jannik/ansible-role-server
1
1
Fork 0
Code Issues 3 Releases Activity

[GIT] refactor submodules: add all to own repo

Browse source
This commit is contained in:
Jannik Beyerstedt 2019-10-06 22:55:56 +02:00
commit be2b9bf3c0
27 changed files with 3311 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
tasks/borgbackup-Debian-stretch.yml Normal file
View file

@ -0,0 +1,35 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
# For Debian Stretch, use a newer package version from backports
- name: borgbackup - Add debian repo key
become: yes
apt_key:
keyserver: pgpkeys.mit.edu
id: 8B48AD6246925553
state: present
when:
- ansible_distribution_release == 'stretch'
- name: borgbackup - Add stretch-backports
become: yes
apt_repository:
repo: deb http://ftp.debian.org/debian stretch-backports main
state: present
when:
- ansible_distribution_release == 'stretch'
- name: borgbackup - Install borgbackup from stretch-backports
become: yes
apt:
name: borgbackup
state: latest
default_release: stretch-backports
update_cache: yes
cache_valid_time: 3600
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- ansible_distribution_release == 'stretch'

19
tasks/borgbackup-Debian.yml Normal file
View file

@ -0,0 +1,19 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
# For all other Debian versions, simply install borgbackup
- name: borgbackup - Install borgbackup
become: yes
apt:
name: borgbackup
state: latest
update_cache: yes
cache_valid_time: 3600
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- ansible_distribution_release != 'stretch'

57
tasks/borgbackup.yml Normal file
View file

@ -0,0 +1,57 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
- name: borgbackup - Install
include_tasks: "{{ item }}"
with_first_found:
- "borgbackup-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml"
- "borgbackup-{{ ansible_distribution }}.yml"
- "borgbackup-{{ ansible_os_family }}.yml"
# copy backup script and enable cronjob
- name: borgbackup - Copy Borgbackup script
become: yes
template:
src: "{{ role_path }}/templates/borgbackup.sh"
dest: /usr/local/bin/borgbackup.sh
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: 0775
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- name: borgbackup - Run Borgbackup script at 1:00 daily
become: yes
cron:
name: "Create Backup"
minute: "0"
hour: "1"
job: "/usr/local/bin/borgbackup.sh"
when:
- borgbackup_host is defined
- borgbackup_sub is defined
# safeguard, if the host variables were removed
- name: borgbackup - Remove Borgbackup script if no borgbackup config
become: yes
file:
path: /usr/local/bin/borgbackup.sh
state: absent
when:
- borgbackup_host is not defined
- borgbackup_sub is not defined
- name: borgbackup - Remove Cronjob if no borgbackup config
become: yes
cron:
name: "Create Backup"
minute: "0"
hour: "1"
job: "/usr/local/bin/borgbackup.sh"
state: absent
when:
- borgbackup_host is not defined
- borgbackup_sub is not defined

43
tasks/caddy-install.yml Normal file
View file

@ -0,0 +1,43 @@
---
# Server/Caddyserver-Install: Install/Update Caddy Webserver (with some modules)
- name: caddyserver - Stop caddy
become: yes
service:
name: caddy
state: stopped
- name: caddyserver - Make temp download directory
file:
path: /tmp/caddy
state: directory
- name: caddyserver - Download caddy webserver
get_url:
url: https://caddyserver.com/download/linux/amd64?plugins=http.ratelimit&license=personal
dest: /tmp/caddy/caddy.tar.gz
- name: caddyserver - Extract caddy
shell: "cd /tmp/caddy && tar -xvf caddy.tar.gz"
# unarchive:
# src: /tmp/caddy/caddy.tar.gz
# dest: /tmp/caddy
# copy: no
- name: caddyserver - Copy caddy to a PATH location
become: yes
shell: "cp /tmp/caddy/caddy /usr/local/bin"
- name: caddyserver - Clean up download files
become: yes
file:
path: /tmp/caddy
state: absent
- name: caddyserver - Install caddy APT dependencies
become: yes
apt:
name: libcap2-bin
state: latest
- name: caddyserver - Give caddy port binding capabilities
become: yes
shell: "setcap cap_net_bind_service=+ep /usr/local/bin/caddy"
# capabilities:
# path: "{{ caddy_bin }}"
# capability: cap_net_bind_service+ep
# state: present

46
tasks/caddy-setup.yml Normal file
View file

@ -0,0 +1,46 @@
---
# Server/Caddyserver-Setup: Setup Caddy Webserver (user, directories, etc)
- name: caddyserver - Add www-data system user
become: yes
user:
name: www-data
create_home: no
system: yes
shell: /bin/false
state: present
- name: caddyserver - Add Caddy directories
become: yes
file:
path: "{{ item }}"
state: directory
owner: www-data
group: www-data
mode: 0770
with_items:
- /etc/ssl/caddy
- /etc/caddy
- name: caddyserver - Add Caddy home directory
become: yes
file:
path: /var/www
state: directory
owner: www-data
group: www-data
mode: 0555
- name: caddyserver - Copy Caddy systemd service file
become: yes
copy:
src: "{{ role_path }}/files/caddy.service"
dest: /etc/systemd/system/caddy.service
owner: root
group: root
mode: 0644
- name: caddyserver - Add standard user to www-data group
become: yes
user:
name: "{{ ansible_user_id }}"
groups: www-data
append: yes

9
tasks/caddyserver.yml Normal file
View file

@ -0,0 +1,9 @@
---
# Server/Caddyserver: Install Caddy Webserver (with some modules)
# ATTENTION: No Caddyfile is created yet and caddy is not enabled or started!
- name: caddyserver - Install caddy server
include_tasks: "caddy-install.yml"
- name: caddyserver - Setup caddy server
include_tasks: "caddy-setup.yml"

49
tasks/cronmails.yml Normal file
View file

@ -0,0 +1,49 @@
---
# Server/Cronmails: Setup Mails from Cronjobs (install exim)
# Install and configure exim
- name: cronmails - Install exim4 as MTA
become: yes
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
- exim4
- mailutils
- name: cronmails - Create exim4 config folder
become: yes
file: path=/etc/exim4 state=directory
- name: cronmails - Copy exim4 config template
become: yes
copy:
src: "{{ role_path }}/files/exim4.conf.template"
dest: /etc/exim4/exim4.conf.template
- name: cronmails - Copy exim4 config file
become: yes
template:
src: "{{ role_path }}/templates/update-exim4.conf.conf"
dest: /etc/exim4/update-exim4.conf.conf
- name: cronmails - Run update-exim4.conf
become: yes
shell: "update-exim4.conf"
- name: cronmails - Enable and start exim4
become: yes
service:
name: exim4
state: started
enabled: yes
# Set crobjob env variables/ settings
- name: cronmails - Crontab set path
become: yes
cron:
name: PATH
env: yes
value: /bin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
- name: cronmails - Crontab set mailto
become: yes
cron:
name: MAILTO
env: yes
value: "device-{{ ansible_hostname }}@jtbx.de"

54
tasks/docker.yml Normal file
View file

@ -0,0 +1,54 @@
---
# Server/Docker: Install Docker and Docker-Compose
# Install docker CE
- name: docker - Install docker CE APT dependencies
become: yes
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
- apt-transport-https
- ca-certificates
- curl
- gnupg2
- software-properties-common
- name: docker - Add docker CE repo key
become: yes
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: docker - Add docker CE add repo
become: yes
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
state: present
- name: docker - Install docker CE
become: yes
apt:
name: docker-ce
state: latest
update_cache: yes
cache_valid_time: 3600
# Install docker-compose (TODO: do not use a static docker-compose version)
- name: docker - Install docker-compose
become: yes
get_url:
url: https://github.com/docker/compose/releases/download/1.23.2/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose
- name: docker - Make docker-compose executable
become: yes
file:
path: /usr/local/bin/docker-compose
mode: 0755
# Other setup tasks
- name: docker - Add standard user to docker group
become: yes
user:
name: "{{ ansible_user_id }}"
groups: docker
append: yes

24
tasks/dyndns.yml Normal file
View file

@ -0,0 +1,24 @@
---
# Server/Dyndns: Setup dynDNS Script
- name: dyndns - Install needed tools
become: yes
package:
name: curl
state: present
- name: dyndns - Copy hosts.jtbx.de dynDNS script
become: yes
copy:
src: "{{ role_path }}/files/ddns-hosts.sh"
dest: /usr/local/bin/ddns-hosts.sh
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: 0775
- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script
become: yes
cron:
name: "hosts.jtbx.de dynDNS"
minute: "*/5"
hour: "*"
job: "/usr/local/bin/ddns-hosts.sh > /dev/null"

2
tasks/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
# tasks file for server

12
tasks/setup.yml Normal file
View file

@ -0,0 +1,12 @@
---
# Server/Setup: Generic Setup Tasks (sshd)
# SSH
- name: setup - Copy sshd_config
become: yes
copy:
src: "{{ role_path }}/files/sshd_config"
dest: "/etc/ssh/sshd_config"
backup: yes
notify:
- Restart sshd

36
tasks/telegraf.yml Normal file
View file

@ -0,0 +1,36 @@
---
# Server/Telegraf: Install and Setup Telegraf Monitoring
# Variables:
# - telegraf_snmp: boolean, enable SNMP monitoring
# - telegraf_docker: boolean, enable docker monitoring
- name: telegraf - Install apt-transport-https
become: yes
apt:
name: apt-transport-https
state: latest
- name: telegraf - Add telegraf repo key
become: yes
apt_key:
url: https://repos.influxdata.com/influxdb.key
state: present
- name: telegraf - Add Telegraf repo
become: yes
apt_repository:
repo: deb https://repos.influxdata.com/debian stretch stable
state: present
- name: telegraf - Install telegraf
become: yes
apt:
name: telegraf
state: latest
update_cache: yes
cache_valid_time: 3600
- name: telegraf - Copy telegraf config
become: yes
template:
src: "{{ role_path }}/templates/telegraf.conf"
dest: /etc/telegraf/telegraf.conf
notify:
- Enable and restart telegraf