diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2020-03-15 23:42:30 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2020-03-15 23:42:36 +0100 |
commit | cc6523f339bd7a78572ceeea79cd1943014d707d (patch) | |
tree | 6e7fbff1f0cee4ee2a7c7817a3daebb1aa82c27e /ansible | |
parent | df500e4e591fdbd6f384d0b77137dd5916de6b68 (diff) | |
download | infra-cc6523f339bd7a78572ceeea79cd1943014d707d.tar.gz infra-cc6523f339bd7a78572ceeea79cd1943014d707d.tar.bz2 infra-cc6523f339bd7a78572ceeea79cd1943014d707d.tar.xz infra-cc6523f339bd7a78572ceeea79cd1943014d707d.zip |
misc
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/all.yml | 4 | ||||
-rw-r--r-- | ansible/conflatorio.yml | 2 | ||||
-rw-r--r-- | ansible/elasticsearch.yml | 4 | ||||
-rw-r--r-- | ansible/group_vars/all/users.yml | 4 | ||||
-rw-r--r-- | ansible/group_vars/all/wireguard_wg0.yml | 8 | ||||
-rw-r--r-- | ansible/group_vars/all/wireguard_wg1.yml | 2 | ||||
-rw-r--r-- | ansible/host_vars/knot/wireguard.yml | 1 | ||||
-rw-r--r-- | ansible/host_vars/sweetzpot-mobile/users.yml | 9 | ||||
-rw-r--r-- | ansible/inventory | 17 | ||||
-rw-r--r-- | ansible/lxc-host.yml | 2 | ||||
-rw-r--r-- | ansible/plays/files/astyanax/etc/wireguard/public-wg0.key | 1 | ||||
-rw-r--r-- | ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key | 1 | ||||
-rw-r--r-- | ansible/plays/malabaricus.yml | 2 | ||||
-rw-r--r-- | ansible/plays/wireguard-wg0.yml | 6 | ||||
-rw-r--r-- | ansible/plays/wireguard.yml | 9 | ||||
-rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 4 |
16 files changed, 52 insertions, 24 deletions
diff --git a/ansible/all.yml b/ansible/all.yml index ecbf83e..1404155 100644 --- a/ansible/all.yml +++ b/ansible/all.yml @@ -11,7 +11,7 @@ - import_playbook: plays/apt-repos.yml - hosts: - - linode-dns-update + - linode_dns_update roles: - linode-dns-update @@ -25,5 +25,5 @@ - import_playbook: plays/postfix-satellite.yml - import_playbook: nftables.yml - import_playbook: lxc-host.yml -- import_playbook: wireguard.yml +- import_playbook: plays/wireguard.yml - import_playbook: unifi.yml diff --git a/ansible/conflatorio.yml b/ansible/conflatorio.yml index 9d3a832..3179792 100644 --- a/ansible/conflatorio.yml +++ b/ansible/conflatorio.yml @@ -1,5 +1,5 @@ - hosts: - - conflatorio-lxc + - conflatorio_lxc roles: - lusers - superusers diff --git a/ansible/elasticsearch.yml b/ansible/elasticsearch.yml index 6b05ce7..59f34b5 100644 --- a/ansible/elasticsearch.yml +++ b/ansible/elasticsearch.yml @@ -1,5 +1,5 @@ - hosts: - - elasticsearch-servers + - elasticsearch_servers tasks: - name: Create elasticsearch user become: yes @@ -29,7 +29,7 @@ regexp: "ES_PATH_CONF" - hosts: - - elasticsearch-servers + - elasticsearch_servers roles: - ansible-elasticsearch vars: diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml index 951eab5..e44001c 100644 --- a/ansible/group_vars/all/users.yml +++ b/ansible/group_vars/all/users.yml @@ -10,6 +10,10 @@ users: authorized_keys_absent: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpWssvnarp8O/oN86VDlLxUHAYHSKbdhXpe1s0hWkX5 trygvis@fuckaduck + pi: + authorized_keys: "" + tingo: + authorized_keys: "" lusers: - trygvis diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml index 872c432..ab6c845 100644 --- a/ansible/group_vars/all/wireguard_wg0.yml +++ b/ansible/group_vars/all/wireguard_wg0.yml @@ -1,4 +1,4 @@ -wireguard-wg0: +wireguard_wg0: if: wg0 ipv4_prefix: 24 ipv6_prefix: 64 @@ -25,3 +25,9 @@ wireguard-wg0: malabaricus: state: present ipv6: fdf3:aad9:a885:0b3a::8 + sweetzpot-mobile: + state: present + ipv6: fdf3:aad9:a885:0b3a::9 + astyanax: + state: present + ipv6: fdf3:aad9:a885:0b3a::10 diff --git a/ansible/group_vars/all/wireguard_wg1.yml b/ansible/group_vars/all/wireguard_wg1.yml index 3d00701..c8324d5 100644 --- a/ansible/group_vars/all/wireguard_wg1.yml +++ b/ansible/group_vars/all/wireguard_wg1.yml @@ -1,4 +1,4 @@ -wireguard-wg1: +wireguard_wg1: if: wg1 ipv4_prefix: 24 ipv6_prefix: 64 diff --git a/ansible/host_vars/knot/wireguard.yml b/ansible/host_vars/knot/wireguard.yml deleted file mode 100644 index a921af1..0000000 --- a/ansible/host_vars/knot/wireguard.yml +++ /dev/null @@ -1 +0,0 @@ -wireguard__role: server diff --git a/ansible/host_vars/sweetzpot-mobile/users.yml b/ansible/host_vars/sweetzpot-mobile/users.yml new file mode 100644 index 0000000..b1abb66 --- /dev/null +++ b/ansible/host_vars/sweetzpot-mobile/users.yml @@ -0,0 +1,9 @@ +lusers: + - trygvis + - tingo + - pi + +superusers: + - trygvis + - tingo + - pi diff --git a/ansible/inventory b/ansible/inventory index bd24e44..248b4b8 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -24,6 +24,8 @@ all: ansible_host: 192.168.10.202 astyanax: ansible_host: 2a01:79d:4698:96bc:d804:e55d:ee18:b7ba + sweetzpot-mobile: + ansible_host: 192.168.10.123 conflatorio-test1: ansible_host: "fd56:1ae9:097d:3ddd:6c53:1011:3bad:9498" conflatorio-test2: @@ -51,7 +53,7 @@ all: hosts: homepi: malabaricus: - elasticsearch-servers: + elasticsearch_servers: hosts: conflatorio-test1: arius-test1: @@ -65,20 +67,20 @@ all: numquam: unifi: children: - conflatorio-lxc: - lxc-hosts: + conflatorio_lxc: + lxc_hosts: hosts: arius: birgitte: # conflatorio: - conflatorio-lxc: + conflatorio_lxc: hosts: conflatorio-test1: conflatorio-test2: conflatorio-test3: conflatorio-test4: conflatorio-test5: - linode-dns-update: + linode_dns_update: hosts: akysis: arius: @@ -123,7 +125,7 @@ all: ansible_ssh_extra_args: sz-test # Borg - borg-malabaricus: + borg_malabaricus: hosts: birgitte: conflatorio: @@ -133,7 +135,7 @@ all: children: borg_nas: - wireguard_wg-net1: + wireguard_wg_net1: hosts: akili: arius: @@ -150,6 +152,7 @@ all: conflatorio: knot: malabaricus: + sweetzpot-mobile: wireguard_wg1: hosts: diff --git a/ansible/lxc-host.yml b/ansible/lxc-host.yml index d1c0346..28bd7c7 100644 --- a/ansible/lxc-host.yml +++ b/ansible/lxc-host.yml @@ -1,4 +1,4 @@ - hosts: - - lxc-hosts + - lxc_hosts roles: - lxc-host diff --git a/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key b/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..62eb9b6 --- /dev/null +++ b/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +CnfTr3NGymPlOKzWeaUXutxaIFKRDpREx3XI40rUr2U= diff --git a/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key b/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..73c8ae8 --- /dev/null +++ b/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +EQhaAO3krXKwugH0gdWEd/VjtsxXVWg0osNi5Ia6KDs= diff --git a/ansible/plays/malabaricus.yml b/ansible/plays/malabaricus.yml index 8ed1ea8..6e6a9a4 100644 --- a/ansible/plays/malabaricus.yml +++ b/ansible/plays/malabaricus.yml @@ -39,6 +39,8 @@ opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + + max_execution_time = 300 notify: systemctl restart fpm - lineinfile: path: '/etc/php/{{ fpm_version }}/fpm/pool.d/www.conf' diff --git a/ansible/plays/wireguard-wg0.yml b/ansible/plays/wireguard-wg0.yml new file mode 100644 index 0000000..578fc81 --- /dev/null +++ b/ansible/plays/wireguard-wg0.yml @@ -0,0 +1,6 @@ +- hosts: + - wireguard_wg0 + roles: + - role: wireguard + wireguard__name: wireguard_wg0 + diff --git a/ansible/plays/wireguard.yml b/ansible/plays/wireguard.yml index 26ee9ff..87ae59b 100644 --- a/ansible/plays/wireguard.yml +++ b/ansible/plays/wireguard.yml @@ -8,15 +8,8 @@ wireguard__state: absent wireguard__name: wireguard_wg_net1 -- hosts: - - wireguard_wg0 +- import_playbook: wireguard-wg0.yml tags: wg0 - roles: - - role: wireguard - wireguard__name: wireguard-wg0 - vars: - wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}" - wg_host: "{{ wg_net.hosts[ansible_hostname] }}" - hosts: - wireguard_wg1 diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index 62d64ce..6be02cc 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -9,6 +9,10 @@ netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev" network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network" block: + - debug: var=wg_net + - debug: var=wg_host + - debug: var=all_peers + - name: Install packages tags: packages apt: |