klal

hosts

@@ -10,6 +10,7 @@
 
 # Ex 1: Ungrouped hosts, specify before any group headers.
 
+
 #green.example.com
 #blue.example.com
 #192.168.100.1

jaydee.yml

@@ -1,17 +1,17 @@
 $ANSIBLE_VAULT;1.1;AES256
-61323036366363323032396232663032666134316166633635316134623436303565316538333637
-6138356462323362636265323030353439393233643032330a313763336632383432613830356136
-31353731646665373863666364363163633539313436643638663736393734363532363562353866
-3333343966613162310a643534663838306435373630303337356331356164356463653863613363
-62663862376430383238616135383233313430323839613631633339373430353361326338303666
-35316631363739313938613737656661366636613165643736343433646233666362363034333139
-31646636663161313365373337333661373330386365306664306233343765636136393531643531
-63653362323461313763653836663165383162363763396162393932653764646532313637656136
-62313761386237326633653037636334343765383464333562326230323131306637323265373261
-37316263613732333633636334363762383733646461653632363434386539303130626538616437
-66306433353061323932383437373637613638643232363461316262346436366162316637306461
-64336261613436323664643063616239636631343139636164633234613536633665643231346463
-33343536373235303032373939353032666237663137353366326639613730393439353232303964
-63623536666339333135643361636138303539613233326639623236323331336661353734373562
-31633131383835323734646235363266666336343565623339373265623635323134333964353966
-61623231323936643565
+34653034626436373537323430316462643663336164613763306336333038346562356565393036
+3964393861323439333839383061303864326235306665620a346233313633393135366362326464
+63643039363635646131323365313833643864373637346536663831613837353833343030623366
+3038303063393565350a613439646161363330626566646264313939653339383439623532636638
+38646433353765396136333236656535636235313639393565306636376438346362646438613835
+62663031333832666262616365343831353530646263383932373666386631633430626363363966
+61396336303365306135363039303032646137613330646434366638633738363064356132383439
+36346432306531356333313963353463626232613563653331396334656539643531343136636635
+31613762383664353930653165313461626133336161353639303662666234356138373539376161
+30653837316266356136353132373663396365633434393166383230363263326139316362383766
+64303738393663343636616437346535346566346536616663333866613966343563306265633064
+66333331393861626637616330333463636135316466616532373663663464613034656337363437
+62653333653838326632643238616638313935383532303233643132303637653963626363633662
+33646161373931386133353338643462306635393866656662376234396533376431366134653536
+36363835346434323338363465336166303161633732333232653861646136326334616261653462
+66376139313433383665

playbooks/restore_container.yaml

@@ -1,10 +0,0 @@
-- hosts: nas
-  name: Sync mailu
-  ignore_unreachable: false
-  tasks:   
-  - name: Syncing all
-    ansible.builtin.shell: 'rsync -avh --delete root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/latest/{{ CONTAINERS }}  /share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
-    #ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
-    #ansible.builtin.shell: 'ls -la'
-    when: inventory_hostname in groups['nas']
-    # loop: '{{ CONTAINERS }}'

roles/common/tasks/main.yml

@@ -3,9 +3,8 @@
   block:
     - name: Upgrade the full OS
       ansible.builtin.apt:
+        update_cache: true
         upgrade: full
-      become: true
     - name: Upgrade flatpack
       ansible.builtin.command: flatpak update -y
-      become: true
       when: inventory_hostname == 'morefine.home.lan'

roles/docker/tasks/main.yml

@@ -4,93 +4,86 @@
     - name: Facts
       ansible.builtin.setup:
 
-    # - name: Print arch
-    #   ansible.builtin.debug:
-    #     msg: "{{ ansible_architecture }}"
-    # - name: Install docker dependencies
-    #   ansible.builtin.apt:
-    #     name:
-    #       - ca-certificates
-    #       - curl
-    #       - telnet
-    #       - net-tools
-    #       - python3-pip
-    #       - python3-dev
-    #     state: present
-    #     update_cache: true
-    # - name: Get keys for raspotify
-    #   ansible.builtin.command:
-    #     install -m 0755 -d /etc/apt/keyrings
-
-
-    # # - name: Add an Apt signing key to a specific keyring file
-    # #   ansible.builtin.apt_key:
-    # #     url: https://download.docker.com/linux/debian/gpg
-    # #     keyring: /etc/apt/keyrings/docker.asc
-    # #   when:
-    # #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
-
-    # # - name: Get keys for raspotify
-    # #   ansible.builtin.shell:
-    # #     curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-    # #   when:
-    # #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
-
-    # - name: Get keys for raspotify
-    #   ansible.builtin.shell:
-    #     curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
-    #   when:
-    #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
-
-
+    - name: Print arch
+      ansible.builtin.debug:
+        msg: "{{ ansible_architecture }}"
+    - name: Install docker dependencies
+      ansible.builtin.apt:
+        name:
+          - ca-certificates
+          - curl
+          - telnet
+          - net-tools
+          - python3-pip
+          - python3-dev
+        state: present
+        update_cache: true
+    - name: Get keys for raspotify
+      ansible.builtin.command:
+        install -m 0755 -d /etc/apt/keyrings
 
 
     # - name: Add an Apt signing key to a specific keyring file
     #   ansible.builtin.apt_key:
-    #     url: https://download.docker.com/linux/ubuntu/gpg
+    #     url: https://download.docker.com/linux/debian/gpg
     #     keyring: /etc/apt/keyrings/docker.asc
     #   when:
-    #     - ansible_distribution == "Ubuntu"
-
-    # # - name: Get keys for raspotify
-    # #   ansible.builtin.shell:
-    # #     curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
-    # #   when:
-    # #     - ansible_distribution == "Ubuntu"
-    # - name: Change file ownership, group and permissions
-    #   ansible.builtin.file:
-    #     path: /etc/apt/keyrings/docker.asc
-    #     owner: root
-    #     group: root
-    #     mode: '0644'
-
-    # # - name: Get keys for raspotify
-    # #   ansible.builtin.shell:
-    # #     chmod a+r /etc/apt/keyrings/docker.asc
-
-    # - name: Get keys for raspotify
-    #   ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\
-    #    https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\
-    #    tee /etc/apt/sources.list.d/docker.list > /dev/null
-    #   when:
     #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
 
     # - name: Get keys for raspotify
-    #   ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\
-    #    https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\
-    #    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+    #   ansible.builtin.shell:
+    #     curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+    #   when:
+    #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+
+    - name: Get keys for raspotify
+      ansible.builtin.shell:
+        curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
+      when:
+        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+
+    - name: Add an Apt signing key to a specific keyring file
+      ansible.builtin.apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        keyring: /etc/apt/keyrings/docker.asc
+      when:
+        - ansible_distribution == "Ubuntu"
+
+    # - name: Get keys for raspotify
+    #   ansible.builtin.shell:
+    #     curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
     #   when:
     #     - ansible_distribution == "Ubuntu"
+    - name: Change file ownership, group and permissions
+      ansible.builtin.file:
+        path: /etc/apt/keyrings/docker.asc
+        owner: root
+        group: root
+        mode: '0644'
 
-    # - name: Install docker
-    #   ansible.builtin.apt:
-    #     name:
-    #       - docker-ce
-    #       - docker-ce-cli
-    #       - containerd.io
-    #       - docker-buildx-plugin
-    #       - docker-compose-plugin
-    #     update_cache: true
+    # - name: Get keys for raspotify
+    #   ansible.builtin.shell:
+    #     chmod a+r /etc/apt/keyrings/docker.asc
+
+    - name: Get keys for raspotify
+      ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+      when:
+        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+
+    - name: Get keys for raspotify
+      ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+      when:
+        - ansible_distribution == "Ubuntu"
+
+    - name: Install docker
+      ansible.builtin.apt:
+        name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+        update_cache: true
 
     - name: Create a directory docker.service.d
       ansible.builtin.file:
@@ -132,14 +125,12 @@
         content: |
           [Service]
           ExecStart=
-          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \
-          --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \
-          --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
+          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
         mode: '0600'
         owner: root
         group: root
       notify: restart_docker
-      when: mode == "nocert"
+      when: mode == "cert"
 
     # - name: Creating a file with content
     #   ansible.builtin.copy:

roles/mqtt-srv/tasks/main.yml

@@ -20,7 +20,21 @@
     - name: Print message
       ansible.builtin.debug:
         msg: "{{ inventory_hostname }}"
-
+    - name: Create dir
+      ansible.builtin.file:
+        path: /etc/mqtt_srv/
+        state: directory
+        mode: '0755'
+        owner: root
+        group: root
+    - name: Create dir
+      ansible.builtin.file:
+        path: /myapps/mqtt_srv/
+        recurse: true
+        state: directory
+        mode: '0755'
+        owner: root
+        group: root
     - name: Upload service config
       ansible.builtin.copy:
         src: "{{ dest_folder }}/mqtt_srv.service"
@@ -34,12 +48,22 @@
     - name: Upload service script
       ansible.builtin.copy:
         src: "{{ dest_folder }}/mqtt_srv.py"
-        dest: /usr/bin/mqtt_srv.py
+        dest: /myapps/mqtt_srv/mqtt_srv.py
         mode: '0755'
         owner: root
         group: root
         remote_src: true
       when: inventory_hostname != 'nas.home.lan'
+    - name: Upload service req
+      ansible.builtin.copy:
+        src: "{{ dest_folder }}/requirements.txt"
+        dest: /myapps/mqtt_srv/requirements.txt
+        mode: '0755'
+        owner: root
+        group: root
+        remote_src: true
+      when: inventory_hostname != 'nas.home.lan'
+
 
     - name: Upload service script config
       ansible.builtin.copy:
@@ -69,14 +93,14 @@
     #   when: inventory_hostname in groups['router']
     #   become: false
 
-    - name: Upload service script1
-      ansible.builtin.copy:
-        src: "{{ dest_folder }}/mqtt_srv.sh"
-        dest: /etc/init.d/
-        mode: '755'
-        owner: admin
-        remote_src: true
-      when: inventory_hostname == 'nas.home.lan'
+    # - name: Upload service script1
+    #   ansible.builtin.copy:
+    #     src: "{{ dest_folder }}/mqtt_srv.sh"
+    #     dest: /etc/init.d/
+    #     mode: '755'
+    #     owner: admin
+    #     remote_src: true
+    #   when: inventory_hostname == 'nas.home.lan'
 
     - name: Print message
       ansible.builtin.debug:
@@ -85,21 +109,21 @@
     - name: Upload service script2
       ansible.builtin.copy:
         src: "{{ dest_folder }}/mqtt_srv.py"
-        dest: /usr/bin/mqtt_srv.py
+        dest: /myapps/mqtt_srv/mqtt_srv.py
         mode: '755'
         owner: admin
         remote_src: true
       when: inventory_hostname == 'nas.home.lan'
 
-    - name: Install bottle python package
+    - name: Install venv
+      ansible.builtin.apt:
+        name:
+          - python3-virtualenv
+
+    - name: Install specified python requirements in indicated (virtualenv)
       ansible.builtin.pip:
-        name: "{{ item }}"
-      loop:
-        - paho-mqtt
-        - getmac
-        - ping3
-        - psutil
-        - autorandr
+        requirements: /myapps/mqtt_srv/requirements.txt
+        virtualenv: /myapps/mqtt_srv/venv
       when: inventory_hostname != 'nas.home.lan'
 
     - name: Just force systemd to reread configs (2.4 and above)
@@ -107,8 +131,6 @@
         daemon_reload: true
       when: inventory_hostname != 'nas.home.lan'
 
-
-
     - name: Restart mqtt_srv service
       ansible.builtin.service:
         name: mqtt_srv.service

roles/omv_backup/tasks/main.yml

@@ -4,6 +4,8 @@
     - name: Include vault
       ansible.builtin.include_vars:
         file: jaydee.yml
+        name: mysecrets
+      when: inventory_hostname != 'nas.home.lan'
     - name: Delete content & directory
       ansible.builtin.file:
         state: absent
@@ -12,11 +14,12 @@
       tags:
         - git_pull
       ansible.builtin.git:
-        repo: "https://{{ git_user | urlencode }}:{{ git_password_mqtt | urlencode }}@gitlab.sectorq.eu/jaydee/omv_backup.git"
+        repo: "https://{{ mysecrets['git_user'] | urlencode }}:{{ mysecrets['git_password_mqtt'] | urlencode }}@gitlab.sectorq.eu/jaydee/omv_backup.git"
         dest: "{{ dest_folder }}"
         update: true
         clone: true
         version: main
+      when: inventory_hostname != 'nas.home.lan'
     - name: Print
       ansible.builtin.debug:
         msg: "{{ inventory_hostname }}"
@@ -27,6 +30,7 @@
         mode: '0755'
         owner: root
         group: root
+      when: inventory_hostname != 'nas.home.lan'
 
     - name: Upload script
       ansible.builtin.copy:

roles/wazuh-agent/tasks/main.yml

@@ -3,15 +3,12 @@
   block:
     - name: Get keys
       ansible.builtin.command: |
-        curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH |\
-        gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg \
-        --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+        curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
       changed_when: my_output.rc != 0
 
     - name: Add repo
       ansible.builtin.command: |
-        echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" |\
-        tee -a /etc/apt/sources.list.d/wazuh.list
+        echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
       changed_when: my_output.rc != 0
 
     - name: Update cache

roles/zabbix-agent/tasks/main.yml

@@ -73,10 +73,17 @@
           - zabbix-agent2-plugin-postgresql
           # - zabbix-agent2-plugin-mysql
         update_cache: true
+      when: inventory_hostname != 'nas.home.lan'
+    - name: Install zabbix packages
+      ansible.builtin.apt:
+        name:
+          - zabbix-agent2
+          - zabbix-agent2-plugin-mongodb
+          - zabbix-agent2-plugin-postgresql
+          # - zabbix-agent2-plugin-mysql
         only_upgrade: true
       when: inventory_hostname != 'nas.home.lan'
 
-
     - name: Reconfigure zabbix agent Server
       ansible.builtin.lineinfile:
         path: "{{ zabbix_agent_cfg }}"