diff options
31 files changed, 155 insertions, 348 deletions
@@ -1 +0,0 @@ -../infrastructure-vault/files
\ No newline at end of file diff --git a/files/pub_pgp b/files/pub_pgp new file mode 120000 index 0000000..b551a52 --- /dev/null +++ b/files/pub_pgp @@ -0,0 +1 @@ +../../infrastructure-vault/pub_pgp
\ No newline at end of file diff --git a/files/pub_ssh b/files/pub_ssh new file mode 120000 index 0000000..e30ce0e --- /dev/null +++ b/files/pub_ssh @@ -0,0 +1 @@ +../../infrastructure-vault/pub_ssh
\ No newline at end of file diff --git a/host_vars/CHV-DC-rainbow.ini b/host_vars/CHV-DC-rainbow.ini index f23f260..3ca7dd6 100644 --- a/host_vars/CHV-DC-rainbow.ini +++ b/host_vars/CHV-DC-rainbow.ini @@ -1,4 +1,6 @@ # CHV-DC-rainbow ansible_host=CHV-DC-rainbow -ansible_distribution=centos +ansible_distribution=openbsd +ansible_port=22 +ansible_python_interpreter=/usr/local/bin/python3 diff --git a/host_vars/LP-graphite.ini b/host_vars/LP-graphite.ini index bda5220..cbad981 100644 --- a/host_vars/LP-graphite.ini +++ b/host_vars/LP-graphite.ini @@ -2,3 +2,5 @@ ansible_host=LP-graphite ansible_distribution=archlinux +ansible_port=22 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/OOP-DV-hell.ini b/host_vars/OOP-DV-hell.ini deleted file mode 100644 index 6b3a690..0000000 --- a/host_vars/OOP-DV-hell.ini +++ /dev/null @@ -1,4 +0,0 @@ -# OOP-DV-hell - -ansible_host=OOP-DV-hell -ansible_distribution=openbsd diff --git a/host_vars/OOP-DV-stack0.ini b/host_vars/OOP-DV-stack0.ini new file mode 100644 index 0000000..88524b2 --- /dev/null +++ b/host_vars/OOP-DV-stack0.ini @@ -0,0 +1,6 @@ +# OOP-DV-stack0 + +ansible_host=OOP-DV-stack0 +ansible_distribution=openbsd +ansible_port=22 +ansible_python_interpreter=/usr/local/bin/python3 diff --git a/host_vars/OOP-DV-yellow.ini b/host_vars/OOP-DV-yellow.ini deleted file mode 100644 index 78fc77a..0000000 --- a/host_vars/OOP-DV-yellow.ini +++ /dev/null @@ -1,4 +0,0 @@ -# OOP-DV-yellow - -ansible_host=OOP-DV-yellow -ansible_distribution=centos diff --git a/host_vars/OOP-FS-raspberry.ini b/host_vars/OOP-FS-raspberry.ini index 01fc7e1..534db15 100644 --- a/host_vars/OOP-FS-raspberry.ini +++ b/host_vars/OOP-FS-raspberry.ini @@ -2,3 +2,5 @@ ansible_host=OOP-FS-raspberry ansible_distribution=debian +ansible_port=2244 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/OOP-RT-54gl.ini b/host_vars/OOP-RT-54gl.ini index 16f88b0..35aad88 100644 --- a/host_vars/OOP-RT-54gl.ini +++ b/host_vars/OOP-RT-54gl.ini @@ -2,3 +2,5 @@ ansible_host=OOP-RT-54gl ansible_distribution= +ansible_port=22 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/OOP-SW-01.ini b/host_vars/OOP-SW-01.ini index 5e58d5d..81a3214 100644 --- a/host_vars/OOP-SW-01.ini +++ b/host_vars/OOP-SW-01.ini @@ -2,3 +2,5 @@ ansible_host=OOP-SW-01 ansible_distribution= +ansible_port=22 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/WS-bentonite.ini b/host_vars/WS-bentonite.ini index 77cc6e4..a15f388 100644 --- a/host_vars/WS-bentonite.ini +++ b/host_vars/WS-bentonite.ini @@ -2,3 +2,5 @@ ansible_host=WS-bentonite ansible_distribution=archlinux +ansible_port=22 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/internet.ini b/host_vars/internet.ini index 8df6262..d50987f 100644 --- a/host_vars/internet.ini +++ b/host_vars/internet.ini @@ -2,3 +2,5 @@ ansible_host=internet ansible_distribution= +ansible_port=22 +ansible_python_interpreter=/usr/bin/python3 diff --git a/inventory.ini b/inventory.ini index 74a5190..27d5a0b 100644 --- a/inventory.ini +++ b/inventory.ini @@ -14,8 +14,8 @@ # CLIENT GROUPS # =========================================================================== # [clients] -WS-bentonite LP-graphite +WS-bentonite # =========================================================================== # # SERVER GROUPS @@ -26,31 +26,16 @@ localhost [servers] CHV-DC-rainbow -OOP-FS-raspberry -OOP-DV-yellow -OOP-DV-hell - -# SERVER TYPES -[serverdev] -OOP-DC-yellow - -[servergit] +OOP-DV-stack0 OOP-FS-raspberry -[serversyncthing] -OOP-FS-raspberry - -[servervpn] +[openbsd] CHV-DC-rainbow +OOP-DV-stack0 -[serverweb] -CHV-DC-rainbow +[centos] -# SERVER OS -[oscentos] -CHV-DC-rainbow - -[osdebian] +[debian] OOP-FS-raspberry # =========================================================================== # @@ -58,11 +43,15 @@ OOP-FS-raspberry # =========================================================================== # [servers:vars] -ansible_python_interpreter="/usr/bin/python3" -ansible_port="2244" +package_neovim="neovim" +package_tmux="tmux" +package_zsh="zsh" + +[openbsd:vars] +group_root="wheel" -[oscentos:vars] -ansible_distribution="CentOs" +[centos:vars] +group_root="root" -[osdebian:vars] -ansible_distribution="Debian"
\ No newline at end of file +[debian:vars] +group_root="root"
\ No newline at end of file diff --git a/play-all.yml b/play-all.yml deleted file mode 100644 index 5dd76f0..0000000 --- a/play-all.yml +++ /dev/null @@ -1,67 +0,0 @@ -# =========================================================================== # -# __ ____ -# ____ / /___ ___ __ ____ _/ / / -# / __ \/ / __ `/ / / / / __ `/ / / -# / /_/ / / /_/ / /_/ / / /_/ / / / -# / .___/_/\__,_/\__, (_) \__,_/_/_/ -# /_/ /____/ -# -# =========================================================================== # - ---- -- name: update - hosts: servers - tags: - - update - roles: - - update - -- name: setup_security - hosts: servers - tags: - - setup_security - roles: - - setup_security - -- name: setup_dotfiles - hosts: servers - tags: - - setup_dotfiles - roles: - - setup_dotfiles - -- name: setup_git - hosts: servergit - tags: - - setup_git - roles: - - setup_git - -- name: setup_hostname - hosts: servers - tags: - - setup_hostname - roles: - - setup_hostname - -- name: setup_syncthing - hosts: servers - tags: - - setup_python - roles: - - setup_python - -- name: setup_syncthing - hosts: serversyncthing - tags: - - setup_syncthing - roles: - - setup_syncthing - -- name: setup_mkdocs - hosts: OOP-FS-raspberry - tags: - - setup_mkdocs - roles: - - setup_mkdocs - diff --git a/play-basics.yml b/play-basics.yml index d2d6fe3..961bcc5 100644 --- a/play-basics.yml +++ b/play-basics.yml @@ -9,24 +9,11 @@ # =========================================================================== # # --- -- name: Init new instances with basics tools and softwares +- name: Init new instances with basic tools and packages strategy: free hosts: servers roles: - update - - setup_python - - setup_dotfiles + - setup_utils - setup_hostname - setup_security - -- name: Init new instances in git group with basic git config - strategy: free - hosts: servergit - roles: - - setup_git - -- name: Init new instances in git group with basic git config - strategy: free - hosts: serversyncthing - roles: - - setup_syncthing diff --git a/play-fail2ban.yml b/play-fail2ban.yml deleted file mode 100644 index 96c9e65..0000000 --- a/play-fail2ban.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Setting up fail2ban - strategy: free - hosts: all - roles: - - setup_update - - setup_fail2ban diff --git a/play-reboot.yml b/play-reboot.yml deleted file mode 100644 index fcd7b97..0000000 --- a/play-reboot.yml +++ /dev/null @@ -1,16 +0,0 @@ -# =========================================================================== # -# __ __ __ -# ____ / /___ ___ __ ________ / /_ ____ ____ / /_ -# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ __ \/ __ \/ __/ -# / /_/ / / /_/ / /_/ / / / / __/ /_/ / /_/ / /_/ / /_ -# / .___/_/\__,_/\__, (_) /_/ \___/_.___/\____/\____/\__/ -# /_/ /____/ -# -# =========================================================================== # - ---- -- name: Reboot all instances - hosts: all - tasks: - - name: Reboot server - command: reboot diff --git a/play-replicate-local.yml b/play-replicate-local.yml deleted file mode 100644 index eea4854..0000000 --- a/play-replicate-local.yml +++ /dev/null @@ -1,20 +0,0 @@ -# =========================================================================== # -# __ ___ __ __ __ -# ____ / /___ ___ __ ________ ____ / (_)________ _/ /____ / /___ _________ _/ / -# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ / / ___/ __ `/ __/ _ \ / / __ \/ ___/ __ `/ / -# / /_/ / / /_/ / /_/ / / / / __/ /_/ / / / /__/ /_/ / /_/ __/ / / /_/ / /__/ /_/ / / -# / .___/_/\__,_/\__, (_) /_/ \___/ .___/_/_/\___/\__,_/\__/\___/ /_/\____/\___/\__,_/_/ -# /_/ /____/ /_/ -# -# =========================================================================== # - ---- -- hosts: local - connection: local - vars: - servers_list: "{{ groups['servers'] }}" - tasks: - - name: Replicate ip values to shell script - template: - src: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.j2" - dest: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.sh" diff --git a/roles/setup_dotfiles/tasks/main.yml b/roles/setup_dotfiles/tasks/main.yml deleted file mode 100644 index 47b73e4..0000000 --- a/roles/setup_dotfiles/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ - -# =========================================================================== # -# __ __ __ _____ __ -# _________ / /__ ____/ /___ / /_/ __(_) /__ _____ -# / ___/ __ \/ / _ \ / __ / __ \/ __/ /_/ / / _ \/ ___/ -# / / / /_/ / / __/ / /_/ / /_/ / /_/ __/ / / __(__ ) -# /_/ \____/_/\___(_) \__,_/\____/\__/_/ /_/_/\___/____/ -# -# =========================================================================== # - ---- -- name: Check installation of zsh - package: - name: zsh - state: present - -- name: Check installation of vim - package: - name: vim - state: present - -- name: Check installation of tmux - package: - name: tmux - state: present - -- name: Copy zshrc configuration file - copy: - src: zshrc - dest: /etc/zshrc - owner: root - group: root - mode: 0644 - -- name: Copy vimrc configuration file - copy: - src: vimrc.local - dest: /etc/vimrc - owner: root - group: root - mode: 0644 - -- name: Copy tmux configuration file - copy: - src: tmux.conf - dest: /etc/tmux.conf - owner: root - group: root - mode: 0644 diff --git a/roles/setup_git/tasks/main.yml b/roles/setup_git/tasks/main.yml index 2383a7c..b2b2d73 100644 --- a/roles/setup_git/tasks/main.yml +++ b/roles/setup_git/tasks/main.yml @@ -15,21 +15,6 @@ name: git state: present -- name: Check installation of lighttpd - package: - name: lighttpd - state: present - -- name: Check installation of libcgi - package: - name: libcgi-pm-perl - state: present - -- name: Check installation of gamin - package: - name: gamin - state: present - - name: Add group git user: name: "{{ git_group }}" @@ -47,8 +32,8 @@ state: present key: "{{ item }}" with_file: - - "{{ playbook_dir }}/files/public_keys/WS-bentonite" - - "{{ playbook_dir }}/files/public_keys/LP-graphite" + - "{{ playbook_dir }}/files/pub_ssh/WS-bentonite" + - "{{ playbook_dir }}/files/pub_ssh/LP-graphite" - name: Create git directory file: @@ -59,30 +44,3 @@ mode: 0755 recurse: True -- name: Create default gitweb directory - file: - path: "{{ git_directory_path }}/{{ git_gitweb_default_repository }}" - state: directory - owner: "{{ git_user }}" - group: "{{ git_group }}" - mode: 0755 - -- name: Init gitweb repository - command: git init "{{ git_directory_path }}/{{ git_gitweb_default_repository }}" - become_user: "{{ git_user }}" - -- name: Copy gitweb systemd unit - template: - src: "{{ git_gitweb_unit }}.service" - dest: "{{ g_systemd_unit_directory }}" - owner: root - group: root - mode: 0644 - -- name: Start gitweb systemd unit - systemd: - name: "{{ git_gitweb_unit }}" - state: restarted - daemon_reload: yes - enabled: yes - diff --git a/roles/setup_git/vars/main.yml b/roles/setup_git/vars/main.yml index 74983b0..b4f5e64 100644 --- a/roles/setup_git/vars/main.yml +++ b/roles/setup_git/vars/main.yml @@ -13,6 +13,4 @@ git_user: git git_user_comment: handles git repositories and gitweb service git_group: git -git_gitweb_unit: gitweb -git_gitweb_default_repository: __default git_directory_path: /srv/git diff --git a/roles/setup_hostname/tasks/main.yml b/roles/setup_hostname/tasks/main.yml index 326e047..d0e9e62 100644 --- a/roles/setup_hostname/tasks/main.yml +++ b/roles/setup_hostname/tasks/main.yml @@ -9,6 +9,6 @@ # =========================================================================== # --- -- name: Syncrhonize host hostname with config hostname +- name: Synchronize host hostname with config hostname hostname: name: "{{ inventory_hostname }}" diff --git a/roles/setup_mkdocs/tasks/main.yml b/roles/setup_mkdocs/tasks/main.yml deleted file mode 100644 index 83ed41b..0000000 --- a/roles/setup_mkdocs/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ - -# =========================================================================== # -# __ __ __ -# _________ / /__ ____ ___ / /______/ /___ __________ -# / ___/ __ \/ / _ \ / __ `__ \/ //_/ __ / __ \/ ___/ ___/ -# / / / /_/ / / __/ / / / / / / ,< / /_/ / /_/ / /__(__ ) -# /_/ \____/_/\___(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/ -# -# =========================================================================== # - ---- -- name: Check mkdocs-material install - pip: - name: mkdocs-material - -- name: Check mkdocs mermaid plugin install - pip: - name: mkdocs-mermaid2-plugin - -- name: Add user mkdocs - user: - name: "{{ mkdocs_user }}" - comment: "{{ mkdocs_user_comment }}" - -- name: Copy syncthing systemd unit - template: - src: "{{ mkdocs_daemon_unit }}.service" - dest: "{{ g_systemd_unit_directory }}" - owner: root - group: root - mode: 0644 - -- name: Start and enable syncthing systemd unit - systemd: - name: "{{ mkdocs_daemon_unit }}" - state: restarted - daemon_reload: yes - enabled: yes - diff --git a/roles/setup_mkdocs/vars/main.yml b/roles/setup_mkdocs/vars/main.yml deleted file mode 100644 index 418df91..0000000 --- a/roles/setup_mkdocs/vars/main.yml +++ /dev/null @@ -1,17 +0,0 @@ - -# =========================================================================== # -# __ __ -# _ ______ ___________ ____ ___ / /______/ /___ __________ -# | | / / __ `/ ___/ ___/ / __ `__ \/ //_/ __ / __ \/ ___/ ___/ -# | |/ / /_/ / / (__ ) / / / / / / ,< / /_/ / /_/ / /__(__ ) -# |___/\__,_/_/ /____(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/ -# -# =========================================================================== # - ---- -mkdocs_user: mkdocs -mkdocs_user_comment: webserver hosting documentation in markdown -mkdocs_group: null -mkdocs_daemon_unit: mkdocs - -mkdocs_files_directory: /srv/git/infrastructure-docs diff --git a/roles/setup_python/tasks/main.yml b/roles/setup_python/tasks/main.yml deleted file mode 100644 index 033981d..0000000 --- a/roles/setup_python/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ - -# =========================================================================== # -# __ __ __ -# _________ / /__ ____ __ __/ /_/ /_ ____ ____ -# / ___/ __ \/ / _ \ / __ \/ / / / __/ __ \/ __ \/ __ \ -# / / / /_/ / / __/ / /_/ / /_/ / /_/ / / / /_/ / / / / -# /_/ \____/_/\___(_) / .___/\__, /\__/_/ /_/\____/_/ /_/ -# /_/ /____/ -# -# =========================================================================== # - ---- -- name: Check installation of python3-pip - package: - name: python3-pip - state: present - -- name: Check installation of lxml - package: - name: python-lxml - state: present diff --git a/roles/setup_utils/files/tmux.conf b/roles/setup_utils/files/tmux.conf new file mode 100644 index 0000000..961a855 --- /dev/null +++ b/roles/setup_utils/files/tmux.conf @@ -0,0 +1,26 @@ +unbind C-b +set -g prefix ` + + +set -sg escape-time 0 +set -g mouse off +set -g default-terminal "screen-256color" +set -g status-right-length 50 +set -g status-left-length 20 +set-option -g history-limit 5000 +setw -g mode-keys vi + + +set -g status-position bottom +set -g status-bg colour214 +set -g status-fg colour232 +set -g status-right '#[fg=colour232,bg=colour214,bold] %d/%m #[fg=colour232,bg=colour214,bold] %H:%M:%S ' +setw -g window-status-current-format '#[fg=colour214,bg=colour255]:#I:#W#[fg=colour50]#F ' +setw -g window-status-format ' #I#[fg=colour232]:#[fg=colour255]#W#[fg=colour232]#F ' + + +bind-key n last-window +bind-key m send-prefix +bind-key ` last-window +bind-key e send-prefix + diff --git a/roles/setup_utils/files/zshrc b/roles/setup_utils/files/zshrc new file mode 100644 index 0000000..ed0a87b --- /dev/null +++ b/roles/setup_utils/files/zshrc @@ -0,0 +1,21 @@ +export TERM=xterm-256color +export LANG=en_US.UTF-8 + +CASE_SENSITIVE="false" + +autoload -U history-search-end +zle -N history-beginning-search-backward-end history-search-end +zle -N history-beginning-search-forward-end history-search-end +bindkey "^[[A" history-beginning-search-backward-end +bindkey "^[[B" history-beginning-search-forward-end +bindkey "^[[1;5C" forward-word +bindkey "^[[1;5D" backward-word +bindkey "\e[3~" delete-char +bindkey '^[[Z' reverse-menu-complete + +zstyle ':completion:*' completer _complete +zstyle ':completion:*' matcher-list '' 'm:{[:lower:][:upper:]}={[:upper:][:lower:]}' '+l:|=* r:|=*' +autoload -Uz compinit +compinit -u + +PROMPT="%B %n@%m %# %b" diff --git a/roles/setup_utils/tasks/main.yml b/roles/setup_utils/tasks/main.yml new file mode 100644 index 0000000..446ec46 --- /dev/null +++ b/roles/setup_utils/tasks/main.yml @@ -0,0 +1,52 @@ + +# =========================================================================== # +# __ __ _ __ +# _________ / /__ __ __/ /_(_) /____ +# / ___/ __ \/ / _ \ / / / / __/ / / ___/ +# / / / /_/ / / __/ / /_/ / /_/ / (__ ) +# /_/ \____/_/\___(_) \__,_/\__/_/_/____/ +# +# =========================================================================== # + +--- +- name: Check installation of zsh + package: + name: "{{ package_zsh }}" + state: present + +- name: Check installation of neovim + package: + name: "{{ package_neovim }}" + state: present + +- name: Check installation of tmux + package: + name: "{{ package_tmux }}" + state: present + ignore_errors: yes + +- name: Copy zshrc configuration file + copy: + src: zshrc + dest: /etc/zshrc + owner: root + group: "{{ group_root }}" + mode: 0644 + +- name: Copy tmux configuration file + copy: + src: tmux.conf + dest: /etc/tmux.conf + owner: root + group: "{{ group_root }}" + mode: 0644 + +- name: Retrieve all valid users for zsh + shell: awk -F ":" '{ if($3 > 999 && $3 < 16000) { print $1 }}' /etc/passwd + register: valid_users_shell + +- name: Change shell for all valid users to zsh + user: + name: "{{ item }}" + shell: /usr/local/bin/zsh + loop: "{{ valid_users_shell.stdout_lines }}" diff --git a/roles/update/files/installurl b/roles/update/files/installurl new file mode 100644 index 0000000..71117ea --- /dev/null +++ b/roles/update/files/installurl @@ -0,0 +1,2 @@ +https://mirror.ungleich.ch/pub/OpenBSD + diff --git a/roles/update/tasks/main.yml b/roles/update/tasks/main.yml index 558807e..9783926 100644 --- a/roles/update/tasks/main.yml +++ b/roles/update/tasks/main.yml @@ -9,19 +9,16 @@ # =========================================================================== # --- -- name: Upgrading CentOs packages - dnf: +- name: Copy default mirror for openbsd hosts + copy: + src: installurl + dest: /etc/installurl + owner: root + group: "{{ group_root }}" + when: inventory_hostname in groups["openbsd"] + +- name: Upgrading packages for distribution = {{ ansible_distribution }} + package: name: "*" state: latest - when: ansible_distribution == "CentOs" - -- name: Updating Debian packages - apt: - update_cache: yes - when: ansible_distribution == "Debian" - -- name: Upgrading Debian packages to latest - apt: - upgrade: dist - when: ansible_distribution == "Debian" |