mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2025-07-01 15:38:33 +02:00
Compare commits
7 Commits
195e227c69
...
d92720f4d0
Author | SHA1 | Date | |
---|---|---|---|
d92720f4d0 | |||
76aa74ff2f | |||
74def16ccd | |||
592d4a7db0 | |||
3808a8bb3f | |||
e2410e7e30 | |||
fbd878540e |
4
all.yml
4
all.yml
@ -26,4 +26,6 @@
|
||||
- name: wazuh-agent
|
||||
tags: wazuh-agent
|
||||
- role: mqtt-srv
|
||||
tags: mqtt-srv
|
||||
tags: mqtt-srv
|
||||
- role: vnc_server
|
||||
tags: vnc_server
|
30
jaydee.yml
30
jaydee.yml
@ -1,15 +1,17 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64653733616336656435326432346561323838316463303932623433633565636333383264353564
|
||||
6564633266633362346565303764313735356437656534640a306435383934313333313761303433
|
||||
63373839383236663233316330343161623435626334303934626161626664363833346134363931
|
||||
6163623238373132340a346530336337313238353233633332383563343366383538343062353637
|
||||
32646562343166393737346330306439373230663137383430313532383064633765643031653264
|
||||
37663134613538636639376439383530623432353332633938623362336539653864663634353261
|
||||
36663266323566666361353065643239363365626264666131393033346561666562363836626665
|
||||
36646138653834306564363965343338613936306334343733366633666435363636333436356538
|
||||
66343034646631366131353366343136636136633162663535343939636431326534353962393361
|
||||
30663331376563653935666565333466363562656130663462646639626138613365636533646333
|
||||
66626131633039373064396132626232626336653434613966363466393739383030346635623165
|
||||
31613131656336363966383239356137393163613036343638363834353639636431626634613031
|
||||
39666239323936343732616234353465613066386362303265323436373435363864663531616234
|
||||
6639666332643335623237623366666465633437343663303736
|
||||
37396163363830306632376461613061333432336166376338306632633139383336343536316463
|
||||
3863643031313433613130613665373466383432323039350a333365363839616135353061653834
|
||||
38396136343338366162366366326265346632656561636535633631346638333730613763373065
|
||||
3732386136373565620a643661333137373738333332633631303535333836666465643862396634
|
||||
62633466346463363363313162376464393533636335336533313536333531366139393134323733
|
||||
64643535346530653865633034636466643635633430376539633061353037353236333531396531
|
||||
64336133663630663438303266653662326463396565323664303764356264623661303465643038
|
||||
36376531323365643363363465353064623630663662633238663661346630326464356232303564
|
||||
30316265613438643731626463626564663963613036386235383766616561323235636566333438
|
||||
31633933343138383237363765663735656362376132363336633631336462636531346664353435
|
||||
33623935326532646136646436613662316431306336613632643639386534343532666237633433
|
||||
63343031376462616262623965363139343961376162646133376232323365656663376361663539
|
||||
62613637393630303830653232663563333436373663656434646632396162653030333034383961
|
||||
62626334623833393536323035636135663530326138366332666535336130373733323835663232
|
||||
36313035353436633962633435623232323362633265666330623761373162303235376264613339
|
||||
37343139333730346362
|
||||
|
8
playbooks/00_start_containers_rpi5.yml
Executable file
8
playbooks/00_start_containers_rpi5.yml
Executable file
@ -0,0 +1,8 @@
|
||||
- hosts: rpi5.home.lan
|
||||
name: Start containers rpi5
|
||||
become: true
|
||||
tasks:
|
||||
- name: Start containers
|
||||
ansible.builtin.shell: "docker start {{ item }}"
|
||||
register: containers
|
||||
with_items: ["HomeAssistant","webhub-web-1","heimdall","pihole","mosquitto-mosquitto-1","mailu3-redis-1","mailu3-webmail-1","mailu3-resolver-1","mailu3-antispam-1","mailu3-webdav-1","mailu3-smtp-1","mailu3-antivirus-1","mailu3-fts_attachments-1","mailu3-oletools-1","mailu3-admin-1","mailu3-front-1","mailu3-fetchmail-1","mailu3-imap-1","matter-server","piper-en","openwakeword","whisper-en","auth-worker-1","auth-server-1","auth-authentik_ldap-1","ak-outpost-ldap","auth-redis-1","auth-postgresql-1","nginx-app-1"]
|
14
playbooks/00_stop_containers_rpi5.yml
Executable file
14
playbooks/00_stop_containers_rpi5.yml
Executable file
@ -0,0 +1,14 @@
|
||||
- hosts: rpi5.home.lan
|
||||
name: Stop rpi5
|
||||
become: true
|
||||
tasks:
|
||||
- name: Get running packages
|
||||
ansible.builtin.shell: "docker ps|awk '{print $NF}'"
|
||||
register: containers
|
||||
- debug:
|
||||
msg: "{{ containers.stdout_lines }}"
|
||||
- name: Stop containers
|
||||
ansible.builtin.shell: "docker stop {{ item }}"
|
||||
register: containers
|
||||
when: item != "NAMES" and item != "watchtower-watchtower-1"
|
||||
with_items: "{{ containers.stdout_lines }}"
|
16
playbooks/00_sync_rpi5.yml
Executable file
16
playbooks/00_sync_rpi5.yml
Executable file
@ -0,0 +1,16 @@
|
||||
- hosts: rpi5.home.lan
|
||||
name: Sync rpi5
|
||||
become: true
|
||||
tasks:
|
||||
- name: Apt exclude linux-dtb-current-meson64
|
||||
ansible.builtin.shell: "docker ps|awk '{print $NF}'"
|
||||
register: containers
|
||||
- debug:
|
||||
msg: "{{ containers.stdout_lines }}"
|
||||
- name: Stop containers
|
||||
ansible.builtin.shell: "docker stop {{ item }}"
|
||||
register: containers
|
||||
when: item != "NAMES" and item != "watchtower-watchtower-1"
|
||||
with_items: "{{ containers.stdout_lines }}"
|
||||
- name: Sync data
|
||||
ansible.builtin.shell: "/myapps/venv/bin/python3 /myapps/omv_backup.py -r all"
|
@ -5,6 +5,10 @@
|
||||
# DOCKER_IMAGE: docker-tasmota
|
||||
# FWS: tasmota
|
||||
tasks:
|
||||
- name: Pull tasmota
|
||||
ansible.builtin.shell:
|
||||
cmd: 'git config --global --add safe.directory /share/docker_data/docker-tasmota/Tasmota'
|
||||
|
||||
- name: Fetch tasmota
|
||||
ansible.builtin.shell:
|
||||
cmd: 'git fetch https://github.com/arendst/Tasmota.git {{ BRANCH }}'
|
||||
@ -32,13 +36,13 @@
|
||||
|
||||
- name: Build tasmota
|
||||
ansible.builtin.shell:
|
||||
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}'
|
||||
cmd: 'docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}'
|
||||
chdir: /share/docker_data/docker-tasmota/
|
||||
when: FWS != "all"
|
||||
|
||||
- name: Build tasmota
|
||||
ansible.builtin.shell:
|
||||
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}'
|
||||
cmd: 'docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}'
|
||||
chdir: /share/docker_data/docker-tasmota/
|
||||
when: FWS == "all"
|
||||
|
||||
|
@ -9,12 +9,12 @@
|
||||
mode: '0700'
|
||||
- name: Download id_rsa
|
||||
ansible.builtin.get_url:
|
||||
url: http://192.168.77.101:48000/ssh/id_rsa
|
||||
url: http://192.168.77.238:48000/ssh/id_rsa
|
||||
dest: ~/.ssh/id_rsa
|
||||
mode: '0600'
|
||||
- name: Download id_rsa.pub
|
||||
ansible.builtin.get_url:
|
||||
url: http://192.168.77.101:48000/ssh/id_rsa.pub
|
||||
url: http://192.168.77.238:48000/ssh/id_rsa.pub
|
||||
dest: ~/.ssh/id_rsa.pub
|
||||
mode: '0600'
|
||||
- name: get remote file contents
|
||||
|
@ -4,6 +4,8 @@
|
||||
name:
|
||||
- fail2ban
|
||||
- sendmail
|
||||
#add line to /etc/hosts
|
||||
#127.0.0.1 m-server localhost....
|
||||
- name: Copy files
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
|
@ -3,8 +3,8 @@
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sysctl.conf
|
||||
regexp: "^Unet.ipv4.igmp_max_memberships.*"
|
||||
line: "net.ipv4.igmp_max_memberships = 75"
|
||||
line: "net.ipv4.igmp_max_memberships = 80"
|
||||
- name: Restart agent
|
||||
ansible.builtin.shell: echo 76 > /proc/sys/net/ipv4/igmp_max_memberships
|
||||
ansible.builtin.shell: echo 80 > /proc/sys/net/ipv4/igmp_max_memberships
|
||||
notify: restart_matter_server
|
||||
become: true
|
||||
|
@ -23,9 +23,9 @@
|
||||
# dest: /tmp/
|
||||
- name: Install a .deb package from the internet11
|
||||
ansible.builtin.apt:
|
||||
deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
|
||||
deb: https://repo.zabbix.com/zabbix/7.2/release/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest_7.2+ubuntu24.04_all.deb
|
||||
when:
|
||||
- ansible_facts.architecture != "armv7l" and ( ansible_distribution == "Ubuntu" or ansible_distribution == "Linux Mint" )
|
||||
- ansible_facts.architecture != "armv7l" and ( ansible_distribution == "Ubuntu1" or ansible_distribution == "Linux Mint" )
|
||||
become: true
|
||||
- name: Install a .deb package from the internet2
|
||||
ansible.builtin.apt:
|
||||
@ -48,7 +48,7 @@
|
||||
- name: Install a .deb package from the internet4
|
||||
ansible.builtin.apt:
|
||||
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
|
||||
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
|
||||
deb: https://repo.zabbix.com/zabbix/7.2/debian/pool/main/z/zabbix-release/zabbix-release_7.2-1+debian12_all.deb
|
||||
when:
|
||||
- ansible_facts.architecture != "armv7l" and ansible_facts.architecture != "aarch64" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
ignore_errors: true
|
||||
|
@ -34,7 +34,24 @@
|
||||
owner: root
|
||||
group: root
|
||||
when: inventory_hostname != 'nas.home.lan'
|
||||
|
||||
- name: Upload script
|
||||
ansible.builtin.copy:
|
||||
src: "{{ dest_folder }}/omv_backup_v2.py"
|
||||
dest: /myapps/omv_backup_v2.py
|
||||
remote_src: true
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
when: inventory_hostname != 'nas.home.lan'
|
||||
- name: Upload script
|
||||
ansible.builtin.copy:
|
||||
src: "{{ dest_folder }}/docker_backups.py"
|
||||
dest: /myapps/docker_backups.py
|
||||
remote_src: true
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
when: inventory_hostname != 'nas.home.lan'
|
||||
- name: Upload requirements
|
||||
ansible.builtin.copy:
|
||||
src: "{{ dest_folder }}/requirements.txt"
|
||||
@ -57,13 +74,33 @@
|
||||
name: "omv_backup"
|
||||
state: absent
|
||||
|
||||
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
|
||||
ansible.builtin.cron:
|
||||
name: "omv_backup"
|
||||
minute: "0"
|
||||
hour: "8"
|
||||
job: "/myapps/venv/bin/python3 /myapps/omv_backup.py -b > /dev/null 2>&1 &"
|
||||
# - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
|
||||
# ansible.builtin.cron:
|
||||
# name: "omv_backup"
|
||||
# minute: "0"
|
||||
# hour: "8"
|
||||
# job: "/myapps/venv/bin/python3 /myapps/omv_backup.py -b > /dev/null 2>&1 &"
|
||||
|
||||
- name: Creating config
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/systemd/system/omv_backup.service"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable OMV backup
|
||||
|
||||
[Service]
|
||||
ExecStart = nohup /myapps/venv/bin/python3 /myapps/omv_backup_v2.py -b > /dev/null 2>&1 &
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
owner: root
|
||||
mode: '0744'
|
||||
- name: Restart service omv_backup, in all cases
|
||||
ansible.builtin.service:
|
||||
name: omv_backup
|
||||
state: restarted
|
||||
enabled: true
|
||||
# async:
|
||||
# poll: 0
|
||||
# ignore_errors: true
|
||||
become: true
|
||||
|
5
roles/sendmail/handlers/main.yml
Executable file
5
roles/sendmail/handlers/main.yml
Executable file
@ -0,0 +1,5 @@
|
||||
- name: restart_docker
|
||||
ansible.builtin.service:
|
||||
name: docker.service
|
||||
state: restarted
|
||||
become: true
|
57
roles/sendmail/tasks/main.yml
Executable file
57
roles/sendmail/tasks/main.yml
Executable file
@ -0,0 +1,57 @@
|
||||
- block:
|
||||
- name: Install docker
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- ca-certificates
|
||||
- curl
|
||||
- telnet
|
||||
- net-tools
|
||||
- python3-pip
|
||||
- python3-dev
|
||||
state: present
|
||||
update_cache: true
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell:
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell:
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell:
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
|
||||
- name: Install docker
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-buildx-plugin
|
||||
- docker-compose-plugin
|
||||
update_cache: true
|
||||
|
||||
- name: Create a directory docker.service.d
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/docker.service.d/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Creating a file with content
|
||||
copy:
|
||||
dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
|
||||
notify: restart_docker
|
||||
|
||||
- name: Just force systemd to reread configs
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
become: true
|
46
roles/vnc_server/tasks/main copy.yml
Executable file
46
roles/vnc_server/tasks/main copy.yml
Executable file
@ -0,0 +1,46 @@
|
||||
- block:
|
||||
|
||||
- name: Install vnc packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- tigervnc-standalone-server
|
||||
- tigervnc-common
|
||||
update_cache: yes
|
||||
|
||||
- name: Create a directory if it does not exist
|
||||
ansible.builtin.file:
|
||||
path: /home/jd/.vnc/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
owner: jd
|
||||
group: jd
|
||||
- name: Creating a file with content
|
||||
copy:
|
||||
dest: "/home/jd/.vnc/config"
|
||||
content: |
|
||||
session=mate
|
||||
geometry=1200x721
|
||||
localhost
|
||||
alwaysshared
|
||||
mode: '0755'
|
||||
owner: jd
|
||||
group: jd
|
||||
- name: Reconfigure vnc
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/tigervnc/vncserver-config-defaults
|
||||
regexp: "^$localhost =.* "
|
||||
line: '$localhost = "no";'
|
||||
|
||||
- name: Reconfigure vnc1
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/tigervnc/vncserver.users
|
||||
#regexp: "^:1=.*"
|
||||
line: ':1=jd'
|
||||
|
||||
- name: Reconfigure zabbix agent Server
|
||||
ansible.builtin.lineinfile:
|
||||
path: "/etc/tigervnc/vncserver.users"
|
||||
regexp: "^:1=jd"
|
||||
line: ":1=jd"
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
|
@ -1,5 +1,7 @@
|
||||
- block:
|
||||
|
||||
- name: include vault
|
||||
ansible.builtin.include_vars:
|
||||
file: jaydee.yml
|
||||
- name: Install vnc packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
@ -7,40 +9,45 @@
|
||||
- tigervnc-common
|
||||
update_cache: yes
|
||||
|
||||
- name: Creating config
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
|
||||
dest: "/etc/systemd/system/vncserver@.service"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=VNC Server
|
||||
After=syslog.target network.target
|
||||
[Service]
|
||||
Type=forking
|
||||
WorkingDirectory=/home/jd
|
||||
User=jd
|
||||
Group=jd
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/tigervncserver -kill %i > /dev/null 2>&1 || :'
|
||||
ExecStart = /usr/bin/tigervncserver -xstartup /usr/bin/mate-session -SecurityTypes VncAuth,TLSVnc -geometry 1600x900 -localhost no %i
|
||||
ExecStop = /usr/bin/tigervncserver -kill %i
|
||||
Environment="HOME=/home/jd"
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
owner: root
|
||||
mode: '0744'
|
||||
- name: Create a directory if it does not exist
|
||||
ansible.builtin.file:
|
||||
path: /home/jd/.vnc/
|
||||
path: /home/jd/.vnc
|
||||
state: directory
|
||||
mode: '0755'
|
||||
mode: '0700'
|
||||
owner: jd
|
||||
group: jd
|
||||
- name: Creating a file with content
|
||||
copy:
|
||||
dest: "/home/jd/.vnc/config"
|
||||
content: |
|
||||
session=mate
|
||||
geometry=1200x721
|
||||
localhost
|
||||
alwaysshared
|
||||
mode: '0755'
|
||||
owner: jd
|
||||
group: jd
|
||||
- name: Reconfigure vnc
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/tigervnc/vncserver-config-defaults
|
||||
regexp: "^$localhost =.* "
|
||||
line: '$localhost = "no";'
|
||||
|
||||
- name: Reconfigure vnc1
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/tigervnc/vncserver.users
|
||||
#regexp: "^:1=.*"
|
||||
line: ':1=jd'
|
||||
|
||||
- name: Reconfigure zabbix agent Server
|
||||
ansible.builtin.lineinfile:
|
||||
path: "/etc/tigervnc/vncserver.users"
|
||||
regexp: "^:1=jd"
|
||||
line: ":1=jd"
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
|
||||
- name: Set vnc password
|
||||
ansible.builtin.shell:
|
||||
cmd: echo "{{ vnc_password }}" | vncpasswd -f > /home/jd/.vnc/vncpasswd
|
||||
- name: Set vnc password
|
||||
ansible.builtin.shell:
|
||||
cmd: echo "{{ vnc_password }}" | vncpasswd -f > /home/jd/.vnc/passwd
|
||||
- name: Restart service vncserver, in all cases
|
||||
ansible.builtin.service:
|
||||
name: vncserver@:1
|
||||
state: restarted
|
||||
daemon-reload: true
|
||||
enabled: true
|
||||
become: true
|
Reference in New Issue
Block a user