jaydee/ansible
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/jaydee/ansible.git synced 2025-07-01 23:48:32 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: jaydee:4a7838cd190ff236c84d940589c4ed07bf8d0ffa
Branches Tags
jaydee:main
...
compare: jaydee:main
Branches Tags
jaydee:main

30 Commits
4a7838cd19 ... main

Author SHA1 Message Date
jaydee
3732db698e klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-06-21 12:23:05 +02:00
jaydee
42fdd319a3 klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-06-21 11:11:39 +02:00
jaydee
47e730ef60 klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-06-20 01:53:36 +02:00
jaydee
ddee60ab9c klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-06-19 20:24:53 +02:00
jaydee
41bd0fbe73 klal 2025-06-19 20:09:33 +02:00
jaydee
dac032de7c klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-06-08 22:58:39 +02:00
jaydee
899d130325 klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-05-24 23:34:28 +02:00
jaydee
8e7fb3bc42 klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-05-24 20:11:29 +02:00
jaydee
46da0fa6e9 klal 2025-05-24 20:05:19 +02:00
jaydee
2f3f58c965 klal 2025-05-24 19:57:19 +02:00
jaydee
264f510541 klal 2025-05-24 19:56:14 +02:00
jaydee
b01bdb59f1 klal 2025-05-24 19:51:55 +02:00
jaydee
644d8b1a59 klal 2025-05-24 19:50:01 +02:00
jaydee
230c665365 klal 2025-05-24 19:47:41 +02:00
jaydee
6a0f33c73f klal 2025-05-24 19:46:03 +02:00
jaydee
026925081e klal 2025-05-24 19:36:39 +02:00
jaydee
5426f7ae3d klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 1s
Details
2025-05-20 13:23:57 +02:00
jaydee
d255ad37ad klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-05-07 18:00:24 +02:00
jaydee
89030dec11 klal 2025-05-07 17:07:13 +02:00
jaydee
6df5f17cfe klal 2025-05-07 17:03:31 +02:00
jaydee
ff8ebb3940 klal 2025-05-07 17:01:40 +02:00
jaydee
6a720e2e89 klal 2025-05-07 16:58:23 +02:00
jaydee
02dc0134c4 klal 2025-05-07 16:56:57 +02:00
jaydee
e7fb37545f klal 2025-05-07 16:51:45 +02:00
jaydee
5927ad571e klal 2025-05-07 16:50:23 +02:00
jaydee
9871b8cb29 klal
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Details
2025-05-06 18:20:35 +02:00
jaydee
6de27cd975 klal 2025-05-06 18:15:53 +02:00
jaydee
d2c7c49d68 klal 2025-05-06 18:15:06 +02:00
jaydee
9e3ce2e113 klal 2025-05-06 18:05:32 +02:00
jaydee
bb248011ad klal 2025-05-06 18:04:03 +02:00
9 changed files with 146 additions and 135 deletions
Expand all files Collapse all files

1
hosts
View File

@ -10,6 +10,7 @@
# Ex 1: Ungrouped hosts, specify before any group headers. # Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com #green.example.com
#blue.example.com #blue.example.com
#192.168.100.1 #192.168.100.1

32
jaydee.yml
View File

@ -1,17 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61323036366363323032396232663032666134316166633635316134623436303565316538333637 34653034626436373537323430316462643663336164613763306336333038346562356565393036
6138356462323362636265323030353439393233643032330a313763336632383432613830356136 3964393861323439333839383061303864326235306665620a346233313633393135366362326464
31353731646665373863666364363163633539313436643638663736393734363532363562353866 63643039363635646131323365313833643864373637346536663831613837353833343030623366
3333343966613162310a643534663838306435373630303337356331356164356463653863613363 3038303063393565350a613439646161363330626566646264313939653339383439623532636638
62663862376430383238616135383233313430323839613631633339373430353361326338303666 38646433353765396136333236656535636235313639393565306636376438346362646438613835
35316631363739313938613737656661366636613165643736343433646233666362363034333139 62663031333832666262616365343831353530646263383932373666386631633430626363363966
31646636663161313365373337333661373330386365306664306233343765636136393531643531 61396336303365306135363039303032646137613330646434366638633738363064356132383439
63653362323461313763653836663165383162363763396162393932653764646532313637656136 36346432306531356333313963353463626232613563653331396334656539643531343136636635
62313761386237326633653037636334343765383464333562326230323131306637323265373261 31613762383664353930653165313461626133336161353639303662666234356138373539376161
37316263613732333633636334363762383733646461653632363434386539303130626538616437 30653837316266356136353132373663396365633434393166383230363263326139316362383766
66306433353061323932383437373637613638643232363461316262346436366162316637306461 64303738393663343636616437346535346566346536616663333866613966343563306265633064
64336261613436323664643063616239636631343139636164633234613536633665643231346463 66333331393861626637616330333463636135316466616532373663663464613034656337363437
33343536373235303032373939353032666237663137353366326639613730393439353232303964 62653333653838326632643238616638313935383532303233643132303637653963626363633662
63623536666339333135643361636138303539613233326639623236323331336661353734373562 33646161373931386133353338643462306635393866656662376234396533376431366134653536
31633131383835323734646235363266666336343565623339373265623635323134333964353966 36363835346434323338363465336166303161633732333232653861646136326334616261653462
61623231323936643565 66376139313433383665

10
playbooks/restore_container.yaml
View File

@ -1,10 +0,0 @@
- hosts: nas
name: Sync mailu
ignore_unreachable: false
tasks:
- name: Syncing all
ansible.builtin.shell: 'rsync -avh --delete root@192.168.77.189:/srv/dev-disk-by-uuid-02fbe97a-cd9a-4511-8bd5-21f8516353ee/docker_data/latest/{{ CONTAINERS }} /share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'rsync -avh --delete /share/docker_data/{mailu2,webhub,nginx,heimdall} root@192.168.77.238:/share/docker_data/ --exclude="home-assistant.log*" --exclude="gitlab/logs/*"'
#ansible.builtin.shell: 'ls -la'
when: inventory_hostname in groups['nas']
# loop: '{{ CONTAINERS }}'

3
roles/common/tasks/main.yml
View File

@ -3,9 +3,8 @@
block: block:
- name: Upgrade the full OS - name: Upgrade the full OS
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true
upgrade: full upgrade: full
become: true
- name: Upgrade flatpack - name: Upgrade flatpack
ansible.builtin.command: flatpak update -y ansible.builtin.command: flatpak update -y
become: true
when: inventory_hostname == 'morefine.home.lan' when: inventory_hostname == 'morefine.home.lan'

149
roles/docker/tasks/main.yml
View File

@ -4,93 +4,86 @@
- name: Facts - name: Facts
ansible.builtin.setup: ansible.builtin.setup:
# - name: Print arch - name: Print arch
# ansible.builtin.debug: ansible.builtin.debug:
# msg: "{{ ansible_architecture }}" msg: "{{ ansible_architecture }}"
# - name: Install docker dependencies - name: Install docker dependencies
# ansible.builtin.apt: ansible.builtin.apt:
# name: name:
# - ca-certificates - ca-certificates
# - curl - curl
# - telnet - telnet
# - net-tools - net-tools
# - python3-pip - python3-pip
# - python3-dev - python3-dev
# state: present state: present
# update_cache: true update_cache: true
# - name: Get keys for raspotify - name: Get keys for raspotify
# ansible.builtin.command: ansible.builtin.command:
# install -m 0755 -d /etc/apt/keyrings install -m 0755 -d /etc/apt/keyrings
# # - name: Add an Apt signing key to a specific keyring file
# # ansible.builtin.apt_key:
# # url: https://download.docker.com/linux/debian/gpg
# # keyring: /etc/apt/keyrings/docker.asc
# # when:
# # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# # - name: Get keys for raspotify
# # ansible.builtin.shell:
# # curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
# # when:
# # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# - name: Get keys for raspotify
# ansible.builtin.shell:
# curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
# when:
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# - name: Add an Apt signing key to a specific keyring file # - name: Add an Apt signing key to a specific keyring file
# ansible.builtin.apt_key: # ansible.builtin.apt_key:
# url: https://download.docker.com/linux/ubuntu/gpg # url: https://download.docker.com/linux/debian/gpg
# keyring: /etc/apt/keyrings/docker.asc # keyring: /etc/apt/keyrings/docker.asc
# when: # when:
# - ansible_distribution == "Ubuntu"
# # - name: Get keys for raspotify
# # ansible.builtin.shell:
# # curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
# # when:
# # - ansible_distribution == "Ubuntu"
# - name: Change file ownership, group and permissions
# ansible.builtin.file:
# path: /etc/apt/keyrings/docker.asc
# owner: root
# group: root
# mode: '0644'
# # - name: Get keys for raspotify
# # ansible.builtin.shell:
# # chmod a+r /etc/apt/keyrings/docker.asc
# - name: Get keys for raspotify
# ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\
# https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\
# tee /etc/apt/sources.list.d/docker.list > /dev/null
# when:
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# - name: Get keys for raspotify # - name: Get keys for raspotify
# ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\ # ansible.builtin.shell:
# https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\ # curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
# sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # when:
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
- name: Get keys for raspotify
ansible.builtin.shell:
curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
when:
- ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
- name: Add an Apt signing key to a specific keyring file
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
keyring: /etc/apt/keyrings/docker.asc
when:
- ansible_distribution == "Ubuntu"
# - name: Get keys for raspotify
# ansible.builtin.shell:
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
# when: # when:
# - ansible_distribution == "Ubuntu" # - ansible_distribution == "Ubuntu"
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: /etc/apt/keyrings/docker.asc
owner: root
group: root
mode: '0644'
# - name: Install docker # - name: Get keys for raspotify
# ansible.builtin.apt: # ansible.builtin.shell:
# name: # chmod a+r /etc/apt/keyrings/docker.asc
# - docker-ce
# - docker-ce-cli - name: Get keys for raspotify
# - containerd.io ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# - docker-buildx-plugin when:
# - docker-compose-plugin - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
# update_cache: true
- name: Get keys for raspotify
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
when:
- ansible_distribution == "Ubuntu"
- name: Install docker
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
update_cache: true
- name: Create a directory docker.service.d - name: Create a directory docker.service.d
ansible.builtin.file: ansible.builtin.file:
@ -132,14 +125,12 @@
content: | content: |
[Service] [Service]
ExecStart= ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \ ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
--tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \
--tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
mode: '0600' mode: '0600'
owner: root owner: root
group: root group: root
notify: restart_docker notify: restart_docker
when: mode == "nocert" when: mode == "cert"
# - name: Creating a file with content # - name: Creating a file with content
# ansible.builtin.copy: # ansible.builtin.copy:

64
roles/mqtt-srv/tasks/main.yml
View File

@ -20,7 +20,21 @@
- name: Print message - name: Print message
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ inventory_hostname }}" msg: "{{ inventory_hostname }}"
- name: Create dir
ansible.builtin.file:
path: /etc/mqtt_srv/
state: directory
mode: '0755'
owner: root
group: root
- name: Create dir
ansible.builtin.file:
path: /myapps/mqtt_srv/
recurse: true
state: directory
mode: '0755'
owner: root
group: root
- name: Upload service config - name: Upload service config
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ dest_folder }}/mqtt_srv.service" src: "{{ dest_folder }}/mqtt_srv.service"
@ -34,12 +48,22 @@
- name: Upload service script - name: Upload service script
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ dest_folder }}/mqtt_srv.py" src: "{{ dest_folder }}/mqtt_srv.py"
dest: /usr/bin/mqtt_srv.py dest: /myapps/mqtt_srv/mqtt_srv.py
mode: '0755' mode: '0755'
owner: root owner: root
group: root group: root
remote_src: true remote_src: true
when: inventory_hostname != 'nas.home.lan' when: inventory_hostname != 'nas.home.lan'
- name: Upload service req
ansible.builtin.copy:
src: "{{ dest_folder }}/requirements.txt"
dest: /myapps/mqtt_srv/requirements.txt
mode: '0755'
owner: root
group: root
remote_src: true
when: inventory_hostname != 'nas.home.lan'
- name: Upload service script config - name: Upload service script config
ansible.builtin.copy: ansible.builtin.copy:
@ -69,14 +93,14 @@
# when: inventory_hostname in groups['router'] # when: inventory_hostname in groups['router']
# become: false # become: false
- name: Upload service script1 # - name: Upload service script1
ansible.builtin.copy: # ansible.builtin.copy:
src: "{{ dest_folder }}/mqtt_srv.sh" # src: "{{ dest_folder }}/mqtt_srv.sh"
dest: /etc/init.d/ # dest: /etc/init.d/
mode: '755' # mode: '755'
owner: admin # owner: admin
remote_src: true # remote_src: true
when: inventory_hostname == 'nas.home.lan' # when: inventory_hostname == 'nas.home.lan'
- name: Print message - name: Print message
ansible.builtin.debug: ansible.builtin.debug:
@ -85,21 +109,21 @@
- name: Upload service script2 - name: Upload service script2
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ dest_folder }}/mqtt_srv.py" src: "{{ dest_folder }}/mqtt_srv.py"
dest: /usr/bin/mqtt_srv.py dest: /myapps/mqtt_srv/mqtt_srv.py
mode: '755' mode: '755'
owner: admin owner: admin
remote_src: true remote_src: true
when: inventory_hostname == 'nas.home.lan' when: inventory_hostname == 'nas.home.lan'
- name: Install bottle python package - name: Install venv
ansible.builtin.apt:
name:
- python3-virtualenv
- name: Install specified python requirements in indicated (virtualenv)
ansible.builtin.pip: ansible.builtin.pip:
name: "{{ item }}" requirements: /myapps/mqtt_srv/requirements.txt
loop: virtualenv: /myapps/mqtt_srv/venv
- paho-mqtt
- getmac
- ping3
- psutil
- autorandr
when: inventory_hostname != 'nas.home.lan' when: inventory_hostname != 'nas.home.lan'
- name: Just force systemd to reread configs (2.4 and above) - name: Just force systemd to reread configs (2.4 and above)
@ -107,8 +131,6 @@
daemon_reload: true daemon_reload: true
when: inventory_hostname != 'nas.home.lan' when: inventory_hostname != 'nas.home.lan'
- name: Restart mqtt_srv service - name: Restart mqtt_srv service
ansible.builtin.service: ansible.builtin.service:
name: mqtt_srv.service name: mqtt_srv.service

6
roles/omv_backup/tasks/main.yml
View File

@ -4,6 +4,8 @@
- name: Include vault - name: Include vault
ansible.builtin.include_vars: ansible.builtin.include_vars:
file: jaydee.yml file: jaydee.yml
name: mysecrets
when: inventory_hostname != 'nas.home.lan'
- name: Delete content & directory - name: Delete content & directory
ansible.builtin.file: ansible.builtin.file:
state: absent state: absent
@ -12,11 +14,12 @@
tags: tags:
- git_pull - git_pull
ansible.builtin.git: ansible.builtin.git:
repo: "https://{{ git_user | urlencode }}:{{ git_password_mqtt | urlencode }}@gitlab.sectorq.eu/jaydee/omv_backup.git" repo: "https://{{ mysecrets['git_user'] | urlencode }}:{{ mysecrets['git_password_mqtt'] | urlencode }}@gitlab.sectorq.eu/jaydee/omv_backup.git"
dest: "{{ dest_folder }}" dest: "{{ dest_folder }}"
update: true update: true
clone: true clone: true
version: main version: main
when: inventory_hostname != 'nas.home.lan'
- name: Print - name: Print
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ inventory_hostname }}" msg: "{{ inventory_hostname }}"
@ -27,6 +30,7 @@
mode: '0755' mode: '0755'
owner: root owner: root
group: root group: root
when: inventory_hostname != 'nas.home.lan'
- name: Upload script - name: Upload script
ansible.builtin.copy: ansible.builtin.copy:

7
roles/wazuh-agent/tasks/main.yml
View File

@ -3,15 +3,12 @@
block: block:
- name: Get keys - name: Get keys
ansible.builtin.command: | ansible.builtin.command: |
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH |\ curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg \
--import && chmod 644 /usr/share/keyrings/wazuh.gpg
changed_when: my_output.rc != 0 changed_when: my_output.rc != 0
- name: Add repo - name: Add repo
ansible.builtin.command: | ansible.builtin.command: |
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" |\ echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
tee -a /etc/apt/sources.list.d/wazuh.list
changed_when: my_output.rc != 0 changed_when: my_output.rc != 0
- name: Update cache - name: Update cache

9
roles/zabbix-agent/tasks/main.yml
View File

@ -73,10 +73,17 @@
- zabbix-agent2-plugin-postgresql - zabbix-agent2-plugin-postgresql
# - zabbix-agent2-plugin-mysql # - zabbix-agent2-plugin-mysql
update_cache: true update_cache: true
when: inventory_hostname != 'nas.home.lan'
- name: Install zabbix packages
ansible.builtin.apt:
name:
- zabbix-agent2
- zabbix-agent2-plugin-mongodb
- zabbix-agent2-plugin-postgresql
# - zabbix-agent2-plugin-mysql
only_upgrade: true only_upgrade: true
when: inventory_hostname != 'nas.home.lan' when: inventory_hostname != 'nas.home.lan'
- name: Reconfigure zabbix agent Server - name: Reconfigure zabbix agent Server
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ zabbix_agent_cfg }}" path: "{{ zabbix_agent_cfg }}"