klal

2026-05-04 14:49:49 +02:00 · 2026-03-24 22:18:34 +01:00
parent 68775c50da
commit e3cd8f5843
16 changed files with 236 additions and 35 deletions
@@ -1,6 +1,8 @@
 - hosts: datacenter
  name: Roles
  gather_facts: false
  vars_files:
    - jaydee.yml   # vault file
  roles:
    - name: zabbix_proxy_service
      role: zabbix_proxy_service
@@ -107,3 +109,6 @@
    - name: setup_repo_sync
      role: setup_repo_sync
      tags: setup_repo_sync
    - name: puppet-agent
      role: puppet-agent
      tags: puppet-agent
@@ -26,14 +26,11 @@ datacenter:
            ansible_user: root        
    ryzen:
      hosts:
-        192.168.77.15:
+        ryzen.home.lan:
      vars:
        ansible_python_interpreter: auto_silent
-        ansible_ssh_user: root
+        ansible_ssh_user: jd
-        ansible_ssh_pass: lacijaydee
+        ansible_ssh_private_key_file: ssh_key.pem
        ansible_password: lacijaydee
        ansible_become_user: root
        ansible_become_password: lacijaydee
    omv:
      hosts:
        192.168.77.189:
@@ -1,26 +1,27 @@
 $ANSIBLE_VAULT;1.1;AES256
-38393362333061613238333964643062316633323761346333646464373437353630656635323561
+66616666346233663164303662323266303431383638623139373163636566636230313862646664
-6433353166343337346433643839363866383831653666370a366231343233626366643466353762
+3866616633376432666530663963346561613538633563610a653835323733353465306562646631
-39346263313962343730333364643461376436663061323633623537346238316363343735343136
+33653763636238323363653439316634623134366266363032353561343136353037323635656661
-6631653665653363660a663136613961396163636163636465333163363537663634386261393537
+3436333637616362360a316636386463656466653964623166323639323834386535376532343335
-30333233316236343161663136313635353162633930646431613335313264303565616435636662
+62303631636135363630343833613963313564386636636561393039326361356232333162333336
-61343363386430303438333934393362643661356636316432396266623762393833333539633166
+30306266623030623632366135313335386466393563343030356635646563306434336137396439
-64623230353861356530653263306637323964336231353665346264333463663030366338616330
+39666531336233646638643730386137323233653061373330373430666639393230373566626534
-62373461363333643838613034636537353233393137656135386131656130363462653633366336
+36643335356566396239396265663738373838643234333438356630633031323635663666666530
-66323236346234616639383066643638303937623938333136623131396334623263653763656131
+37363163356136306366333036656162643630613039623730363365636133373264313832623066
-34306366343738663930666536663664613732343566323430353638393662666130393366663861
+31393233613665643261366337643332363032303461636138313635333130626139666666376439
-35346532656531326366343963396334393432343931656332663933616131643161363933383738
+38373437326164616434363662613535323362363561313962396665356538336333373766626361
-63616164316637626639653835356433613764663361393933346239343866323164643765336636
+37626161663238356162326461613634363462623534336632306331356239363562396662396130
-64373764373964613864386133623835303163663933396534303132323630326236336132393063
+63626337383232366335643561613766313038643464323836643130626533633339623633326233
-63666264613331306165326232386166633039333030346338383632363739393566383863663761
+34393235376565616463386539366638336633343430363639393666633932316266653466393465
-64656332643838633037373030336265663738343563303262386437353066313466393764616231
+35303832636562376665303961656134363463376637643438353038343631303164326130323966
-35653063623263666439393635613037323439616630363837353930626632313437303762633433
+39346563663062623937633639303739393665343838666137316132633631376230633763323535
-37646664376532343632613162333039326463646231383939373965623434306665383662633861
+31343965363965303561356638346130316139303832653863623762393664616335646364643437
-31383335393236313362323762633833366461643264633730636133646335393532376133386432
+37336436643362393935343037633730666362636338343466646632646266303930656436313263
-66666534393431333235326139333936616365356434636638346433663566666633306237313264
+36613464313735303566613762396261373737316563646266646237386139633663333564346136
-32313031663166353465653863643762313163386137306238383436343631303630643266353035
+33353761363663613865623863666132383730396631393563643434346437326365373238666639
-35306636643735396630613538326461656132623931666234666232396238313062343265396666
+65626339313264666439653430306331363266383232383132653562666165383436346464663265
-62343766616338383962386165393930396536666663643963383237663236666664303837613135
+31643830656136636533363265393362393934343531303362653232646232643563313738613939
-35666234363462616562366333396366353838353763613639653936303039613863323565306263
+31323365333461636637356265393665646235643530376331303931623138616637386362326132
-35373266303035613638653338346434616634353534393838646131366432633266353636383433
+32656334643864626136353934363433316463303637336363653934623834326337663334346262
-6638
+34376539353230303639633235383635613739343633613361356665373662383866343439383465
 3137313662333665303064646362616639333031633239626462
@@ -0,0 +1,38 @@
 Role Name
 =========
 A brief description of the role goes here.
 Requirements
 ------------
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 Role Variables
 --------------
 A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
 Dependencies
 ------------
 A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
 Example Playbook
 ----------------
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 License
 -------
 BSD
 Author Information
 ------------------
 An optional section for the role authors to include contact information, or a website (HTML is not allowed).
@@ -0,0 +1,2 @@
 ---
 # defaults file for puppet-agent
@@ -0,0 +1,2 @@
 ---
 # handlers file for puppet-agent
@@ -0,0 +1,52 @@
 galaxy_info:
  author: your name
  description: your role description
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: license (GPL-2.0-or-later, MIT, etc)
  min_ansible_version: 2.1
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
@@ -0,0 +1,45 @@
 - name: Install puppet agent 
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  vars:
    puppet_server: active.home.lan
  block:
    # - name: Ensure Puppet repo is present (Debian/Ubuntu)
    #   apt_repository:
    #     repo: "deb http://apt.puppetlabs.com {{ ansible_distribution_release }} puppet6"
    #     state: present
    #   when: ansible_os_family == "Debian"
    - name: Facts
      ansible.builtin.setup:
      when: ansible_facts.architecture is not defined
    - name: Install Puppet agent package
      package:
        name: puppet-agent
        state: present
    - name: Create Puppet configuration directory
      file:
        path: /etc/puppetlabs/puppet
        state: directory
        mode: '0755'
    - name: Deploy puppet.conf
      template:
        src: puppet.conf.j2
        dest: /etc/puppet/puppet.conf
        owner: root
        group: root
        mode: '0644'
    - name: Enable and start puppet agent
      systemd:
        name: puppet
        enabled: true
        state: started
    - name: Trigger puppet agent run once1
      command: /usr/bin/puppet agent -t
      register: puppet_run
      ignore_errors: true
    - debug:
        var: puppet_run.stdout_lines
@@ -0,0 +1,5 @@
 [main]
 server = {{ puppet_server }}
 certname = {{ inventory_hostname }}
 environment = production
 runinterval = 10m
@@ -0,0 +1,2 @@
 localhost
@@ -0,0 +1,5 @@
 ---
 - hosts: localhost
  remote_user: root
  roles:
    - puppet-agent
@@ -0,0 +1,3 @@
 ---
 # vars file for puppet-agent
 puppet_server: active.home.lan
@@ -0,0 +1,40 @@
 - name: Set banner
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Install packages
      ansible.builtin.apt:
        name:
          - figlet
          - toilet
    - name: Create Banner
      ansible.builtin.command: |
        figlet -c {{ (inventory_hostname | split('.'))[0] }} -f slant
      register: logo
      changed_when: "logo.rc == 0"
    - name: Creating a file with content
      ansible.builtin.copy:
        dest: "/etc/motd"
        content: |
          {{ logo.stdout }}
        owner: 0
        group: 0
        mode: "0777"
    - name: Reconfigure sshd
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^Banner.* "
        line: "#Banner /etc/banner"
    - name: Reconfigure sshd
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^#PrintLastLog.* "
        line: "PrintLastLog no"
    - name: Sshd
      ansible.builtin.service:
        name: ssh.service
        state: restarted
@@ -1,6 +1,9 @@
 - name: SSH config Setup
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Include vault
      ansible.builtin.include_vars:
        file: jaydee.yml
    - name: Upload config
      ansible.builtin.copy:
        src: config
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSABeQ3x7nM3HBil1LpGYLrdz5NbXVl6l6dNMr0lnwZ jd@ryzen
@@ -18,8 +18,8 @@
      when: inventory_hostname != 'nas.home.lan'
    - name: Upload key
      ansible.builtin.copy:
-        src: id_rsa.pub
+        src: id_ed25519_homelab.pub
-        dest: /home/jd/.ssh/id_rsa.pub
+        dest: /home/jd/.ssh/id_ed25519_homelab.pub
        mode: '0600'
        owner: jd
        group: jd
@@ -28,4 +28,4 @@
      ansible.posix.authorized_key:
        user: jd
        state: present
-        key: "{{ lookup('file', '/home/jd/.ssh/id_rsa.pub') }}"
+        key: "{{ lookup('file', '/home/jd/.ssh/id_ed25519_homelab.pub') }}"
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSABeQ3x7nM3HBil1LpGYLrdz5NbXVl6l6dNMr0lnwZ jd@ryzen`