diff --git a/hosts.yml b/hosts.yml index b684654..cf8aff5 100644 --- a/hosts.yml +++ b/hosts.yml @@ -18,6 +18,7 @@ datacenter: ansible_become_password: lacijaydee ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + localhost1: hosts: localhost @@ -27,23 +28,51 @@ datacenter: hosts: 192.168.77.12: vars: + jaydee_install_mqtt_srv: true ansible_python_interpreter: auto_silent - ansible_ssh_user: admin - ansible_ssh_pass: l4c1j4yd33Du5lo - + ansible_ssh_user: jd + ansible_ssh_pass: q + ansible_password: q + ansible_become_user: root + ansible_become_password: q + ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + + ryzen: + hosts: + 192.168.77.15: + vars: + ansible_python_interpreter: auto_silent + ansible_ssh_user: root + ansible_ssh_pass: lacijaydee + ansible_password: lacijaydee + ansible_become_user: root + ansible_become_password: lacijaydee omv: hosts: 192.168.77.189: vars: - ansible_user: jd + ansible_user: root + ansible_password: lacijaydee + ansible_ssh_user: root ansible_ssh_pass: lacijaydee + ansible_become_user: root ansible_become_password: lacijaydee + amd: + hosts: + 192.168.77.4: + vars: + ansible_user: root + ansible_password: l4c1j4yd33Du5lo + ansible_ssh_user: root + ansible_ssh_pass: l4c1j4yd33Du5lo + ansible_become_user: root + ansible_become_password: l4c1j4yd33Du5lo rhasspy: hosts: - 192.168.77.16[6:7] + 192.168.77.224 vars: - ansible_user: admin - ansible_ssh_pass: l4c1j4yd33Du5lo + ansible_user: jd + ansible_ssh_pass: q ansible_become_password: l4c1j4yd33Du5lo windows: hosts: @@ -54,39 +83,83 @@ datacenter: ansible_connection: winrm ansible_port: 5985 ansible_winrm_server_cert_validation: ignore - ansible_winrm_kerberos_delegation: true\ - - containers: + ansible_winrm_kerberos_delegation: true + mqtt_srv: children: - router: + servers: hosts: - 192.168.77.1 + rpi5-1.home.lan: + omv.home.lan: + rack.home.lan: + m-server.home.lan: + zabbix.home.lan: vars: +<<<<<<< HEAD ansible_python_interpreter: /opt/bin/python ansible_ssh_user: admin ansible_ssh_pass: l4c1!j4yd33?Du5lo raspberry: - hosts: - 192.168.77.246 - vars: - ansible_python_interpreter: /usr/bin/python +======= + ansible_python_interpreter: /usr/bin/python3 + ansible_user: jd + ansible_password: l4c1j4yd33Du5lo ansible_ssh_user: jd - ansible_ssh_pass: q - ansible_become_user: root - ansible_become_password: l4c1j4yd33Du5lo - raspberrypi5: - hosts: - 192.168.77.238 - vars: - ansible_python_interpreter: /usr/bin/python - ansible_ssh_user: jd - ansible_ssh_pass: q + ansible_ssh_pass: l4c1j4yd33Du5lo ansible_become_user: root ansible_become_password: l4c1j4yd33Du5lo nas: +>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24 hosts: + nas.home.lan: + + vars: + ansible_ssh_user: admin + ansible_ssh_pass: l4c1!j4yd33?Du5lo + become_method: su + become_user: admin + # ansible_user: admin + # ansible_pass: l4c1!j4yd33?Du5lo1 + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3 + desktop: + hosts: + morefine.home.lan: + vars: + ansible_user: jd + ansible_password: q + ansible_ssh_user: jd + ansible_ssh_pass: q + ansible_become_user: root + ansible_become_password: q + + containers: + children: + servers: + hosts: + rpi5-1.home.lan: + m-server.home.lan: + fog.home.lan: + zabbix.home.lan: + omv.home.lan: + vars: + ansible_python_interpreter: /usr/bin/python3 + ansible_ssh_user: jd + ansible_ssh_pass: l4c1j4yd33Du5lo + ansible_become_user: root + ansible_become_password: l4c1j4yd33Du5lo + ansible_ssh_private_key_file: ~/.ssh/ansible + nas: + hosts: + nas.home.lan: 192.168.77.106: vars: ansible_ssh_user: admin ansible_ssh_pass: l4c1!j4yd33?Du5lo - ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3 \ No newline at end of file +<<<<<<< HEAD + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3 +======= + become_method: su + become_user: admin + # ansible_user: admin + # ansible_pass: l4c1!j4yd33?Du5lo1 + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3 +>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24 diff --git a/hosts_kestra.yml b/hosts_kestra.yml new file mode 100644 index 0000000..2351806 --- /dev/null +++ b/hosts_kestra.yml @@ -0,0 +1,147 @@ +--- +datacenter: + children: + odroid_cluster: + children: + odroid_master: + hosts: + 192.168.77.131: + vars: + testVar: 999 + odroid_worker: + hosts: + 192.168.77.13[2:5]: + + vars: + ansible_ssh_user: jd + ansible_ssh_pass: lacijaydee + ansible_become_password: lacijaydee + ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + + localhost1: + hosts: + localhost + vars: + ansible_user: root + morefine: + hosts: + 192.168.77.12: + vars: + jaydee_install_mqtt_srv: true + ansible_python_interpreter: auto_silent + ansible_ssh_user: jd + ansible_ssh_pass: q + ansible_password: q + ansible_become_user: root + ansible_become_password: q + ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + + ryzen: + hosts: + 192.168.77.15: + vars: + ansible_python_interpreter: auto_silent + ansible_ssh_user: root + ansible_ssh_pass: lacijaydee + ansible_password: lacijaydee + ansible_become_user: root + ansible_become_password: lacijaydee + omv: + hosts: + 192.168.77.189: + vars: + ansible_user: root + ansible_password: lacijaydee + ansible_ssh_user: root + ansible_ssh_pass: lacijaydee + ansible_become_user: root + ansible_become_password: lacijaydee + amd: + hosts: + 192.168.77.4: + vars: + ansible_user: root + ansible_password: l4c1j4yd33Du5lo + ansible_ssh_user: root + ansible_ssh_pass: l4c1j4yd33Du5lo + ansible_become_user: root + ansible_become_password: l4c1j4yd33Du5lo + rhasspy: + hosts: + 192.168.77.224 + vars: + ansible_user: jd + ansible_ssh_pass: q + ansible_become_password: l4c1j4yd33Du5lo + windows: + hosts: + 192.168.77.211 + vars: + ansible_user: jd + ansible_password: "q" + ansible_connection: winrm + ansible_port: 5985 + ansible_winrm_server_cert_validation: ignore + ansible_winrm_kerberos_delegation: true + mqtt_srv: + children: + servers: + hosts: + rpi5-1.home.lan: + omv.home.lan: + rack.home.lan: + m-server.home.lan: + zabbix.home.lan: + vars: + ansible_python_interpreter: /usr/bin/python3 + ansible_user: jd + ansible_ssh_private_key_file: ssh_key.pem + nas: + hosts: + nas.home.lan: + + vars: + ansible_ssh_user: admin + become_method: su + become_user: admin + ansible_ssh_private_key_file: ssh_key.pem + # ansible_user: admin + # ansible_pass: l4c1!j4yd33?Du5lo1 + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3 + desktop: + hosts: + morefine.home.lan: + vars: + ansible_user: jd + ansible_password: q + ansible_ssh_user: jd + ansible_ssh_pass: q + ansible_become_user: root + ansible_become_password: q + + containers: + children: + servers: + hosts: + rpi5-1.home.lan: + m-server.home.lan: + fog.home.lan: + zabbix.home.lan: + omv.home.lan: + vars: + ansible_python_interpreter: /usr/bin/python3 + ansible_ssh_user: jd + ansible_ssh_private_key_file: ssh_key.pem + nas: + hosts: + nas.home.lan: + 192.168.77.106: + vars: + ansible_ssh_user: admin + become_method: su + become_user: admin + ansible_ssh_private_key_file: ssh_key.pem + # ansible_user: admin + # ansible_pass: l4c1!j4yd33?Du5lo1 + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3 diff --git a/playbooks/00_check_for_reboot.yml b/playbooks/00_check_for_reboot.yml index 4fd1d42..738615b 100644 --- a/playbooks/00_check_for_reboot.yml +++ b/playbooks/00_check_for_reboot.yml @@ -1,7 +1,7 @@ - hosts: odroid_cluster name: Check for reboot become: true - gather_facts: no + gather_facts: false tasks: - name: Check if file exists using stat module stat: @@ -13,7 +13,7 @@ var: file_status.stat.exists - name: Reboot the server tags: reboot - become: yes + become: true become_user: root shell: "sleep 5 && reboot" async: 1 diff --git a/playbooks/00_initial_adjustments.yml b/playbooks/00_initial_adjustments.yml index 742dcaa..e2ed4f2 100644 --- a/playbooks/00_initial_adjustments.yml +++ b/playbooks/00_initial_adjustments.yml @@ -1,10 +1,14 @@ - hosts: odroid_cluster name: Initial Adjustments become: true - gather_facts: no + gather_facts: yes vars: iface: "eth0" tasks: + - name: Debug + ansible.builtin.debug: + msg: "{{ ansible_default_ipv4.interface }}" + - name: Reconfigure /root/.bashrc ansible.builtin.lineinfile: path: /root/.bashrc @@ -27,7 +31,22 @@ {%- elif ansible_eth0.macaddress == "00:1e:06:48:b3:0c" -%} odroidc4-5 {%- endif -%} - + when: ansible_default_ipv4.interface == "eth0" + - name: Set a hostname + ansible.builtin.hostname: + name: >- + {%- if ansible_end0.macaddress == "00:1e:06:48:cd:8e" -%} + odroidc4-1 + {%- elif ansible_end0.macaddress == "00:1e:06:48:d0:00" -%} + odroidc4-2 + {%- elif ansible_end0.macaddress == "00:1e:06:48:d0:01" -%} + odroidc4-3 + {%- elif ansible_end0.macaddress == "00:1e:06:48:cd:86" -%} + odroidc4-4 + {%- elif ansible_end0.macaddress == "00:1e:06:48:b3:0c" -%} + odroidc4-5 + {%- endif -%} + when: ansible_default_ipv4.interface == "end0" - name: Iptables 1 ansible.builtin.command: iptables -F diff --git a/playbooks/00_install_zabbix_agent.yml b/playbooks/00_install_zabbix_agent.yml index 4a2fbdf..d8d001c 100644 --- a/playbooks/00_install_zabbix_agent.yml +++ b/playbooks/00_install_zabbix_agent.yml @@ -1,7 +1,23 @@ - hosts: datacenter name: Install zabbix agent - become: true + vars: + ZABBIX_SERVER: "zabbix-server.lan" tasks: + + - name: Combine list1 and list2 into a merged_list var + ansible.builtin.set_fact: + zabbix_agent_cfg: "/etc/zabbix/zabbix_agent2.conf" + when: inventory_hostname not in groups['nas'] + + - name: Combine list1 and list2 into a merged_list var + ansible.builtin.set_fact: + zabbix_agent_cfg: "/opt/ZabbixAgent/etc/zabbix_agentd.conf" + when: inventory_hostname in groups['nas'] + + - name: Print all available facts + ansible.builtin.debug: + msg: "{{ false if inventory_hostname not in groups['nas'] else true }}" + - name: Print all available facts ansible.builtin.debug: var: ansible_facts.architecture @@ -9,20 +25,41 @@ # ansible.builtin.copy: # src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb # dest: /tmp/ - - name: Install a .deb package from the internet + - name: Install a .deb package from the internet1 ansible.builtin.apt: deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb when: - - ansible_facts.architecture != "armv7l" - - name: Install a .deb package from the internet + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Ubuntu" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet2 ansible.builtin.apt: - deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb + #deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb + deb: https://repo.zabbix.com/zabbix/7.0/raspbian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian11_all.deb retries: 5 delay: 5 when: - - ansible_facts.architecture == "armv7l" - + - ansible_facts.architecture == "armv7l" or ansible_facts.architecture == "aarch64" + ignore_errors: true + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet3 + ansible.builtin.apt: + deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb + + when: + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "11" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet4 + ansible.builtin.apt: + #deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb + deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb + when: + - ansible_facts.architecture != "armv7l" and ansible_facts.architecture != "aarch64" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + # - name: Install a .deb package localy # ansible.builtin.apt: # deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb @@ -30,48 +67,99 @@ ansible.builtin.apt: name: - zabbix-agent2 - - zabbix-agent2-plugin-* + - zabbix-agent2-plugin-mongodb + - zabbix-agent2-plugin-postgresql + - zabbix-agent2-plugin-mssql update_cache: yes + when: inventory_hostname not in groups['nas'] + become: "{{ false if inventory_hostname in groups['nas'] else true }}" + + - name: Reconfigure zabbix agent Server ansible.builtin.lineinfile: - path: /etc/zabbix/zabbix_agent2.conf + path: "{{ zabbix_agent_cfg }}" regexp: "^Server=.*" insertafter: '^# Server=' - line: "Server=192.168.77.106" + line: "Server=192.168.77.0/24" + become: "{{ false if inventory_hostname in groups['nas'] else true }}" - name: Reconfigure zabbix agent ServerActive ansible.builtin.lineinfile: - path: /etc/zabbix/zabbix_agent2.conf + path: "{{ zabbix_agent_cfg }}" regexp: "^ServerActive=.*" - line: "ServerActive=192.168.77.106" + line: "ServerActive={{ ZABBIX_SERVER }}" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Reconfigure zabbix agent ListenPort ansible.builtin.lineinfile: - path: /etc/zabbix/zabbix_agent2.conf + path: "{{ zabbix_agent_cfg }}" regexp: "^ListenPort=.*" line: "ListenPort=10050" # - name: Reconfigure zabbix agent ListenIP # ansible.builtin.lineinfile: - # path: /etc/zabbix/zabbix_agent2.conf + # path: /"{{ zabbix_agent_cfg }}" # regexp: "^ListenIP=.*" # line: "ListenIP=0.0.0.0" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" - name: Reconfigure zabbix-agent2 hostname ansible.builtin.lineinfile: - path: /etc/zabbix/zabbix_agent2.conf + path: "{{ zabbix_agent_cfg }}" regexp: "^Hostname=.*" line: "Hostname={{ansible_hostname}}" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Reconfigure zabbix-agent2 hostname ansible.builtin.lineinfile: - path: /etc/zabbix/zabbix_agent2.conf - regexp: "^UserParameter=.*" + path: "{{ zabbix_agent_cfg }}" insertafter: '^# UserParameter=' line: "UserParameter=system.temperature,vcgencmd measure_temp" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Reconfigure zabbix-agent2 config + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + insertafter: '^# UserParameter=' + line: "UserParameter=system.certs,python3 /share/ZFS530_DATA/.qpkg/ZabbixAgent/cert_check2.py" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + when: inventory_hostname in groups['nas'] + + - name: Reconfigure zabbix-agent2 config + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + insertafter: '^# UserParameter=' + line: "UserParameter=rpi.hw.temp,/usr/bin/vcgencmd measure_temp" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + when: inventory_hostname in groups['raspberrypi5'] + + + + + + + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^HostMetadata=.*" + insertafter: '^# HostMetadata=' + line: "HostMetadata=linux;jaydee" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups ansible.builtin.user: name: zabbix groups: video append: yes + when: inventory_hostname not in groups['nas'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Restart zabbix-agent2 service ansible.builtin.service: name: zabbix-agent2.service state: restarted - enabled: true \ No newline at end of file + enabled: true + become: true + when: inventory_hostname not in groups['nas'] + + - name: Restart agent + ansible.builtin.shell: /etc/init.d/ZabbixAgent.sh restart + when: inventory_hostname in groups['nas'] \ No newline at end of file diff --git a/playbooks/00_install_zabbix_agent1.yml b/playbooks/00_install_zabbix_agent1.yml new file mode 100644 index 0000000..c4e63a9 --- /dev/null +++ b/playbooks/00_install_zabbix_agent1.yml @@ -0,0 +1,146 @@ +- hosts: datacenter + name: Install zabbix agent + vars: + ZABBIX_SERVER_IP: "192.168.77.216" + tasks: + - name: Combine list1 and list2 into a merged_list var + ansible.builtin.set_fact: + zabbix_agent_cfg: "/etc/zabbix/zabbix_agentd.conf" + when: inventory_hostname in groups['rhasspy'] + + - name: Combine list1 and list2 into a merged_list var + ansible.builtin.set_fact: + zabbix_agent_cfg: "/etc/zabbix/zabbix_agent2.conf" + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['rhasspy'] + + - name: Combine list1 and list2 into a merged_list var + ansible.builtin.set_fact: + zabbix_agent_cfg: "/opt/ZabbixAgent/etc/zabbix_agentd.conf" + when: inventory_hostname in groups['nas'] + + - name: Print all available facts + ansible.builtin.debug: + msg: "{{ false if inventory_hostname not in groups['nas'] else true }}" + + - name: Print all available facts + ansible.builtin.debug: + var: ansible_facts.architecture + # - name: Upload zabbix package + # ansible.builtin.copy: + # src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb + # dest: /tmp/ + - name: Install a .deb package from the internet + ansible.builtin.apt: + deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb + when: + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Ubuntu" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet + ansible.builtin.apt: + #deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb + deb: https://repo.zabbix.com/zabbix/7.0/raspbian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian11_all.deb + retries: 5 + delay: 5 + when: + - ansible_facts.architecture == "armv7l" + ignore_errors: true + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet + ansible.builtin.apt: + deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb + + when: + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "11" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install a .deb package from the internet + ansible.builtin.apt: + #deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb + deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb + when: + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + + + # - name: Install a .deb package localy + # ansible.builtin.apt: + # deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb + - name: Install zabbix packages + ansible.builtin.apt: + name: + - zabbix-agent + update_cache: yes + when: inventory_hostname not in groups['nas'] + become: "{{ false if inventory_hostname in groups['nas'] else true }}" + + + - name: Reconfigure zabbix agent Server + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^Server=.*" + insertafter: '^# Server=' + line: "Server=192.168.77.0/24" + become: "{{ false if inventory_hostname in groups['nas'] else true }}" + + - name: Reconfigure zabbix agent ServerActive + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^ServerActive=.*" + line: "ServerActive={{ ZABBIX_SERVER_IP }}" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Reconfigure zabbix agent ListenPort + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^ListenPort=.*" + line: "ListenPort=10050" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + # - name: Reconfigure zabbix agent ListenIP + # ansible.builtin.lineinfile: + # path: /"{{ zabbix_agent_cfg }}" + # regexp: "^ListenIP=.*" + # line: "ListenIP=0.0.0.0" + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^Hostname=.*" + line: "Hostname={{ansible_hostname}}" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^UserParameter=.*" + insertafter: '^# UserParameter=' + line: "UserParameter=system.temperature,vcgencmd measure_temp" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: "{{ zabbix_agent_cfg }}" + regexp: "^HostMetadata=.*" + insertafter: '^# HostMetadata=' + line: "HostMetadata=linux;jaydee" + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups + ansible.builtin.user: + name: zabbix + groups: video + append: yes + when: inventory_hostname not in groups['nas'] + + + - name: Restart zabbix-agent2 service + ansible.builtin.service: + name: zabbix-agent.service + state: restarted + enabled: true + become: true + when: inventory_hostname not in groups['nas'] + + - name: Restart agent + ansible.builtin.shell: /etc/init.d/ZabbixAgent.sh restart + when: inventory_hostname in groups['nas'] \ No newline at end of file diff --git a/playbooks/00_install_zabbix_server.yml b/playbooks/00_install_zabbix_server.yml new file mode 100644 index 0000000..d943da7 --- /dev/null +++ b/playbooks/00_install_zabbix_server.yml @@ -0,0 +1,115 @@ +- hosts: datacenter + name: Install zabbix agent + become: true + vars: + ZABBIX_SERVER_IP: "192.168.77.216" + ZABBIX_DB_PASSWORD: "zabbix" + tasks: + - name: Print all available facts + ansible.builtin.debug: + var: ansible_facts.architecture + # - name: Upload zabbix package + # ansible.builtin.copy: + # src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb + # dest: /tmp/ + + - name: Install a .deb package from the internet + ansible.builtin.apt: + #deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb + deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb + when: + - ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + + + # - name: Install a .deb package localy + # ansible.builtin.apt: + # deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb + - name: Install zabbix packages + ansible.builtin.apt: + name: + - zabbix-agent2 + - zabbix-agent2-plugin-* + - zabbix-server-pgsql + - zabbix-frontend-php + - php8.2-pgsql + - zabbix-nginx-conf + - zabbix-sql-scripts + - postgresql + - postgresql-client + update_cache: yes + + - name: Apt exclude linux-dtb-current-meson64 + ansible.builtin.shell: echo "CREATE USER zabbix password 'zabbix';" | su -c /usr/bin/psql postgres + - name: Apt exclude linux-dtb-current-meson64 + ansible.builtin.shell: sudo -u postgres createdb -O zabbix zabbix + - name: Apt exclude linux-dtb-current-meson64 + ansible.builtin.shell: zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix + + - name: Reconfigure zabbix agent Server + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_server.conf + regexp: "^DBPassword=.*" + insertafter: '^# DBPassword=' + line: "DBPassword={{ ZABBIX_DB_PASSWORD }}" + - name: Reconfigure zabbix agent Server + ansible.builtin.lineinfile: + path: /etc/nginx/conf.d/zabbix.conf + regexp: "^# listen.*" + line: " listen 8080;" + - name: Reconfigure zabbix agent Server + ansible.builtin.lineinfile: + path: /etc/nginx/conf.d/zabbix.conf + regexp: "^# server_name.*" + line: " server_name zabbix.sectorq.eu;" + + + - name: Reconfigure zabbix agent Server + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^Server=.*" + insertafter: '^# Server=' + line: "Server=192.168.77.0/24" + + - name: Reconfigure zabbix agent ServerActive + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^ServerActive=.*" + line: "ServerActive={{ ZABBIX_SERVER_IP }}" + - name: Reconfigure zabbix agent ListenPort + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^ListenPort=.*" + line: "ListenPort=10050" + # - name: Reconfigure zabbix agent ListenIP + # ansible.builtin.lineinfile: + # path: /etc/zabbix/zabbix_agent2.conf + # regexp: "^ListenIP=.*" + # line: "ListenIP=0.0.0.0" + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^Hostname=.*" + line: "Hostname={{ansible_hostname}}" + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^UserParameter=.*" + insertafter: '^# UserParameter=' + line: "UserParameter=system.temperature,vcgencmd measure_temp" + - name: Reconfigure zabbix-agent2 hostname + ansible.builtin.lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^HostMetadata=.*" + insertafter: '^# HostMetadata=' + line: "HostMetadata=linux;jaydee" + + - name: Restart zabbix-server service + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-server.service + - zabbix-agent2.service + - nginx.service \ No newline at end of file diff --git a/playbooks/00_install_zabbix_server_cert.yml b/playbooks/00_install_zabbix_server_cert.yml new file mode 100644 index 0000000..0568616 --- /dev/null +++ b/playbooks/00_install_zabbix_server_cert.yml @@ -0,0 +1,16 @@ +- hosts: datacenter + name: Install zabbix agent + become: true + tasks: + - name: Creating a file with content + copy: + dest: "/usr/share/zabbix/conf/certs/idp.crt" + content: "{{ ZABBIX_IDP_CERT }}" + - name: Creating a file with content + copy: + dest: "/usr/share/zabbix/conf/certs/sp.key" + content: "{{ ZABBIX_AUTH_KEY }}" + - name: Creating a file with content + copy: + dest: "/usr/share/zabbix/conf/certs/sp.crt" + content: "{{ ZABBIX_AUTH_CERT }}" \ No newline at end of file diff --git a/playbooks/00_poweroff.yml b/playbooks/00_poweroff.yml index f37d03e..5908b42 100644 --- a/playbooks/00_poweroff.yml +++ b/playbooks/00_poweroff.yml @@ -5,3 +5,4 @@ tasks: - name: Shut down community.general.shutdown: + ignore_errors: yes diff --git a/playbooks/05_install_docker.yml b/playbooks/05_install_docker.yml index 6475fee..d32c674 100644 --- a/playbooks/05_install_docker.yml +++ b/playbooks/05_install_docker.yml @@ -2,29 +2,39 @@ name: Install docker1 become: true become_user: root - gather_facts: no + gather_facts: false tasks: - name: Install docker ansible.builtin.apt: - name: docker.io - state: present - - name: Install telnet - ansible.builtin.apt: - name: telnet - state: present - - name: Install net-tools - ansible.builtin.apt: - name: net-tools - state: present - - name: Install curl! - ansible.builtin.apt: - name: curl - state: present - - name: Install deps... - ansible.builtin.apt: - name: + name: + - ca-certificates + - curl + - telnet + - net-tools - python3-pip - python3-dev + state: present + - name: Get keys for raspotify + ansible.builtin.shell: + install -m 0755 -d /etc/apt/keyrings + - name: Get keys for raspotify + ansible.builtin.shell: + curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc + - name: Get keys for raspotify + ansible.builtin.shell: + chmod a+r /etc/apt/keyrings/docker.asc + + - name: Get keys for raspotify + ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + - name: Install docker + ansible.builtin.apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + - name: Create a directory docker.service.d ansible.builtin.file: path: /etc/systemd/system/docker.service.d/ @@ -35,12 +45,14 @@ dest: "/etc/systemd/system/docker.service.d/override.conf" content: | [Service] - ExecStart= - ExecStart=/usr/sbin/dockerd -H fd:// -H tcp://0.0.0.0:2375 - - name: Just force systemd to reread configs (2.4 and above) - ansible.builtin.systemd_service: + ExecStart=/usr/sbin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 + + - name: Just force systemd to reread configs + ansible.builtin.systemd: daemon_reload: true + - name: Restart docker service ansible.builtin.service: name: docker.service - state: restarted \ No newline at end of file + state: restarted + \ No newline at end of file diff --git a/playbooks/05_install_rhasspy.yml b/playbooks/05_install_rhasspy.yml index 6dc8884..bcb1b6e 100644 --- a/playbooks/05_install_rhasspy.yml +++ b/playbooks/05_install_rhasspy.yml @@ -1,7 +1,6 @@ - hosts: rhasspy name: Install rhasspy become: true - become_user: root tasks: - name: Set a hostname ansible.builtin.hostname: @@ -113,7 +112,7 @@ mode: '0755' - name: Upload config ansible.builtin.copy: - src: /etc/ansible/playbooks/files/conf/rhasspy/profile.json + src: conf/rhasspy/profile.json dest: /home/jd/.config/rhasspy/profiles/en/profile.json owner: jd group: jd @@ -132,9 +131,9 @@ name: jd append: true groups: docker - - name: Install pip modules - ansible.builtin.pip: - name: docker + # - name: Install pip modules + # ansible.builtin.pip: + # name: docker - name: Pull image community.docker.docker_image: diff --git a/playbooks/apt_upgrade.yml b/playbooks/apt_upgrade.yml index 78c10bd..0415a69 100644 --- a/playbooks/apt_upgrade.yml +++ b/playbooks/apt_upgrade.yml @@ -1,8 +1,13 @@ -- hosts: morefine +- hosts: datacenter name: Apt udate become: true + ignore_unreachable: true tasks: - name: Upgrade the OS ansible.builtin.apt: upgrade: full - become: true \ No newline at end of file + become: true + - name: Upgrade flatpack + ansible.builtin.command: flatpak update -y + become: true + when: inventory_hostname in groups['morefine'] \ No newline at end of file diff --git a/playbooks/backup_docker.yml b/playbooks/backup_docker.yml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/build_tasmota.yml b/playbooks/build_tasmota.yml new file mode 100644 index 0000000..77272ce --- /dev/null +++ b/playbooks/build_tasmota.yml @@ -0,0 +1,9 @@ +- hosts: nas + name: Build tasmota + ignore_unreachable: false + tasks: + - name: Build tasmota + ansible.builtin.shell: + cmd: './compile.sh' + chdir: /share/docker_data/docker-tasmota/ + when: inventory_hostname in groups['nas'] \ No newline at end of file diff --git a/playbooks/build_tasmota_v2.yml b/playbooks/build_tasmota_v2.yml new file mode 100644 index 0000000..4d02fab --- /dev/null +++ b/playbooks/build_tasmota_v2.yml @@ -0,0 +1,55 @@ +- hosts: nas + name: Build tasmota + ignore_unreachable: false + # vars: + # DOCKER_IMAGE: docker-tasmota + # FWS: tasmota + tasks: + - name: Fetch tasmota + ansible.builtin.shell: + cmd: 'git fetch https://github.com/arendst/Tasmota.git {{ BRANCH }}' + chdir: /share/docker_data/docker-tasmota/Tasmota + when: inventory_hostname in groups['nas'] + - name: Checkout tasmota branch + ansible.builtin.shell: + cmd: 'git checkout --force {{ BRANCH }}' + chdir: /share/docker_data/docker-tasmota/Tasmota + when: inventory_hostname in groups['nas'] + + - name: Pull tasmota + ansible.builtin.shell: + cmd: 'git pull' + chdir: /share/docker_data/docker-tasmota/Tasmota + when: inventory_hostname in groups['nas'] + + + + - name: Copy platformio_override + ansible.builtin.shell: + cmd: 'cp platformio_override.ini Tasmota/platformio_override.ini' + chdir: /share/docker_data/docker-tasmota/ + when: inventory_hostname in groups['nas'] + - name: Copy user_config_override + ansible.builtin.shell: + cmd: 'cp user_config_override.h Tasmota/tasmota/user_config_override.h' + chdir: /share/docker_data/docker-tasmota/ + when: inventory_hostname in groups['nas'] + - name: Build tasmota + ansible.builtin.shell: + cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}' + chdir: /share/docker_data/docker-tasmota/ + when: FWS != "all" + - name: Build tasmota + ansible.builtin.shell: + cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}' + chdir: /share/docker_data/docker-tasmota/ + when: FWS == "all" + - name: Create a directory if it does not exist + ansible.builtin.file: + path: /share/docker_data/webhub/fw/{{ BRANCH }} + state: directory + mode: '0755' + - name: Build tasmota + ansible.builtin.shell: + cmd: 'mv /share/docker_data/docker-tasmota/Tasmota/build_output/firmware/* /share/docker_data/webhub/fw/{{ BRANCH }}' + when: inventory_hostname in groups['nas'] \ No newline at end of file diff --git a/playbooks/distrib_ssh_keys.yml b/playbooks/distrib_ssh_keys.yml new file mode 100644 index 0000000..a0c08c6 --- /dev/null +++ b/playbooks/distrib_ssh_keys.yml @@ -0,0 +1,34 @@ +- hosts: "{{ hosts }}" + + become: true + tasks: + + # Deploy SSH Key + # -- + - name: Download id_rsa + ansible.builtin.get_url: + url: http://192.168.77.106:48000/ssh/id_rsa + dest: ~/.ssh/id_rsa + mode: '0600' + - name: Download foo.conf + ansible.builtin.get_url: + url: http://192.168.77.106:48000/ssh/id_rsa.pub + dest: ~/.ssh/id_rsa.pub + mode: '0600' + + - name: install public keys + ansible.posix.authorized_key: + user: "{{ user }}" + state: present + key: "{{ lookup('file', new_ssh_key_file) }}" + + + # Set all sudoers to no password + # -- + - name: change sudoers file + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' + validate: /usr/sbin/visudo -cf %s \ No newline at end of file diff --git a/playbooks/files/conf/router/dnsmasq.conf.add b/playbooks/files/conf/router/dnsmasq.conf.add new file mode 100644 index 0000000..095f756 --- /dev/null +++ b/playbooks/files/conf/router/dnsmasq.conf.add @@ -0,0 +1,12 @@ +enable-tftp +dhcp-match=set:bios,60,PXEClient:Arch:00000 +#dhcp-boot=tag:bios,undionly.kpxe,,192.168.77.108 +dhcp-boot=tag:bios,ipxe.pxe,,192.168.77.108 +dhcp-match=set:efibc,60,PXEClient:Arch:00007 +dhcp-boot=tag:efibc,ipxe.efi,,192.168.77.108 +address=/ldap-server.loc/nas.loc/192.168.77.106 +address=/mqtt.loc/mqtt.lan/192.168.77.106 +address=/lalalal.loc/192.168.77.106 + +ipset=/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/asn.ipinfo.app/speedguide.net/otx.alienvault.com/github.com/raw.githubusercontent.com/astrill.com/strongpath.net/snbforums.com/bin.entware.net/nwsrv-ns1.asus.com/pool.ntp.org/1drv.ms/asuswrt-merlin.net/asuswrt.lostrealm.ca/big.oisd.nl/Skynet-WhitelistDomains # Skynet +ipset=/codeload.github.com/diversion.ch/entware.diversion.ch/entware.net/fwupdate.asuswrt-merlin.net/localhost.localdomain/maurerr.github.io/mirrors.bfsu.edu.cn/oisd.nl/onedrive.live.com/pgl.yoyo.org/pkg.entware.net/small.oisd.nl/someonewhocares.org/sourceforge.net/urlhaus.abuse.ch/Skynet-WhitelistDomains # Skynet diff --git a/playbooks/files/services/mqtt_srv.service b/playbooks/files/services/mqtt_srv.service new file mode 100644 index 0000000..0a24a74 --- /dev/null +++ b/playbooks/files/services/mqtt_srv.service @@ -0,0 +1,15 @@ +[Unit] +Description=ROT13 demo service +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=simple +User=root +Environment=XAUTHORITY=/home/jd/.Xauthority +Environment=DISPLAY=:0 +#ExecStartPre=/bin/sleep 30 +ExecStart=python3 /usr/bin/mqtt_srv.py + +[Install] +WantedBy=multi-user.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target diff --git a/playbooks/import_media.yml b/playbooks/import_media.yml new file mode 100644 index 0000000..e3e0807 --- /dev/null +++ b/playbooks/import_media.yml @@ -0,0 +1,8 @@ +- hosts: nas + name: Import media + gather_facts: false + tasks: + - name: Import media + ansible.builtin.shell: "(/share/ZFS530_DATA/.qpkg/QPython312/bin/python3 /share/Data/__GITLAB/python/auto_import.py >/dev/null 2>&1 &)" + async: 10 + poll: 0 \ No newline at end of file diff --git a/playbooks/install_mqtt_srv.yml b/playbooks/install_mqtt_srv.yml new file mode 100644 index 0000000..394ed1d --- /dev/null +++ b/playbooks/install_mqtt_srv.yml @@ -0,0 +1,120 @@ +- hosts: mqtt_srv + name: Install mqtt_srv + ignore_unreachable: false + ignore_errors: true + tasks: + # - name: Install python3-pip + # ansible.builtin.apt: + # name: + # - python3-pip + # update_cache: yes + + # when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + # become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + + - name: Upload service config + ansible.builtin.copy: + src: services/mqtt_srv.service + dest: /etc/systemd/system/ + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + + + - name: Upload service script + ansible.builtin.copy: + src: scripts/mqtt_srv.py + dest: /usr/bin/ + mode: '755' + owner: root + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Upload service script config + ansible.builtin.copy: + src: scripts/mqtt_srv.cfg + dest: /etc/mqtt_srv/ + mode: '755' + owner: root + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + - name: Upload service script1 + ansible.builtin.copy: + src: scripts/mqtt_srv.sh + dest: /jffs/scripts/mqtt_srv/ + mode: '755' + owner: admin + when: inventory_hostname in groups['router'] + become: false + + + - name: Upload service script + ansible.builtin.copy: + src: scripts/mqtt_srv.py + dest: /jffs/scripts/mqtt_srv/ + mode: '755' + owner: admin + when: inventory_hostname in groups['router'] + become: false + + - name: Upload service script1 + ansible.builtin.copy: + src: scripts/mqtt_srv.sh + dest: /etc/init.d/ + mode: '755' + owner: admin + when: inventory_hostname in groups['nas'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Upload service script2 + ansible.builtin.copy: + src: scripts/mqtt_srv.py + dest: /usr/bin/ + mode: '755' + owner: admin + when: inventory_hostname in groups['nas'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Install bottle python package + ansible.builtin.shell: pip install {{ item }} --break-system-packages + loop: + - paho-mqtt + - getmac + - ping3 + - psutil + - autorandr + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + + - name: Just force systemd to reread configs (2.4 and above) + ansible.builtin.systemd: + daemon_reload: true + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + + - name: Restart mqtt_srv service + ansible.builtin.service: + name: mqtt_srv.service + state: restarted + enabled: true + when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Restart mqtt service + ansible.builtin.shell: "(/etc/init.d/mqtt_srv.sh restart >/dev/null 2>&1 &)" + async: 10 + poll: 0 + when: inventory_hostname in groups['nas'] + become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}" + + - name: Restart mqtt service + ansible.builtin.shell: "(/jffs/scripts/mqtt_srv/mqtt_srv.sh restart >/dev/null 2>&1 &)" + async: 10 + poll: 0 + when: inventory_hostname in groups['router'] + become: false + + + \ No newline at end of file diff --git a/playbooks/mailu_switch_to_primary.yaml b/playbooks/mailu_switch_to_primary.yaml index d007ee1..009d791 100644 --- a/playbooks/mailu_switch_to_primary.yaml +++ b/playbooks/mailu_switch_to_primary.yaml @@ -20,6 +20,9 @@ - mailu2-webmail-1 - HomeAssistant - mosquitto-mosquitto-1 + - gitlab + - semaphore-app-1 + - semaphore-db-1 tasks: - name: Get ruleset @@ -28,7 +31,7 @@ register: ruleset - name: Set new ruleset - command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.246', '192.168.77.106') }}" + command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.238', '192.168.77.106') }}" when: inventory_hostname in groups['router'] - name: Nvram commit @@ -58,7 +61,7 @@ # - 180 - name: Stop mailu containers - command: "docker pause {{ containers | join(' ') }}" + command: "docker stop {{ containers | join(' ') }}" become: true ignore_errors: true - when: inventory_hostname in groups['raspberry'] \ No newline at end of file + when: inventory_hostname in groups['raspberry'] or inventory_hostname in groups['raspberrypi5'] \ No newline at end of file diff --git a/playbooks/mailu_switch_to_second.yaml b/playbooks/mailu_switch_to_second.yaml index 883757a..ceb9e12 100644 --- a/playbooks/mailu_switch_to_second.yaml +++ b/playbooks/mailu_switch_to_second.yaml @@ -22,40 +22,50 @@ - HomeAssistant - mosquitto-mosquitto-1 tasks: - # - name: Start mailu rasp - # uri: - # url: "http://192.168.77.106:9000/api/stacks/{{ item }}/start?endpointId=13" - # method: POST - # body_format: form-urlencoded - # return_content: yes - # headers: - # Content-Type: "application/json" - # X-API-Key: "ptr_DfS2M6Fj2P3fVvYpkhE0KJh2UGCzY47ePaFaLqadsjg=" - # timeout: 60 - # ignore_errors: yes - # when: inventory_hostname in groups['nas'] - # loop: - # - 130 - # - 149 - # #- 140 - # - 180 - name: Start mailu containers - command: "docker restart {{ containers | join(' ') }}" + command: "docker start {{ containers | join(' ') }}" become: true ignore_errors: true - when: inventory_hostname in groups['raspberry'] + when: inventory_hostname in groups['raspberrypi5'] - name: Get ruleset command: nvram get vts_rulelist when: inventory_hostname in groups['router'] register: ruleset - + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ ruleset.stdout }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ destination }}" + when: inventory_hostname in groups['router'] + + - name: initialize variables + set_fact: + regexp: "\\g<1>{{ destination }}\\3" + when: inventory_hostname in groups['router'] + + - set_fact: + app_path: "{{ ruleset.stdout | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ app_path }}" + when: inventory_hostname in groups['router'] + + - name: Pause for 60 seconds ansible.builtin.pause: seconds: 60 - name: Set new ruleset - command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.106', '192.168.77.246') }}" + command: nvram set vts_rulelist="{{ app_path }}" when: inventory_hostname in groups['router'] - name: Nvram commit diff --git a/playbooks/modify_espresense copy.yml b/playbooks/modify_espresense copy.yml new file mode 100644 index 0000000..bb04647 --- /dev/null +++ b/playbooks/modify_espresense copy.yml @@ -0,0 +1,89 @@ +- hosts: nas + name: Reconfigure espresense + ignore_unreachable: false + tasks: + - name: Check that you can connect (GET) to a page and it returns a status 200 + ansible.builtin.uri: + url: http://192.168.77.150 + + method: POST + body_format: form-urlencoded + body: + language: "en" + room: "worker1" + wifi_timeout: "" + portal_timeout: "" + mqtt_host: "192.168.77.106" + mqtt_port: "1883" + mqtt_user: "jaydee" + mqtt_pass: "jaydee1" + discovery: "1" + discovery_prefix: "" + pub_tele: "1" + pub_rooms: "1" + pub_devices: "1" + update: "" + known_macs: "" + known_irks: "" + query: "" + count_ids: "" + count_enter: "" + count_exit: "" + count_ms: "" + include: "mifit:fd2375de188a" + exclude: "" + max_dist: "3" + skip_dist: "" + skip_ms: "" + ref_rssi: "" + rx_adj_rssi: "" + absorption: "" + forget_ms: "" + tx_ref_rssi: "" + led_1_pin: "-1" + led_1_cnt: "" + led_2_pin: "-1" + led_2_cnt: "" + led_3_pin: "" + led_3_cnt: "" + pir_type: "0" + pir_pin: "16" + pir_timeout: "" + radar_pin: "" + radar_timeout: "" + switch_1_pin: "" + switch_1_timeout: "" + switch_2_pin: "" + switch_2_timeout: "" + button_1_pin: "" + button_1_timeout: "" + button_2_pin: "" + button_2_timeout: "" + dht11_pin: "" + dht22_pin: "" + dhtTemp_offset: "" + I2C_Bus_1_SDA: "22" + I2C_Bus_1_SCL: "21" + I2C_Bus_2_SDA: "" + I2C_Bus_2_SCL: "" + AHTX0_I2c_Bus: "" + AHTX0_I2c: "" + BH1750_I2c_Bus: "" + BH1750_I2c: "" + BME280_I2c_Bus: "1" + BME280_I2c: "0x76" + BMP180_I2c_Bus: "" + BMP180_I2c: "" + BMP280_I2c_Bus: "" + BMP280_I2c: "" + SHT_I2c_Bus: "" + TSL2561_I2c_Bus: "" + TSL2561_I2c: "" + TSL2561_I2c_Gain: "" + SGP30_I2c_Bus: "" + SGP30_I2c: "" + HX711_sckPin: "" + HX711_doutPin: "" + ds18b20_pin: "" + dsTemp_offset: "" + ignore_errors: true diff --git a/playbooks/modify_espresense.yml b/playbooks/modify_espresense.yml new file mode 100644 index 0000000..c89eb72 --- /dev/null +++ b/playbooks/modify_espresense.yml @@ -0,0 +1,33 @@ +- hosts: nas + name: Reconfigure espresense + ignore_unreachable: false + tasks: + - name: Check that you can connect (GET) to a page and it returns a status 200 + ansible.builtin.uri: + url: http://192.168.77.150 + + method: POST + body_format: form-urlencoded + body: + language: "en" + room: "worker" + wifi_timeout: "" + portal_timeout: "" + mqtt_host: "{{ MQTT_BROKER }}" + mqtt_port: "1883" + mqtt_user: "{{ MQTT_USER }}" + mqtt_pass: "{{ MQTT_PASS }}" + discovery: "1" + discovery_prefix: "" + pub_tele: "1" + pub_rooms: "1" + pub_devices: "1" + update: "" + ignore_errors: true + - name: Check that you can connect (GET) to a page and it returns a status 200 + ansible.builtin.uri: + url: http://192.168.77.150/restart + + method: POST + + ignore_errors: true \ No newline at end of file diff --git a/playbooks/modify_tasmotas.yml b/playbooks/modify_tasmotas.yml new file mode 100644 index 0000000..2ea0b79 --- /dev/null +++ b/playbooks/modify_tasmotas.yml @@ -0,0 +1,18 @@ +- hosts: nas + name: Reconfigure tasmotas + ignore_unreachable: false + tasks: + - name: Check that you can connect (GET) to a page and it returns a status 200 + ansible.builtin.uri: + url: http://{{ item }}/cm?cmnd=Backlog%20MqttHost%20{{ MQTT_BROKER }}%3BMqttUser%20{{ MQTT_USER }}%3BMqttPassword%20{{ MQTT_PASS }} + ignore_errors: true + with_items: + - 192.168.77.180 + - 192.168.77.181 + - 192.168.77.182 + - 192.168.77.183 + - 192.168.77.184 + - 192.168.77.185 + - 192.168.77.186 + - 192.168.77.187 + - 192.168.77.188 \ No newline at end of file diff --git a/playbooks/reconfigure_heimdall.yaml b/playbooks/reconfigure_heimdall.yaml index 2cf9f2a..350580d 100644 --- a/playbooks/reconfigure_heimdall.yaml +++ b/playbooks/reconfigure_heimdall.yaml @@ -1,7 +1,6 @@ - name: Getting entry ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "SELECT url FROM items WHERE title = '{{ item }}'" become: true - when: inventory_hostname in groups['raspberrypi5'] register: url - debug: @@ -9,4 +8,3 @@ - name: Changing entry ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE items SET url = '{{ url.stdout |regex_replace('[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}','192.168.77.238') }}' WHERE title = '{{ item }}'" become: true - when: inventory_hostname in groups['raspberrypi5'] \ No newline at end of file diff --git a/playbooks/reconfigure_nginx.yaml b/playbooks/reconfigure_nginx.yaml index 2180573..1b68bae 100644 --- a/playbooks/reconfigure_nginx.yaml +++ b/playbooks/reconfigure_nginx.yaml @@ -1,6 +1,6 @@ +--- - debug: msg: "{{ item }}" - name: Changing entry in nginx database - ansible.builtin.shell: sqlite3 /share/docker_data/nginx/data/database.sqlite "UPDATE proxy_host SET forward_host = '192.168.77.238' WHERE domain_names = '[\"{{ item }}\"]'" + ansible.builtin.shell: sqlite3 /share/docker_data/nginx/data/database.sqlite "UPDATE proxy_host SET forward_host = '{{ destination_server}}' WHERE domain_names = '[\"{{ item }}\"]'" become: true - when: inventory_hostname in groups['raspberrypi5'] \ No newline at end of file diff --git a/playbooks/reconfigure_router.yml b/playbooks/reconfigure_router.yml new file mode 100644 index 0000000..cc7db9f --- /dev/null +++ b/playbooks/reconfigure_router.yml @@ -0,0 +1,29 @@ +- hosts: router + name: Switch destination + ignore_unreachable: false + tasks: + - name: Get ruleset + command: nvram get vts_rulelist + when: inventory_hostname in groups['router'] + register: ruleset + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ ruleset.stdout }}" + - name: initialize variables + set_fact: + regexp: "\\g<1>{{ DESTINATION }}\\3" + - set_fact: + app_path: "{{ ruleset.stdout | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}" + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ app_path }}" + - name: Set ruleset + command: nvram set vts_rulelist={{ app_path }} + when: inventory_hostname in groups['router'] + + - name: Commit ruleset + command: nvram commit + when: inventory_hostname in groups['router'] + - name: Commit ruleset + command: service restart_firewall + when: inventory_hostname in groups['router'] diff --git a/playbooks/restore_container.yaml b/playbooks/restore_container.yaml new file mode 100644 index 0000000..30b0c08 --- /dev/null +++ b/playbooks/restore_container.yaml @@ -0,0 +1,10 @@ +- hosts: nas + name: Sync mailu + ignore_unreachable: false + tasks: + - name: Syncing all + ansible.builtin.shell: 'rsync -avh --delete root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/latest/{{ CONTAINERS }} /share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' + #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' + #ansible.builtin.shell: 'ls -la' + when: inventory_hostname in groups['nas'] + # loop: '{{ CONTAINERS }}' \ No newline at end of file diff --git a/playbooks/restore_docker.yml b/playbooks/restore_docker.yml new file mode 100644 index 0000000..b1bc43b --- /dev/null +++ b/playbooks/restore_docker.yml @@ -0,0 +1,14 @@ +- hosts: nas + name: Restore docker + ignore_unreachable: false + tasks: + - name: Stop running containers + ansible.builtin.shell: for i in `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a|egrep -e '{{ app }}.*'|awk '{print $NF}' `; do /share/ZFS530_DATA/.qpkg/container-station/bin/docker stop $i;done + - name: Restore folder + ansible.builtin.shell: 'rsync -arv root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/{{ resdate }}/{{ app }} /share/docker_data/' + when: inventory_hostname in groups['nas'] + - name: Change permissions + ansible.builtin.shell: chmod -R 700 /share/docker_data/rancher/rancher-data/k3s/server/ + when: app == "rancher" + - name: Start running containers + ansible.builtin.shell: for i in `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a|egrep -e '{{ app }}.*'|awk '{print $NF}' `; do /share/ZFS530_DATA/.qpkg/container-station/bin/docker start $i;done \ No newline at end of file diff --git a/playbooks/router_setup.yml b/playbooks/router_setup.yml new file mode 100644 index 0000000..3efa28b --- /dev/null +++ b/playbooks/router_setup.yml @@ -0,0 +1,10 @@ +- hosts: router + name: Setup router + ignore_unreachable: false + tasks: + - name: Upload service config + ansible.builtin.copy: + src: conf/router/dnsmasq.conf.add + dest: /jffs/configs/ + - name: Restart dnsmasq + ansible.builtin.shell: service restart_dnsmasq diff --git a/playbooks/setup_fog_nfs.yml b/playbooks/setup_fog_nfs.yml new file mode 100644 index 0000000..78f30ac --- /dev/null +++ b/playbooks/setup_fog_nfs.yml @@ -0,0 +1,48 @@ +- hosts: datacenter + name: Setup nfs + gather_facts: false + tasks: + - name: Install nfs + ansible.builtin.apt: + name: nfs-kernel-server + state: present + when: inventory_hostname in groups['fog'] + + + - name: Reconfigure common-session + ansible.builtin.lineinfile: + path: /etc/exports + regexp: "/images .*" + line: "/images *(rw,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)" + become: true + when: inventory_hostname in groups['fog'] + - name: Restart autofs service + ansible.builtin.service: + name: nfs-kernel-server.service + state: restarted + become: true + when: inventory_hostname in groups['fog'] + - name: Creating a file with content wol service + ansible.builtin.copy: + dest: "/etc/auto.fog" + content: | + fog-images -fstype=nfs 192.168.77.108:/images + become: true + when: inventory_hostname in groups['morefine'] + + - name: Restart autofs service + ansible.builtin.service: + name: autofs.service + state: restarted + become: true + when: inventory_hostname in groups['morefine'] + + # - name: Creating script to fetch ldap info + # ansible.builtin.copy: + # dest: "/usr/local/bin/fetchSSHKeysFromLDAP" + # content: | + # #!/bin/bash + # ldapsearch -b "dc=sectorq,dc=eu" -H ldap://192.168.77.106:389 -x '(&(objectClass=ldapPublicKey)(cn='"$1"'))' 'sshPublicKey' | sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp' + # owner: admin + # mode: '0744' + # when: inventory_hostname in groups['nas'] diff --git a/playbooks/start_containers.yaml b/playbooks/start_containers.yaml index e843b01..f693b0f 100644 --- a/playbooks/start_containers.yaml +++ b/playbooks/start_containers.yaml @@ -1,5 +1,6 @@ --- - name: Start mailu containers - command: "docker start gitlab semaphore-db-1 semaphore-app-1 nginx-app-1 heimdall mailu2-admin-1 mailu2-antispam-1 mailu2-antivirus-1 mailu2-fetchmail-1 mailu2-front-1 mailu2-imap-1 mailu2-oletools-1 mailu2-redis-1 mailu2-resolver-1 mailu2-smtp-1 mailu2-webdav-1 mailu2-webmail-1 HomeAssistant mosquitto-mosquitto-1 webhub-web-1" + command: "docker start {{ docker_containers|join(' ') }}" become: true - ignore_errors: true \ No newline at end of file + ignore_errors: true + \ No newline at end of file diff --git a/playbooks/stop_containers.yaml b/playbooks/stop_containers.yaml index ba9b93a..1c04dee 100644 --- a/playbooks/stop_containers.yaml +++ b/playbooks/stop_containers.yaml @@ -1,5 +1,98 @@ --- + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - semaphore-db-1 + - semaphore-app-1 + when: '"semaphore" in selected_containers' + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - authentik-postgresql-1 + - authentik-worker-1 + - authentik-server-1 + - authentik-redis-1 + when: '"authentik" in selected_containers' +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - kestra-kestra-1 + - kestra-postgres-1 + when: '"kestra" in selected_containers' +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - gitlab + when: '"gitlab" in selected_containers' +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - nginx-app-1 + when: '"nginx" in selected_containers' +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - heimdall + when: '"heimdall" in selected_containers' +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - mailu3-admin-1 + - mailu3-antispam-1 + - mailu3-antivirus-1 + - mailu3-fetchmail-1 + - mailu3-front-1 + - mailu3-imap-1 + - mailu3-oletools-1 + - mailu3-redis-1 + - mailu3-resolver-1 + - mailu3-smtp-1 + - mailu3-webdav-1 + - mailu3-webmail-1 + - mailu3-fts_attachments-1 + when: '"mailu3" in selected_containers' + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - HomeAssistant + when: '"homeassistant" in selected_containers' + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - webhub-web-1" + when: '"webhub" in selected_containers' + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - mosquitto-mosquitto-1 + when: '"mosquitto" in selected_containers' + +- name: Add elements to a list + set_fact: + docker_containers: "{{ docker_containers | default([]) + [item] }}" + loop: + - webhub-web-1 + when: '"webhub" in selected_containers' + +- debug: + msg: "{{ docker_containers }}" - name: Stop mailu containers - command: "docker stop gitlab semaphore-db-1 semaphore-app-1 nginx-app-1 heimdall mailu2-admin-1 mailu2-antispam-1 mailu2-antivirus-1 mailu2-fetchmail-1 mailu2-front-1 mailu2-imap-1 mailu2-oletools-1 mailu2-redis-1 mailu2-resolver-1 mailu2-smtp-1 mailu2-webdav-1 mailu2-webmail-1 HomeAssistant mosquitto-mosquitto-1 webhub-web-1" + command: "docker stop {{ docker_containers|join(' ') }}" become: true - ignore_errors: true \ No newline at end of file + ignore_errors: true + \ No newline at end of file diff --git a/playbooks/switch_destination copy.yaml b/playbooks/switch_destination copy.yaml new file mode 100644 index 0000000..445ff03 --- /dev/null +++ b/playbooks/switch_destination copy.yaml @@ -0,0 +1,90 @@ +- hosts: containers + name: Switch mailu to second + + ignore_unreachable: false + vars: + arch_name: docker_mailu2_data + containers: + - nginx-app-1 + - heimdall + - mailu2-admin-1 + - mailu2-antispam-1 + - mailu2-antivirus-1 + - mailu2-fetchmail-1 + - mailu2-front-1 + - mailu2-imap-1 + - mailu2-oletools-1 + - mailu2-redis-1 + - mailu2-resolver-1 + - mailu2-smtp-1 + - mailu2-webdav-1 + - mailu2-webmail-1 + - HomeAssistant + - mosquitto-mosquitto-1 + - gitlab + - watchtower-watchtower-1 + - kestra-kestra-1 + - kestra-postgres-1 + - authentik-worker-1 + - authentik-server-1 + - authentik-redis-1 + - authentik-postgresql-1 + tasks: + - name: Start mailu containers + command: "docker start {{ containers | join(' ') }}" + become: true + ignore_errors: true + when: inventory_hostname in groups['raspberrypi5'] + + - name: Get ruleset + command: nvram get vts_rulelist + when: inventory_hostname in groups['router'] + register: ruleset + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ ruleset.stdout }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ destination }}" + when: inventory_hostname in groups['router'] + + - name: initialize variables + set_fact: + regexp: "\\g<1>{{ destination }}\\3" + when: inventory_hostname in groups['router'] + + - set_fact: + app_path: "{{ ruleset.stdout | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ app_path }}" + when: inventory_hostname in groups['router'] + + + - name: Pause for 60 seconds + ansible.builtin.pause: + seconds: 60 + + - name: Set new ruleset + command: nvram set vts_rulelist="{{ app_path }}" + when: inventory_hostname in groups['router'] + + - name: Nvram commit + command: nvram commit + when: inventory_hostname in groups['router'] + + - name: Restart firewall + command: service restart_firewall + when: inventory_hostname in groups['router'] + + + + + \ No newline at end of file diff --git a/playbooks/switch_destination.yaml b/playbooks/switch_destination.yaml new file mode 100644 index 0000000..445ff03 --- /dev/null +++ b/playbooks/switch_destination.yaml @@ -0,0 +1,90 @@ +- hosts: containers + name: Switch mailu to second + + ignore_unreachable: false + vars: + arch_name: docker_mailu2_data + containers: + - nginx-app-1 + - heimdall + - mailu2-admin-1 + - mailu2-antispam-1 + - mailu2-antivirus-1 + - mailu2-fetchmail-1 + - mailu2-front-1 + - mailu2-imap-1 + - mailu2-oletools-1 + - mailu2-redis-1 + - mailu2-resolver-1 + - mailu2-smtp-1 + - mailu2-webdav-1 + - mailu2-webmail-1 + - HomeAssistant + - mosquitto-mosquitto-1 + - gitlab + - watchtower-watchtower-1 + - kestra-kestra-1 + - kestra-postgres-1 + - authentik-worker-1 + - authentik-server-1 + - authentik-redis-1 + - authentik-postgresql-1 + tasks: + - name: Start mailu containers + command: "docker start {{ containers | join(' ') }}" + become: true + ignore_errors: true + when: inventory_hostname in groups['raspberrypi5'] + + - name: Get ruleset + command: nvram get vts_rulelist + when: inventory_hostname in groups['router'] + register: ruleset + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ ruleset.stdout }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ destination }}" + when: inventory_hostname in groups['router'] + + - name: initialize variables + set_fact: + regexp: "\\g<1>{{ destination }}\\3" + when: inventory_hostname in groups['router'] + + - set_fact: + app_path: "{{ ruleset.stdout | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}" + when: inventory_hostname in groups['router'] + + + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ app_path }}" + when: inventory_hostname in groups['router'] + + + - name: Pause for 60 seconds + ansible.builtin.pause: + seconds: 60 + + - name: Set new ruleset + command: nvram set vts_rulelist="{{ app_path }}" + when: inventory_hostname in groups['router'] + + - name: Nvram commit + command: nvram commit + when: inventory_hostname in groups['router'] + + - name: Restart firewall + command: service restart_firewall + when: inventory_hostname in groups['router'] + + + + + \ No newline at end of file diff --git a/playbooks/sync_all.yaml b/playbooks/sync_all.yaml index fc1d231..2d6dfcf 100644 --- a/playbooks/sync_all.yaml +++ b/playbooks/sync_all.yaml @@ -2,16 +2,35 @@ - name: import a task hosts: containers gather_facts: false + # vars: + # selected_containers: selected_containers|split(",") tasks: + # - debug: + # msg: "{{ inventory_hostname }}" + # - debug: + # msg: "{{ destination_server }}" + - name: Install sqlite3 + ansible.builtin.apt: + name: + - sqlite3 + state: present + update_cache: yes + become: true + + when: inventory_hostname == destination_server + - include_tasks: stop_containers.yaml name: Stop Containers - when: inventory_hostname in groups['raspberrypi5'] + when: inventory_hostname == destination_server or inventory_hostname == source_server + - name: Pause for 60 seconds ansible.builtin.pause: seconds: 60 - include_tasks: sync_container_data.yaml name: Sync Container Data + when: inventory_hostname == source_server + - include_tasks: reconfigure_nginx.yaml name: Reconfigure nginx proxy manager loop: @@ -21,26 +40,29 @@ - mail.sectorq.eu - pw.sectorq.eu - semaphore.sectorq.eu - when: inventory_hostname in groups['raspberrypi5'] + - kestra.sectorq.eu + - auth.sectorq.eu + when: inventory_hostname == destination_server + - name: Get relevant configs - ansible.builtin.shell: 'egrep -l "# ha.sectorq.eu|# pw.sectorq.eu|# semaphore.sectorq.eu|# sectorq.eu|# gitlab.sectorq.eu|# ha.sectorq.eu" /share/docker_data/nginx/data/nginx/proxy_host/*' - ignore_errors: yes - become: yes + ansible.builtin.shell: 'egrep -l "# kestra.sectorq.eu|# auth.sectorq.eu|# ha.sectorq.eu|# pw.sectorq.eu|# semaphore.sectorq.eu|# sectorq.eu|# gitlab.sectorq.eu|# ha.sectorq.eu" /share/docker_data/nginx/data/nginx/proxy_host/*' + ignore_errors: true + become: true register: result - when: inventory_hostname in groups['raspberrypi5'] + when: inventory_hostname == destination_server - debug: msg: "{{ result.stdout_lines }}" - when: inventory_hostname in groups['raspberrypi5'] + when: inventory_hostname == destination_server - name: Replace ip ansible.builtin.lineinfile: path: "{{ item }}" regexp: '^\s+set \$server\s+\"\w+.\w+.\w+.\w+\";' - line: " set $server \"192.168.77.238\";" - become: yes + line: " set $server \"192.168.77.47\";" + become: true with_items: - "{{ result.stdout_lines }}" - when: inventory_hostname in groups['raspberrypi5'] + when: inventory_hostname == destination_server - include_tasks: reconfigure_heimdall.yaml name: Reconfigure heimdall @@ -49,11 +71,28 @@ - Nginx Proxy Manager - Portainer - Roundcube - when: inventory_hostname in groups['raspberrypi5'] + - Authentik + - Kestra + when: inventory_hostname == destination_server - name: Changing heimdall background ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE setting_user SET uservalue = 'backgrounds/TRN2Ydr5dyVAkWvCq4xqR5bQ6iyv5XaKvM1r84sJ.jpg' WHERE user_id = (SELECT id FROM users WHERE username = 'jaydee')" become: true - when: inventory_hostname in groups['raspberrypi5'] + when: inventory_hostname == destination_server - include_tasks: start_containers.yaml name: Start Containers - when: inventory_hostname in groups['raspberrypi5'] \ No newline at end of file + when: inventory_hostname == destination_server or inventory_hostname == source_server + - name: Pause for 60 seconds + ansible.builtin.pause: + seconds: 60 + - name: Update gitlab perms + ansible.builtin.shell: 'docker exec -t gitlab update-permissions' + ignore_errors: true + become: true + register: result + when: inventory_hostname == destination_server + # - name: Get relevant configs + # ansible.builtin.shell: 'docker restart gitlab' + # ignore_errors: yes + # become: yes + # register: result + # when: inventory_hostname in groups['raspberrypi5'] \ No newline at end of file diff --git a/playbooks/sync_all_test.yaml b/playbooks/sync_all_test.yaml new file mode 100644 index 0000000..04f1fe7 --- /dev/null +++ b/playbooks/sync_all_test.yaml @@ -0,0 +1,16 @@ +--- +- name: import a task + hosts: nas + gather_facts: false + tasks: + - debug: + msg: "{{ item }}" + loop: "{{ selected_containers | split(',') }}" + - debug: + msg: "{{ destination_server }}" + - debug: + msg: "{{ source_server }}" + - debug: + msg: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '}' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*" + - debug: + msg: "{{ destination_server }}" diff --git a/playbooks/sync_container_data.yaml b/playbooks/sync_container_data.yaml index 51285d7..7d3a409 100644 --- a/playbooks/sync_container_data.yaml +++ b/playbooks/sync_container_data.yaml @@ -1,9 +1,28 @@ +--- - name: Changing permission - ansible.builtin.shell: 'chown -R admin. /share/docker_data/' + ansible.builtin.shell: 'chown -R root. /share/docker_data/' become: true - when: inventory_hostname in groups['raspberry'] or inventory_hostname in groups['raspberrypi5'] + vars: + selected_containers: "{{ selected_containers|replace('homeassistant' ,'ha') }}" +- debug: + msg: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '}' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*" + when: selected_containers|split(",")|length > 1 +- debug: + msg: rsync -avh --delete /share/docker_data/{{ selected_containers }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*" + when: selected_containers|split(",")|length == 1 + - name: Syncing all +<<<<<<< HEAD ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,ha,gitlab,semaphore,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' +======= + ansible.builtin.shell: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '{' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*" + #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' +>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24 #ansible.builtin.shell: 'ls -la' - when: inventory_hostname in groups['nas'] \ No newline at end of file + when: selected_containers|split(",")|length > 1 +- name: Syncing all + ansible.builtin.shell: rsync -avh --delete /share/docker_data/{{ selected_containers }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*" + #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' + #ansible.builtin.shell: 'ls -la' + when: selected_containers|split(",")|length == 1 \ No newline at end of file diff --git a/playbooks/test_replace.yml b/playbooks/test_replace.yml new file mode 100644 index 0000000..cc7db9f --- /dev/null +++ b/playbooks/test_replace.yml @@ -0,0 +1,29 @@ +- hosts: router + name: Switch destination + ignore_unreachable: false + tasks: + - name: Get ruleset + command: nvram get vts_rulelist + when: inventory_hostname in groups['router'] + register: ruleset + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ ruleset.stdout }}" + - name: initialize variables + set_fact: + regexp: "\\g<1>{{ DESTINATION }}\\3" + - set_fact: + app_path: "{{ ruleset.stdout | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}" + - name: Print the gateway for each host when defined + ansible.builtin.debug: + msg: "var is {{ app_path }}" + - name: Set ruleset + command: nvram set vts_rulelist={{ app_path }} + when: inventory_hostname in groups['router'] + + - name: Commit ruleset + command: nvram commit + when: inventory_hostname in groups['router'] + - name: Commit ruleset + command: service restart_firewall + when: inventory_hostname in groups['router'] diff --git a/playbooks/update_ssh_keys.yml b/playbooks/update_ssh_keys.yml new file mode 100644 index 0000000..9f8089b --- /dev/null +++ b/playbooks/update_ssh_keys.yml @@ -0,0 +1,37 @@ +- hosts: "{{ hosts }}" + tasks: + # Deploy SSH Key + # -- + - name: Create a directory if it does not exist + ansible.builtin.file: + path: ~/.ssh + state: directory + mode: '0700' + - name: Download id_rsa + ansible.builtin.get_url: + url: http://192.168.77.106:48000/ssh/id_rsa + dest: ~/.ssh/id_rsa + mode: '0600' + - name: Download id_rsa.pub + ansible.builtin.get_url: + url: http://192.168.77.106:48000/ssh/id_rsa.pub + dest: ~/.ssh/id_rsa.pub + mode: '0600' + - name: get remote file contents + command: "cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub" + register: key + - name: show key contents + debug: + var: key.stdout + + - name: Ensure we have our own comment added to /etc/services + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/.ssh/authorized_keys" + line: "{{ key.stdout }}" + create: yes + - name: Ensure we have our own comment added to /etc/services + ansible.builtin.lineinfile: + path: "/root/.ssh/authorized_keys" + line: "{{ key.stdout }}" + create: yes + become: true \ No newline at end of file diff --git a/playbooks/wol_enable.yml b/playbooks/wol_enable.yml index e5ef6b5..d94ae69 100644 --- a/playbooks/wol_enable.yml +++ b/playbooks/wol_enable.yml @@ -1,7 +1,11 @@ -- hosts: omv +- hosts: datacenter name: Enable WOL become: true tasks: + - name: Install ethtool + ansible.builtin.apt: + name: ethtool + state: present - name: Display all interfaces name debug: var: ansible_facts.interfaces @@ -12,7 +16,7 @@ when: 'item.startswith("en")' - name: Creating config - become: yes + become: true ansible.builtin.copy: dest: "/etc/systemd/system/wol.service"