Refactor: Organize Ansible project structure

- Reorganized Ansible project structure to follow best practices. - Created dedicated directories: , , , , and . - Categorized playbooks into (host-specific) and (service-specific). - Moved all roles into the directory and standardized their naming conventions. - Relocated to for better variable management. - Renamed to to reflect its global variable scope. - Created to correctly set the to the new directory. - Moved and into the directory. - Added to providing explanations for common commands. - Cleaned up directories from all individual roles to centralize version control.
2026-01-26 11:54:00 +01:00
parent 25fa9eaf25
commit 5bbc551106
177 changed files with 4162 additions and 77 deletions
--- a/playbooks/hosts/local-mv.yml
+++ b/playbooks/hosts/local-mv.yml
@@ -0,0 +1,25 @@
+- name: local-vm
+  hosts: kali
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  tasks:
+    - name: tools_for_command_line
+      ansible.builtin.include_role:
+        name: tools_for_command_line
+
+    - name: linux_config_init
+      ansible.builtin.include_role:
+        name: linux_config_init
+      vars:
+        user: warezjoe
+        uid: 1000
+        ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII823CLHAgx4nTaTr0Wys65YWN9pVnDfbWvsZcFwCnWl"
+        set_ip: False
+        set_hostname: False
+
+    - name:
+      ansible.builtin.include_role:
+        name: ansible-role-security
+
--- a/playbooks/hosts/lxc.yml
+++ b/playbooks/hosts/lxc.yml
@@ -0,0 +1,29 @@
+- name: lxc-init
+  hosts: photoprism
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  tasks:
+    - name: tools_for_command_line
+      ansible.builtin.include_role:
+        name: tools_for_command_line
+
+    - name: linux_config_init
+      ansible.builtin.include_role:
+        name: linux_config_init
+      vars:
+        user: warezjoe
+        uid: 1000
+        ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII823CLHAgx4nTaTr0Wys65YWN9pVnDfbWvsZcFwCnWl"
+        set_ip: False
+        set_hostname: False
+
+    - name:
+      ansible.builtin.include_role:
+        name: ansible-role-security
+
+    - name:
+      ansible.builtin.include_role:
+        name: prometheus_node_exporter
+
--- a/playbooks/hosts/rpi.yml
+++ b/playbooks/hosts/rpi.yml
@@ -0,0 +1,28 @@
+- name: pi-init
+  hosts: pi-local
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  tasks:
+    - name: tools_for_command_line
+      ansible.builtin.include_role:
+        name: tools_for_command_line
+
+    - name: linux_config_init
+      ansible.builtin.include_role:
+        name: linux_config_init
+      vars:
+        user: warezjoe
+        uid: 1001
+        ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII823CLHAgx4nTaTr0Wys65YWN9pVnDfbWvsZcFwCnWl"
+        set_ip: False
+        set_hostname: False
+
+    - name:
+      ansible.builtin.include_role:
+        name: ansible-role-security
+
+    - name:
+      ansible.builtin.include_role:
+        name: ansible-role-docker
--- a/playbooks/hosts/zeus.yml
+++ b/playbooks/hosts/zeus.yml
@@ -0,0 +1,344 @@
+#- name: Init for zeus
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#  - zeus-vars.yml
+#  - vault.yml
+#  vars:
+#   user: warezjoe
+#   uid: 1000
+#   password: "{{ warezjoe_password }}"
+#   user_ssh_key_url: https://github.com/MatousVondrejka.keys
+#   host: zeus
+#   set_ip: true # false
+#   in_face: ens18
+#   samba_ip: "{{ ip }}/32"
+#   docker_users: "{{ user }}"
+#  roles:
+#    #- role: create_user
+#    #- role: linux_config_init
+#    #- role: tools_for_command_line
+#    #- role: ansible-role-security
+#    #- role: zfs_install
+#    #- role: nfs_install
+#    #- role: samba_install
+#    - role: ansible-role-docker
+
+
+- name: Pictures
+  hosts: zeus-local
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  vars:
+    user: warezjoe
+    zfs_dataset_name: Pictures
+    zfs_dataset_user: "{{ user }}"
+    zfs_dataset_group: "{{ user }}"
+    zfs_dataset_size: 200G
+
+  roles:
+     - role: create_zfs_dataset
+
+- name: ntb
+  hosts: zeus-local
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  vars:
+    user: warezjoe
+    zfs_dataset_name: ntb
+    zfs_dataset_user: "{{ user }}"
+    zfs_dataset_group: "{{ user }}"
+    zfs_dataset_size: 200G
+
+  roles:
+     - role: create_zfs_dataset
+
+
+#- name: Music
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: warezjoe
+#    zfs_dataset_name: Music
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ user }}"
+#    zfs_dataset_size: 200G
+#
+#  roles:
+#     - role: create_zfs_dataset
+
+
+#- name: Searials
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: warezjoe
+#    zfs_dataset_name: Searials
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ user }}"
+#    zfs_dataset_size: 1T
+#
+#  roles:
+#     - role: create_zfs_dataset
+
+#- name: Films
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: warezjoe
+#    zfs_dataset_name: Films
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ user }}"
+#    zfs_dataset_size: 1T
+#
+#  roles:
+#     - role: create_zfs_dataset
+
+
+
+#- name: Zfs dataset + Samba - Tata
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#  - vault.yml
+#  - zeus-vars.yml
+#  vars:
+#    user: tata
+#    primary_group: nogroup
+#    uid: 1001
+#    gid: 65534
+#    password: "{{ tata_password }}"
+#    home: /bigpool/tata
+#    shell: "/bin/false"
+#    zfs_dataset_name: "{{ user }}"
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ primary_group }}"
+#    zfs_dataset_size: 1T
+#    samba_user: "{{ user }}"
+#    samba_mountpoint: "{{ home }}"
+#
+#  roles:
+#   - role: create_user
+#   - role: create_zfs_dataset
+#   - role: create_samba_user
+  # smbpasswd -a tata
+
+ 
+
+
+#- name: MariaDB start
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - zeus-vars.yml
+#  vars:
+#    user: mysql
+#    primary_group: mysql
+#    uid: 110
+#    gid: 114
+#    shell: "/bin/false"
+#    home: "/nonexistent"
+#    zfs_dataset_name: MariaDB
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ primary_group }}"
+#    zfs_dataset_size: 1G
+#    mariadb_location: "/{{ zfs_pool_name }}/{{ zfs_dataset_name }}"
+#
+#  roles:
+#    #- role: create_user
+#    #- role: create_zfs_dataset
+#    - role: mariaDB_install
+
+#- name: nginx
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: nginx
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 100M
+#    docker_compose_file: nginx.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+
+#- name: email
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: email
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1G
+#    docker_compose_file: email.yml
+#  roles: 
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+
+
+
+
+#- name: Torrent client spawn
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: warezjoe
+#    uid: "1000"
+#    password: "{{ warezjoe_password_un }}"
+#    docker_name: transmission
+#    docker_compose_file: transmission.yaml
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ user }}"
+#    zfs_dataset_size: 1T
+#
+#  roles:
+#     - role: create_zfs_dataset
+#     - role: docker_spin_up
+
+#- name: Pi-hole
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: pi-hole
+#    password: "{{ warezjoe_password_un }}"
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1G
+#    docker_compose_file: pi-hole.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: nextcloud
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: nextcloud
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1T
+#    docker_compose_file: nextcloud.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: gitea
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: gitea
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 100M
+#    docker_compose_file: gitea.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: dashboard-my-public
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: dashboard_my_public
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 100M
+#    docker_compose_file: "{{ docker_name }}.yml"
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: wireguard-server
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  roles:
+#    - role: wireguard-server
+
+#- name: monitoring
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: monitoring
+#    primary_group: "{{ user }}"
+#    uid: "112"
+#    gid: "112"
+#    shell: "/bin/false"
+#    home: "/nonexistent"
+#    docker_name: monitoring
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ primary_group }}"
+#    zfs_dataset_size: 1G
+#    docker_compose_file: "{{ docker_name }}.yml"
+#  roles:
+#    - role: create_user
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: jellyfin
+#  hosts: zeus-local
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: jellyfin
+#    user: warezjoe
+#    primary_group: "{{ user }}"
+#    uid: 1000
+#    gid: "{{ uid }}"
+#    docker_compose_file: "{{ docker_name }}.yml"
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ primary_group }}"
+#    zfs_dataset_size: 200M
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
--- a/playbooks/services/mariadb.yml
+++ b/playbooks/services/mariadb.yml
@@ -0,0 +1,12 @@
+- name: mariadb init
+  hosts: mariadb
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  vars:
+    mariadb_location: /MariaDB
+  tasks:
+    - name: mariadb
+      ansible.builtin.include_role:
+        name: mariaDB
--- a/playbooks/services/mysql.yml
+++ b/playbooks/services/mysql.yml
@@ -0,0 +1,37 @@
+---
+- name: Setup MySQL database and user
+  hosts: mariadb
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  become: yes
+  vars:
+    mysql_database: "{{ UPTIMEKUMA.MYSQL_DATABASE }}"            # Replace with your desired database name
+    mysql_user: "{{ UPTIMEKUMA.MYSQL_USER }}"                # Replace with your desired database user
+    mysql_password:  "{{ UPTIMEKUMA.MYSQL_PASSWORD }}"       # Replace with your desired database user password
+
+  tasks:
+    - name: Create MySQL database
+      community.mysql.mysql_db:
+        name: "{{ mysql_database }}"
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: Create MySQL user
+      community.mysql.mysql_user:
+        name: "{{ mysql_user }}"
+        password: "{{ mysql_password }}"
+        priv: "{{ mysql_database }}.*:ALL"
+        host: "%"
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: Grant privileges to MySQL user on the database
+      community.mysql.mysql_user:
+        name: "{{ mysql_user }}"
+        host: "%"
+        password: "{{ mysql_password }}"
+        priv: "{{ mysql_database }}.*:ALL,GRANT"
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+        append_privs: yes
--- a/playbooks/services/nfs.yaml
+++ b/playbooks/services/nfs.yaml
@@ -0,0 +1,11 @@
+- name: nfs init
+  hosts: nfs
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+
+  tasks:
+    - name: nfs init
+      ansible.builtin.include_role:
+        name: nfs
--- a/playbooks/services/samba.yml
+++ b/playbooks/services/samba.yml
@@ -0,0 +1,23 @@
+- name: samba init
+  hosts: samba
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  vars:
+    user: tata
+    uid: 1001
+    gid: "{{ uid }}"
+    shell: "/usr/sbin/nologin"
+    home: "/tata"
+    password: "{{ tata_password }}"
+    create_home: false
+
+  tasks:
+    - name: create_user
+      ansible.builtin.include_role:
+        name: create_user
+
+    - name: samba
+      ansible.builtin.include_role:
+        name: samba
--- a/playbooks/services/wireguard-cerberus.yml
+++ b/playbooks/services/wireguard-cerberus.yml
@@ -0,0 +1,10 @@
+- name: cerberos init
+  hosts: wireguard-cerberus
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  tasks:
+    - name: wireguard-server
+      ansible.builtin.include_role:
+        name: wireguard-server
--- a/playbooks/services/wireguard-client-gen.yml
+++ b/playbooks/services/wireguard-client-gen.yml
@@ -0,0 +1,23 @@
+- name: wireguard-client-gen
+  hosts: localhost
+ #connection: local
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  vars:
+    user: desktop
+    IP_name: 'wireguard_{{ user }}_ip'
+    IP: "{{ lookup('vars', IP_name) }}"
+    priv_name: 'wireguard_{{ user }}_key'
+    priv: "{{ lookup('vars', priv_name) }}"
+
+  tasks:
+    - name: Copy from template
+      template:
+        src: ~/.ansible/roles/wireguard-server/templates/wireguardclient.conf
+        dest: ~/{{ user }}.conf
+        owner: "{{ ansible_user_id }}"
+        group: "{{ ansible_user_id }}"
+        mode: '0644'
+  
+  
--- a/playbooks/template-differ.yml
+++ b/playbooks/template-differ.yml
@@ -0,0 +1,15 @@
+- name: template
+  hosts: localtemplate
+  become: true
+  tasks:
+
+    - name: template-differ
+      ansible.builtin.include_role:
+        name: template-differ
+      vars:
+        interface_name: enp1s0
+        new_hostname: dvwa
+        ip: 192.168.122.3
+        address_with_cird: 192.168.122.3/24
+        gateway: 192.168.122.1
+        dns: 1.1.1.1
--- a/playbooks/template.yml
+++ b/playbooks/template.yml
@@ -0,0 +1,25 @@
+- name: template
+  hosts: template
+  become: true
+  vars_files:
+    - vault.yml
+    - zeus-vars.yml
+  tasks:
+    - name: tools_for_command_line
+      ansible.builtin.include_role:
+        name: tools_for_command_line
+
+    - name: linux_config_init
+      ansible.builtin.include_role:
+        name: linux_config_init
+      vars:
+        user: warezjoe
+        uid: 1000
+        ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII823CLHAgx4nTaTr0Wys65YWN9pVnDfbWvsZcFwCnWl"
+        set_ip: False
+        set_hostname: False
+
+    - name:
+      ansible.builtin.include_role:
+        name: ansible-role-security
+
--- a/playbooks/universal.yml
+++ b/playbooks/universal.yml
@@ -0,0 +1,16 @@
+---
+- name: And now all running
+  hosts: mintotaur
+  vars:
+   user: warezjoe
+   host: ntb # desktop rpi ntb
+   set_ip: true # false
+   ip: 192.168.5.5
+  roles:
+   - role: linux_config_init
+   - role: import_ssh_key # without sudo
+   - role: tools_for_command_line
+   # - role: service_start
+   # - role: gui_app_init
+   # - role: ansible-role-docker
+  # docker_users: "{{ user }}"