Compare commits

...

7 Commits

Author SHA1 Message Date
d92720f4d0 lala 2025-01-31 00:44:32 +01:00
76aa74ff2f lala 2025-01-31 00:07:32 +01:00
74def16ccd lala 2025-01-30 23:48:24 +01:00
592d4a7db0 lala 2025-01-30 23:46:06 +01:00
3808a8bb3f lala 2025-01-30 23:39:54 +01:00
e2410e7e30 lala 2025-01-11 17:45:06 +01:00
fbd878540e lala 2025-01-08 19:18:58 +01:00
15 changed files with 264 additions and 64 deletions

View File

@ -26,4 +26,6 @@
- name: wazuh-agent
tags: wazuh-agent
- role: mqtt-srv
tags: mqtt-srv
tags: mqtt-srv
- role: vnc_server
tags: vnc_server

View File

@ -1,15 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256
64653733616336656435326432346561323838316463303932623433633565636333383264353564
6564633266633362346565303764313735356437656534640a306435383934313333313761303433
63373839383236663233316330343161623435626334303934626161626664363833346134363931
6163623238373132340a346530336337313238353233633332383563343366383538343062353637
32646562343166393737346330306439373230663137383430313532383064633765643031653264
37663134613538636639376439383530623432353332633938623362336539653864663634353261
36663266323566666361353065643239363365626264666131393033346561666562363836626665
36646138653834306564363965343338613936306334343733366633666435363636333436356538
66343034646631366131353366343136636136633162663535343939636431326534353962393361
30663331376563653935666565333466363562656130663462646639626138613365636533646333
66626131633039373064396132626232626336653434613966363466393739383030346635623165
31613131656336363966383239356137393163613036343638363834353639636431626634613031
39666239323936343732616234353465613066386362303265323436373435363864663531616234
6639666332643335623237623366666465633437343663303736
37396163363830306632376461613061333432336166376338306632633139383336343536316463
3863643031313433613130613665373466383432323039350a333365363839616135353061653834
38396136343338366162366366326265346632656561636535633631346638333730613763373065
3732386136373565620a643661333137373738333332633631303535333836666465643862396634
62633466346463363363313162376464393533636335336533313536333531366139393134323733
64643535346530653865633034636466643635633430376539633061353037353236333531396531
64336133663630663438303266653662326463396565323664303764356264623661303465643038
36376531323365643363363465353064623630663662633238663661346630326464356232303564
30316265613438643731626463626564663963613036386235383766616561323235636566333438
31633933343138383237363765663735656362376132363336633631336462636531346664353435
33623935326532646136646436613662316431306336613632643639386534343532666237633433
63343031376462616262623965363139343961376162646133376232323365656663376361663539
62613637393630303830653232663563333436373663656434646632396162653030333034383961
62626334623833393536323035636135663530326138366332666535336130373733323835663232
36313035353436633962633435623232323362633265666330623761373162303235376264613339
37343139333730346362

View File

@ -0,0 +1,8 @@
- hosts: rpi5.home.lan
name: Start containers rpi5
become: true
tasks:
- name: Start containers
ansible.builtin.shell: "docker start {{ item }}"
register: containers
with_items: ["HomeAssistant","webhub-web-1","heimdall","pihole","mosquitto-mosquitto-1","mailu3-redis-1","mailu3-webmail-1","mailu3-resolver-1","mailu3-antispam-1","mailu3-webdav-1","mailu3-smtp-1","mailu3-antivirus-1","mailu3-fts_attachments-1","mailu3-oletools-1","mailu3-admin-1","mailu3-front-1","mailu3-fetchmail-1","mailu3-imap-1","matter-server","piper-en","openwakeword","whisper-en","auth-worker-1","auth-server-1","auth-authentik_ldap-1","ak-outpost-ldap","auth-redis-1","auth-postgresql-1","nginx-app-1"]

View File

@ -0,0 +1,14 @@
- hosts: rpi5.home.lan
name: Stop rpi5
become: true
tasks:
- name: Get running packages
ansible.builtin.shell: "docker ps|awk '{print $NF}'"
register: containers
- debug:
msg: "{{ containers.stdout_lines }}"
- name: Stop containers
ansible.builtin.shell: "docker stop {{ item }}"
register: containers
when: item != "NAMES" and item != "watchtower-watchtower-1"
with_items: "{{ containers.stdout_lines }}"

16
playbooks/00_sync_rpi5.yml Executable file
View File

@ -0,0 +1,16 @@
- hosts: rpi5.home.lan
name: Sync rpi5
become: true
tasks:
- name: Apt exclude linux-dtb-current-meson64
ansible.builtin.shell: "docker ps|awk '{print $NF}'"
register: containers
- debug:
msg: "{{ containers.stdout_lines }}"
- name: Stop containers
ansible.builtin.shell: "docker stop {{ item }}"
register: containers
when: item != "NAMES" and item != "watchtower-watchtower-1"
with_items: "{{ containers.stdout_lines }}"
- name: Sync data
ansible.builtin.shell: "/myapps/venv/bin/python3 /myapps/omv_backup.py -r all"

View File

@ -5,6 +5,10 @@
# DOCKER_IMAGE: docker-tasmota
# FWS: tasmota
tasks:
- name: Pull tasmota
ansible.builtin.shell:
cmd: 'git config --global --add safe.directory /share/docker_data/docker-tasmota/Tasmota'
- name: Fetch tasmota
ansible.builtin.shell:
cmd: 'git fetch https://github.com/arendst/Tasmota.git {{ BRANCH }}'
@ -32,13 +36,13 @@
- name: Build tasmota
ansible.builtin.shell:
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}'
cmd: 'docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }} -e {{ FWS }}'
chdir: /share/docker_data/docker-tasmota/
when: FWS != "all"
- name: Build tasmota
ansible.builtin.shell:
cmd: '/share/ZFS530_DATA/.qpkg/container-station/bin/docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}'
cmd: 'docker run --rm -v /share/docker_data/docker-tasmota/Tasmota:/tasmota -u $UID:$GID {{ DOCKER_IMAGE }}'
chdir: /share/docker_data/docker-tasmota/
when: FWS == "all"

View File

@ -9,12 +9,12 @@
mode: '0700'
- name: Download id_rsa
ansible.builtin.get_url:
url: http://192.168.77.101:48000/ssh/id_rsa
url: http://192.168.77.238:48000/ssh/id_rsa
dest: ~/.ssh/id_rsa
mode: '0600'
- name: Download id_rsa.pub
ansible.builtin.get_url:
url: http://192.168.77.101:48000/ssh/id_rsa.pub
url: http://192.168.77.238:48000/ssh/id_rsa.pub
dest: ~/.ssh/id_rsa.pub
mode: '0600'
- name: get remote file contents

View File

@ -4,6 +4,8 @@
name:
- fail2ban
- sendmail
#add line to /etc/hosts
#127.0.0.1 m-server localhost....
- name: Copy files
copy:
src: "{{ item }}"

View File

@ -3,8 +3,8 @@
ansible.builtin.lineinfile:
path: /etc/sysctl.conf
regexp: "^Unet.ipv4.igmp_max_memberships.*"
line: "net.ipv4.igmp_max_memberships = 75"
line: "net.ipv4.igmp_max_memberships = 80"
- name: Restart agent
ansible.builtin.shell: echo 76 > /proc/sys/net/ipv4/igmp_max_memberships
ansible.builtin.shell: echo 80 > /proc/sys/net/ipv4/igmp_max_memberships
notify: restart_matter_server
become: true

View File

@ -23,9 +23,9 @@
# dest: /tmp/
- name: Install a .deb package from the internet11
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/6.4/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
deb: https://repo.zabbix.com/zabbix/7.2/release/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest_7.2+ubuntu24.04_all.deb
when:
- ansible_facts.architecture != "armv7l" and ( ansible_distribution == "Ubuntu" or ansible_distribution == "Linux Mint" )
- ansible_facts.architecture != "armv7l" and ( ansible_distribution == "Ubuntu1" or ansible_distribution == "Linux Mint" )
become: true
- name: Install a .deb package from the internet2
ansible.builtin.apt:
@ -48,7 +48,7 @@
- name: Install a .deb package from the internet4
ansible.builtin.apt:
#deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_7.0-1+debian12_all.deb
deb: https://repo.zabbix.com/zabbix/7.2/debian/pool/main/z/zabbix-release/zabbix-release_7.2-1+debian12_all.deb
when:
- ansible_facts.architecture != "armv7l" and ansible_facts.architecture != "aarch64" and ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
ignore_errors: true

View File

@ -34,7 +34,24 @@
owner: root
group: root
when: inventory_hostname != 'nas.home.lan'
- name: Upload script
ansible.builtin.copy:
src: "{{ dest_folder }}/omv_backup_v2.py"
dest: /myapps/omv_backup_v2.py
remote_src: true
mode: '0755'
owner: root
group: root
when: inventory_hostname != 'nas.home.lan'
- name: Upload script
ansible.builtin.copy:
src: "{{ dest_folder }}/docker_backups.py"
dest: /myapps/docker_backups.py
remote_src: true
mode: '0755'
owner: root
group: root
when: inventory_hostname != 'nas.home.lan'
- name: Upload requirements
ansible.builtin.copy:
src: "{{ dest_folder }}/requirements.txt"
@ -57,13 +74,33 @@
name: "omv_backup"
state: absent
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
ansible.builtin.cron:
name: "omv_backup"
minute: "0"
hour: "8"
job: "/myapps/venv/bin/python3 /myapps/omv_backup.py -b > /dev/null 2>&1 &"
# - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
# ansible.builtin.cron:
# name: "omv_backup"
# minute: "0"
# hour: "8"
# job: "/myapps/venv/bin/python3 /myapps/omv_backup.py -b > /dev/null 2>&1 &"
- name: Creating config
ansible.builtin.copy:
dest: "/etc/systemd/system/omv_backup.service"
content: |
[Unit]
Description=Enable OMV backup
[Service]
ExecStart = nohup /myapps/venv/bin/python3 /myapps/omv_backup_v2.py -b > /dev/null 2>&1 &
[Install]
WantedBy=basic.target
owner: root
mode: '0744'
- name: Restart service omv_backup, in all cases
ansible.builtin.service:
name: omv_backup
state: restarted
enabled: true
# async:
# poll: 0
# ignore_errors: true
become: true

View File

@ -0,0 +1,5 @@
- name: restart_docker
ansible.builtin.service:
name: docker.service
state: restarted
become: true

57
roles/sendmail/tasks/main.yml Executable file
View File

@ -0,0 +1,57 @@
- block:
- name: Install docker
ansible.builtin.apt:
name:
- ca-certificates
- curl
- telnet
- net-tools
- python3-pip
- python3-dev
state: present
update_cache: true
- name: Get keys for raspotify
ansible.builtin.shell:
install -m 0755 -d /etc/apt/keyrings
- name: Get keys for raspotify
ansible.builtin.shell:
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
- name: Get keys for raspotify
ansible.builtin.shell:
chmod a+r /etc/apt/keyrings/docker.asc
- name: Get keys for raspotify
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- name: Install docker
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
update_cache: true
- name: Create a directory docker.service.d
ansible.builtin.file:
path: /etc/systemd/system/docker.service.d/
state: directory
mode: '0755'
- name: Creating a file with content
copy:
dest: "/etc/systemd/system/docker.service.d/override.conf"
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
notify: restart_docker
- name: Just force systemd to reread configs
ansible.builtin.systemd:
daemon_reload: true
become: true

View File

@ -0,0 +1,46 @@
- block:
- name: Install vnc packages
ansible.builtin.apt:
name:
- tigervnc-standalone-server
- tigervnc-common
update_cache: yes
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /home/jd/.vnc/
state: directory
mode: '0755'
owner: jd
group: jd
- name: Creating a file with content
copy:
dest: "/home/jd/.vnc/config"
content: |
session=mate
geometry=1200x721
localhost
alwaysshared
mode: '0755'
owner: jd
group: jd
- name: Reconfigure vnc
ansible.builtin.lineinfile:
path: /etc/tigervnc/vncserver-config-defaults
regexp: "^$localhost =.* "
line: '$localhost = "no";'
- name: Reconfigure vnc1
ansible.builtin.lineinfile:
path: /etc/tigervnc/vncserver.users
#regexp: "^:1=.*"
line: ':1=jd'
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: "/etc/tigervnc/vncserver.users"
regexp: "^:1=jd"
line: ":1=jd"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"

View File

@ -1,5 +1,7 @@
- block:
- name: include vault
ansible.builtin.include_vars:
file: jaydee.yml
- name: Install vnc packages
ansible.builtin.apt:
name:
@ -7,40 +9,45 @@
- tigervnc-common
update_cache: yes
- name: Creating config
become: true
ansible.builtin.copy:
dest: "/etc/systemd/system/vncserver@.service"
content: |
[Unit]
Description=VNC Server
After=syslog.target network.target
[Service]
Type=forking
WorkingDirectory=/home/jd
User=jd
Group=jd
ExecStartPre=/bin/sh -c '/usr/bin/tigervncserver -kill %i > /dev/null 2>&1 || :'
ExecStart = /usr/bin/tigervncserver -xstartup /usr/bin/mate-session -SecurityTypes VncAuth,TLSVnc -geometry 1600x900 -localhost no %i
ExecStop = /usr/bin/tigervncserver -kill %i
Environment="HOME=/home/jd"
[Install]
WantedBy=multi-user.target
owner: root
mode: '0744'
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /home/jd/.vnc/
path: /home/jd/.vnc
state: directory
mode: '0755'
mode: '0700'
owner: jd
group: jd
- name: Creating a file with content
copy:
dest: "/home/jd/.vnc/config"
content: |
session=mate
geometry=1200x721
localhost
alwaysshared
mode: '0755'
owner: jd
group: jd
- name: Reconfigure vnc
ansible.builtin.lineinfile:
path: /etc/tigervnc/vncserver-config-defaults
regexp: "^$localhost =.* "
line: '$localhost = "no";'
- name: Reconfigure vnc1
ansible.builtin.lineinfile:
path: /etc/tigervnc/vncserver.users
#regexp: "^:1=.*"
line: ':1=jd'
- name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile:
path: "/etc/tigervnc/vncserver.users"
regexp: "^:1=jd"
line: ":1=jd"
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
- name: Set vnc password
ansible.builtin.shell:
cmd: echo "{{ vnc_password }}" | vncpasswd -f > /home/jd/.vnc/vncpasswd
- name: Set vnc password
ansible.builtin.shell:
cmd: echo "{{ vnc_password }}" | vncpasswd -f > /home/jd/.vnc/passwd
- name: Restart service vncserver, in all cases
ansible.builtin.service:
name: vncserver@:1
state: restarted
daemon-reload: true
enabled: true
become: true