diff --git a/.gitignore b/.gitignore
index 5c199eb..bc073b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
# ---> Ansible
*.retry
-
+backups
+roles/*
+./roles
+.idea
\ No newline at end of file
diff --git a/deploy/cakephp/deploy.yml b/deploy/cakephp/deploy.yml
new file mode 100644
index 0000000..caefad1
--- /dev/null
+++ b/deploy/cakephp/deploy.yml
@@ -0,0 +1,5 @@
+---
+- name: Deploy cakephp app
+ hosts: deploy
+ roles:
+ - { role: ansistrano.deploy }
diff --git a/deploy/cakephp/hooks/after_code_update.yml b/deploy/cakephp/hooks/after_code_update.yml
new file mode 100644
index 0000000..18688b4
--- /dev/null
+++ b/deploy/cakephp/hooks/after_code_update.yml
@@ -0,0 +1,42 @@
+---
+- name: Make way for shared paths / resources shared across releases
+ file:
+ state=absent
+ path={{ansistrano_release_path.stdout}}/{{item}}
+ with_items: ansistrano_shared_paths
+
+- name: Add app_local.php config file
+ template:
+ dest: "{{ ansistrano_release_path.stdout }}/config/app_local.php"
+ src: config/app_local.php.j2
+
+- name: Set the permissions on {{ ansistrano_release_path.stdout }}
+ become: yes
+ file:
+ path: "{{ ansistrano_release_path.stdout }}"
+ state: directory
+# mode: 0750
+ owner: "{{ create_user }}"
+ group: www-data
+ recurse: yes
+
+- name: composer install dependencies
+ become: no
+ community.general.composer:
+ command: install
+ working_dir: "{{ ansistrano_release_path.stdout }}"
+ prefer_dist: yes
+ no_dev: false
+
+- name: run cakephp script - {{ item.name }}
+ command: bin/cake {{ item.script }}
+ args:
+ chdir: "{{ ansistrano_release_path.stdout }}"
+ loop: "{{ cakephp_deploy_scripts }}"
+
+#When writing your custom tasks files you may need some variables that Ansistrano makes available to you:
+#
+#{{ ansistrano_release_path.stdout }}: Path to current deployment release (probably the one you are going to use the most)
+#{{ ansistrano_releases_path }}: Path to releases folder
+#{{ ansistrano_shared_path }}: Path to shared folder (where common releases assets can be stored)
+#{{ ansistrano_release_version }}: Relative directory name for the release (by default equals to the current timestamp in UTC timezone)
diff --git a/deploy/cakephp/hooks/after_symlink_shared.yml b/deploy/cakephp/hooks/after_symlink_shared.yml
new file mode 100644
index 0000000..9dcc358
--- /dev/null
+++ b/deploy/cakephp/hooks/after_symlink_shared.yml
@@ -0,0 +1,59 @@
+---
+- name: Set the permissions on {{ ansistrano_shared_path }}
+ become: yes
+ file:
+ path: "{{ ansistrano_shared_path }}"
+ state: directory
+# mode: 0750
+ owner: "{{ create_user }}"
+ group: www-data
+ recurse: yes
+
+- name: Set the permissions on {{ ansistrano_release_path.stdout }}
+ become: yes
+ file:
+ path: "{{ ansistrano_release_path.stdout }}"
+ state: directory
+# mode: 0750
+ owner: "{{ create_user }}"
+ group: www-data
+ recurse: yes
+
+- name: composer install dependencies
+ become: no
+ community.general.composer:
+ command: install
+ working_dir: "{{ ansistrano_release_path.stdout }}"
+ prefer_dist: yes
+ no_dev: false
+
+- name: Set permissions on tmp and logs
+ ansible.posix.acl:
+ path: "{{ ansistrano_shared_path }}/{{item}}"
+ entity: www-data
+ etype: group
+ permissions: rwx
+ default: yes
+ state: present
+ with_items:
+ - tmp
+ - logs
+
+- name: Set permissions on tmp and logs in {{ ansistrano_release_path.stdout }}
+ ansible.posix.acl:
+ path: "{{ ansistrano_release_path.stdout }}/{{item}}"
+ entity: www-data
+ etype: group
+ permissions: rwx
+ default: yes
+ state: present
+ with_items:
+ - tmp
+ - logs
+
+#When writing your custom tasks files you may need some variables that Ansistrano makes available to you:
+#
+#{{ ansistrano_release_path.stdout }}: Path to current deployment release (probably the one you are going to use the most)
+#{{ ansistrano_releases_path }}: Path to releases folder
+#{{ ansistrano_shared_path }}: Path to shared folder (where common releases assets can be stored)
+#{{ ansistrano_release_version }}: Relative directory name for the release (by default equals to the current timestamp in UTC timezone)
diff --git a/deploy/cakephp/templates/config/app_local.php.j2 b/deploy/cakephp/templates/config/app_local.php.j2
new file mode 100644
index 0000000..157fe4e
--- /dev/null
+++ b/deploy/cakephp/templates/config/app_local.php.j2
@@ -0,0 +1,82 @@
+<?php
+/*
+ * Local configuration file to provide any overrides to your app.php configuration.
+ *
+ * Note: It is not recommended to commit files with credentials such as app_local.php
+ * into source code version control.
+ */
+return [
+ 'appUrl' => '{{ domain_name }}',
+ 'DebugKit.safeTld' => ['is'],
+ /*
+ * Debug Level:
+ *
+ * Production Mode:
+ * false: No error messages, errors, or warnings shown.
+ *
+ * Development Mode:
+ * true: Errors and warnings shown.
+ */
+ 'debug' => filter_var(env('DEBUG', true), FILTER_VALIDATE_BOOLEAN),
+
+ /*
+ * Security and encryption configuration
+ *
+ * - salt - A random string used in security hashing methods.
+ * The salt value is also used as the encryption key.
+ * You should treat it as extremely sensitive data.
+ */
+ 'Security' => [
+ 'salt' => env('SECURITY_SALT', '__SALT__'),
+ ],
+
+ /*
+ * Connection information used by the ORM to connect
+ * to your application's datastores.
+ *
+ * See app.php for more configuration options.
+ */
+ 'Datasources' => [
+ 'default' => [
+ 'host' => 'localhost',
+ /*
+ * CakePHP will use the default DB port based on the driver selected
+ * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
+ * the following line and set the port accordingly
+ */
+ //'port' => 'non_standard_port_number',
+
+ 'username' => '{{ cakephp_db_user }}',
+ 'password' => '{{ cakephp_db_password }}',
+ 'database' => '{{ cakephp_db_database }}',
+ /*
+ * If not using the default 'public' schema with the PostgreSQL driver
+ * set it here.
+ */
+ //'schema' => 'myapp',
+
+ /*
+ * You can use a DSN string to set the entire configuration
+ */
+ 'url' => env('DATABASE_URL', null),
+ ],
+ ],
+
+ /*
+ * Email configuration.
+ *
+ * Host and credential configuration in case you are using SmtpTransport
+ *
+ * See app.php for more configuration options.
+ */
+ 'EmailTransport' => [
+ 'default' => [
+ 'host' => 'localhost',
+ 'port' => 25,
+ 'username' => null,
+ 'password' => null,
+ 'client' => null,
+ 'url' => env('EMAIL_TRANSPORT_DEFAULT_URL', null),
+ ],
+ ],
+];
diff --git a/deploy/gitea/gitea.yml b/deploy/gitea/gitea.yml
new file mode 100644
index 0000000..ee488c5
--- /dev/null
+++ b/deploy/gitea/gitea.yml
@@ -0,0 +1,47 @@
+- name: "Install gitea"
+ hosts: gitea
+ tasks:
+ # User + Key Setup
+ - name: Create a new regular user with sudo privileges
+ user:
+ name: git
+ state: present
+ groups: docker
+ append: true
+ create_home: true
+ shell: /home/git/ssh-shell
+
+ - name: Creates directory structure for gitea data
+ file:
+ path: /home/{{ create_user }}/gitea
+ state: directory
+ owner: "{{ create_user }}"
+ group: "{{ create_user }}"
+ mode: 0775
+
+ - name: Creates backup directory outside of docker volumes to move dumps more easily off of server
+ file:
+ path: /home/{{ create_user }}/backups
+ state: directory
+ owner: "{{ create_user }}"
+ group: "{{ create_user }}"
+ mode: 0775
+
+ - name: copy ssh-shell file for git user to server (from template)
+ template:
+ src: templates/ssh-shell.j2
+ owner: git
+ group: git
+ mode: 0750
+ dest: /home/git/ssh-shell
+
+ - name: copy docker compose to server (from template)
+ template:
+ src: templates/docker-compose.yml.j2
+ dest: /home/{{ create_user }}/gitea/docker-compose.yml
+
+ - name: docker compose up
+ docker_compose:
+ project_src: /home/{{ create_user }}/gitea/
+ state: present
+ register: __gitea
diff --git a/deploy/gitea/templates/docker-compose.yml.j2 b/deploy/gitea/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..e041c79
--- /dev/null
+++ b/deploy/gitea/templates/docker-compose.yml.j2
@@ -0,0 +1,46 @@
+version: "3"
+
+networks:
+ gitea:
+ external: false
+
+volumes:
+ gitea:
+ driver: local
+
+services:
+ server:
+ image: gitea/gitea:1.21.7
+ container_name: gitea
+ environment:
+ - GITEA__database__DB_TYPE=mysql
+ - GITEA__database__DB_HOST=db:3306
+ - GITEA__database__DB_NAME=gitea
+ - GITEA__database__DB_USER=gitea
+ - GITEA__database__DB_PASSWD=gitea
+ - GITEA__service__DISABLE_REGISTRATION=true
+
+ restart: always
+ networks:
+ - gitea
+ volumes:
+ - gitea:/data
+ - /etc/timezone:/etc/timezone:ro
+ - /etc/localtime:/etc/localtime:ro
+ ports:
+ - "3000:3000"
+ - "2222:22"
+ depends_on:
+ - db
+ db:
+ image: mysql:8
+ restart: always
+ environment:
+ - MYSQL_ROOT_PASSWORD=gitea
+ - MYSQL_USER=gitea
+ - MYSQL_PASSWORD=gitea
+ - MYSQL_DATABASE=gitea
+ networks:
+ - gitea
+ volumes:
+ - ./mysql:/var/lib/mysql
diff --git a/deploy/gitea/templates/nginx.conf.j2 b/deploy/gitea/templates/nginx.conf.j2
new file mode 100755
index 0000000..4785719
--- /dev/null
+++ b/deploy/gitea/templates/nginx.conf.j2
@@ -0,0 +1,35 @@
+# Upstreams
+upstream backend {
+ server 127.0.0.1:3000;
+}
+
+# HTTPS Server
+server {
+ listen 443;
+ server_name {{ domain_name }};
+
+ # You can increase the limit if your need to.
+ client_max_body_size 200M;
+
+ error_log /var/log/nginx/gitea.access.log;
+
+ ssl on;
+ ssl_certificate /etc/nginx/gitea.crt;
+ ssl_certificate_key /etc/nginx/gitea.key;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
+
+ location / {
+ proxy_pass http://backend;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $http_host;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Nginx-Proxy true;
+
+ proxy_redirect off;
+ }
+}
diff --git a/deploy/gitea/templates/ssh-shell.j2 b/deploy/gitea/templates/ssh-shell.j2
new file mode 100644
index 0000000..4a0b4c0
--- /dev/null
+++ b/deploy/gitea/templates/ssh-shell.j2
@@ -0,0 +1,6 @@
+#!/bin/sh
+shift
+ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
+EOF
+sudo chmod +x /home/git/ssh-shell
+sudo usermod -s /home/git/ssh-shell git
diff --git a/deploy/octoprint.yml b/deploy/octoprint.yml
new file mode 100644
index 0000000..2c366e5
--- /dev/null
+++ b/deploy/octoprint.yml
@@ -0,0 +1,7 @@
+- hosts: octoprint
+ become: yes
+ vars:
+ pip_install_packages:
+ - name: OctoPrint
+ roles:
+ - geerlingguy.pip
diff --git a/deploy/rocketchat.yml b/deploy/rocketchat.yml
new file mode 100644
index 0000000..dc97d9a
--- /dev/null
+++ b/deploy/rocketchat.yml
@@ -0,0 +1,14 @@
+- hosts: rocketchat
+# vars_files:
+# - vars/main.yml
+
+ become: true
+ vars:
+ pip_install_packages:
+ - name: "docker==6.1.3"
+ - name: docker-compose
+ roles:
+ - { role: geerlingguy.pip }
+ - { role: geerlingguy.docker }
+ - { role: ansible-role-rocketchat }
+
diff --git a/provision/initialize_server.yml b/provision/initialize_server.yml
new file mode 100644
index 0000000..9becb9a
--- /dev/null
+++ b/provision/initialize_server.yml
@@ -0,0 +1,61 @@
+- name: Initialize System
+ hosts: all
+ user: root
+ tasks:
+ - name: Install Prerequisites
+ apt: name=aptitude update_cache=yes state=latest force_apt_get=yes
+
+ # Sudo Group Setup
+ - name: Make sure we have a 'wheel' group
+ group:
+ name: wheel
+ state: present
+
+ - name: Allow 'wheel' group to have passwordless sudo
+ lineinfile:
+ path: /etc/sudoers
+ state: present
+ regexp: '^%wheel'
+ line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+ validate: '/usr/sbin/visudo -cf %s'
+
+ # User + Key Setup
+ - name: Create a new regular user with sudo privileges
+ user:
+ name: "{{ create_user }}"
+ state: present
+ groups: wheel
+ append: true
+ create_home: true
+ shell: /bin/bash
+
+ - name: Set authorized key for remote user
+ authorized_key:
+ user: "{{ create_user }}"
+ state: present
+ key: "{{ copy_local_key }}"
+
+ - name: Set authorized key for remote user
+ authorized_key:
+ user: root
+ state: present
+ key: "{{ copy_local_key }}"
+
+ # Install Packages
+ - name: Update apt
+ apt: update_cache=yes
+
+ - name: Install required system packages
+ apt: name={{ sys_packages }} state=latest
+
+ # UFW Setup
+ - name: UFW - Allow SSH connections
+ ufw:
+ rule: allow
+ name: OpenSSH
+
+ - name: UFW - Deny all other incoming traffic by default
+ ufw:
+ state: enabled
+ policy: deny
+ direction: incoming
diff --git a/provision/linode/check_server_linode.yml b/provision/linode/check_server_linode.yml
new file mode 100644
index 0000000..10dbebe
--- /dev/null
+++ b/provision/linode/check_server_linode.yml
@@ -0,0 +1,7 @@
+- name: Check Linode Instance
+ hosts: linode
+ tasks:
+ - name: Check a Linode instance
+ linode.cloud.instance_info:
+ api_token: "{{ api_token }}"
+ label: "{{ server_name }}"
diff --git a/provision/linode/create_server_linode.yml b/provision/linode/create_server_linode.yml
new file mode 100644
index 0000000..b1af1e9
--- /dev/null
+++ b/provision/linode/create_server_linode.yml
@@ -0,0 +1,45 @@
+- name: Create Linode Instance
+ hosts: localhost
+ gather_facts: false
+ tasks:
+ - name: Create a Linode virtual private cloud (VPC)
+ linode.cloud.vpc:
+ api_token: "{{ api_token }}"
+ label: "{{ vpc_name }}"
+ region: "{{ region }}"
+ state: present
+ #tags: "{{ server_tags }}"
+ register: _vpc_creation
+
+ - name: Create a VPC Subnet
+ linode.cloud.vpc_subnet:
+ api_token: "{{ api_token }}"
+ vpc_id: "{{ _vpc_creation.vpc.id }}"
+ label: "{{ subnet_name }}"
+ ipv4: "{{ subnet_ipv4 }}"
+ state: present
+ register: _subnet_creation
+
+ - name: Create a Linode instance
+ linode.cloud.instance:
+ api_token: "{{ api_token }}"
+ label: "{{ server_name }}"
+ type: "{{ instance_type }}"
+ region: "{{ region }}"
+ image: linode/ubuntu22.04
+ root_pass: "{{ password }}"
+ authorized_keys:
+ - "{{ copy_local_key }}"
+ interfaces:
+ - purpose: public
+ - purpose: vpc
+ subnet_id: "{{ _subnet_creation.subnet.id }}"
+
+ state: present
+ #tags: "{{ server_tags }}"
+ register: _linode_creation
+
+ - set_fact:
+ server_status: "{{ _linode_creation.instance.status }}"
+ cloud_instance_ip: "{{ _linode_creation.instance.ipv4[0] }}"
+
diff --git a/provision/linode/destroy_server_linode.yml b/provision/linode/destroy_server_linode.yml
new file mode 100644
index 0000000..607798a
--- /dev/null
+++ b/provision/linode/destroy_server_linode.yml
@@ -0,0 +1,10 @@
+- name: Destroy an existing Linode Instance
+ hosts: localhost
+ gather_facts: false
+ tasks:
+ - name: Destroy a Linode instance
+ linode.cloud.instance:
+ api_token: "{{ api_token }}"
+ label: "{{ server_name }}"
+ state: absent
+ #tags: "{{ server_tags }}"
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..6e35f89
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,24 @@
+- src: https://github.com/Brandon1811/ansible-role-rocketchat.git
+ version: prod
+- src: https://github.com/geerlingguy/ansible-role-docker.git
+- src: https://github.com/geerlingguy/ansible-role-pip.git
+- src: https://github.com/salessandri/ansible-monero
+- src: https://github.com/geerlingguy/ansible-role-php
+ name: geerlingguy.php
+ version: master
+
+- name: geerlingguy.pip
+- name: geerlingguy.composer
+- name: geerlingguy.docker
+- name: geerlingguy.php-versions
+- name: geerlingguy.apache
+- name: geerlingguy.redis
+- name: geerlingguy.mysql
+- name: geerlingguy.certbot
+- name: geerlingguy.php-mysql
+- name: robertdebock.bootstrap
+- name: robertdebock.users
+- name: ansistrano.deploy
+- name: ansistrano.rollback
+#- name:
+# - src: /home/bsounder/code/ansible-role-azure.git
diff --git a/software/apache.yml b/software/apache.yml
new file mode 100644
index 0000000..6d3a144
--- /dev/null
+++ b/software/apache.yml
@@ -0,0 +1,13 @@
+- hosts: apache
+ become: yes
+# vars_files:
+# - vars/main.yml
+# UFW Setup
+ tasks:
+ - name: UFW - Allow Apache connections
+ ufw:
+ rule: allow
+ name: 'Apache Full'
+ roles:
+ - { role: geerlingguy.apache }
+
diff --git a/software/certbot.yml b/software/certbot.yml
new file mode 100644
index 0000000..98b49c6
--- /dev/null
+++ b/software/certbot.yml
@@ -0,0 +1,3 @@
+- hosts: certbot
+ roles:
+ - geerlingguy.certbot
diff --git a/software/docker.yml b/software/docker.yml
new file mode 100644
index 0000000..790a2a0
--- /dev/null
+++ b/software/docker.yml
@@ -0,0 +1,13 @@
+- hosts: docker
+# vars_files:
+# - vars/main.yml
+
+ become: true
+ vars:
+ pip_install_packages:
+ - name: "docker==6.1.3"
+ - name: docker-compose
+ roles:
+ - { role: geerlingguy.pip }
+ - { role: geerlingguy.docker }
+
diff --git a/software/haproxy.yml b/software/haproxy.yml
new file mode 100644
index 0000000..3f99e00
--- /dev/null
+++ b/software/haproxy.yml
@@ -0,0 +1,4 @@
+- hosts: haproxy
+ become: yes
+ roles:
+ - role: geerlingguy.haproxy
diff --git a/software/mysql.yml b/software/mysql.yml
new file mode 100644
index 0000000..35edce8
--- /dev/null
+++ b/software/mysql.yml
@@ -0,0 +1,4 @@
+- hosts: mysql
+ become: yes
+ roles:
+ - role: geerlingguy.mysql
diff --git a/software/php.yml b/software/php.yml
new file mode 100644
index 0000000..7087fc5
--- /dev/null
+++ b/software/php.yml
@@ -0,0 +1,9 @@
+- hosts: php
+ become: yes
+ roles:
+ - role: geerlingguy.php-versions
+ - role: geerlingguy.php
+ - role: geerlingguy.composer
+ become: false
+ tags:
+ - composer
diff --git a/software/redis.yml b/software/redis.yml
new file mode 100644
index 0000000..da44b6e
--- /dev/null
+++ b/software/redis.yml
@@ -0,0 +1,3 @@
+- hosts: redis
+ roles:
+ - role: geerlingguy.redis
diff --git a/tools/read_log.yml b/tools/read_log.yml
new file mode 100644
index 0000000..8ffed12
--- /dev/null
+++ b/tools/read_log.yml
@@ -0,0 +1,8 @@
+- hosts: all
+ become: yes
+ gather_facts: false
+ tasks:
+ - name: Read specified log file
+ ansible.builtin.slurp:
+ src: "{{ log_name }}"
+ register: log_contents