Merge pull request #78 from ChristianLempa/ansiblesemaphore

Ansiblesemaphore

ansible/configuration/fail2ban/protect-sshd.yaml → ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml

@@ -1,5 +1,6 @@
 ---
-- hosts: all
+- name: install fail2ban and configure sshd
+  hosts: "{{ hosts }}"
   become: yes
   tasks:
   - name: install fail2ban

ansible/provisoning/add_public_keys.yaml → ansible/configuration/ssh/config-add-sshkey.yaml

@@ -1,25 +1,17 @@
 ---
-- hosts: all
-
+- name: add ssh key
+  hosts: "{{ hosts }}"
   become: yes
   tasks:
-
-  # Installs public key
-  # --
-  #
   - name: install public keys
     ansible.posix.authorized_key:
       user: "{{ lookup('env','USER') }}"
       state: present
       key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
-
-  # (Optional)
-  # Set all sudoers to no password
-  # --
   - name: change sudoers file
     lineinfile:
       path: /etc/sudoers
       state: present
       regexp: '^%sudo'
       line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-      validate: /usr/sbin/visudo -cf %s
+      validate: /usr/sbin/visudo -cf %s

ansible/provisoning/ubuntu/deploy-portainer.yaml → ansible/deployment/portainer/deploy-portainer.yaml

@@ -1,21 +1,13 @@
 ---
-- hosts: all
-  
+- name: deploy portainer-ce latest
+  hosts: "{{ hosts }}"
   become: yes
   become_user: "{{ lookup('env','USER') }}"
   tasks:
-
-  # Create Portainer Volume
-  # --
-  # 
-  - name: Create new Volume
+  - name: create new volume
     community.docker.docker_volume:
       name: portainer-data
-
-  # Deploy Portainer
-  # --
-  #   
-  - name: Deploy Portainer
+  - name: deploy portainer
     community.docker.docker_container:
       name: portainer
       image: "docker.io/portainer/portainer-ce"
@@ -24,4 +16,4 @@
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock
         - portainer-data:/data
-      restart_policy: always
+      restart_policy: unless-stopped

ansible/deployment/traefik/deploy-traefik.yaml

@@ -0,0 +1,17 @@
+---
+- name: deploy traefik v2.5
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+  - name: deploy traefik
+    become_user: "{{ lookup('env','USER') }}"
+    community.docker.docker_container:
+      name: traefik
+      image: "traefik:v2.5"
+      ports:
+        - "80:80"
+        - "443:443"
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /etc/traefik:/etc/traefik
+      restart_policy: unless-stopped

ansible/installation/inst-core.yaml

@@ -0,0 +1,10 @@
+- name: install core packages
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+  - name: install core packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+      update_cache: yes

ansible/provisoning/ubuntu/install-docker.yaml → ansible/installation/inst-docker.yaml

@@ -1,34 +1,23 @@
 ---
-- hosts: all
-  
+- name: install docker
+  hosts: "{{ hosts }}"
   become: yes
   tasks:
-
-  # Install Docker
-  # --
-  # 
   - name: install prerequisites
     apt:
       name:
         - docker.io
       update_cache: yes
-
   - name: add user permissions
     shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
-
   - name: Reset ssh connection for changes to take effect
     meta: "reset_connection"
-
-  # Installs Docker SDK
-  # --
-  # 
   - name: install python package manager
     apt:
       name: python3-pip
-  
   - name: install python sdk
     become_user: "{{ ansible_env.SUDO_USER }}"
     pip:
       name:
         - docker
-        - docker-compose
+        - docker-compose

ansible/installation/inst-microk8s.yaml

@@ -0,0 +1,11 @@
+---
+- name: install microk8s
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+    - name: install microk8s
+      snap:
+        classic: yes
+        name: microk8s
+    - name: add userpermissions
+      shell: "usermod -aG microk8s {{ lookup('env','USER') }}"

ansible/installation/inst-vm-core.yaml

@@ -0,0 +1,17 @@
+---
+- name: install core packages for virtual machines
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+  - name: install packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+        - qemu-guest-agent
+      update_cache: yes
+  - name: start guest qemu-guest-agent
+    service:
+      name: qemu-guest-agent
+      state: started
+      enabled: yes

ansible/provisoning/ubuntu/install-wireguard.yaml → ansible/installation/inst-wireguard.yaml

@@ -1,17 +1,14 @@
 ---
-- hosts: all
-  
+- name: install wireguard
+  hosts: "{{ hosts }}"
   become: yes
-
   tasks:
-    - name: Install WireGuard
+    - name: install wireguard
       apt:
         name: wireguard
         update_cache: yes
-
-    - name: Generate Private and Public Key Pair
+    - name: generate private and public keypair
       shell: |
         wg genkey | tee privatekey | wg pubkey > publickey
-
         chmod 0400 privatekey
         chmod 0400 publickey

ansible/installation/inst-zsh.yaml

@@ -0,0 +1,11 @@
+---
+- name: install zsh
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+    - name: install zsh
+      apt:
+        name: zsh
+        state: present
+        update_cache: true
+      become: true

ansible/maintenance/maint-diskspace

@@ -0,0 +1,20 @@
+---
+- name: check disk space
+  hosts: "{{ hosts }}"
+  tasks:
+    - name: get disk usage
+      command: df -h
+      register: disk_usage
+    - name: check disk space available
+      shell: df -h / | awk 'NR==2 {print $5}'
+      register: disk_usage
+    # - name: send discord message when disk space is over 80%
+    #   uri:
+    #     url: "your-webhook"
+    #     method: POST
+    #     body_format: json
+    #     body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+    #     headers:
+    #       Content-Type: application/json
+    #     status_code: 204
+    #   when: disk_usage.stdout[:-1]|int > 80

ansible/maintenance/maint-docker-clean.yaml

@@ -0,0 +1,13 @@
+---
+- name: clean docker
+  hosts: "{{ hosts }}"
+  tasks:
+    - name: prune non-dangling images
+      community.docker.docker_prune:
+        containers: false
+        images: true
+        images_filters:
+          dangling: false
+        networks: false
+        volumes: false
+        builder_cache: false

ansible/maintenance/maint-reboot-required.yaml

@@ -0,0 +1,13 @@
+---
+- name: check if system reboot is required
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+    - name: check if system reboot is required
+      become: true
+      stat:
+        path: /var/run/reboot-required
+      register: reboot_required
+    - debug:
+        msg: "Reboot is required"
+      when: reboot_required.stat.exists

ansible/maintenance/maint-reboot.yaml

@@ -0,0 +1,8 @@
+---
+- name: reboot machine
+  hosts: "{{ hosts }}"
+  become: yes
+  tasks:
+  - name: reboot machine
+    reboot:
+      reboot_timeout: 3600

ansible/notification/notify-discord.yaml

@@ -0,0 +1,14 @@
+---
+- name: notify discord
+  hosts: "{{ hosts }}"
+  tasks:
+    - name: send discord message
+      uri:
+        url: "your-webhook"
+        method: POST
+        body_format: json
+        body: '{"content": "your-message"}'
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      # when: your-condition

ansible/provisoning/deploy-portainer.yaml

@@ -1,26 +0,0 @@
----
-- hosts: all
-  
-  tasks:
-
-  # Create Portainer Volume
-  # --
-  # 
-  - name: Create new Volume
-    community.docker.docker_volume:
-      name: portainer_data
-
-  # Deploy Portainer
-  # --
-  #   
-  - name: Deploy Portainer
-    community.docker.docker_container:
-      name: portainer
-      image: "docker.io/portainer/portainer-ce"
-      ports:
-        - "8000:8000"
-        - "9000:9000"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - portainer_data:/data
-      restart_policy: always

ansible/provisoning/ubuntu/deploy-traefik.yaml

@@ -1,46 +0,0 @@
----
-- hosts: all
-  
-  become: yes
-
-  tasks:
-
-  # Create Directory
-  # ---
-  #
-  # - name: Create directory
-  #   file:
-  #     path: /etc/traefik
-  #     state: directory
-      
-  # Create Directory
-  # ---
-  #
-  # - name: Create directory2
-  #   file:
-  #     path: /etc/traefik/certs
-  #     state: directory
-
-  # Copy File
-  # ---
-  #
-  # - name: Copy config file
-  #   ansible.builtin.copy:
-  #     src: config/traefik.yaml
-  #     dest: /etc/traefik/traefik.yaml
-
-  # Deploy Traefik
-  # --
-  #   
-  - name: Deploy Traefik
-    become_user: "{{ lookup('env','USER') }}"
-    community.docker.docker_container:
-      name: traefik
-      image: "traefik:v2.5"
-      ports:
-        - "80:80"
-        - "443:443"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /etc/traefik:/etc/traefik
-      restart_policy: always

ansible/provisoning/ubuntu/install-microk8s.yaml

@@ -1,19 +0,0 @@
----
-- hosts: all
-  
-  become: yes
-  tasks:
-  
-  # Installs Microk8s
-  # --
-  #
-  - name: install microk8s
-    snap:
-      classic: yes
-      name: microk8s
-
-  # Sets User Permissions  
-  # --
-  #
-  - name: add userpermissions
-    shell: "usermod -aG microk8s {{ lookup('env','USER') }}"

docker-compose/ansiblesemaphore/docker-compose.yaml

@@ -0,0 +1,43 @@
+---
+volumes:
+  semaphore-mysql:
+    driver: local
+services:
+  mysql:
+    image: mysql:8.0
+    hostname: mysql
+    volumes:
+      - semaphore-mysql:/var/lib/mysql
+    environment:
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_DATABASE=semaphore
+      - MYSQL_USER=semaphore
+      - MYSQL_PASSWORD=secret-password  # change!
+    restart: unless-stopped
+  semaphore:
+    container_name: ansiblesemaphore
+    image: semaphoreui/semaphore:v2.8.90
+    user: "${UID}:${GID}"
+    ports:
+      - 3000:3000
+    environment:
+      - SEMAPHORE_DB_USER=semaphore
+      - SEMAPHORE_DB_PASS=secret-password  # change!
+      - SEMAPHORE_DB_HOST=mysql
+      - SEMAPHORE_DB_PORT=3306
+      - SEMAPHORE_DB_DIALECT=mysql
+      - SEMAPHORE_DB=semaphore
+      - SEMAPHORE_PLAYBOOK_PATH=/tmp/semaphore/
+      - SEMAPHORE_ADMIN_PASSWORD=secret-admin-password  # change!
+      - SEMAPHORE_ADMIN_NAME=admin
+      - SEMAPHORE_ADMIN_EMAIL=admin@localhost
+      - SEMAPHORE_ADMIN=admin
+      - SEMAPHORE_ACCESS_KEY_ENCRYPTION=  # add to your access key encryption !
+      - ANSIBLE_HOST_KEY_CHECKING=false  # (optional) change to true if you want to enable host key checking
+    volumes:
+      - ./inventory/:/inventory:ro
+      - ./authorized-keys/:/authorized-keys:ro
+      - ./config/:/etc/semaphore:rw
+    restart: unless-stopped
+    depends_on:
+      - mysql