VPN client gen + Samba mask fix

2024-05-04 21:22:46 +02:00
parent b8369d0b28
commit fd05c2250a
9 changed files with 85 additions and 26 deletions
--- a/roles/ansible-role-docker/tasks/main.yml
+++ b/roles/ansible-role-docker/tasks/main.yml
@@ -102,3 +102,16 @@
  ansible.builtin.pip:
    name: docker
    extra_args: "--break-system-packages"
 - name: Install a promtail plugin
  community.docker.docker_plugin:
    plugin_name: grafana/loki-docker-driver:latest
    state: present
    alias: loki
 - name: Enable a promtail plugin
  community.docker.docker_plugin:
    plugin_name: grafana/loki-docker-driver:latest
    state: enable
    alias: loki
  notify: restart docker
--- a/roles/create_samba_user/tasks/main.yml
+++ b/roles/create_samba_user/tasks/main.yml
@@ -15,7 +15,7 @@
        browseable = yes
        writeable = yes
        read only = no
-        create mask = 0700
+        create mask = 0644
-        directory mask = 0700
+        directory mask = 0755
        valid users = {{ samba_user }}
  notify: smb restart
--- a/roles/create_user/tasks/main.yml
+++ b/roles/create_user/tasks/main.yml
@@ -5,6 +5,7 @@
    name: "{{ primary_group }}"
    gid: "{{ gid }}"
    state: present
  when: gid != 65534
 - name: Adding user
  ansible.builtin.user:
--- a/roles/docker_spin_up/tasks/pi-hole.yml
+++ b/roles/docker_spin_up/tasks/pi-hole.yml
@@ -1,7 +1,7 @@
 - name: pi-hole
  community.docker.docker_container:
    name: pi-hole
-    image: pihole/pihole:latest
+    image: pihole/pihole:2024.03.2
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
--- a/roles/linux_config_init/tasks/main.yml
+++ b/roles/linux_config_init/tasks/main.yml
@@ -10,6 +10,7 @@
 #     - set_perma_ip.yml
     - bashrc_copy.yml
     - timezone.yml
     - resolvconf_copy.yml
 #- name: Set Pernament IP
 #  ansible.builtin.include_tasks: set_perma_ip.yml
--- a/roles/linux_config_init/tasks/set_perma_ip.yml
+++ b/roles/linux_config_init/tasks/set_perma_ip.yml
@@ -6,4 +6,4 @@
    owner: root
    group: root
    mode: '0644'
-  notify: networking restart
+  notify: networking restart
--- a/wireguad-client-gen.yml
+++ b/wireguad-client-gen.yml
@@ -5,7 +5,7 @@
    - vault.yml
    - zeus-vars.yml
  vars:
-    user: ntb
+    user: tata
    IP_name: 'wireguard_{{ user }}_ip'
    IP: "{{ lookup('vars', IP_name) }}"
    priv_name: 'wireguard_{{ user }}_key'
@@ -20,4 +20,4 @@
        group: "{{ ansible_user_id }}"
        mode: '0644'
-  
+  
--- a/zeus-vars.yml
+++ b/zeus-vars.yml
@@ -4,5 +4,5 @@ ip_admin: 192.168.6.7
 mysql_host: "{{ ip_admin }}"
 wireguard_ntb_ip: 10.0.0.2
-wireguard_tata_ip: 10.0.0.3
+wireguard_tata_ip: 10.0.0.4
-wireguard_kate_ip: 10.0.0.4
+wireguard_kate_ip: 10.0.0.3
--- a/zeus.yml
+++ b/zeus.yml
@@ -22,7 +22,7 @@
 #    #- role: zfs_install
 #    #- role: nfs_install
 #    #- role: samba_install
-#    #- role: ansible-role-docker
+#    - role: ansible-role-docker
 #- name: Zfs dataset + Samba - Tata
@@ -35,6 +35,7 @@
 #    user: tata
 #    primary_group: nogroup
 #    uid: 1001
 #    gid: 65534
 #    password: "{{ tata_password }}"
 #    home: /bigpool/tata
 #    shell: "/bin/false"
@@ -47,7 +48,6 @@
 #
 #  roles:
 #   - role: create_user
 #   - role: create_user
 #   - role: create_zfs_dataset
 #   - role: create_samba_user
  # smbpasswd -a tata 
@@ -76,21 +76,21 @@
 #    #- role: create_zfs_dataset
 #    - role: mariaDB_install
- name: nginx
+#- name: nginx
-  hosts: zeus-public
+#  hosts: zeus-public
-  become: true
+#  become: true
-  vars_files:
+#  vars_files:
-    - zeus-vars.yml
+#    - zeus-vars.yml
-  vars:
+#  vars:
-    docker_name: nginx
+#    docker_name: nginx
-    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_name: "{{ docker_name }}"
-    zfs_dataset_user: root
+#    zfs_dataset_user: root
-    zfs_dataset_group: root
+#    zfs_dataset_group: root
-    zfs_dataset_size: 100M
+#    zfs_dataset_size: 100M
-    docker_compose_file: nginx.yml
+#    docker_compose_file: nginx.yml
-  roles:
+#  roles:
-    - role: create_zfs_dataset
+#    - role: create_zfs_dataset
-    - role: docker_spin_up
+#    - role: docker_spin_up
 #- name: email
@@ -210,4 +210,48 @@
 #    - zeus-vars.yml
 #  roles:
 #    - role: wireguard-server
-  
+
 #- name: monitoring
 #  hosts: zeus-public
 #  become: true
 #  vars_files:
 #    - vault.yml
 #    - zeus-vars.yml
 #  vars:
 #    user: monitoring
 #    primary_group: "{{ user }}"
 #    uid: "112"
 #    gid: "112"
 #    shell: "/bin/false"
 #    home: "/nonexistent"
 #    docker_name: monitoring
 #    zfs_dataset_name: "{{ docker_name }}"
 #    zfs_dataset_user: "{{ user }}"
 #    zfs_dataset_group: "{{ primary_group }}"
 #    zfs_dataset_size: 1G
 #    docker_compose_file: "{{ docker_name }}.yml"
 #  roles:
 #    - role: create_user
 #    - role: create_zfs_dataset
 #    - role: docker_spin_up
 - name: jellyfin
  hosts: zeus-public
  become: true
  vars_files:
    - vault.yml
    - zeus-vars.yml
  vars:
    docker_name: jellyfin
    user: warezjoe
    primary_group: "{{ user }}"
    uid: 1000
    gid: "{{ uid }}"
    docker_compose_file: "{{ docker_name }}.yml"
    zfs_dataset_name: "{{ docker_name }}"
    zfs_dataset_user: "{{ user }}"
    zfs_dataset_group: "{{ primary_group }}"
    zfs_dataset_size: 50M
  roles:
    - role: create_zfs_dataset
    - role: docker_spin_up