.77.189:
vars:
ansible_user: root
ansible_password: lacijaydee
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
amd:
hosts:
192.168.77.4:
vars:
ansible_user: root
ansible_password: l4c1j4yd33Du5lo
ansible_ssh_user: root
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
rhasspy:
hosts:
192.168.77.224
vars:
ansible_user: jd
ansible_ssh_pass: q
ansible_become_password: l4c1j4yd33Du5lo
windows:
hosts:
192.168.77.211
vars:
ansible_user: jd
ansible_password: "q"
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true
mqtt_srv:
children:
servers:
hosts:
rpi5-1.home.lan:
rpi5.home.lan:
omv.home.lan:
rack.home.lan:
m-server.home.lan:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
ansible_become_password: l4c1j4yd33Du5lo
ansible_ssh_private_key_file: ssh_key.pem
identity_file: ssh_key.pem
nas:
hosts:
nas.home.lan:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
desktop:
hosts:
morefine.home.lan:
vars:
ansible_ssh_user: jd
ansible_become_user: root
ansible_become_password: q
# ansible_ssh_password: q
ansible_ssh_private_key_file: ssh_key.pem
containers:
children:
servers:
hosts:
rpi5-1.home.lan:
rpi5.home.lan:
m-server.home.lan:
fog.home.lan:
# zabbix.home.lan:
omv.home.lan:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
ansible_become_password: l4c1j4yd33Du5lo
ansible_ssh_private_key_file: ssh_key.pem
nas:
hosts:
nas.home.lan:
192.168.77.106:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3

4
roles/common/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: Upgrade the full OS
ansible.builtin.apt:
upgrade: full
become: true

165
roles/monitoring/tasks/main.yml Normal file
View File

@ -0,0 +1,165 @@
- name: Get config for not nas
ansible.builtin.set_fact:
zabbix_agent_cfg: "/etc/zabbix/zabbix_agent2.conf"
when: inventory_hostname != 'nas.home.lan'
- name: Get config for nas
ansible.builtin.set_fact:
zabbix_agent_cfg: "/opt/ZabbixAgent/etc/zabbix_agentd.conf"
when: inventory_hostname == 'nas.home.lan'
become: true
# - name: Print all available facts
# ansible.builtin.debug:
# var: ansible_facts.architecture
# - name: Print all available facts
# ansible.builtin.debug:
# var: ansible_distribution
# - name: Print all available facts
# ansible.builtin.debug:
# var: ansible_distribution_major_version
# - name: Upload zabbix package
# ansible.builtin.copy:
# src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb
# dest: /tmp/
- name: Install a .deb package from the internet11
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
when:
- ansible_facts.architecture != "armv7l" and ( ansible_distribution == "Ubuntu" or ansible_distribution == "Linux Mint" )
become: true
- name: Install a .deb package from the internet2
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/raspbian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian11_all.deb
retries: 5
delay: 5
when:
- ansible_facts.architecture == "armv7l" or ansible_facts.architecture == "aarch64"
become: true
ignore_errors: true
- name: Install a .deb package from the internet3
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
become: true
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "11"
- name: Install a .deb package from the internet4
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_facts.architecture != "aarch64" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
ignore_errors: true
become: true
# - name: Install a .deb package localy
# ansible.builtin.apt:
# deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb
- name: Install zabbix packages
ansible.builtin.apt:
name:
- zabbix-agent2
- zabbix-agent2-plugin-mongodb
- zabbix-agent2-plugin-postgresql
update_cache: yes
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname != 'nas.home.lan'
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^Server=.*"
insertafter: '^# Server='
line: "Server=192.168.77.0/24"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix agent ServerActive
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^ServerActive=.*"
line: "ServerActive={{ ZABBIX_SERVER }}"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix agent ListenPort
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^ListenPort=.*"
line: "ListenPort=10050"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
# - name: Reconfigure zabbix agent ListenIP
# ansible.builtin.lineinfile:
# path: /"{{ zabbix_agent_cfg }}"
# regexp: "^ListenIP=.*"
# line: "ListenIP=0.0.0.0"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^Hostname=.*"
line: "Hostname={{ inventory_hostname }}"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix-agent2 config
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
insertafter: '^# UserParameter='
regexp: "^UserParameter=system.certs.*"
line: "UserParameter=system.certs,python3 /share/ZFS530_DATA/.qpkg/ZabbixAgent/cert_check2.py"
when: inventory_hostname == 'nas.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix-agent2 config
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
insertafter: '^# UserParameter='
regexp: "^UserParameter=system.certs.*"
line: "UserParameter=system.certs,python3 /usr/bin/cert_check2.py"
when: inventory_hostname == 'm-server.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix-agent2 config
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
insertafter: '^# UserParameter='
line: "UserParameter=rpi.hw.temp,/usr/bin/vcgencmd measure_temp"
when: inventory_hostname == 'rpi5.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^HostMetadata=.*"
insertafter: '^# HostMetadata='
line: "HostMetadata=linux;jaydee"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^HostMetadata=.*"
insertafter: '^# HostMetadata='
line: "HostMetadata=server;jaydee"
when: inventory_hostname == 'nas.home.lan' or inventory_hostname == 'm-server.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Add the user 'to group video
ansible.builtin.user:
name: zabbix
groups: video
append: yes
when: inventory_hostname != 'nas.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Restart zabbix-agent2 service
ansible.builtin.service:
name: zabbix-agent2.service
state: restarted
enabled: true
when: inventory_hostname != 'nas.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Restart agent
ansible.builtin.shell: /etc/init.d/ZabbixAgent.sh restart
when: inventory_hostname == 'nas.home.lan'
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"

1
roles/monitoring/vars/main.yml Normal file
View File

@ -0,0 +1 @@
ZABBIX_SERVER: "zabbix.home.lan"

3
roles/update_flatpack/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
- name: Upgrade flatpack
ansible.builtin.command: flatpak update -y
become: true

36
roles/wake_on_lan/tasks/main.yml Normal file
View File

@ -0,0 +1,36 @@
- name: Install ethtool
ansible.builtin.apt:
name: ethtool
state: present
- name: Display all interfaces name
debug:
var: ansible_facts.interfaces
- name: Get wifi adapter
set_fact:
wifi_adapter: '{{ item }}'
loop: '{{ ansible_facts.interfaces }}'
when: 'item.startswith("eno")'
- name: Creating config
become: true
ansible.builtin.copy:
dest: "/etc/systemd/system/wol.service"
content: |
[Unit]
Description=Enable Wake On Lan
[Service]
Type=oneshot
ExecStart = /usr/sbin/ethtool --change {{ wifi_adapter }} wol g
[Install]
WantedBy=basic.target
owner: root
mode: '0744'
- name: Restart service wol, in all cases
ansible.builtin.service:
name: wol
state: restarted
enabled: true
become: true

6
servers.yml Normal file
View File

@ -0,0 +1,6 @@
---
- hosts: servers
roles:
- common
- wake_on_lan
- monitoring