Compare commits
5 Commits
3dfb5d7c5a
...
cf73583498
Author | SHA1 | Date |
---|---|---|
Ricard Illa | cf73583498 | |
Ricard Illa | ad664edcf3 | |
Ricard Illa | b9396ab05d | |
Ricard Illa | c0fcf3238d | |
Ricard Illa | 8b3c6c7553 |
14
deploy.yml
14
deploy.yml
|
@ -87,12 +87,14 @@
|
|||
- sshd
|
||||
vars:
|
||||
users:
|
||||
- rilla
|
||||
- ansible
|
||||
- btrbk
|
||||
- builder
|
||||
- dags
|
||||
- gopass
|
||||
- rilla
|
||||
- woodpecker
|
||||
tags: common
|
||||
|
||||
- name: quality of life tools
|
||||
hosts:
|
||||
|
@ -163,6 +165,16 @@
|
|||
become: true
|
||||
roles:
|
||||
- wireguard
|
||||
vars_files:
|
||||
- 'vars/vault.yaml'
|
||||
|
||||
- name: notifiers
|
||||
hosts:
|
||||
- suricata
|
||||
become: true
|
||||
roles:
|
||||
- notifiers
|
||||
tags: notifiers
|
||||
|
||||
- name: set up NUT
|
||||
hosts:
|
||||
|
|
23
hosts.yml
23
hosts.yml
|
@ -230,6 +230,29 @@ all:
|
|||
|
||||
nut_host: localhost
|
||||
|
||||
notifiers:
|
||||
xmpp:
|
||||
recipient: rilla@monotremata.xyz
|
||||
account: suricata@monotremata.xyz
|
||||
password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
3261336330303763383735646465326463333964383234653835396462383731623
|
||||
63763386365653437396163656530626533633463613966303235616565330a6237
|
||||
3535653731333366313438343465663034303433623132386364643338613732383
|
||||
9326661316435336539306232633536356330376337663065636265660a61643830
|
||||
3335633538613337616232306233633039333364373538373036623139666263383
|
||||
06538636233643362383335653135333439353131336535353862
|
||||
|
||||
gotify:
|
||||
url: https://gotify.monotremata.xyz
|
||||
token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
3539643562356634616361643264623533643664303862613264316439343036323
|
||||
93033306538353661343861313866613434633637653434336532613361310a6161
|
||||
6563343236303135616335346364643763343533653331316166653937353965643
|
||||
9383135393631366336383361373333396536343362626561613435310a34313261
|
||||
38613264353832396362653036313531356261613833393965353664
|
||||
|
||||
caladan:
|
||||
ansible_host: caladan
|
||||
ansible_user: ansible
|
||||
|
|
14
justfile
14
justfile
|
@ -1,9 +1,21 @@
|
|||
#!/usr/bin/env -S just --justfile
|
||||
|
||||
password_file := "get_password.sh"
|
||||
|
||||
# may need to use --force to reinstall all requirements
|
||||
reqs *ARGS:
|
||||
ansible-galaxy install -r requirements.yaml {{ARGS}}
|
||||
|
||||
deploy HOST *ARGS:
|
||||
ansible-playbook \
|
||||
--inventory hosts.yml \
|
||||
--vault-password-file get_password.sh \
|
||||
--vault-password-file {{password_file}} \
|
||||
--limit {{HOST}} \
|
||||
{{ARGS}} \
|
||||
deploy.yml
|
||||
|
||||
# just vault (encrypt/decrypt/edit)
|
||||
vault ACTION:
|
||||
EDITOR="nvim" ansible-vault {{ACTION}} \
|
||||
--vault-password-file {{password_file}} \
|
||||
vars/vault.yaml
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65343662643732393835376666373930366539383835663834313035373362393133373833396161
|
||||
6463343465623762353737663036306433613132656533330a366333393165363434663033343136
|
||||
39303164396135323035303733393239633530313636323137653934346630343836343838363337
|
||||
6137303334623732300a663330613061303536326230323832383537633932396165323633656461
|
||||
62623938383131363831633536376163373265386264383131303238346335313236646239633630
|
||||
66656436303663646339613930396436356637613532353937366230643837663636313661376331
|
||||
39353939363265643661316534356338336639306666343034323434663861643764393737303865
|
||||
65366138636363323061616162356431633135626231306366616462383233393237316139323935
|
||||
36393930633363656630363364323336613635626661303339306435363837613766636163623534
|
||||
38613166633835656137346135306266626239633738323966383034386235383761316365303538
|
||||
63303231613766303532396562633830633161366230666430353432376537383562346330333033
|
||||
33306334646636383035326332343330636238386665616465326261373235313735633233633562
|
||||
66323933626232303236356266353365336433666362353838666465373764393463393238306530
|
||||
64333934616331343035663335326239353530323933616535613839383161646638646261393265
|
||||
31376233353532326361653164313636633438366266613235333234626633373531393364613432
|
||||
62303464646637663631356233373865613162336537313062646432383238613164643233383537
|
||||
34326362656564646138636562323131393661376133316565653861633039613937646564376333
|
||||
38343335333064643163383963623538636330613765383137306133323164633966353433333765
|
||||
33633135623534336131393431373637366239316334613936636661343165353236346433346634
|
||||
66333161623062333265396337633333636663386334306137643363343239323432636337313033
|
||||
38656434366464343038393935643663346661636134313965653963653532303534333031393666
|
||||
33323965653838633261613664623738356635346163333439363062646361623466663738393261
|
||||
65396463343537363166613666303830366162393134633739306630353936333165653361343134
|
||||
61366533323666383639
|
||||
30643932343335613161633362646134333061383332323030636434303335366337633236643230
|
||||
3830383639626433613162643933353064393939623137380a663539626161306366353165346434
|
||||
38653238623535303438303136643261666539666535376463633835383033353631333838643632
|
||||
6338343863616566350a363165636566363530613564313465366361383563623164663930663937
|
||||
36306339643766303964613332373665653062393836633665383363646133613864366564393133
|
||||
63356437633332346139373733303737396335386138376231626637643862336365356266656538
|
||||
63313165393030343863336530613232643735323163393434323034303939323034313464316636
|
||||
63616537323338633031626139323362663136356139336431353135343835393863656262663831
|
||||
36336661376539616631653737613963353266396532656162646336623032363037616638353661
|
||||
39643265366431656131626630353131656163656339626463336462356230333935646664383536
|
||||
32633562653462613962306164643338363562613664313631633565633636623161616232643762
|
||||
30303462333032623862383935386335323433643032623861633131633736633064303138326165
|
||||
35353762666530616533363634356464393139616535373162346238333839633639356331383933
|
||||
39326130346133636661306564613733616461653466613538633935636430613232666661336332
|
||||
33653637346163643937633431666137376339626132373237623137633131383234323165343730
|
||||
38326565316135613635383062643866633661653362386634303066626130373939343431333334
|
||||
35303139386234613565616335376564323139303534356466386531363565623630636238653430
|
||||
36343930356630333263313737376134656433623161383266613034343062616565633262343634
|
||||
63333861363736343630363330613063613637376463656332303534333939316261633233356230
|
||||
63396334613730396530333539383764613539353061383230363532333963366133653033366537
|
||||
62313562343135623135353438356563353338636336333932343039363862333463623039336533
|
||||
39653231373632633761383563613232613534393962646536393763396530366533303165383566
|
||||
63316235666161316638656663643632373634376262646233313932393030376134356135333134
|
||||
36623738313634666437
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32653462316534376436323930393938303861333466323162326432393364336164336338636535
|
||||
6236356239666230626138636164623266373838626462380a346635653331376161653962303833
|
||||
66626264636561313333343632376238376363633937343136613539633037366531376637633062
|
||||
3736353465336335320a373830653731303632366535626661646164623433366536663863363739
|
||||
35393437303837636233363563313563336639353233643261356664386239373464646266356134
|
||||
62656431343566316335343935376535346637666538376637623738353436343033373035313765
|
||||
64633735343162326564323365323934396364313339656164336566363333633865373431663430
|
||||
37623663656464343336653639393535613366336464346665323366343261383836373163616438
|
||||
34666539643861656136393061303834646239616235323961343430636636633633623835636538
|
||||
65303564623161623334306234643335363332363934653036306438363131396531343263386431
|
||||
62646565373334373837353833336165663631303032643362663763613862343330623463326331
|
||||
37313038343437316234316339663564303461353766383462643030363065363531616663656463
|
||||
30356237616134306234376439323166303765303633366161303366326363623734393030306366
|
||||
38613230313737306534616136643034393232646339313266656535643735356139633439656534
|
||||
32663462306339663563366638663831663530633932343935646666373266636132663636663662
|
||||
39626664336236613863386561326433383334383732353463303433386137396632653464666633
|
||||
36616334643063393566393338633763396536363433663839373339333536656365363863306536
|
||||
39633064653637383630623032306565313939636666646634393434373932303039376465316237
|
||||
63336431323336616266336536323832333662316435366661613564393963663130383365303431
|
||||
31323766323632393138626430326337633436656331653162326466633362643730346461316466
|
||||
37313334656131643166653430366366346366646339643137376362376361343637306364363635
|
||||
32653734303631613533353039346632366661633661633432626135313830353265636638616138
|
||||
37663262356131623539633235663733306133386565396433306366316664323263613533343830
|
||||
39393834303333343331343234336334343765326334303137366361323934656631396662373432
|
||||
33613731343438663531373866386262313134373366633439643030313230313739646433613666
|
||||
39393065323536613161376665666332383331656261396436666339633462343732326366363934
|
||||
62373734366132333035333363393562363233383638393865393532306432353133373530653931
|
||||
61346461353934356263623666633661363264363163323832373533643961326634666634363639
|
||||
35663632656137653961343831663862346138313535626365393030343736643862633166396566
|
||||
62633363646165393137666566303539396461393437646466313134316366663630613030333261
|
||||
38666665316439656437376663383566636465383039656336396131366365383663363537383230
|
||||
63636130333737636432363165666361343632373439613632333139376438656365313132653565
|
||||
64396133633636373433636663663339343135363133316261333136383834373132383262646637
|
||||
61383166343435366137343433376161656332306561373165363939656139363531306461633861
|
||||
62373035623266633565333830646266373036613634626339616536303062643961613031636238
|
||||
36353066656238373933
|
|
@ -1,10 +1,10 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30613933373763373264373162313466663333353830306436323964633463353632326563343361
|
||||
3564643432323962313836326231313961346630303734650a376234653935643066326232666161
|
||||
39303061343564643866313530633835306332303861316163373439636534333730626538633264
|
||||
3532613234343936660a623966643230316337383636646337313435323836636263333765356261
|
||||
31326130313733616261643032396261333963316161363933383365316164383432623631353436
|
||||
64383238363430653933343836373233313131623838316462373639396162663632396631663063
|
||||
33356133316331366563613134366664393462326235613561613134613532396237393239316339
|
||||
64343735383930323862616664333464643232636166326136623335333733666666623261326132
|
||||
6231
|
||||
38666166393862396166636266353134633134313837613066356537363233666465373163383730
|
||||
3563623562373634613030366236363730333561383932390a396631613761303137313436343537
|
||||
66613435373865383738646439393034333637653736303565653164666539323864646436313136
|
||||
3037333464346336640a343433643137346665646237643262373338666231656339633935376632
|
||||
62616238386464653337346333313763363830646334383361613030323433313431363263376134
|
||||
66313661646333396532663732643430623030396337343164643363333463363263633236633231
|
||||
35633038373736343863323332343235656464306666633535616464313662366138343263373062
|
||||
34313130623661353834396235343065356665376232623736376665366536643462626161303064
|
||||
3161
|
||||
|
|
|
@ -23,19 +23,26 @@
|
|||
src: "host_files/btrbk/{{ ansible_hostname }}/btrbk.conf"
|
||||
dest: /etc/btrbk/btrbk.conf
|
||||
|
||||
- name: copy btrbk ssh key
|
||||
- name: copy btrbk ssh private key
|
||||
copy:
|
||||
src: id_ed25519
|
||||
dest: /etc/btrbk/id_ed25519
|
||||
owner: btrbk
|
||||
mode: '0400'
|
||||
|
||||
- name: copy btrbk user ssh public key to authorized_keys
|
||||
- name: copy btrbk ssh public key
|
||||
copy:
|
||||
src: id_ed25519.pub
|
||||
dest: /etc/ssh/authorized_keys/btrbk
|
||||
dest: /etc/btrbk/id_ed25519.pub
|
||||
owner: btrbk
|
||||
mode: '0644'
|
||||
mode: '0444'
|
||||
|
||||
- name: copy btrbk ssh public key certificate
|
||||
copy:
|
||||
src: id_ed25519-cert.pub
|
||||
dest: /etc/btrbk/id_ed25519-cert.pub
|
||||
owner: btrbk
|
||||
mode: '0444'
|
||||
|
||||
- name: add btrbk to cron
|
||||
cron:
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /usr/local/etc/notifiers/gotify
|
||||
|
||||
PRIORITY="${PRIORITY:-5}"
|
||||
|
||||
if [ -n "$TITLE" ]; then
|
||||
TITLE_ARG="--form title=${TITLE}"
|
||||
else
|
||||
TITLE_ARG=""
|
||||
fi
|
||||
|
||||
MSG="$*"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
curl \
|
||||
"${GOTIFY_URL}/message?token=${GOTIFY_TOKEN}" \
|
||||
$TITLE_ARG \
|
||||
--form "message=${MSG}" \
|
||||
--form "priority=${PRIORITY}"
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /usr/local/etc/notifiers/xmpp
|
||||
|
||||
MSG="$*"
|
||||
|
||||
echo "$MSG" |
|
||||
go-sendxmpp \
|
||||
--username="$XMPP_ACCOUNT" \
|
||||
--password="$XMPP_PASSWORD" \
|
||||
"$XMPP_RECIPIENT"
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
|
||||
- name: install notification programs
|
||||
apk:
|
||||
name:
|
||||
- curl
|
||||
- go-sendxmpp
|
||||
- msmtp
|
||||
when: ansible_distribution == "Alpine"
|
||||
|
||||
- name: create config dir
|
||||
file:
|
||||
state: directory
|
||||
path: /usr/local/etc/notifiers
|
||||
|
||||
- name: render notifier configs
|
||||
template:
|
||||
src: "etc/notifiers/{{ item }}.j2"
|
||||
dest: "/usr/local/etc/notifiers/{{ item }}"
|
||||
owner: root
|
||||
mode: '0600'
|
||||
loop:
|
||||
- gotify
|
||||
- xmpp
|
||||
|
||||
- name: copy notifier executables
|
||||
copy:
|
||||
src: "bin/{{ item }}"
|
||||
dest: "/usr/local/bin/{{ item }}"
|
||||
mode: '0755'
|
||||
loop:
|
||||
- notify-gotify
|
||||
- notify-xmpp
|
|
@ -0,0 +1,2 @@
|
|||
GOTIFY_URL='{{ notifiers.gotify.url }}'
|
||||
GOTIFY_TOKEN='{{ notifiers.gotify.token }}'
|
|
@ -0,0 +1,3 @@
|
|||
XMPP_RECIPIENT='{{ notifiers.xmpp.recipient }}'
|
||||
XMPP_ACCOUNT='{{ notifiers.xmpp.account }}'
|
||||
XMPP_PASSWORD='{{ notifiers.xmpp.password }}'
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- name: create group 'dags'
|
||||
group:
|
||||
name: dags
|
||||
gid: 506
|
||||
|
||||
- name: create user 'dags'
|
||||
user:
|
||||
name: dags
|
||||
uid: 506
|
||||
group: dags
|
||||
home: /var/lib/dags
|
||||
password: "*" # disabled password but can be accessed with SSH
|
||||
groups:
|
||||
- wheel
|
||||
append: true
|
||||
|
||||
- name: additional groups to dags
|
||||
user:
|
||||
name: dags
|
||||
groups: "{{item}}"
|
||||
append: true
|
||||
when: item in ansible_facts.getent_group
|
||||
with_items:
|
||||
- docker
|
||||
|
||||
- name: make sure dags owns its home
|
||||
file:
|
||||
state: directory
|
||||
path: /var/lib/dags
|
||||
owner: dags
|
||||
group: dags
|
||||
mode: '2755'
|
||||
|
||||
- name: commit dags's home to lbu
|
||||
lbu:
|
||||
include:
|
||||
- /var/lib/dags
|
||||
exclude:
|
||||
- /var/lib/dags/.ash_history
|
||||
when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
|
Loading…
Reference in New Issue