jaydee/ansible
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/jaydee/ansible.git synced 2025-01-23 20:39:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
ladislav.dusa 2024-11-15 17:05:50 +01:00
commit 894f78e2d0
42 changed files with 1683 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
hosts.yml
View File

@ -18,6 +18,7 @@ datacenter:
ansible_become_password: lacijaydee ansible_become_password: lacijaydee
ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
localhost1: localhost1:
hosts: hosts:
localhost localhost
@ -27,23 +28,51 @@ datacenter:
hosts: hosts:
192.168.77.12: 192.168.77.12:
vars: vars:
jaydee_install_mqtt_srv: true
ansible_python_interpreter: auto_silent ansible_python_interpreter: auto_silent
ansible_ssh_user: admin ansible_ssh_user: jd
ansible_ssh_pass: l4c1j4yd33Du5lo ansible_ssh_pass: q
ansible_password: q
ansible_become_user: root
ansible_become_password: q
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ryzen:
hosts:
192.168.77.15:
vars:
ansible_python_interpreter: auto_silent
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_password: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
omv: omv:
hosts: hosts:
192.168.77.189: 192.168.77.189:
vars: vars:
ansible_user: jd ansible_user: root
ansible_password: lacijaydee
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee ansible_ssh_pass: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee ansible_become_password: lacijaydee
amd:
hosts:
192.168.77.4:
vars:
ansible_user: root
ansible_password: l4c1j4yd33Du5lo
ansible_ssh_user: root
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
rhasspy: rhasspy:
hosts: hosts:
192.168.77.16[6:7] 192.168.77.224
vars: vars:
ansible_user: admin ansible_user: jd
ansible_ssh_pass: l4c1j4yd33Du5lo ansible_ssh_pass: q
ansible_become_password: l4c1j4yd33Du5lo ansible_become_password: l4c1j4yd33Du5lo
windows: windows:
hosts: hosts:
@ -54,39 +83,83 @@ datacenter:
ansible_connection: winrm ansible_connection: winrm
ansible_port: 5985 ansible_port: 5985
ansible_winrm_server_cert_validation: ignore ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true\ ansible_winrm_kerberos_delegation: true
mqtt_srv:
containers:
children: children:
router: servers:
hosts: hosts:
192.168.77.1 rpi5-1.home.lan:
omv.home.lan:
rack.home.lan:
m-server.home.lan:
zabbix.home.lan:
vars: vars:
<<<<<<< HEAD
ansible_python_interpreter: /opt/bin/python ansible_python_interpreter: /opt/bin/python
ansible_ssh_user: admin ansible_ssh_user: admin
ansible_ssh_pass: l4c1!j4yd33?Du5lo ansible_ssh_pass: l4c1!j4yd33?Du5lo
raspberry: raspberry:
hosts: =======
192.168.77.246 ansible_python_interpreter: /usr/bin/python3
vars: ansible_user: jd
ansible_python_interpreter: /usr/bin/python ansible_password: l4c1j4yd33Du5lo
ansible_ssh_user: jd ansible_ssh_user: jd
ansible_ssh_pass: q ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
raspberrypi5:
hosts:
192.168.77.238
vars:
ansible_python_interpreter: /usr/bin/python
ansible_ssh_user: jd
ansible_ssh_pass: q
ansible_become_user: root ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo ansible_become_password: l4c1j4yd33Du5lo
nas: nas:
>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24
hosts: hosts:
nas.home.lan:
vars:
ansible_ssh_user: admin
ansible_ssh_pass: l4c1!j4yd33?Du5lo
become_method: su
become_user: admin
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
desktop:
hosts:
morefine.home.lan:
vars:
ansible_user: jd
ansible_password: q
ansible_ssh_user: jd
ansible_ssh_pass: q
ansible_become_user: root
ansible_become_password: q
containers:
children:
servers:
hosts:
rpi5-1.home.lan:
m-server.home.lan:
fog.home.lan:
zabbix.home.lan:
omv.home.lan:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
ansible_ssh_private_key_file: ~/.ssh/ansible
nas:
hosts:
nas.home.lan:
192.168.77.106: 192.168.77.106:
vars: vars:
ansible_ssh_user: admin ansible_ssh_user: admin
ansible_ssh_pass: l4c1!j4yd33?Du5lo ansible_ssh_pass: l4c1!j4yd33?Du5lo
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3 <<<<<<< HEAD
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3
=======
become_method: su
become_user: admin
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24

147
hosts_kestra.yml Normal file
View File

@ -0,0 +1,147 @@
---
datacenter:
children:
odroid_cluster:
children:
odroid_master:
hosts:
192.168.77.131:
vars:
testVar: 999
odroid_worker:
hosts:
192.168.77.13[2:5]:
vars:
ansible_ssh_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
localhost1:
hosts:
localhost
vars:
ansible_user: root
morefine:
hosts:
192.168.77.12:
vars:
jaydee_install_mqtt_srv: true
ansible_python_interpreter: auto_silent
ansible_ssh_user: jd
ansible_ssh_pass: q
ansible_password: q
ansible_become_user: root
ansible_become_password: q
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
ryzen:
hosts:
192.168.77.15:
vars:
ansible_python_interpreter: auto_silent
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_password: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
omv:
hosts:
192.168.77.189:
vars:
ansible_user: root
ansible_password: lacijaydee
ansible_ssh_user: root
ansible_ssh_pass: lacijaydee
ansible_become_user: root
ansible_become_password: lacijaydee
amd:
hosts:
192.168.77.4:
vars:
ansible_user: root
ansible_password: l4c1j4yd33Du5lo
ansible_ssh_user: root
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_become_user: root
ansible_become_password: l4c1j4yd33Du5lo
rhasspy:
hosts:
192.168.77.224
vars:
ansible_user: jd
ansible_ssh_pass: q
ansible_become_password: l4c1j4yd33Du5lo
windows:
hosts:
192.168.77.211
vars:
ansible_user: jd
ansible_password: "q"
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true
mqtt_srv:
children:
servers:
hosts:
rpi5-1.home.lan:
omv.home.lan:
rack.home.lan:
m-server.home.lan:
zabbix.home.lan:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_user: jd
ansible_ssh_private_key_file: ssh_key.pem
nas:
hosts:
nas.home.lan:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
desktop:
hosts:
morefine.home.lan:
vars:
ansible_user: jd
ansible_password: q
ansible_ssh_user: jd
ansible_ssh_pass: q
ansible_become_user: root
ansible_become_password: q
containers:
children:
servers:
hosts:
rpi5-1.home.lan:
m-server.home.lan:
fog.home.lan:
zabbix.home.lan:
omv.home.lan:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: jd
ansible_ssh_private_key_file: ssh_key.pem
nas:
hosts:
nas.home.lan:
192.168.77.106:
vars:
ansible_ssh_user: admin
become_method: su
become_user: admin
ansible_ssh_private_key_file: ssh_key.pem
# ansible_user: admin
# ansible_pass: l4c1!j4yd33?Du5lo1
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3

4
playbooks/00_check_for_reboot.yml
View File

@ -1,7 +1,7 @@
- hosts: odroid_cluster - hosts: odroid_cluster
name: Check for reboot name: Check for reboot
become: true become: true
gather_facts: no gather_facts: false
tasks: tasks:
- name: Check if file exists using stat module - name: Check if file exists using stat module
stat: stat:
@ -13,7 +13,7 @@
var: file_status.stat.exists var: file_status.stat.exists
- name: Reboot the server - name: Reboot the server
tags: reboot tags: reboot
become: yes become: true
become_user: root become_user: root
shell: "sleep 5 && reboot" shell: "sleep 5 && reboot"
async: 1 async: 1

23
playbooks/00_initial_adjustments.yml
View File

@ -1,10 +1,14 @@
- hosts: odroid_cluster - hosts: odroid_cluster
name: Initial Adjustments name: Initial Adjustments
become: true become: true
gather_facts: no gather_facts: yes
vars: vars:
iface: "eth0" iface: "eth0"
tasks: tasks:
- name: Debug
ansible.builtin.debug:
msg: "{{ ansible_default_ipv4.interface }}"
- name: Reconfigure /root/.bashrc - name: Reconfigure /root/.bashrc
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /root/.bashrc path: /root/.bashrc
@ -27,7 +31,22 @@
{%- elif ansible_eth0.macaddress == "00:1e:06:48:b3:0c" -%} {%- elif ansible_eth0.macaddress == "00:1e:06:48:b3:0c" -%}
odroidc4-5 odroidc4-5
{%- endif -%} {%- endif -%}
when: ansible_default_ipv4.interface == "eth0"
- name: Set a hostname
ansible.builtin.hostname:
name: >-
{%- if ansible_end0.macaddress == "00:1e:06:48:cd:8e" -%}
odroidc4-1
{%- elif ansible_end0.macaddress == "00:1e:06:48:d0:00" -%}
odroidc4-2
{%- elif ansible_end0.macaddress == "00:1e:06:48:d0:01" -%}
odroidc4-3
{%- elif ansible_end0.macaddress == "00:1e:06:48:cd:86" -%}
odroidc4-4
{%- elif ansible_end0.macaddress == "00:1e:06:48:b3:0c" -%}
odroidc4-5
{%- endif -%}
when: ansible_default_ipv4.interface == "end0"
- name: Iptables 1 - name: Iptables 1
ansible.builtin.command: ansible.builtin.command:
iptables -F iptables -F

124
playbooks/00_install_zabbix_agent.yml
View File

@ -1,7 +1,23 @@
- hosts: datacenter - hosts: datacenter
name: Install zabbix agent name: Install zabbix agent
become: true vars:
ZABBIX_SERVER: "zabbix-server.lan"
tasks: tasks:
- name: Combine list1 and list2 into a merged_list var
ansible.builtin.set_fact:
zabbix_agent_cfg: "/etc/zabbix/zabbix_agent2.conf"
when: inventory_hostname not in groups['nas']
- name: Combine list1 and list2 into a merged_list var
ansible.builtin.set_fact:
zabbix_agent_cfg: "/opt/ZabbixAgent/etc/zabbix_agentd.conf"
when: inventory_hostname in groups['nas']
- name: Print all available facts
ansible.builtin.debug:
msg: "{{ false if inventory_hostname not in groups['nas'] else true }}"
- name: Print all available facts - name: Print all available facts
ansible.builtin.debug: ansible.builtin.debug:
var: ansible_facts.architecture var: ansible_facts.architecture
@ -9,20 +25,41 @@
# ansible.builtin.copy: # ansible.builtin.copy:
# src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb # src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb
# dest: /tmp/ # dest: /tmp/
- name: Install a .deb package from the internet - name: Install a .deb package from the internet1
ansible.builtin.apt: ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
when: when:
- ansible_facts.architecture != "armv7l" - ansible_facts.architecture != "armv7l" and ansible_distribution == "Ubuntu"
- name: Install a .deb package from the internet become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet2
ansible.builtin.apt: ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb #deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/raspbian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian11_all.deb
retries: 5 retries: 5
delay: 5 delay: 5
when: when:
- ansible_facts.architecture == "armv7l" - ansible_facts.architecture == "armv7l" or ansible_facts.architecture == "aarch64"
ignore_errors: true ignore_errors: true
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet3
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "11"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet4
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_facts.architecture != "aarch64" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
# - name: Install a .deb package localy # - name: Install a .deb package localy
# ansible.builtin.apt: # ansible.builtin.apt:
# deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb # deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb
@ -30,48 +67,99 @@
ansible.builtin.apt: ansible.builtin.apt:
name: name:
- zabbix-agent2 - zabbix-agent2
- zabbix-agent2-plugin-* - zabbix-agent2-plugin-mongodb
- zabbix-agent2-plugin-postgresql
- zabbix-agent2-plugin-mssql
update_cache: yes update_cache: yes
when: inventory_hostname not in groups['nas']
become: "{{ false if inventory_hostname in groups['nas'] else true }}"
- name: Reconfigure zabbix agent Server - name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf path: "{{ zabbix_agent_cfg }}"
regexp: "^Server=.*" regexp: "^Server=.*"
insertafter: '^# Server=' insertafter: '^# Server='
line: "Server=192.168.77.106" line: "Server=192.168.77.0/24"
become: "{{ false if inventory_hostname in groups['nas'] else true }}"
- name: Reconfigure zabbix agent ServerActive - name: Reconfigure zabbix agent ServerActive
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf path: "{{ zabbix_agent_cfg }}"
regexp: "^ServerActive=.*" regexp: "^ServerActive=.*"
line: "ServerActive=192.168.77.106" line: "ServerActive={{ ZABBIX_SERVER }}"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix agent ListenPort - name: Reconfigure zabbix agent ListenPort
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf path: "{{ zabbix_agent_cfg }}"
regexp: "^ListenPort=.*" regexp: "^ListenPort=.*"
line: "ListenPort=10050" line: "ListenPort=10050"
# - name: Reconfigure zabbix agent ListenIP # - name: Reconfigure zabbix agent ListenIP
# ansible.builtin.lineinfile: # ansible.builtin.lineinfile:
# path: /etc/zabbix/zabbix_agent2.conf # path: /"{{ zabbix_agent_cfg }}"
# regexp: "^ListenIP=.*" # regexp: "^ListenIP=.*"
# line: "ListenIP=0.0.0.0" # line: "ListenIP=0.0.0.0"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix-agent2 hostname - name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf path: "{{ zabbix_agent_cfg }}"
regexp: "^Hostname=.*" regexp: "^Hostname=.*"
line: "Hostname={{ansible_hostname}}" line: "Hostname={{ansible_hostname}}"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix-agent2 hostname - name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf path: "{{ zabbix_agent_cfg }}"
regexp: "^UserParameter=.*"
insertafter: '^# UserParameter=' insertafter: '^# UserParameter='
line: "UserParameter=system.temperature,vcgencmd measure_temp" line: "UserParameter=system.temperature,vcgencmd measure_temp"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix-agent2 config
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
insertafter: '^# UserParameter='
line: "UserParameter=system.certs,python3 /share/ZFS530_DATA/.qpkg/ZabbixAgent/cert_check2.py"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
when: inventory_hostname in groups['nas']
- name: Reconfigure zabbix-agent2 config
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
insertafter: '^# UserParameter='
line: "UserParameter=rpi.hw.temp,/usr/bin/vcgencmd measure_temp"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
when: inventory_hostname in groups['raspberrypi5']
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^HostMetadata=.*"
insertafter: '^# HostMetadata='
line: "HostMetadata=linux;jaydee"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups - name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups
ansible.builtin.user: ansible.builtin.user:
name: zabbix name: zabbix
groups: video groups: video
append: yes append: yes
when: inventory_hostname not in groups['nas']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Restart zabbix-agent2 service - name: Restart zabbix-agent2 service
ansible.builtin.service: ansible.builtin.service:
name: zabbix-agent2.service name: zabbix-agent2.service
state: restarted state: restarted
enabled: true enabled: true
become: true
when: inventory_hostname not in groups['nas']
- name: Restart agent
ansible.builtin.shell: /etc/init.d/ZabbixAgent.sh restart
when: inventory_hostname in groups['nas']

146
playbooks/00_install_zabbix_agent1.yml Normal file
View File

@ -0,0 +1,146 @@
- hosts: datacenter
name: Install zabbix agent
vars:
ZABBIX_SERVER_IP: "192.168.77.216"
tasks:
- name: Combine list1 and list2 into a merged_list var
ansible.builtin.set_fact:
zabbix_agent_cfg: "/etc/zabbix/zabbix_agentd.conf"
when: inventory_hostname in groups['rhasspy']
- name: Combine list1 and list2 into a merged_list var
ansible.builtin.set_fact:
zabbix_agent_cfg: "/etc/zabbix/zabbix_agent2.conf"
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['rhasspy']
- name: Combine list1 and list2 into a merged_list var
ansible.builtin.set_fact:
zabbix_agent_cfg: "/opt/ZabbixAgent/etc/zabbix_agentd.conf"
when: inventory_hostname in groups['nas']
- name: Print all available facts
ansible.builtin.debug:
msg: "{{ false if inventory_hostname not in groups['nas'] else true }}"
- name: Print all available facts
ansible.builtin.debug:
var: ansible_facts.architecture
# - name: Upload zabbix package
# ansible.builtin.copy:
# src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb
# dest: /tmp/
- name: Install a .deb package from the internet
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Ubuntu"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/raspbian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/raspbian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian11_all.deb
retries: 5
delay: 5
when:
- ansible_facts.architecture == "armv7l"
ignore_errors: true
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian11_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "11"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install a .deb package from the internet
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# - name: Install a .deb package localy
# ansible.builtin.apt:
# deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb
- name: Install zabbix packages
ansible.builtin.apt:
name:
- zabbix-agent
update_cache: yes
when: inventory_hostname not in groups['nas']
become: "{{ false if inventory_hostname in groups['nas'] else true }}"
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^Server=.*"
insertafter: '^# Server='
line: "Server=192.168.77.0/24"
become: "{{ false if inventory_hostname in groups['nas'] else true }}"
- name: Reconfigure zabbix agent ServerActive
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^ServerActive=.*"
line: "ServerActive={{ ZABBIX_SERVER_IP }}"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix agent ListenPort
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^ListenPort=.*"
line: "ListenPort=10050"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
# - name: Reconfigure zabbix agent ListenIP
# ansible.builtin.lineinfile:
# path: /"{{ zabbix_agent_cfg }}"
# regexp: "^ListenIP=.*"
# line: "ListenIP=0.0.0.0"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^Hostname=.*"
line: "Hostname={{ansible_hostname}}"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^UserParameter=.*"
insertafter: '^# UserParameter='
line: "UserParameter=system.temperature,vcgencmd measure_temp"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}"
regexp: "^HostMetadata=.*"
insertafter: '^# HostMetadata='
line: "HostMetadata=linux;jaydee"
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups
ansible.builtin.user:
name: zabbix
groups: video
append: yes
when: inventory_hostname not in groups['nas']
- name: Restart zabbix-agent2 service
ansible.builtin.service:
name: zabbix-agent.service
state: restarted
enabled: true
become: true
when: inventory_hostname not in groups['nas']
- name: Restart agent
ansible.builtin.shell: /etc/init.d/ZabbixAgent.sh restart
when: inventory_hostname in groups['nas']

115
playbooks/00_install_zabbix_server.yml Normal file
View File

@ -0,0 +1,115 @@
- hosts: datacenter
name: Install zabbix agent
become: true
vars:
ZABBIX_SERVER_IP: "192.168.77.216"
ZABBIX_DB_PASSWORD: "zabbix"
tasks:
- name: Print all available facts
ansible.builtin.debug:
var: ansible_facts.architecture
# - name: Upload zabbix package
# ansible.builtin.copy:
# src: packages/zabbix-release_6.4-1+ubuntu22.04_all.deb
# dest: /tmp/
- name: Install a .deb package from the internet
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# - name: Install a .deb package localy
# ansible.builtin.apt:
# deb: /tmp/zabbix-release_6.4-1+ubuntu22.04_all.deb
- name: Install zabbix packages
ansible.builtin.apt:
name:
- zabbix-agent2
- zabbix-agent2-plugin-*
- zabbix-server-pgsql
- zabbix-frontend-php
- php8.2-pgsql
- zabbix-nginx-conf
- zabbix-sql-scripts
- postgresql
- postgresql-client
update_cache: yes
- name: Apt exclude linux-dtb-current-meson64
ansible.builtin.shell: echo "CREATE USER zabbix password 'zabbix';" | su -c /usr/bin/psql postgres
- name: Apt exclude linux-dtb-current-meson64
ansible.builtin.shell: sudo -u postgres createdb -O zabbix zabbix
- name: Apt exclude linux-dtb-current-meson64
ansible.builtin.shell: zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_server.conf
regexp: "^DBPassword=.*"
insertafter: '^# DBPassword='
line: "DBPassword={{ ZABBIX_DB_PASSWORD }}"
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/zabbix.conf
regexp: "^# listen.*"
line: " listen 8080;"
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/zabbix.conf
regexp: "^# server_name.*"
line: " server_name zabbix.sectorq.eu;"
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^Server=.*"
insertafter: '^# Server='
line: "Server=192.168.77.0/24"
- name: Reconfigure zabbix agent ServerActive
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^ServerActive=.*"
line: "ServerActive={{ ZABBIX_SERVER_IP }}"
- name: Reconfigure zabbix agent ListenPort
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^ListenPort=.*"
line: "ListenPort=10050"
# - name: Reconfigure zabbix agent ListenIP
# ansible.builtin.lineinfile:
# path: /etc/zabbix/zabbix_agent2.conf
# regexp: "^ListenIP=.*"
# line: "ListenIP=0.0.0.0"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^Hostname=.*"
line: "Hostname={{ansible_hostname}}"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^UserParameter=.*"
insertafter: '^# UserParameter='
line: "UserParameter=system.temperature,vcgencmd measure_temp"
- name: Reconfigure zabbix-agent2 hostname
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^HostMetadata=.*"
insertafter: '^# HostMetadata='
line: "HostMetadata=linux;jaydee"
- name: Restart zabbix-server service
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-server.service
- zabbix-agent2.service
- nginx.service

16
playbooks/00_install_zabbix_server_cert.yml Normal file
View File

@ -0,0 +1,16 @@
- hosts: datacenter
name: Install zabbix agent
become: true
tasks:
- name: Creating a file with content
copy:
dest: "/usr/share/zabbix/conf/certs/idp.crt"
content: "{{ ZABBIX_IDP_CERT }}"
- name: Creating a file with content
copy:
dest: "/usr/share/zabbix/conf/certs/sp.key"
content: "{{ ZABBIX_AUTH_KEY }}"
- name: Creating a file with content
copy:
dest: "/usr/share/zabbix/conf/certs/sp.crt"
content: "{{ ZABBIX_AUTH_CERT }}"

1
playbooks/00_poweroff.yml
View File

@ -5,3 +5,4 @@
tasks: tasks:
- name: Shut down - name: Shut down
community.general.shutdown: community.general.shutdown:
ignore_errors: yes

58
playbooks/05_install_docker.yml
View File

@ -2,29 +2,39 @@
name: Install docker1 name: Install docker1
become: true become: true
become_user: root become_user: root
gather_facts: no gather_facts: false
tasks: tasks:
- name: Install docker - name: Install docker
ansible.builtin.apt: ansible.builtin.apt:
name: docker.io name:
state: present - ca-certificates
- name: Install telnet - curl
ansible.builtin.apt: - telnet
name: telnet - net-tools
state: present
- name: Install net-tools
ansible.builtin.apt:
name: net-tools
state: present
- name: Install curl!
ansible.builtin.apt:
name: curl
state: present
- name: Install deps...
ansible.builtin.apt:
name:
- python3-pip - python3-pip
- python3-dev - python3-dev
state: present
- name: Get keys for raspotify
ansible.builtin.shell:
install -m 0755 -d /etc/apt/keyrings
- name: Get keys for raspotify
ansible.builtin.shell:
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
- name: Get keys for raspotify
ansible.builtin.shell:
chmod a+r /etc/apt/keyrings/docker.asc
- name: Get keys for raspotify
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- name: Install docker
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
- name: Create a directory docker.service.d - name: Create a directory docker.service.d
ansible.builtin.file: ansible.builtin.file:
path: /etc/systemd/system/docker.service.d/ path: /etc/systemd/system/docker.service.d/
@ -35,12 +45,14 @@
dest: "/etc/systemd/system/docker.service.d/override.conf" dest: "/etc/systemd/system/docker.service.d/override.conf"
content: | content: |
[Service] [Service]
ExecStart= ExecStart=/usr/sbin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
ExecStart=/usr/sbin/dockerd -H fd:// -H tcp://0.0.0.0:2375
- name: Just force systemd to reread configs (2.4 and above) - name: Just force systemd to reread configs
ansible.builtin.systemd_service: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: Restart docker service - name: Restart docker service
ansible.builtin.service: ansible.builtin.service:
name: docker.service name: docker.service
state: restarted state: restarted

9
playbooks/05_install_rhasspy.yml
View File

@ -1,7 +1,6 @@
- hosts: rhasspy - hosts: rhasspy
name: Install rhasspy name: Install rhasspy
become: true become: true
become_user: root
tasks: tasks:
- name: Set a hostname - name: Set a hostname
ansible.builtin.hostname: ansible.builtin.hostname:
@ -113,7 +112,7 @@
mode: '0755' mode: '0755'
- name: Upload config - name: Upload config
ansible.builtin.copy: ansible.builtin.copy:
src: /etc/ansible/playbooks/files/conf/rhasspy/profile.json src: conf/rhasspy/profile.json
dest: /home/jd/.config/rhasspy/profiles/en/profile.json dest: /home/jd/.config/rhasspy/profiles/en/profile.json
owner: jd owner: jd
group: jd group: jd
@ -132,9 +131,9 @@
name: jd name: jd
append: true append: true
groups: docker groups: docker
- name: Install pip modules # - name: Install pip modules
ansible.builtin.pip: # ansible.builtin.pip:
name: docker # name: docker
- name: Pull image - name: Pull image
community.docker.docker_image: community.docker.docker_image:

9
playbooks/apt_upgrade.yml
View File

@ -1,8 +1,13 @@
- hosts: morefine - hosts: datacenter
name: Apt udate name: Apt udate
become: true become: true
ignore_unreachable: true
tasks: tasks:
- name: Upgrade the OS - name: Upgrade the OS
ansible.builtin.apt: ansible.builtin.apt:
upgrade: full upgrade: full
become: true become: true
- name: Upgrade flatpack
ansible.builtin.command: flatpak update -y
become: true
when: inventory_hostname in groups['morefine']

0
playbooks/backup_docker.yml Normal file
View File

9
playbooks/build_tasmota.yml Normal file
View File

@ -0,0 +1,9 @@
- hosts: nas
name: Build tasmota
ignore_unreachable: false
tasks:
- name: Build tasmota
ansible.builtin.shell:
cmd: './compile.sh'
chdir: /share/docker_data/docker-tasmota/
when: inventory_hostname in groups['nas']

55
playbooks/build_tasmota_v2.yml Normal file
View File

@ -0,0 +1,55 @@
- hosts: nas
name: Build tasmota
ignore_unreachable: false
# vars:
# DOCKER_IMAGE: docker-tasmota
# FWS: tasmota
tasks:
- name: Fetch tasmota
ansible.builtin.shell:
cmd: 'git fetch https://github.com/arendst/Tasmota.git {{ BRANCH }}'
chdir: /share/docker_data/docker-tasmota/Tasmota
when: inventory_hostname in groups['nas']
- name: Checkout tasmota branch
ansible.builtin.shell:
cmd: 'git checkout --force {{ BRANCH }}'
chdir: /share/docker_data/docker-tasmota/Tasmota
when: inventory_hostname in groups['nas']
- name: Pull tasmota
ansible.builtin.shell:
cmd: 'git pull'
chdir: /share/docker_data/docker-tasmota/Tasmota
when: inventory_hostname in groups['nas']
- name: Copy platformio_override
ansible.builtin.shell:
cmd: 'cp platformio_override.ini Tasmota/platformio_override.ini'
chdir: /share/docker_data/docker-tasmota/
when: inventory_hostname in groups['nas']
- name: Copy user_config_override
ansible.builtin.shell:
cmd: 'cp user_config_override.h Tasmota/tasmota/user_config_override.h'
chdir: /share/docker_data/docker-tasmota/
when: inventory_hostname in groups['nas']
- name: Build tasmota
ansible.builtin.shell:
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}'
chdir: /share/docker_data/docker-tasmota/
when: FWS != "all"
- name: Build tasmota
ansible.builtin.shell:
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}'
chdir: /share/docker_data/docker-tasmota/
when: FWS == "all"
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /share/docker_data/webhub/fw/{{ BRANCH }}
state: directory
mode: '0755'
- name: Build tasmota
ansible.builtin.shell:
cmd: 'mv /share/docker_data/docker-tasmota/Tasmota/build_output/firmware/* /share/docker_data/webhub/fw/{{ BRANCH }}'
when: inventory_hostname in groups['nas']

34
playbooks/distrib_ssh_keys.yml Normal file
View File

@ -0,0 +1,34 @@
- hosts: "{{ hosts }}"
become: true
tasks:
# Deploy SSH Key
# --
- name: Download id_rsa
ansible.builtin.get_url:
url: http://192.168.77.106:48000/ssh/id_rsa
dest: ~/.ssh/id_rsa
mode: '0600'
- name: Download foo.conf
ansible.builtin.get_url:
url: http://192.168.77.106:48000/ssh/id_rsa.pub
dest: ~/.ssh/id_rsa.pub
mode: '0600'
- name: install public keys
ansible.posix.authorized_key:
user: "{{ user }}"
state: present
key: "{{ lookup('file', new_ssh_key_file) }}"
# Set all sudoers to no password
# --
- name: change sudoers file
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s

12
playbooks/files/conf/router/dnsmasq.conf.add Normal file
View File

@ -0,0 +1,12 @@
enable-tftp
dhcp-match=set:bios,60,PXEClient:Arch:00000
#dhcp-boot=tag:bios,undionly.kpxe,,192.168.77.108
dhcp-boot=tag:bios,ipxe.pxe,,192.168.77.108
dhcp-match=set:efibc,60,PXEClient:Arch:00007
dhcp-boot=tag:efibc,ipxe.efi,,192.168.77.108
address=/ldap-server.loc/nas.loc/192.168.77.106
address=/mqtt.loc/mqtt.lan/192.168.77.106
address=/lalalal.loc/192.168.77.106
ipset=/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/asn.ipinfo.app/speedguide.net/otx.alienvault.com/github.com/raw.githubusercontent.com/astrill.com/strongpath.net/snbforums.com/bin.entware.net/nwsrv-ns1.asus.com/pool.ntp.org/1drv.ms/asuswrt-merlin.net/asuswrt.lostrealm.ca/big.oisd.nl/Skynet-WhitelistDomains # Skynet
ipset=/codeload.github.com/diversion.ch/entware.diversion.ch/entware.net/fwupdate.asuswrt-merlin.net/localhost.localdomain/maurerr.github.io/mirrors.bfsu.edu.cn/oisd.nl/onedrive.live.com/pgl.yoyo.org/pkg.entware.net/small.oisd.nl/someonewhocares.org/sourceforge.net/urlhaus.abuse.ch/Skynet-WhitelistDomains # Skynet

15
playbooks/files/services/mqtt_srv.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=ROT13 demo service
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=simple
User=root
Environment=XAUTHORITY=/home/jd/.Xauthority
Environment=DISPLAY=:0
#ExecStartPre=/bin/sleep 30
ExecStart=python3 /usr/bin/mqtt_srv.py
[Install]
WantedBy=multi-user.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target

8
playbooks/import_media.yml Normal file
View File

@ -0,0 +1,8 @@
- hosts: nas
name: Import media
gather_facts: false
tasks:
- name: Import media
ansible.builtin.shell: "(/share/ZFS530_DATA/.qpkg/QPython312/bin/python3 /share/Data/__GITLAB/python/auto_import.py >/dev/null 2>&1 &)"
async: 10
poll: 0

120
playbooks/install_mqtt_srv.yml Normal file
View File

@ -0,0 +1,120 @@
- hosts: mqtt_srv
name: Install mqtt_srv
ignore_unreachable: false
ignore_errors: true
tasks:
# - name: Install python3-pip
# ansible.builtin.apt:
# name:
# - python3-pip
# update_cache: yes
# when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
# become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Upload service config
ansible.builtin.copy:
src: services/mqtt_srv.service
dest: /etc/systemd/system/
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Upload service script
ansible.builtin.copy:
src: scripts/mqtt_srv.py
dest: /usr/bin/
mode: '755'
owner: root
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Upload service script config
ansible.builtin.copy:
src: scripts/mqtt_srv.cfg
dest: /etc/mqtt_srv/
mode: '755'
owner: root
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Upload service script1
ansible.builtin.copy:
src: scripts/mqtt_srv.sh
dest: /jffs/scripts/mqtt_srv/
mode: '755'
owner: admin
when: inventory_hostname in groups['router']
become: false
- name: Upload service script
ansible.builtin.copy:
src: scripts/mqtt_srv.py
dest: /jffs/scripts/mqtt_srv/
mode: '755'
owner: admin
when: inventory_hostname in groups['router']
become: false
- name: Upload service script1
ansible.builtin.copy:
src: scripts/mqtt_srv.sh
dest: /etc/init.d/
mode: '755'
owner: admin
when: inventory_hostname in groups['nas']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Upload service script2
ansible.builtin.copy:
src: scripts/mqtt_srv.py
dest: /usr/bin/
mode: '755'
owner: admin
when: inventory_hostname in groups['nas']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Install bottle python package
ansible.builtin.shell: pip install {{ item }} --break-system-packages
loop:
- paho-mqtt
- getmac
- ping3
- psutil
- autorandr
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Just force systemd to reread configs (2.4 and above)
ansible.builtin.systemd:
daemon_reload: true
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Restart mqtt_srv service
ansible.builtin.service:
name: mqtt_srv.service
state: restarted
enabled: true
when: inventory_hostname not in groups['nas'] and inventory_hostname not in groups['router']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Restart mqtt service
ansible.builtin.shell: "(/etc/init.d/mqtt_srv.sh restart >/dev/null 2>&1 &)"
async: 10
poll: 0
when: inventory_hostname in groups['nas']
become: "{{ 'no' if inventory_hostname in groups['nas'] else 'yes' }}"
- name: Restart mqtt service
ansible.builtin.shell: "(/jffs/scripts/mqtt_srv/mqtt_srv.sh restart >/dev/null 2>&1 &)"
async: 10
poll: 0
when: inventory_hostname in groups['router']
become: false

9
playbooks/mailu_switch_to_primary.yaml
View File

@ -20,6 +20,9 @@
- mailu2-webmail-1 - mailu2-webmail-1
- HomeAssistant - HomeAssistant
- mosquitto-mosquitto-1 - mosquitto-mosquitto-1
- gitlab
- semaphore-app-1
- semaphore-db-1
tasks: tasks:
- name: Get ruleset - name: Get ruleset
@ -28,7 +31,7 @@
register: ruleset register: ruleset
- name: Set new ruleset - name: Set new ruleset
command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.246', '192.168.77.106') }}" command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.238', '192.168.77.106') }}"
when: inventory_hostname in groups['router'] when: inventory_hostname in groups['router']
- name: Nvram commit - name: Nvram commit
@ -58,7 +61,7 @@
# - 180 # - 180
- name: Stop mailu containers - name: Stop mailu containers
command: "docker pause {{ containers | join(' ') }}" command: "docker stop {{ containers | join(' ') }}"
become: true become: true
ignore_errors: true ignore_errors: true
when: inventory_hostname in groups['raspberry'] when: inventory_hostname in groups['raspberry'] or inventory_hostname in groups['raspberrypi5']

52
playbooks/mailu_switch_to_second.yaml
View File

@ -22,40 +22,50 @@
- HomeAssistant - HomeAssistant
- mosquitto-mosquitto-1 - mosquitto-mosquitto-1
tasks: tasks:
# - name: Start mailu rasp
# uri:
# url: "http://192.168.77.106:9000/api/stacks/{{ item }}/start?endpointId=13"
# method: POST
# body_format: form-urlencoded
# return_content: yes
# headers:
# Content-Type: "application/json"
# X-API-Key: "ptr_DfS2M6Fj2P3fVvYpkhE0KJh2UGCzY47ePaFaLqadsjg="
# timeout: 60
# ignore_errors: yes
# when: inventory_hostname in groups['nas']
# loop:
# - 130
# - 149
# #- 140
# - 180
- name: Start mailu containers - name: Start mailu containers
command: "docker restart {{ containers | join(' ') }}" command: "docker start {{ containers | join(' ') }}"
become: true become: true
ignore_errors: true ignore_errors: true
when: inventory_hostname in groups['raspberry'] when: inventory_hostname in groups['raspberrypi5']
- name: Get ruleset - name: Get ruleset
command: nvram get vts_rulelist command: nvram get vts_rulelist
when: inventory_hostname in groups['router'] when: inventory_hostname in groups['router']
register: ruleset register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ destination }}"
when: inventory_hostname in groups['router']
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ destination }}\\3"
when: inventory_hostname in groups['router']
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
when: inventory_hostname in groups['router']
- name: Pause for 60 seconds - name: Pause for 60 seconds
ansible.builtin.pause: ansible.builtin.pause:
seconds: 60 seconds: 60
- name: Set new ruleset - name: Set new ruleset
command: nvram set vts_rulelist="{{ ruleset.stdout | replace('192.168.77.106', '192.168.77.246') }}" command: nvram set vts_rulelist="{{ app_path }}"
when: inventory_hostname in groups['router'] when: inventory_hostname in groups['router']
- name: Nvram commit - name: Nvram commit

89
playbooks/modify_espresense copy.yml Normal file
View File

@ -0,0 +1,89 @@
- hosts: nas
name: Reconfigure espresense
ignore_unreachable: false
tasks:
- name: Check that you can connect (GET) to a page and it returns a status 200
ansible.builtin.uri:
url: http://192.168.77.150
method: POST
body_format: form-urlencoded
body:
language: "en"
room: "worker1"
wifi_timeout: ""
portal_timeout: ""
mqtt_host: "192.168.77.106"
mqtt_port: "1883"
mqtt_user: "jaydee"
mqtt_pass: "jaydee1"
discovery: "1"
discovery_prefix: ""
pub_tele: "1"
pub_rooms: "1"
pub_devices: "1"
update: ""
known_macs: ""
known_irks: ""
query: ""
count_ids: ""
count_enter: ""
count_exit: ""
count_ms: ""
include: "mifit:fd2375de188a"
exclude: ""
max_dist: "3"
skip_dist: ""
skip_ms: ""
ref_rssi: ""
rx_adj_rssi: ""
absorption: ""
forget_ms: ""
tx_ref_rssi: ""
led_1_pin: "-1"
led_1_cnt: ""
led_2_pin: "-1"
led_2_cnt: ""
led_3_pin: ""
led_3_cnt: ""
pir_type: "0"
pir_pin: "16"
pir_timeout: ""
radar_pin: ""
radar_timeout: ""
switch_1_pin: ""
switch_1_timeout: ""
switch_2_pin: ""
switch_2_timeout: ""
button_1_pin: ""
button_1_timeout: ""
button_2_pin: ""
button_2_timeout: ""
dht11_pin: ""
dht22_pin: ""
dhtTemp_offset: ""
I2C_Bus_1_SDA: "22"
I2C_Bus_1_SCL: "21"
I2C_Bus_2_SDA: ""
I2C_Bus_2_SCL: ""
AHTX0_I2c_Bus: ""
AHTX0_I2c: ""
BH1750_I2c_Bus: ""
BH1750_I2c: ""
BME280_I2c_Bus: "1"
BME280_I2c: "0x76"
BMP180_I2c_Bus: ""
BMP180_I2c: ""
BMP280_I2c_Bus: ""
BMP280_I2c: ""
SHT_I2c_Bus: ""
TSL2561_I2c_Bus: ""
TSL2561_I2c: ""
TSL2561_I2c_Gain: ""
SGP30_I2c_Bus: ""
SGP30_I2c: ""
HX711_sckPin: ""
HX711_doutPin: ""
ds18b20_pin: ""
dsTemp_offset: ""
ignore_errors: true

33
playbooks/modify_espresense.yml Normal file
View File

@ -0,0 +1,33 @@
- hosts: nas
name: Reconfigure espresense
ignore_unreachable: false
tasks:
- name: Check that you can connect (GET) to a page and it returns a status 200
ansible.builtin.uri:
url: http://192.168.77.150
method: POST
body_format: form-urlencoded
body:
language: "en"
room: "worker"
wifi_timeout: ""
portal_timeout: ""
mqtt_host: "{{ MQTT_BROKER }}"
mqtt_port: "1883"
mqtt_user: "{{ MQTT_USER }}"
mqtt_pass: "{{ MQTT_PASS }}"
discovery: "1"
discovery_prefix: ""
pub_tele: "1"
pub_rooms: "1"
pub_devices: "1"
update: ""
ignore_errors: true
- name: Check that you can connect (GET) to a page and it returns a status 200
ansible.builtin.uri:
url: http://192.168.77.150/restart
method: POST
ignore_errors: true

18
playbooks/modify_tasmotas.yml Normal file
View File

@ -0,0 +1,18 @@
- hosts: nas
name: Reconfigure tasmotas
ignore_unreachable: false
tasks:
- name: Check that you can connect (GET) to a page and it returns a status 200
ansible.builtin.uri:
url: http://{{ item }}/cm?cmnd=Backlog%20MqttHost%20{{ MQTT_BROKER }}%3BMqttUser%20{{ MQTT_USER }}%3BMqttPassword%20{{ MQTT_PASS }}
ignore_errors: true
with_items:
- 192.168.77.180
- 192.168.77.181
- 192.168.77.182
- 192.168.77.183
- 192.168.77.184
- 192.168.77.185
- 192.168.77.186
- 192.168.77.187
- 192.168.77.188

2
playbooks/reconfigure_heimdall.yaml
View File

@ -1,7 +1,6 @@
- name: Getting entry - name: Getting entry
ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "SELECT url FROM items WHERE title = '{{ item }}'" ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "SELECT url FROM items WHERE title = '{{ item }}'"
become: true become: true
when: inventory_hostname in groups['raspberrypi5']
register: url register: url
- debug: - debug:
@ -9,4 +8,3 @@
- name: Changing entry - name: Changing entry
ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE items SET url = '{{ url.stdout |regex_replace('[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}','192.168.77.238') }}' WHERE title = '{{ item }}'" ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE items SET url = '{{ url.stdout |regex_replace('[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}','192.168.77.238') }}' WHERE title = '{{ item }}'"
become: true become: true
when: inventory_hostname in groups['raspberrypi5']

4
playbooks/reconfigure_nginx.yaml
View File

@ -1,6 +1,6 @@
---
- debug: - debug:
msg: "{{ item }}" msg: "{{ item }}"
- name: Changing entry in nginx database - name: Changing entry in nginx database
ansible.builtin.shell: sqlite3 /share/docker_data/nginx/data/database.sqlite "UPDATE proxy_host SET forward_host = '192.168.77.238' WHERE domain_names = '[\"{{ item }}\"]'" ansible.builtin.shell: sqlite3 /share/docker_data/nginx/data/database.sqlite "UPDATE proxy_host SET forward_host = '{{ destination_server}}' WHERE domain_names = '[\"{{ item }}\"]'"
become: true become: true
when: inventory_hostname in groups['raspberrypi5']

29
playbooks/reconfigure_router.yml Normal file
View File

@ -0,0 +1,29 @@
- hosts: router
name: Switch destination
ignore_unreachable: false
tasks:
- name: Get ruleset
command: nvram get vts_rulelist
when: inventory_hostname in groups['router']
register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ DESTINATION }}\\3"
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
- name: Set ruleset
command: nvram set vts_rulelist={{ app_path }}
when: inventory_hostname in groups['router']
- name: Commit ruleset
command: nvram commit
when: inventory_hostname in groups['router']
- name: Commit ruleset
command: service restart_firewall
when: inventory_hostname in groups['router']

10
playbooks/restore_container.yaml Normal file
View File

@ -0,0 +1,10 @@
- hosts: nas
name: Sync mailu
ignore_unreachable: false
tasks:
- name: Syncing all
ansible.builtin.shell: 'rsync -avh --delete root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/latest/{{ CONTAINERS }} /share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'ls -la'
when: inventory_hostname in groups['nas']
# loop: '{{ CONTAINERS }}'

14
playbooks/restore_docker.yml Normal file
View File

@ -0,0 +1,14 @@
- hosts: nas
name: Restore docker
ignore_unreachable: false
tasks:
- name: Stop running containers
ansible.builtin.shell: for i in `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a|egrep -e '{{ app }}.*'|awk '{print $NF}' `; do /share/ZFS530_DATA/.qpkg/container-station/bin/docker stop $i;done
- name: Restore folder
ansible.builtin.shell: 'rsync -arv root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/{{ resdate }}/{{ app }} /share/docker_data/'
when: inventory_hostname in groups['nas']
- name: Change permissions
ansible.builtin.shell: chmod -R 700 /share/docker_data/rancher/rancher-data/k3s/server/
when: app == "rancher"
- name: Start running containers
ansible.builtin.shell: for i in `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a|egrep -e '{{ app }}.*'|awk '{print $NF}' `; do /share/ZFS530_DATA/.qpkg/container-station/bin/docker start $i;done

10
playbooks/router_setup.yml Normal file
View File

@ -0,0 +1,10 @@
- hosts: router
name: Setup router
ignore_unreachable: false
tasks:
- name: Upload service config
ansible.builtin.copy:
src: conf/router/dnsmasq.conf.add
dest: /jffs/configs/
- name: Restart dnsmasq
ansible.builtin.shell: service restart_dnsmasq

48
playbooks/setup_fog_nfs.yml Normal file
View File

@ -0,0 +1,48 @@
- hosts: datacenter
name: Setup nfs
gather_facts: false
tasks:
- name: Install nfs
ansible.builtin.apt:
name: nfs-kernel-server
state: present
when: inventory_hostname in groups['fog']
- name: Reconfigure common-session
ansible.builtin.lineinfile:
path: /etc/exports
regexp: "/images .*"
line: "/images *(rw,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)"
become: true
when: inventory_hostname in groups['fog']
- name: Restart autofs service
ansible.builtin.service:
name: nfs-kernel-server.service
state: restarted
become: true
when: inventory_hostname in groups['fog']
- name: Creating a file with content wol service
ansible.builtin.copy:
dest: "/etc/auto.fog"
content: |
fog-images -fstype=nfs 192.168.77.108:/images
become: true
when: inventory_hostname in groups['morefine']
- name: Restart autofs service
ansible.builtin.service:
name: autofs.service
state: restarted
become: true
when: inventory_hostname in groups['morefine']
# - name: Creating script to fetch ldap info
# ansible.builtin.copy:
# dest: "/usr/local/bin/fetchSSHKeysFromLDAP"
# content: |
# #!/bin/bash
# ldapsearch -b "dc=sectorq,dc=eu" -H ldap://192.168.77.106:389 -x '(&(objectClass=ldapPublicKey)(cn='"$1"'))' 'sshPublicKey' | sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'
# owner: admin
# mode: '0744'
# when: inventory_hostname in groups['nas']

5
playbooks/start_containers.yaml
View File

@ -1,5 +1,6 @@
--- ---
- name: Start mailu containers - name: Start mailu containers
command: "docker start gitlab semaphore-db-1 semaphore-app-1 nginx-app-1 heimdall mailu2-admin-1 mailu2-antispam-1 mailu2-antivirus-1 mailu2-fetchmail-1 mailu2-front-1 mailu2-imap-1 mailu2-oletools-1 mailu2-redis-1 mailu2-resolver-1 mailu2-smtp-1 mailu2-webdav-1 mailu2-webmail-1 HomeAssistant mosquitto-mosquitto-1 webhub-web-1" command: "docker start {{ docker_containers|join(' ') }}"
become: true become: true
ignore_errors: true ignore_errors: true

97
playbooks/stop_containers.yaml
View File

@ -1,5 +1,98 @@
--- ---
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- semaphore-db-1
- semaphore-app-1
when: '"semaphore" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- authentik-postgresql-1
- authentik-worker-1
- authentik-server-1
- authentik-redis-1
when: '"authentik" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- kestra-kestra-1
- kestra-postgres-1
when: '"kestra" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- gitlab
when: '"gitlab" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- nginx-app-1
when: '"nginx" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- heimdall
when: '"heimdall" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- mailu3-admin-1
- mailu3-antispam-1
- mailu3-antivirus-1
- mailu3-fetchmail-1
- mailu3-front-1
- mailu3-imap-1
- mailu3-oletools-1
- mailu3-redis-1
- mailu3-resolver-1
- mailu3-smtp-1
- mailu3-webdav-1
- mailu3-webmail-1
- mailu3-fts_attachments-1
when: '"mailu3" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- HomeAssistant
when: '"homeassistant" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- webhub-web-1"
when: '"webhub" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- mosquitto-mosquitto-1
when: '"mosquitto" in selected_containers'
- name: Add elements to a list
set_fact:
docker_containers: "{{ docker_containers | default([]) + [item] }}"
loop:
- webhub-web-1
when: '"webhub" in selected_containers'
- debug:
msg: "{{ docker_containers }}"
- name: Stop mailu containers - name: Stop mailu containers
command: "docker stop gitlab semaphore-db-1 semaphore-app-1 nginx-app-1 heimdall mailu2-admin-1 mailu2-antispam-1 mailu2-antivirus-1 mailu2-fetchmail-1 mailu2-front-1 mailu2-imap-1 mailu2-oletools-1 mailu2-redis-1 mailu2-resolver-1 mailu2-smtp-1 mailu2-webdav-1 mailu2-webmail-1 HomeAssistant mosquitto-mosquitto-1 webhub-web-1" command: "docker stop {{ docker_containers|join(' ') }}"
become: true become: true
ignore_errors: true ignore_errors: true

90
playbooks/switch_destination copy.yaml Normal file
View File

@ -0,0 +1,90 @@
- hosts: containers
name: Switch mailu to second
ignore_unreachable: false
vars:
arch_name: docker_mailu2_data
containers:
- nginx-app-1
- heimdall
- mailu2-admin-1
- mailu2-antispam-1
- mailu2-antivirus-1
- mailu2-fetchmail-1
- mailu2-front-1
- mailu2-imap-1
- mailu2-oletools-1
- mailu2-redis-1
- mailu2-resolver-1
- mailu2-smtp-1
- mailu2-webdav-1
- mailu2-webmail-1
- HomeAssistant
- mosquitto-mosquitto-1
- gitlab
- watchtower-watchtower-1
- kestra-kestra-1
- kestra-postgres-1
- authentik-worker-1
- authentik-server-1
- authentik-redis-1
- authentik-postgresql-1
tasks:
- name: Start mailu containers
command: "docker start {{ containers | join(' ') }}"
become: true
ignore_errors: true
when: inventory_hostname in groups['raspberrypi5']
- name: Get ruleset
command: nvram get vts_rulelist
when: inventory_hostname in groups['router']
register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ destination }}"
when: inventory_hostname in groups['router']
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ destination }}\\3"
when: inventory_hostname in groups['router']
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
when: inventory_hostname in groups['router']
- name: Pause for 60 seconds
ansible.builtin.pause:
seconds: 60
- name: Set new ruleset
command: nvram set vts_rulelist="{{ app_path }}"
when: inventory_hostname in groups['router']
- name: Nvram commit
command: nvram commit
when: inventory_hostname in groups['router']
- name: Restart firewall
command: service restart_firewall
when: inventory_hostname in groups['router']

90
playbooks/switch_destination.yaml Normal file
View File

@ -0,0 +1,90 @@
- hosts: containers
name: Switch mailu to second
ignore_unreachable: false
vars:
arch_name: docker_mailu2_data
containers:
- nginx-app-1
- heimdall
- mailu2-admin-1
- mailu2-antispam-1
- mailu2-antivirus-1
- mailu2-fetchmail-1
- mailu2-front-1
- mailu2-imap-1
- mailu2-oletools-1
- mailu2-redis-1
- mailu2-resolver-1
- mailu2-smtp-1
- mailu2-webdav-1
- mailu2-webmail-1
- HomeAssistant
- mosquitto-mosquitto-1
- gitlab
- watchtower-watchtower-1
- kestra-kestra-1
- kestra-postgres-1
- authentik-worker-1
- authentik-server-1
- authentik-redis-1
- authentik-postgresql-1
tasks:
- name: Start mailu containers
command: "docker start {{ containers | join(' ') }}"
become: true
ignore_errors: true
when: inventory_hostname in groups['raspberrypi5']
- name: Get ruleset
command: nvram get vts_rulelist
when: inventory_hostname in groups['router']
register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ destination }}"
when: inventory_hostname in groups['router']
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ destination }}\\3"
when: inventory_hostname in groups['router']
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
when: inventory_hostname in groups['router']
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
when: inventory_hostname in groups['router']
- name: Pause for 60 seconds
ansible.builtin.pause:
seconds: 60
- name: Set new ruleset
command: nvram set vts_rulelist="{{ app_path }}"
when: inventory_hostname in groups['router']
- name: Nvram commit
command: nvram commit
when: inventory_hostname in groups['router']
- name: Restart firewall
command: service restart_firewall
when: inventory_hostname in groups['router']

65
playbooks/sync_all.yaml
View File

@ -2,16 +2,35 @@
- name: import a task - name: import a task
hosts: containers hosts: containers
gather_facts: false gather_facts: false
# vars:
# selected_containers: selected_containers|split(",")
tasks: tasks:
# - debug:
# msg: "{{ inventory_hostname }}"
# - debug:
# msg: "{{ destination_server }}"
- name: Install sqlite3
ansible.builtin.apt:
name:
- sqlite3
state: present
update_cache: yes
become: true
when: inventory_hostname == destination_server
- include_tasks: stop_containers.yaml - include_tasks: stop_containers.yaml
name: Stop Containers name: Stop Containers
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server or inventory_hostname == source_server
- name: Pause for 60 seconds - name: Pause for 60 seconds
ansible.builtin.pause: ansible.builtin.pause:
seconds: 60 seconds: 60
- include_tasks: sync_container_data.yaml - include_tasks: sync_container_data.yaml
name: Sync Container Data name: Sync Container Data
when: inventory_hostname == source_server
- include_tasks: reconfigure_nginx.yaml - include_tasks: reconfigure_nginx.yaml
name: Reconfigure nginx proxy manager name: Reconfigure nginx proxy manager
loop: loop:
@ -21,26 +40,29 @@
- mail.sectorq.eu - mail.sectorq.eu
- pw.sectorq.eu - pw.sectorq.eu
- semaphore.sectorq.eu - semaphore.sectorq.eu
when: inventory_hostname in groups['raspberrypi5'] - kestra.sectorq.eu
- auth.sectorq.eu
when: inventory_hostname == destination_server
- name: Get relevant configs - name: Get relevant configs
ansible.builtin.shell: 'egrep -l "# ha.sectorq.eu|# pw.sectorq.eu|# semaphore.sectorq.eu|# sectorq.eu|# gitlab.sectorq.eu|# ha.sectorq.eu" /share/docker_data/nginx/data/nginx/proxy_host/*' ansible.builtin.shell: 'egrep -l "# kestra.sectorq.eu|# auth.sectorq.eu|# ha.sectorq.eu|# pw.sectorq.eu|# semaphore.sectorq.eu|# sectorq.eu|# gitlab.sectorq.eu|# ha.sectorq.eu" /share/docker_data/nginx/data/nginx/proxy_host/*'
ignore_errors: yes ignore_errors: true
become: yes become: true
register: result register: result
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server
- debug: - debug:
msg: "{{ result.stdout_lines }}" msg: "{{ result.stdout_lines }}"
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server
- name: Replace ip - name: Replace ip
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ item }}" path: "{{ item }}"
regexp: '^\s+set \$server\s+\"\w+.\w+.\w+.\w+\";' regexp: '^\s+set \$server\s+\"\w+.\w+.\w+.\w+\";'
line: " set $server \"192.168.77.238\";" line: " set $server \"192.168.77.47\";"
become: yes become: true
with_items: with_items:
- "{{ result.stdout_lines }}" - "{{ result.stdout_lines }}"
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server
- include_tasks: reconfigure_heimdall.yaml - include_tasks: reconfigure_heimdall.yaml
name: Reconfigure heimdall name: Reconfigure heimdall
@ -49,11 +71,28 @@
- Nginx Proxy Manager - Nginx Proxy Manager
- Portainer - Portainer
- Roundcube - Roundcube
when: inventory_hostname in groups['raspberrypi5'] - Authentik
- Kestra
when: inventory_hostname == destination_server
- name: Changing heimdall background - name: Changing heimdall background
ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE setting_user SET uservalue = 'backgrounds/TRN2Ydr5dyVAkWvCq4xqR5bQ6iyv5XaKvM1r84sJ.jpg' WHERE user_id = (SELECT id FROM users WHERE username = 'jaydee')" ansible.builtin.shell: sqlite3 /share/docker_data/heimdall/config/www/app.sqlite "UPDATE setting_user SET uservalue = 'backgrounds/TRN2Ydr5dyVAkWvCq4xqR5bQ6iyv5XaKvM1r84sJ.jpg' WHERE user_id = (SELECT id FROM users WHERE username = 'jaydee')"
become: true become: true
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server
- include_tasks: start_containers.yaml - include_tasks: start_containers.yaml
name: Start Containers name: Start Containers
when: inventory_hostname in groups['raspberrypi5'] when: inventory_hostname == destination_server or inventory_hostname == source_server
- name: Pause for 60 seconds
ansible.builtin.pause:
seconds: 60
- name: Update gitlab perms
ansible.builtin.shell: 'docker exec -t gitlab update-permissions'
ignore_errors: true
become: true
register: result
when: inventory_hostname == destination_server
# - name: Get relevant configs
# ansible.builtin.shell: 'docker restart gitlab'
# ignore_errors: yes
# become: yes
# register: result
# when: inventory_hostname in groups['raspberrypi5']

16
playbooks/sync_all_test.yaml Normal file
View File

@ -0,0 +1,16 @@
---
- name: import a task
hosts: nas
gather_facts: false
tasks:
- debug:
msg: "{{ item }}"
loop: "{{ selected_containers | split(',') }}"
- debug:
msg: "{{ destination_server }}"
- debug:
msg: "{{ source_server }}"
- debug:
msg: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '}' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"
- debug:
msg: "{{ destination_server }}"

25
playbooks/sync_container_data.yaml
View File

@ -1,9 +1,28 @@
---
- name: Changing permission - name: Changing permission
ansible.builtin.shell: 'chown -R admin. /share/docker_data/' ansible.builtin.shell: 'chown -R root. /share/docker_data/'
become: true become: true
when: inventory_hostname in groups['raspberry'] or inventory_hostname in groups['raspberrypi5'] vars:
selected_containers: "{{ selected_containers|replace('homeassistant' ,'ha') }}"
- debug:
msg: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '}' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"
when: selected_containers|split(",")|length > 1
- debug:
msg: rsync -avh --delete /share/docker_data/{{ selected_containers }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"
when: selected_containers|split(",")|length == 1
- name: Syncing all - name: Syncing all
<<<<<<< HEAD
ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,ha,gitlab,semaphore,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,ha,gitlab,semaphore,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"' #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} admin@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
=======
ansible.builtin.shell: rsync -avh --delete /share/docker_data/{{ '{' }}{{ selected_containers }}{{ '{' }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"
#ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
>>>>>>> a2272a39029fa97337f187f1b490913cd8adbd24
#ansible.builtin.shell: 'ls -la' #ansible.builtin.shell: 'ls -la'
when: inventory_hostname in groups['nas'] when: selected_containers|split(",")|length > 1
- name: Syncing all
ansible.builtin.shell: rsync -avh --delete /share/docker_data/{{ selected_containers }} root@{{ destination_server }}:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"
#ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'ls -la'
when: selected_containers|split(",")|length == 1

29
playbooks/test_replace.yml Normal file
View File

@ -0,0 +1,29 @@
- hosts: router
name: Switch destination
ignore_unreachable: false
tasks:
- name: Get ruleset
command: nvram get vts_rulelist
when: inventory_hostname in groups['router']
register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ DESTINATION }}\\3"
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
- name: Set ruleset
command: nvram set vts_rulelist={{ app_path }}
when: inventory_hostname in groups['router']
- name: Commit ruleset
command: nvram commit
when: inventory_hostname in groups['router']
- name: Commit ruleset
command: service restart_firewall
when: inventory_hostname in groups['router']

37
playbooks/update_ssh_keys.yml Normal file
View File

@ -0,0 +1,37 @@
- hosts: "{{ hosts }}"
tasks:
# Deploy SSH Key
# --
- name: Create a directory if it does not exist
ansible.builtin.file:
path: ~/.ssh
state: directory
mode: '0700'
- name: Download id_rsa
ansible.builtin.get_url:
url: http://192.168.77.106:48000/ssh/id_rsa
dest: ~/.ssh/id_rsa
mode: '0600'
- name: Download id_rsa.pub
ansible.builtin.get_url:
url: http://192.168.77.106:48000/ssh/id_rsa.pub
dest: ~/.ssh/id_rsa.pub
mode: '0600'
- name: get remote file contents
command: "cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub"
register: key
- name: show key contents
debug:
var: key.stdout
- name: Ensure we have our own comment added to /etc/services
ansible.builtin.lineinfile:
path: "{{ ansible_env.HOME }}/.ssh/authorized_keys"
line: "{{ key.stdout }}"
create: yes
- name: Ensure we have our own comment added to /etc/services
ansible.builtin.lineinfile:
path: "/root/.ssh/authorized_keys"
line: "{{ key.stdout }}"
create: yes
become: true

8
playbooks/wol_enable.yml
View File

@ -1,7 +1,11 @@
- hosts: omv - hosts: datacenter
name: Enable WOL name: Enable WOL
become: true become: true
tasks: tasks:
- name: Install ethtool
ansible.builtin.apt:
name: ethtool
state: present
- name: Display all interfaces name - name: Display all interfaces name
debug: debug:
var: ansible_facts.interfaces var: ansible_facts.interfaces
@ -12,7 +16,7 @@
when: 'item.startswith("en")' when: 'item.startswith("en")'
- name: Creating config - name: Creating config
become: yes become: true
ansible.builtin.copy: ansible.builtin.copy:
dest: "/etc/systemd/system/wol.service" dest: "/etc/systemd/system/wol.service"