From 55167e20fca3094b1e32c5a237d248d99eee6b48 Mon Sep 17 00:00:00 2001 From: git Date: Mon, 11 Mar 2024 13:24:38 +0100 Subject: [PATCH] nginx, gitea, pi-hole --- roles/ansible-role-security/tasks/ssh.yml | 2 + .../tasks/dashboard_my_public.yml | 9 + roles/docker_spin_up/tasks/gitea.yml | 24 +++ roles/docker_spin_up/tasks/nextcloud.yml | 19 +++ roles/docker_spin_up/tasks/nginx.yml | 3 +- roles/docker_spin_up/tasks/pi-hole.yml | 20 +++ roles/linux_config_init/tasks/main.yml | 2 +- .../templates/etc_network_interface | 6 +- vault.yml | 47 ++++-- zeus-vars.yml | 5 +- zeus.yml | 159 ++++++++++++------ 11 files changed, 226 insertions(+), 70 deletions(-) create mode 100644 roles/docker_spin_up/tasks/dashboard_my_public.yml create mode 100644 roles/docker_spin_up/tasks/gitea.yml create mode 100644 roles/docker_spin_up/tasks/nextcloud.yml diff --git a/roles/ansible-role-security/tasks/ssh.yml b/roles/ansible-role-security/tasks/ssh.yml index a62c7b6..e53cc93 100644 --- a/roles/ansible-role-security/tasks/ssh.yml +++ b/roles/ansible-role-security/tasks/ssh.yml @@ -29,5 +29,7 @@ line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}" - regexp: "^X11Forwarding" line: "X11Forwarding {{ security_ssh_x11_forwarding }}" + - regexp: "^ListenAddress" + line: "ListenAddress {{ ip_admin }}" notify: restart ssh diff --git a/roles/docker_spin_up/tasks/dashboard_my_public.yml b/roles/docker_spin_up/tasks/dashboard_my_public.yml new file mode 100644 index 0000000..a360631 --- /dev/null +++ b/roles/docker_spin_up/tasks/dashboard_my_public.yml @@ -0,0 +1,9 @@ +--- +- name: "{{ docker_name }}" + community.docker.docker_container: + name: "{{ docker_name }}" + image: ghcr.io/gethomepage/homepage:latest + ports: + - 3000:3000 + volumes: + - "{{ docker_homepath }}/config:/app/config" # Make sure your local config directory exists \ No newline at end of file diff --git a/roles/docker_spin_up/tasks/gitea.yml b/roles/docker_spin_up/tasks/gitea.yml new file mode 100644 index 0000000..50c930c --- /dev/null +++ b/roles/docker_spin_up/tasks/gitea.yml @@ -0,0 +1,24 @@ +--- +- name: gitea + community.docker.docker_container: + image: gitea/gitea:1.19.3 + name: gitea + env: + USER_UID: "1000" + USER_GID: "1000" + GITEA__database__DB_TYPE: "mysql" + GITEA__database__HOST: "{{ mysql_host}}:3306" + GITEA__database__NAME: "{{ GITEA__database__NAME }}" + GITEA__database__USER: "{{ GITEA__database__USER }}" + GITEA__database__PASSWD: "{{ GITEA__database__PASSWD }}" + ROOT_URL: "http://pi-vpn:8082/" + restart_policy: always + networks: + - name: http + volumes: + - "{{ docker_homepath }}/gitea:/data" + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + # - "8082:3000" + - "222:22" \ No newline at end of file diff --git a/roles/docker_spin_up/tasks/nextcloud.yml b/roles/docker_spin_up/tasks/nextcloud.yml new file mode 100644 index 0000000..6763b4a --- /dev/null +++ b/roles/docker_spin_up/tasks/nextcloud.yml @@ -0,0 +1,19 @@ +--- +- name: nextcloud + community.docker.docker_container: + name: nextcloud + image: nextcloud:26.0-fpm + restart_policy: always +# ports: +# - 8080:80 + volumes: + - "{{ docker_homepath }}/nextcloud_nextcloud_1/_data:/var/www/html" + env: + MYSQL_PASSWORD: "{{ NEXTCLOUD_MYSQL_PASSWORD }}" + MYSQL_DATABASE: "{{ NEXTCLOUD_MYSQL_DATABASE }}" + MYSQL_USER: "{{ NEXTCLOUD_MYSQL_USER }}" + MYSQL_HOST: "{{ mysql_host }}" + PHP_MEMORY_LIMIT: 2G + PHP_UPLOAD_LIMIT: 10G + networks: + - name: http \ No newline at end of file diff --git a/roles/docker_spin_up/tasks/nginx.yml b/roles/docker_spin_up/tasks/nginx.yml index fb4b268..79bf2a1 100644 --- a/roles/docker_spin_up/tasks/nginx.yml +++ b/roles/docker_spin_up/tasks/nginx.yml @@ -6,10 +6,11 @@ restart_policy: unless-stopped ports: - '80:80' - - '81:81' + - "{{ ip_admin }}:81:81" - '443:443' volumes: - "{{ docker_homepath }}/data:/data" - "{{ docker_homepath }}/letsencrypt:/etc/letsencrypt" + - "/bigpool/nextcloud/nextcloud_nextcloud_1/_data/:/var/www/html:ro" networks: - name: http diff --git a/roles/docker_spin_up/tasks/pi-hole.yml b/roles/docker_spin_up/tasks/pi-hole.yml index e69de29..e766375 100644 --- a/roles/docker_spin_up/tasks/pi-hole.yml +++ b/roles/docker_spin_up/tasks/pi-hole.yml @@ -0,0 +1,20 @@ +- name: pi-hole + community.docker.docker_container: + name: pi-hole + image: pihole/pihole:latest + # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" + ports: + - "53:53/tcp" + - "53:53/udp" + # - "8092:80/tcp" + env: + TZ: 'Europe/Prague' + WEBPASSWORD: "{{ password }}" + # Volumes store your data between container upgrades + volumes: + - "{{ docker_homepath }}/etc-pihole:/etc/pihole" + - "{{ docker_homepath }}/etc-dnsmasq.d:/etc/dnsmasq.d" + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + restart_policy: unless-stopped + networks: + - name: http diff --git a/roles/linux_config_init/tasks/main.yml b/roles/linux_config_init/tasks/main.yml index 761a257..34d8257 100644 --- a/roles/linux_config_init/tasks/main.yml +++ b/roles/linux_config_init/tasks/main.yml @@ -7,7 +7,7 @@ - hostname_set.yml - git.yml # - create_user.yml - - set_perma_ip.yml +# - set_perma_ip.yml - bashrc_copy.yml - timezone.yml diff --git a/roles/linux_config_init/templates/etc_network_interface b/roles/linux_config_init/templates/etc_network_interface index c8fad8a..9c9b0d4 100644 --- a/roles/linux_config_init/templates/etc_network_interface +++ b/roles/linux_config_init/templates/etc_network_interface @@ -4,7 +4,9 @@ iface lo inet loopback auto {{ in_face }} iface {{ in_face }} inet static address {{ ip }}/24 + +iface {{ in_face }} inet static +address {{ ip_admin }}/24 + gateway 192.168.5.1 - - source /etc/network/interfaces.d/* diff --git a/vault.yml b/vault.yml index 8158d8b..d496356 100644 --- a/vault.yml +++ b/vault.yml @@ -1,19 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -35363534613936356464373637376133343034633638376163633063383335636364373864353935 -3366356539376539316237303231373464336563383539330a666236356231323938656531643262 -39613261333032353332653034366537616535613164663333636133613066363833386462343036 -6137653433666632380a383132346135633637333831313735366430316263343732633865636262 -33393166353735636635633761386532373261623264376265396533613737313330613230343765 -32303133383264613764343933306166646236393463383133633231633866643765313163383436 -66356135373332303335636263643839383264343362323933303736383562313435616432653735 -35326132646439663932343264623133643737646533396362336662656633323064396332633966 -31326164363532633337313730616637336266646239346632363838643431336238616637376630 -63336334383139653231396532333530333465616539356532396164376264303534623937383261 -31666130633832616436616336353136363765326163336131363735353934323266633232616234 -30356136326138393134626135643464656336353362643635303937656161653036613337326134 -38633531303339613935336266386632363335613838356539613934626133363364323932343565 -32646361623837663832373933336338383737343237343364313134343030323432643034303432 -34313366633233373136346565363266336532333434303635353930343164316565626437356561 -33653339353563343330626232313331656638366538666535313936343664613165306133356163 -33373561633062613564306133336562643235643065323961303666306565366532663033393035 -3737656462363930383834613234666131626161343761303435 +35613836323530633636393530383362636264653266353364373563333338626139323063343961 +3664663931393161616231316236313738663461633934350a643535333363376265653464393831 +66333763636239323835333630623335643232653932626463616130376661353538306530353739 +3731636635363264350a636533633036623033353234353233306261323736373636616132366339 +62646131313463313639333931653131306636633239656235623330633137663031656566333463 +32353964376161383864336130346336643838333566383464373961646430643538636537313132 +37376634373562633930323930306464613838366231363839356234343830333763643530656665 +32643730356565653465326537373564386337663330396139396166396163333865633130643664 +61616437353561653564616139346561343939663663316330303636366664383230633539353133 +63633637353961383937393438343032303230633531613333353036643031323266336162366663 +65383530383639323063333665393334316133623564346164653764613830643263643838353037 +38643461613234346131306636353834636634363935633365633661353736633361383666396261 +33636263633431623631326266623664633238393338643664343739386530363032366537323532 +62396562633465363338663939363836396234656139633136623438613739383839313534356630 +66663763313132646362363162396230666633303336343262386333643138356432613161336163 +65653861363565633630316161613634386634666564366465353931353361313837373437303531 +66613337323464353734346537353737646335383539646161333039653037383963343463366462 +64303064623434356138646466373261666564396332396631336532316436363936623137386437 +62326165386438376139346131623832323561303364373034393232306133386633393933366361 +61303630356363636236643731653630323264303939643161633631323034633166373633303133 +31383531646330353661613266396330396266643835363236383638623634356465373734383433 +32623863366539656536346436343232613163353230303763396536653162393264643266663831 +65343562373164316439613961356335373633663931313538326136666463663930346331373536 +39353763383837373761653332643734363764656131356462313361396335613463303630396432 +65366361623265323339323238636537663634373361653639383432363138396433626236393966 +39633333313830333665343930323630333933373731656635643836663234663738343830643434 +63663164393137643861326566383763656166343865393737346539386234333137613333633965 +39636339303263616263646438626437396337306466386162306333363037663736623862343465 +31623263326131643134353166356465323934323965393837656132393630626630 diff --git a/zeus-vars.yml b/zeus-vars.yml index 1285e05..d60912b 100644 --- a/zeus-vars.yml +++ b/zeus-vars.yml @@ -1 +1,4 @@ -zfs_pool_name: bigpool \ No newline at end of file +zfs_pool_name: bigpool +ip: 192.168.5.7 +ip_admin: 192.168.6.7 +mysql_host: "{{ ip_admin }}" \ No newline at end of file diff --git a/zeus.yml b/zeus.yml index a8b3bf3..1235f44 100644 --- a/zeus.yml +++ b/zeus.yml @@ -2,6 +2,7 @@ # hosts: zeus-public # become: true # vars_files: +# - zeus-vars.yml # - vault.yml # vars: # user: warezjoe @@ -11,7 +12,6 @@ # host: zeus # set_ip: true # false # in_face: ens18 -# ip: 192.168.5.7 # samba_ip: "{{ ip }}/32" # docker_users: "{{ user }}" # roles: @@ -76,21 +76,21 @@ # #- role: create_zfs_dataset # - role: mariaDB_install -- name: nginx - hosts: zeus-public - become: true - vars_files: - - zeus-vars.yml - vars: - docker_name: nginx - zfs_dataset_name: "{{ docker_name }}" - zfs_dataset_user: root - zfs_dataset_group: root - zfs_dataset_size: 100M - docker_compose_file: nginx.yml - roles: - - role: create_zfs_dataset - - role: docker_spin_up +#- name: nginx +# hosts: zeus-public +# become: true +# vars_files: +# - zeus-vars.yml +# vars: +# docker_name: nginx +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: root +# zfs_dataset_group: root +# zfs_dataset_size: 100M +# docker_compose_file: nginx.yml +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up #- name: email @@ -112,46 +112,111 @@ -- name: Torrent client spawn +#- name: Torrent client spawn +# hosts: zeus-public +# become: true +# vars_files: +# - vault.yml +# - zeus-vars.yml +# vars: +# user: warezjoe +# uid: "1000" +# password: "{{ warezjoe_password_un }}" +# docker_name: transmission +# docker_compose_file: transmission.yaml +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: "{{ user }}" +# zfs_dataset_group: "{{ user }}" +# zfs_dataset_size: 1T +# +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up + + +#- name: Pi-hole +# hosts: zeus-public +# become: true +# vars_files: +# - vault.yml +# - zeus-vars.yml +# vars: +# docker_name: pi-hole +# password: "{{ warezjoe_password_un }}" +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: root +# zfs_dataset_group: root +# zfs_dataset_size: 1G +# docker_compose_file: pi-hole.yml +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up + +#- name: Pi-hole +# hosts: zeus-public +# become: true +# vars_files: +# - vault.yml +# - zeus-vars.yml +# vars: +# docker_name: pi-hole +# password: "{{ warezjoe_password_un }}" +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: root +# zfs_dataset_group: root +# zfs_dataset_size: 1G +# docker_compose_file: pi-hole.yml +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up + +#- name: nextcloud +# hosts: zeus-public +# become: true +# vars_files: +# - vault.yml +# - zeus-vars.yml +# vars: +# docker_name: nextcloud +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: root +# zfs_dataset_group: root +# zfs_dataset_size: 1T +# docker_compose_file: nextcloud.yml +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up + +#- name: gitea +# hosts: zeus-public +# become: true +# vars_files: +# - vault.yml +# - zeus-vars.yml +# vars: +# docker_name: gitea +# zfs_dataset_name: "{{ docker_name }}" +# zfs_dataset_user: root +# zfs_dataset_group: root +# zfs_dataset_size: 100M +# docker_compose_file: gitea.yml +# roles: +# - role: create_zfs_dataset +# - role: docker_spin_up + +- name: dashboard-my-public hosts: zeus-public become: true vars_files: - vault.yml - zeus-vars.yml vars: - user: warezjoe - uid: "1000" - password: "{{ warezjoe_password_un }}" - docker_name: transmission - docker_compose_file: transmission.yaml - zfs_dataset_name: "{{ docker_name }}" - zfs_dataset_user: "{{ user }}" - zfs_dataset_group: "{{ user }}" - zfs_dataset_size: 1T - - roles: - - role: create_zfs_dataset - - role: docker_spin_up - - -- name: Pi-hole - hosts: zeus-public - become: true - vars_files: - - vault.yml - - zeus-vars.yml - vars: - docker_name: pi-hole + docker_name: dashboard_my_public zfs_dataset_name: "{{ docker_name }}" zfs_dataset_user: root zfs_dataset_group: root zfs_dataset_size: 100M - docker_compose_file: pi-hole.yml + docker_compose_file: "{{ docker_name }}.yml" roles: - role: create_zfs_dataset - - role: docker_spin_up - - - - - + - role: docker_spin_up \ No newline at end of file