HiPoweredDev
/
HiPoweredAnsible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bring in playbooks + requirements file + update .gitignore

This commit is contained in:
Brandon Shipley 2024-04-10 01:10:58 -07:00
parent 095317bc43
commit 33273003fa
24 changed files with 551 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,3 +1,6 @@
# ---> Ansible
*.retry
backups
roles/*
./roles
.idea

5
deploy/cakephp/deploy.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Deploy cakephp app
hosts: deploy
roles:
- { role: ansistrano.deploy }

42
deploy/cakephp/hooks/after_code_update.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Make way for shared paths / resources shared across releases
file:
state=absent
path={{ansistrano_release_path.stdout}}/{{item}}
with_items: ansistrano_shared_paths
- name: Add app_local.php config file
template:
dest: "{{ ansistrano_release_path.stdout }}/config/app_local.php"
src: config/app_local.php.j2
- name: Set the permissions on {{ ansistrano_release_path.stdout }}
become: yes
file:
path: "{{ ansistrano_release_path.stdout }}"
state: directory
# mode: 0750
owner: "{{ create_user }}"
group: www-data
recurse: yes
- name: composer install dependencies
become: no
community.general.composer:
command: install
working_dir: "{{ ansistrano_release_path.stdout }}"
prefer_dist: yes
no_dev: false
- name: run cakephp script - {{ item.name }}
command: bin/cake {{ item.script }}
args:
chdir: "{{ ansistrano_release_path.stdout }}"
loop: "{{ cakephp_deploy_scripts }}"
#When writing your custom tasks files you may need some variables that Ansistrano makes available to you:
#
#{{ ansistrano_release_path.stdout }}: Path to current deployment release (probably the one you are going to use the most)
#{{ ansistrano_releases_path }}: Path to releases folder
#{{ ansistrano_shared_path }}: Path to shared folder (where common releases assets can be stored)
#{{ ansistrano_release_version }}: Relative directory name for the release (by default equals to the current timestamp in UTC timezone)

59
deploy/cakephp/hooks/after_symlink_shared.yml Normal file
View File

@ -0,0 +1,59 @@
---
- name: Set the permissions on {{ ansistrano_shared_path }}
become: yes
file:
path: "{{ ansistrano_shared_path }}"
state: directory
# mode: 0750
owner: "{{ create_user }}"
group: www-data
recurse: yes
- name: Set the permissions on {{ ansistrano_release_path.stdout }}
become: yes
file:
path: "{{ ansistrano_release_path.stdout }}"
state: directory
# mode: 0750
owner: "{{ create_user }}"
group: www-data
recurse: yes
- name: composer install dependencies
become: no
community.general.composer:
command: install
working_dir: "{{ ansistrano_release_path.stdout }}"
prefer_dist: yes
no_dev: false
- name: Set permissions on tmp and logs
ansible.posix.acl:
path: "{{ ansistrano_shared_path }}/{{item}}"
entity: www-data
etype: group
permissions: rwx
default: yes
state: present
with_items:
- tmp
- logs
- name: Set permissions on tmp and logs in {{ ansistrano_release_path.stdout }}
ansible.posix.acl:
path: "{{ ansistrano_release_path.stdout }}/{{item}}"
entity: www-data
etype: group
permissions: rwx
default: yes
state: present
with_items:
- tmp
- logs
#When writing your custom tasks files you may need some variables that Ansistrano makes available to you:
#
#{{ ansistrano_release_path.stdout }}: Path to current deployment release (probably the one you are going to use the most)
#{{ ansistrano_releases_path }}: Path to releases folder
#{{ ansistrano_shared_path }}: Path to shared folder (where common releases assets can be stored)
#{{ ansistrano_release_version }}: Relative directory name for the release (by default equals to the current timestamp in UTC timezone)

82
deploy/cakephp/templates/config/app_local.php.j2 Normal file
View File

@ -0,0 +1,82 @@
<?php
/*
* Local configuration file to provide any overrides to your app.php configuration.
*
* Note: It is not recommended to commit files with credentials such as app_local.php
* into source code version control.
*/
return [
'appUrl' => '{{ domain_name }}',
'DebugKit.safeTld' => ['is'],
/*
* Debug Level:
*
* Production Mode:
* false: No error messages, errors, or warnings shown.
*
* Development Mode:
* true: Errors and warnings shown.
*/
'debug' => filter_var(env('DEBUG', true), FILTER_VALIDATE_BOOLEAN),
/*
* Security and encryption configuration
*
* - salt - A random string used in security hashing methods.
* The salt value is also used as the encryption key.
* You should treat it as extremely sensitive data.
*/
'Security' => [
'salt' => env('SECURITY_SALT', '__SALT__'),
],
/*
* Connection information used by the ORM to connect
* to your application's datastores.
*
* See app.php for more configuration options.
*/
'Datasources' => [
'default' => [
'host' => 'localhost',
/*
* CakePHP will use the default DB port based on the driver selected
* MySQL on MAMP uses port 8889, MAMP users will want to uncomment
* the following line and set the port accordingly
*/
//'port' => 'non_standard_port_number',
'username' => '{{ cakephp_db_user }}',
'password' => '{{ cakephp_db_password }}',
'database' => '{{ cakephp_db_database }}',
/*
* If not using the default 'public' schema with the PostgreSQL driver
* set it here.
*/
//'schema' => 'myapp',
/*
* You can use a DSN string to set the entire configuration
*/
'url' => env('DATABASE_URL', null),
],
],
/*
* Email configuration.
*
* Host and credential configuration in case you are using SmtpTransport
*
* See app.php for more configuration options.
*/
'EmailTransport' => [
'default' => [
'host' => 'localhost',
'port' => 25,
'username' => null,
'password' => null,
'client' => null,
'url' => env('EMAIL_TRANSPORT_DEFAULT_URL', null),
],
],
];

47
deploy/gitea/gitea.yml Normal file
View File

@ -0,0 +1,47 @@
- name: "Install gitea"
hosts: gitea
tasks:
# User + Key Setup
- name: Create a new regular user with sudo privileges
user:
name: git
state: present
groups: docker
append: true
create_home: true
shell: /home/git/ssh-shell
- name: Creates directory structure for gitea data
file:
path: /home/{{ create_user }}/gitea
state: directory
owner: "{{ create_user }}"
group: "{{ create_user }}"
mode: 0775
- name: Creates backup directory outside of docker volumes to move dumps more easily off of server
file:
path: /home/{{ create_user }}/backups
state: directory
owner: "{{ create_user }}"
group: "{{ create_user }}"
mode: 0775
- name: copy ssh-shell file for git user to server (from template)
template:
src: templates/ssh-shell.j2
owner: git
group: git
mode: 0750
dest: /home/git/ssh-shell
- name: copy docker compose to server (from template)
template:
src: templates/docker-compose.yml.j2
dest: /home/{{ create_user }}/gitea/docker-compose.yml
- name: docker compose up
docker_compose:
project_src: /home/{{ create_user }}/gitea/
state: present
register: __gitea

46
deploy/gitea/templates/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,46 @@
version: "3"
networks:
gitea:
external: false
volumes:
gitea:
driver: local
services:
server:
image: gitea/gitea:1.21.7
container_name: gitea
environment:
- GITEA__database__DB_TYPE=mysql
- GITEA__database__DB_HOST=db:3306
- GITEA__database__DB_NAME=gitea
- GITEA__database__DB_USER=gitea
- GITEA__database__DB_PASSWD=gitea
- GITEA__service__DISABLE_REGISTRATION=true
restart: always
networks:
- gitea
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
depends_on:
- db
db:
image: mysql:8
restart: always
environment:
- MYSQL_ROOT_PASSWORD=gitea
- MYSQL_USER=gitea
- MYSQL_PASSWORD=gitea
- MYSQL_DATABASE=gitea
networks:
- gitea
volumes:
- ./mysql:/var/lib/mysql

35
deploy/gitea/templates/nginx.conf.j2 Executable file
View File

@ -0,0 +1,35 @@
# Upstreams
upstream backend {
server 127.0.0.1:3000;
}
# HTTPS Server
server {
listen 443;
server_name {{ domain_name }};
# You can increase the limit if your need to.
client_max_body_size 200M;
error_log /var/log/nginx/gitea.access.log;
ssl on;
ssl_certificate /etc/nginx/gitea.crt;
ssl_certificate_key /etc/nginx/gitea.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # dont use SSLv3 ref: POODLE
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}

6
deploy/gitea/templates/ssh-shell.j2 Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
shift
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
EOF
sudo chmod +x /home/git/ssh-shell
sudo usermod -s /home/git/ssh-shell git

7
deploy/octoprint.yml Normal file
View File

@ -0,0 +1,7 @@
- hosts: octoprint
become: yes
vars:
pip_install_packages:
- name: OctoPrint
roles:
- geerlingguy.pip

14
deploy/rocketchat.yml Normal file
View File

@ -0,0 +1,14 @@
- hosts: rocketchat
# vars_files:
# - vars/main.yml
become: true
vars:
pip_install_packages:
- name: "docker==6.1.3"
- name: docker-compose
roles:
- { role: geerlingguy.pip }
- { role: geerlingguy.docker }
- { role: ansible-role-rocketchat }

61
provision/initialize_server.yml Normal file
View File

@ -0,0 +1,61 @@
- name: Initialize System
hosts: all
user: root
tasks:
- name: Install Prerequisites
apt: name=aptitude update_cache=yes state=latest force_apt_get=yes
# Sudo Group Setup
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
# User + Key Setup
- name: Create a new regular user with sudo privileges
user:
name: "{{ create_user }}"
state: present
groups: wheel
append: true
create_home: true
shell: /bin/bash
- name: Set authorized key for remote user
authorized_key:
user: "{{ create_user }}"
state: present
key: "{{ copy_local_key }}"
- name: Set authorized key for remote user
authorized_key:
user: root
state: present
key: "{{ copy_local_key }}"
# Install Packages
- name: Update apt
apt: update_cache=yes
- name: Install required system packages
apt: name={{ sys_packages }} state=latest
# UFW Setup
- name: UFW - Allow SSH connections
ufw:
rule: allow
name: OpenSSH
- name: UFW - Deny all other incoming traffic by default
ufw:
state: enabled
policy: deny
direction: incoming

7
provision/linode/check_server_linode.yml Normal file
View File

@ -0,0 +1,7 @@
- name: Check Linode Instance
hosts: linode
tasks:
- name: Check a Linode instance
linode.cloud.instance_info:
api_token: "{{ api_token }}"
label: "{{ server_name }}"

45
provision/linode/create_server_linode.yml Normal file
View File

@ -0,0 +1,45 @@
- name: Create Linode Instance
hosts: localhost
gather_facts: false
tasks:
- name: Create a Linode virtual private cloud (VPC)
linode.cloud.vpc:
api_token: "{{ api_token }}"
label: "{{ vpc_name }}"
region: "{{ region }}"
state: present
#tags: "{{ server_tags }}"
register: _vpc_creation
- name: Create a VPC Subnet
linode.cloud.vpc_subnet:
api_token: "{{ api_token }}"
vpc_id: "{{ _vpc_creation.vpc.id }}"
label: "{{ subnet_name }}"
ipv4: "{{ subnet_ipv4 }}"
state: present
register: _subnet_creation
- name: Create a Linode instance
linode.cloud.instance:
api_token: "{{ api_token }}"
label: "{{ server_name }}"
type: "{{ instance_type }}"
region: "{{ region }}"
image: linode/ubuntu22.04
root_pass: "{{ password }}"
authorized_keys:
- "{{ copy_local_key }}"
interfaces:
- purpose: public
- purpose: vpc
subnet_id: "{{ _subnet_creation.subnet.id }}"
state: present
#tags: "{{ server_tags }}"
register: _linode_creation
- set_fact:
server_status: "{{ _linode_creation.instance.status }}"
cloud_instance_ip: "{{ _linode_creation.instance.ipv4[0] }}"

10
provision/linode/destroy_server_linode.yml Normal file
View File

@ -0,0 +1,10 @@
- name: Destroy an existing Linode Instance
hosts: localhost
gather_facts: false
tasks:
- name: Destroy a Linode instance
linode.cloud.instance:
api_token: "{{ api_token }}"
label: "{{ server_name }}"
state: absent
#tags: "{{ server_tags }}"

24
requirements.yml Normal file
View File

@ -0,0 +1,24 @@
- src: https://github.com/Brandon1811/ansible-role-rocketchat.git
version: prod
- src: https://github.com/geerlingguy/ansible-role-docker.git
- src: https://github.com/geerlingguy/ansible-role-pip.git
- src: https://github.com/salessandri/ansible-monero
- src: https://github.com/geerlingguy/ansible-role-php
name: geerlingguy.php
version: master
- name: geerlingguy.pip
- name: geerlingguy.composer
- name: geerlingguy.docker
- name: geerlingguy.php-versions
- name: geerlingguy.apache
- name: geerlingguy.redis
- name: geerlingguy.mysql
- name: geerlingguy.certbot
- name: geerlingguy.php-mysql
- name: robertdebock.bootstrap
- name: robertdebock.users
- name: ansistrano.deploy
- name: ansistrano.rollback
#- name:
# - src: /home/bsounder/code/ansible-role-azure.git

13
software/apache.yml Normal file
View File

@ -0,0 +1,13 @@
- hosts: apache
become: yes
# vars_files:
# - vars/main.yml
# UFW Setup
tasks:
- name: UFW - Allow Apache connections
ufw:
rule: allow
name: 'Apache Full'
roles:
- { role: geerlingguy.apache }

3
software/certbot.yml Normal file
View File

@ -0,0 +1,3 @@
- hosts: certbot
roles:
- geerlingguy.certbot

13
software/docker.yml Normal file
View File

@ -0,0 +1,13 @@
- hosts: docker
# vars_files:
# - vars/main.yml
become: true
vars:
pip_install_packages:
- name: "docker==6.1.3"
- name: docker-compose
roles:
- { role: geerlingguy.pip }
- { role: geerlingguy.docker }

4
software/haproxy.yml Normal file
View File

@ -0,0 +1,4 @@
- hosts: haproxy
become: yes
roles:
- role: geerlingguy.haproxy

4
software/mysql.yml Normal file
View File

@ -0,0 +1,4 @@
- hosts: mysql
become: yes
roles:
- role: geerlingguy.mysql

9
software/php.yml Normal file
View File

@ -0,0 +1,9 @@
- hosts: php
become: yes
roles:
- role: geerlingguy.php-versions
- role: geerlingguy.php
- role: geerlingguy.composer
become: false
tags:
- composer

3
software/redis.yml Normal file
View File

@ -0,0 +1,3 @@
- hosts: redis
roles:
- role: geerlingguy.redis

8
tools/read_log.yml Normal file
View File

@ -0,0 +1,8 @@
- hosts: all
become: yes
gather_facts: false
tasks:
- name: Read specified log file
ansible.builtin.slurp:
src: "{{ log_name }}"
register: log_contents