Gemini deploy

2026-02-21 22:42:15 +01:00
parent e9673db834
commit 0442e0dda9
20 changed files with 256 additions and 107 deletions
--- a/group_vars/.all.yml.swp
+++ b/group_vars/.all.yml.swp
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -4,11 +4,15 @@ ip_admin: 192.168.6.7
 mysql_host: "{{ ip_admin }}"
 gateway: 192.168.6.1
-wireguard_ntb_ip: 10.0.0.2
+wireguard-client:
-wireguard_tata_ip: 10.0.0.4
+  ntb:
-wireguard_kate_ip: 10.0.0.3
+    ip: 10.0.0.2
-wireguard_pi_ip: 10.0.0.5
+  tata:
-wireguard_desktop_ip: 10.0.0.6
+    ip: 10.0.0.4
  pi:
    ip: 10.0.0.5
  desktop:
    ip: 10.0.0.6
 samba_users:
  - name: warezjoe
--- a/group_vars/vault.yml
+++ b/group_vars/vault.yml
@@ -1,74 +1,66 @@
 $ANSIBLE_VAULT;1.1;AES256
-38613131316430376334633964346466393863323361666237656665373431303832323963646435
+39306130393638386537383463383461323166313561363065643266613761396431323963303032
-3634613636343730643964386338663064343833643038340a643063376261393033363138313138
+6336643433336532663161616138316662376131626332640a323739633338643639376138326433
-64643532323830616439393134333064376636303264653830636261333031366133383563636531
+66623461396634353466376465363637636161323565336165386238626430356436396330653134
-6538666365353961390a653435356162366365626463376534653861306164353336656637383833
+3735643231613939380a333237363432333362623235666162333537323838393466626439373364
-61393337356566356363623564343131306134393061656438333238333435613739633633636633
+62653936613133313862303533366539323663393665633231326232323034656335353839376337
-39616362393139326233363962313661616537663238383932623531653164363461313736313064
+33613730613334336132613933353835633635313236623139336437373061636136366230366330
-36316530623831626433643965633035616163653934313136333266326239353563356338393733
+32653363316665373966393236363031313337613539333733376630353931643762333632376130
-66353935626633626530633764663432623139633634333164656133623662323061303632343036
+34343637623064366364616562363030623439376161623738623538666339643739326135656232
-36653039666331326165636237333233366465653164316335636437383930663436313433363832
+30646638306535383364383934366638326130316132653531653930346336366534353036326139
-38663830633839623631653032356235396531646561626165316231313331633834386164356135
+39643432643665643735363334386666376361643433376339343761343632386133656262613764
-30323730373161643563326262663938346261663535646230313965653630643264653236333438
+66356336643466653666653230643130633166663463323334343565346633383638666437306632
-61316631306530333239323131326534396666613132383562363864363334373331333964303431
+64333133353835313339393366366631613262336530623163613062363862633131383237623963
-34306639376666306132326438336165303333376661343034363130323865376565383631616135
+39306162326261353062303632356137383862656338613665396137383637363339343633626134
-64656133636262373866383637653061653866323539346561643833333832373730323939303266
+34636335366134653930316364613135323662393830313932343333323865373362323864393264
-34623462666163613330383166306137653533313932626334616666366334313437653534623032
+64303037663431363237623537336436376234653530633232346230363664333336396264653335
-66353533383930616132346536653937353138623566646137383863613338326332366561656133
+64666535326435613835346464393138323932623631626661326664383866323536346466336137
-61656238393836396663663535646637333264666636313036343936333266333264333962636139
+32633937353761393632373064303137636439623533663635353837333762306663626566336566
-66633565643465653830386263306634366562373332373630656338346138323631353365393737
+35313962343830373038663763393536323064666634636231333031663662613837333133373339
-66623339366534323563383135663138316331333539346336643233616661663966333638333661
+35326634353934303366396130393232363637323136633931366263353762623564363836356263
-30313636373037623661393962343536323961663039636462373762356463373536636137613938
+31303764376634343663353639363663643336323665653065303539386666643061323836613231
-33353230303132323237643634623935336263656134326530636462306430626563373166343538
+39623233323439626235646462383630383532623436313635313634373734326636393262616262
-31633030316331613836363037613938663636316364343731613033613865653634306361343465
+32366538333434396337306431306231386438393439376165656530383363306234343537396538
-61663032356435626361616666616661346437616233653632303037346265323036386565326431
+66353761643939346436303939623465326461373238383062366362373739363363336463313765
-63313963653766343262373962383161313037393032626463373839656237393461653865336561
+64353963373633616464643336393933623432373464376532616336333666333965643264346663
-38613863353634306338333062356136393662653934623863343966346562316261343135376538
+63396133393964326634323732623063626238356633633331636437343664613062616538306166
-65343863376664646465303436626133653834326362323763373562373137383461376561643366
+66613939623431656664636136623963326138393562366464353332343134633862313638666437
-31333637373731396136376366396131363432616335366236663566363062336165643130326531
+62626661306264626562323562373862383464336533393562333366376637356134633034323533
-32393364306139656338613332656335316434613632356539653562653261393837363366383531
+32303238616262613235656465393530613733373537643061313261393431663537393638656532
-64626266656265336431363836643663633437626262386264616364626634396631373632303764
+35303936303764643764613735303537616265356365313839363136343438373866393432353135
-66623131636137346339386638313634643364626666326236323864623666656138333338623834
+61366433303731643330656562643834353264626630656265393063613465303565373136303066
-61613433646261303338656663376633376266346232303838316232623162346336333636663861
+38633661343334323034643830396531613862633632363364343462643432643139306337356231
-32366535353039383738613963313061313766643361313239363438356566306666646561653963
+65663262336465363936656139316237353361613837646365373362373962363132323639636362
-39633462613064643830326432313038346237326435636234663364343136336333306131646234
+66346634346232343935333038356335613233313735393965613336613036346231386566306438
-35616365616134366238386137616564376164303435363635643535626438303364363065396431
+34313532353163333638323136363933653364616533303766356563663130343731346333363065
-37663532613261666166616331653730376639376663656334376332656336656536363931393563
+32643032363439363764613933336236616631643236646432666264393538646334393230376538
-39613164666333643835666134396464663531656639636136316662323533386438616237303638
+36313134633161343632373035336430326462363862383633323439616463313062383630656166
-33613965643137626661373062616163326433356164346666613438303635653664376435353966
+66363032383466336133653031366363316634653136633338633361376466306637303939626462
-34623836636537343461643966656265643236373431343635663866343964306235326561373663
+35643337346163376661373733373638656161656363343937663736383633643665303635353961
-66313330633139383639336234303434613761643466386235303765366637626364316162376437
+64613834353030383835633933633130646339383432313234613562613936363031663632356630
-66666630663736383231653139646334376566303631313034366439383139343561653637336264
+66356438616133373230666334623236373766373631393132646365613761313461346230363733
-38636239643163613630373964343363353161356462373938376165656535313539643762623062
+35653839386265353762393539373835316436363238343339613230356536313661633437656565
-61333036343039326534373064396462363765333163396434626636323362343563643965313635
+33383763616231363661376661383566623365353033656235363032616232623030356537613733
-35396365333633326164336332313630313131373031633633653466333831333735373636346330
+39333636313038626135313634363335626164386266363934346232386436613661663635393835
-62366561313064386664326337333064626265623132643362636630356233663635663535643433
+65313536616566363432346237623036383231633965353666613730336535626332333838373961
-62643764346137663238623864396263316336336336646666376431633835613937613833633730
+37663030313661383934643931306239303030313232316236326561633438363431353432653861
-35303264356437313061366264613265636133613765336137653866373632366231656638336635
+39346336366438303833373832353832613666613332363535613934663931313761666634656336
-34646437376265666333643636376562373066316166313439313630313263663533306337623631
+34343838653533623934303466636232366634373465306638376636653034653333623264353433
-64356335353530643531306432343762306163333935616535653231633564663437393965343061
+65653966363265316237653831396530306138663034323062613065383162356435633534386338
-38386335353732353832653634313836373435383531663338386464346238656633326235623230
+36383563316131333866663531626230373265323463323062376433303965353735613263396137
-63343364346137626539626337633038306335366433363933333336396639333662313437323365
+34616638313839356131393039323536643134383239393731383938306164633531323730653138
-36386265333931623230616131353830653161643162363939623038646563656138653665343366
+39336364623436656537616537636164353066636365373337303037643337623366626533666266
-66636463396666303265303934363465393437653666336465623362383134313837633630353733
+31616332633732633664313966333636313062663631356635636238396334643238363835666238
-65343932656164346339663966393931353030636561633130356230613332613332373965386132
+66316538383439623537633339303661346630373031336363383864636366393631343038643861
-64613331356137303763366438373637626361326233306561303438613231646330393935373766
+62373838623533373463323933343530636662343334343630633865633138623930646130366361
-37363239356231323935626664323136313765633965323536663365616464613639653464326133
+33393830326231323665643034303062613066643030336464303036663837663662643462613433
-66396464346463353834633736303634343733336431366131323432336336666664643934663238
+31353432393165663833656534393737396462363533353764613463653833396336326637303033
-34356264356635656434386536656466633331373661396661626133303632626436323830373866
+39393961363164333361393766636663666565346434643262333665326636373932626562326436
-64373534633039306663363937393361656164633739333532336239663532623830363831643930
+62366638373935633061333766383030633236393737623034643033313863386461346436313864
-62333562323131323735313661643331333861373365623661656635613363623662633336396233
+36616266356561376537623535636438393734623636343863383034346465313932646531356665
-32323762656466623861386361353932306637363035316539386365373031363961303931663566
+62613633346436306564646562643962653030663632376131336337313263613239626238303032
-32656538623062373632643134336366393534373830313439623661353435656363626166623936
+61333139633036333136616463353361343764366537316266323564396332616635663035373533
-33346134633366366565326465303537316138363264633635316137623436333733633638346465
+65626432643132306337623266386439313033383032346563613630326535306663343762613261
-37376166366332653434623763636538623162353432656330373539323366663763613538343531
+61316230393364376439646336653532376465313063613861643638663539626132663662353066
-32353234626262653834653333373831373166643263646336616362343331646138343165646132
+66333439393838653566653635376638333134656635343834383631356132303366613833626634
-38643939323736313833323962356434333630623766663833656239653333323832646230383037
+65316237636233343039313135356531326262613732643831663531646262393631
 39346362653835333535646234646335366134386330616539353761663461356463323961666537
 36383265326463306362393062623464616338633033306263363661306135613136343363313262
 30633138343666663763613835323366623732343664316562386431653735313832333435633763
 33373235663661383332353330613637653138616162623030373237353963663634343137363066
 61383630333133343461633461626562653064356431303162353662343939653164643662626664
 32353530303562343138386164656362646133356630626263333361346131636637343734383633
 30313666383033343966323764616530353030643334663737393035313535393466366138323839
 63356439353165326263343839306137643031643832313931316563646137666439
--- a/1
+++ b/1
@@ -30,6 +30,7 @@ jellyfin
 transmission
 uptimekuma
 photoprism
 gemini
 [temp]
 ollama
--- a/playbooks/hosts/lxc.yml
+++ b/playbooks/hosts/lxc.yml
@@ -1,6 +1,6 @@
 - name: lxc-init
-  hosts: lxc
+  hosts: gemini
-  become: true
+  #become: true
  vars_files:
    - vault.yml
    - zeus-vars.yml
--- a/playbooks/services/gemini.yml
+++ b/playbooks/services/gemini.yml
@@ -0,0 +1,6 @@
 ---
 - name: Deploy Gemini CLI and configure gemini user
  hosts: gemini
  become: yes
  roles:
    - role: gemini_cli_user
--- a/playbooks/services/wireguard-client-gen.yml
+++ b/playbooks/services/wireguard-client-gen.yml
@@ -2,19 +2,19 @@
  hosts: localhost
 #connection: local
  vars_files:
-    - vault.yml
+    - ../../group_vars/vault.yml
-    - zeus-vars.yml
+    - ../../group_vars/all.yml
  vars:
    user: desktop
-    IP_name: 'wireguard_{{ user }}_ip'
+    IP: "{{ wireguard-client.desktop.ip }}"
-    IP: "{{ lookup('vars', IP_name) }}"
+    #IP: "{{ lookup('ansible.builtin.vars', 'wireguard.' + user + '.ip') }}"
-    priv_name: 'wireguard_{{ user }}_key'
+    priv: "{{ wireguard-client-vault.desktop.key }}"
-    priv: "{{ lookup('vars', priv_name) }}"
+    #priv: "{{ lookup('ansible.builtin.vars', 'wireguard.' + user + '.key') }}"
  tasks:
    - name: Copy from template
      template:
-        src: ~/.ansible/roles/wireguard_server/templates/wireguardclient.conf
+        src: ~/git/ansible_uni_deploy/roles/wireguard_server/templates/wireguardclient.conf
        dest: ~/{{ user }}.conf
        owner: "{{ ansible_user_id }}"
        group: "{{ ansible_user_id }}"
--- a/playbooks/services/wireguard-test.yml
+++ b/playbooks/services/wireguard-test.yml
@@ -0,0 +1,15 @@
 - name: wireguard-client-gen
  hosts: localhost
 #connection: local
  vars_files:
    - ../../group_vars/vault.yml
    - ../../group_vars/all.yml
  vars:
    user: desktop
    #IP: "{{ wireguard-client.desktop.ip }}"
    #IP: "{{ lookup('ansible.builtin.vars', 'wireguard.' + user + '.ip') }}"
    #priv: "{{ wireguard-client.desktop.key }}"
    #priv: "{{ lookup('ansible.builtin.vars', 'wireguard.' + user + '.key') }}"
  tasks:
   - debug:
       var: vars
--- a/roles/gemini_cli_user/README.md
+++ b/roles/gemini_cli_user/README.md
@@ -0,0 +1,38 @@
 Role Name
 =========
 A brief description of the role goes here.
 Requirements
 ------------
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 Role Variables
 --------------
 A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
 Dependencies
 ------------
 A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
 Example Playbook
 ----------------
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 License
 -------
 BSD
 Author Information
 ------------------
 An optional section for the role authors to include contact information, or a website (HTML is not allowed).
--- a/roles/gemini_cli_user/defaults/main.yml
+++ b/roles/gemini_cli_user/defaults/main.yml
@@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for roles/gemini_cli_user
--- a/roles/gemini_cli_user/handlers/main.yml
+++ b/roles/gemini_cli_user/handlers/main.yml
@@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # handlers file for roles/gemini_cli_user
--- a/roles/gemini_cli_user/meta/main.yml
+++ b/roles/gemini_cli_user/meta/main.yml
@@ -0,0 +1,35 @@
 #SPDX-License-Identifier: MIT-0
 galaxy_info:
  author: your name
  description: your role description
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: license (GPL-2.0-or-later, MIT, etc)
  min_ansible_version: 2.1
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/gemini_cli_user/tasks/main.yml
+++ b/roles/gemini_cli_user/tasks/main.yml
@@ -0,0 +1,54 @@
 ---
 # tasks file for roles/gemini_cli_user
 - name: Ensure Node.js and npm are installed
  package:
    name:
      - nodejs
      - npm
    state: present
  become: yes
 - name: Create gemini user
  user:
    name: gemini
    state: present
    create_home: yes
  become: yes
 - name: Add SSH authorized key for gemini user
  authorized_key:
    user: gemini
    state: present
    key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII823CLHAgx4nTaTr0Wys65YWN9pVnDfbWvsZcFwCnWl"
  become: yes
 - name: Install @google/gemini-cli for gemini user
  command: su - gemini -c "npm install @google/gemini-cli"
  args:
    creates: /home/gemini/node_modules/.bin/gemini-cli
  become: yes
 - name: Define gemini-cli path
  set_fact:
    gemini_cli_bin: "/home/gemini/node_modules/.bin/gemini"
 - name: Ensure gemini-cli binary exists
  stat:
    path: "{{ gemini_cli_bin }}"
  register: gemini_cli_stat
 - name: Ensure gemini-cli is in /etc/shells
  lineinfile:
    path: /etc/shells
    line: "{{ gemini_cli_bin }}"
    state: present
  become: yes
  when: gemini_cli_stat.stat.exists
 - name: Change gemini user shell to gemini-cli
  user:
    name: gemini
    shell: "{{ gemini_cli_bin }}"
  become: yes
  when: gemini_cli_stat.stat.exists
--- a/roles/gemini_cli_user/tests/inventory
+++ b/roles/gemini_cli_user/tests/inventory
@@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 localhost
--- a/roles/gemini_cli_user/tests/test.yml
+++ b/roles/gemini_cli_user/tests/test.yml
@@ -0,0 +1,6 @@
 #SPDX-License-Identifier: MIT-0
 ---
 - hosts: localhost
  remote_user: root
  roles:
    - roles/gemini_cli_user
--- a/roles/gemini_cli_user/vars/main.yml
+++ b/roles/gemini_cli_user/vars/main.yml
@@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # vars file for roles/gemini_cli_user
--- a/roles/tools_for_command_line/tasks/administration.yml
+++ b/roles/tools_for_command_line/tasks/administration.yml
@@ -1,6 +1,5 @@
 ---
 - name: Administration
  become: true
  ansible.builtin.package:
    name:
      - htop
--- a/roles/wireguard_server/templates/.wireguardclient.conf.swp
+++ b/roles/wireguard_server/templates/.wireguardclient.conf.swp
--- a/roles/wireguard_server/templates/wireguardclient.conf
+++ b/roles/wireguard_server/templates/wireguardclient.conf
@@ -8,7 +8,7 @@ ListenPort = 40041
 PrivateKey = {{ priv }}
 [Peer]
-PublicKey = {{ wireguard_server_pub }}
+PublicKey = {{ wireguard-server-vault.pub }}
 AllowedIPs = 10.0.0.0/24, 192.168.5.0/24, 192.168.6.0/24, 192.168.100.0/24
 Endpoint = 185.61.86.153:51822
 PersistentKeepalive = 20
--- a/roles/wireguard_server/templates/wireguardserver.conf
+++ b/roles/wireguard_server/templates/wireguardserver.conf
@@ -1,26 +1,13 @@
 [Interface]
-PrivateKey = {{ wireguard_server_key }}
+PrivateKey = {{ wireguard-server.key }}
 Address=10.0.0.1/24
 PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
 PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
 ListenPort=51822
 {% for user in wireguard %}
 [Peer]
-PublicKey = {{ wireguard_ntb_pub }}
+PublicKey = {{ wireguard.user.pub }}
-AllowedIPs = {{ wireguard_ntb_ip }}/32
+AllowedIPs = {{ wireguard.user.ip }}/32
-[Peer]
+{% endfor %}
 PublicKey = {{ wireguard_kate_pub }}
 AllowedIPs = {{ wireguard_kate_ip }}/32
 [Peer]
 PublicKey = {{ wireguard_tata_pub }}
 AllowedIPs = {{ wireguard_tata_ip }}/32
 [Peer]
 PublicKey = {{ wireguard_pi_pub }}
 AllowedIPs = {{ wireguard_pi_ip }}/32
 [Peer]
 PublicKey = {{ wireguard_desktop_pub }}
 AllowedIPs = {{ wireguard_desktop_ip }}/32
		`@@ -0,0 +1,3 @@`
							`#SPDX-License-Identifier: MIT-0`
							`localhost`