2 Commits

19 changed files with 378 additions and 162 deletions
Split View
  1. +4
    -0
      ansible.cfg
  2. +6
    -2
      inventories/inventory.ini
  3. +41
    -15
      main.yml
  4. +25
    -9
      roles/containers/tasks/adguard.yml
  5. +25
    -9
      roles/containers/tasks/autoscaler.yml
  6. +26
    -10
      roles/containers/tasks/caddy.yml
  7. +25
    -9
      roles/containers/tasks/coturn.yml
  8. +25
    -9
      roles/containers/tasks/drone.yml
  9. +25
    -9
      roles/containers/tasks/gitea.yml
  10. +26
    -11
      roles/containers/tasks/maps.yml
  11. +26
    -12
      roles/containers/tasks/mariadb.yml
  12. +25
    -9
      roles/containers/tasks/nextcloud.yml
  13. +26
    -9
      roles/containers/tasks/onlyoffice.yml
  14. +25
    -9
      roles/containers/tasks/redis.yml
  15. +4
    -4
      roles/containers/tasks/requirements.yml
  16. +11
    -0
      roles/containers/templates/systemd_after_db.j2
  17. +27
    -27
      roles/logging/tasks/main.yml
  18. +3
    -3
      roles/packages/tasks/server.yml
  19. +3
    -6
      roles/packages/tasks/workstation.yml

+ 4
- 0
ansible.cfg View File

@ -1,2 +1,6 @@
[defaults]
interpreter_python = /usr/bin/python3
[ssh_connection]
scp_if_ssh = True
control_path=~/.ssh/osuv-%%r@%%h:%%p.socket

+ 6
- 2
inventories/inventory.ini View File

@ -1,2 +1,6 @@
[home]
192.168.178.35
# [home]
# 192.168.178.35
[osuv.de]
osuv.de ansible_ssh_user=m

+ 41
- 15
main.yml View File

@ -59,29 +59,55 @@
name: packages
tasks_from: workstation.yml
- name: one.osuv.de
hosts: one.osuv.de
- name: osuv.de
hosts: osuv.de
gather_facts: yes
become: yes
tags:
- osuv
- osuvde
vars:
container_services:
- requirements
fluent_bit_services:
- mariadb
- redis
- coturn
- drone
- maps
- onlyoffice
- gitea
- nextcloud
- autoscaler
- caddy
vars_files:
defaults.yml
tasks:
- name: containers
include_role:
name: containers
tasks_from: "{{ item }}"
with_items:
- requirements
- mariadb
- redis
- coturn
- drone
- maps
- onlyoffice
- gitea
- nextcloud
- autoscaler
- caddy
with_items: "{{ container_services + fluent_bit_services }}"
- name: logging
include_role:
name: logging
vars:
services: "{{ fluent_bit_services }}"
- name: info
hosts: all
gather_facts: yes
tags:
- info
tasks:
- name: print all facts
debug:
var: ansible_facts
- name: dns setup
hosts: localhost


+ 25
- 9
roles/containers/tasks/adguard.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: adguard
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add adguardhome script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -17,13 +25,21 @@
-p 853:853/tcp -p 3000:3000/tcp \
adguard/adguardhome:v0.104.3
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 25
- 9
roles/containers/tasks/autoscaler.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: autoscaler
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add autoscaler script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -30,13 +38,21 @@
-e DRONE_POOL_MIN_AGE=45m \
drone/autoscaler:1.7.3
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 26
- 10
roles/containers/tasks/caddy.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: caddy
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add caddy script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -15,15 +23,23 @@
-v {{ DOCKER_DATA }}/caddy/data/:/data \
-p 80:80 \
-p 443:443 \
caddy:2.1.1-alpine
caddy:2.3.0-alpine
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 25
- 9
roles/containers/tasks/coturn.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: coturn
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add coturn script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -18,13 +26,21 @@
-e REALM=home.osuv.de \
coturn
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 25
- 9
roles/containers/tasks/drone.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: drone
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add drone script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -20,13 +28,21 @@
-e DRONE_USER_CREATE="username:{{ CONFIG.NEXTCLOUD_USER }},admin:true" \
drone/drone:1.9.1
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 25
- 9
roles/containers/tasks/gitea.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: gitea
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd_after_db.j2') }}"
notify:
- reload systemd
- name: add gitea script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -18,13 +26,21 @@
-e MYSQL_PASSWORD={{ CONFIG.GITEA_DB_PASSWORD }} \
gitea/gitea:1.13.2
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 26
- 11
roles/containers/tasks/maps.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: maps
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add maps script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -9,17 +17,24 @@
#!/bin/bash
docker run --rm --name {{ THIS_SERVICE }} \
--detach=false \
-v {{ DOCKER_DATA }}/maps/:/data \
-p 8081:80/tcp \
-v {{ DOCKER_DATA }}/static/tiles/:/data \
registry.gitlab.com/markuman/container-images:tileserver-gl
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 26
- 12
roles/containers/tasks/mariadb.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: mariadb
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add mariadb script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -15,17 +23,23 @@
-e MAX_CONNECTIONS="150" \
-e MAX_ALLOW_PACKET="64M" \
-e QUERY_CACHE="ON" \
registry.gitlab.com/markuman/mariadb:10.5
registry.gitlab.com/markuman/mariadb:10.5.8
mode: +x
notify:
- maps
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 25
- 9
roles/containers/tasks/nextcloud.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: nextcloud
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd_after_db.j2') }}"
notify:
- reload systemd
- name: add nextcloud script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -13,16 +21,24 @@
-v {{ DOCKER_DATA }}/nextcloud:/var/www/html/ \
registry.gitlab.com/markuman/container-images:home.20.0.7.0
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes
- name: nextcloud cron.php
cron:


+ 26
- 9
roles/containers/tasks/onlyoffice.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: office
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add office script
copy:
dest: "/opt/{{ THIS_SERVICE }}"
@ -14,13 +22,22 @@
-e JWT_SECRET={{ CONFIG.ONLYOFFICE_JWT_SECRET }} \
onlyoffice/documentserver:6.1.0.83
mode: +x
notify:
- maps
become: yes
register: myservice
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes

+ 25
- 9
roles/containers/tasks/redis.yml View File

@ -2,6 +2,14 @@
set_fact:
THIS_SERVICE: redis
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
notify:
- reload systemd
- name: add redis script
copy:
dest: /opt/redis
@ -13,13 +21,21 @@
--network osuv \
redis:4-alpine
mode: +x
become: yes
register: myservice
- name: add systemd unitfile
copy:
mode: 0755
dest: "/etc/systemd/system/{{ THIS_SERVICE }}.service"
content: "{{ lookup('template', 'systemd.j2') }}"
become: yes
notify:
- reload systemd
- name: restart service
systemd:
name: "{{ THIS_SERVICE }}"
state: restarted
when: myservice.changed
- name: started service
systemd:
name: "{{ THIS_SERVICE }}"
state: started
when: not myservice.changed
- name: prepair service
systemd:
name: "{{ THIS_SERVICE }}"
enabled: yes

+ 4
- 4
roles/containers/tasks/requirements.yml View File

@ -1,4 +1,4 @@
- name: stard and enable docker
- name: start and enable docker
systemd:
name: docker
state: started
@ -10,17 +10,18 @@
- name: create directories
file:
path: "{{ item }}"
path: "{{ dir_item }}"
state: directory
owner: "{{ CONFIG.USER }}"
group: adm
mode: 0775
become: yes
with_items:
- /var/log/containers
- /opt/containers/
- /opt/containers/adguard
- /opt/containers/maps
loop_control:
loop_var: dir_item
- name: setup logrotate
copy:
@ -34,5 +35,4 @@
dest: /etc/logrotate.d/docker
owner: root
group: root
become: yes

+ 11
- 0
roles/containers/templates/systemd_after_db.j2 View File

@ -0,0 +1,11 @@
[Unit]
Description=run {{ THIS_SERVICE }}
After=network.target mariadb redis
[Service]
RestartSec=3
Restart=always
ExecStart=/opt/{{ THIS_SERVICE }}
[Install]
WantedBy=multi-user.target

+ 27
- 27
roles/logging/tasks/main.yml View File

@ -1,29 +1,29 @@
- name: copy fluent-bit template config to destination
template:
src: config.j2
dest: /etc/fluent-bit/config
mode: 0755
become: yes
- name: fluent-bit
block:
- name: copy fluent-bit template config to destination
template:
src: config.j2
dest: /etc/fluent-bit/config
mode: 0755
- name: fluent-bit systemd unit file
copy:
content: |
[Unit]
Description=fluent-bit
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStart=/usr/local/bin/fluent-bit -c /etc/fluent-bit/config
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/fluent-bit.service
mode: 0755
become: yes
- name: fluent-bit systemd unit file
copy:
content: |
[Unit]
Description=fluent-bit
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStart=/usr/local/bin/fluent-bit -c /etc/fluent-bit/config
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/fluent-bit.service
mode: 0755
- name: start and enable fluent-bit
systemd:
name: fluent-bit
state: restarted
enabled: yes
daemon_reload: yes
- name: start and enable fluent-bit
systemd:
name: fluent-bit
state: restarted
enabled: yes
become: yes

+ 3
- 3
roles/packages/tasks/server.yml View File

@ -1,7 +1,7 @@
---
- name: install ubuntu packages
package:
name:
name:
- bash
- dnsutils
- htop
@ -29,7 +29,7 @@
- name: install archlinux packages
package:
name:
name:
- bash
- bind
- htop
@ -58,7 +58,7 @@
- name: python packages
pip:
name:
name:
- docker
extra_args: --user
executable: pip3


+ 3
- 6
roles/packages/tasks/workstation.yml View File

@ -3,7 +3,7 @@
block:
- name: pacman packages
package:
name:
name:
- firefox
- chromium
- dbeaver
@ -28,7 +28,7 @@
- name: python packages
pip:
name:
name:
- bottle
- hausschrat
- lesspass
@ -48,7 +48,4 @@
- solo-python
extra_args: --user
executable: pip3
when: ansible_distribution == 'Archlinux'
when: ansible_distribution == 'Archlinux'

Loading…
Cancel
Save