From 9e4e02fdfb5a9e038c5e09a38fa51b457164156b Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Sat, 26 Dec 2020 14:17:41 +0100 Subject: Replaced malabaricus. --- ansible/host_vars/malabaricus/ops-agent.yml | 12 --- ansible/inventory | 4 +- .../files/malabaricus/etc/wireguard/public-wg0.key | 2 +- ansible/plays/malabaricus-base.yml | 30 ++++++ ansible/plays/malabaricus-nextcloud.yml | 112 +++++++++++++++++++++ ansible/plays/malabaricus-services.yml | 11 ++ ansible/plays/malabaricus.yml | 112 --------------------- .../plays/templates/malabaricus/docker-compose.yml | 10 ++ ansible/roles/docker-host/defaults/main.yml | 1 + ansible/roles/docker-host/tasks/main.yml | 28 ++++++ ansible/roles/unix-machine/tasks/main.yml | 9 +- 11 files changed, 200 insertions(+), 131 deletions(-) create mode 100644 ansible/plays/malabaricus-base.yml create mode 100644 ansible/plays/malabaricus-nextcloud.yml create mode 100644 ansible/plays/malabaricus-services.yml delete mode 100644 ansible/plays/malabaricus.yml create mode 100644 ansible/plays/templates/malabaricus/docker-compose.yml create mode 100644 ansible/roles/docker-host/defaults/main.yml create mode 100644 ansible/roles/docker-host/tasks/main.yml diff --git a/ansible/host_vars/malabaricus/ops-agent.yml b/ansible/host_vars/malabaricus/ops-agent.yml index 72c221b..10a55d1 100644 --- a/ansible/host_vars/malabaricus/ops-agent.yml +++ b/ansible/host_vars/malabaricus/ops-agent.yml @@ -15,15 +15,3 @@ telegraf_extra_config: | file = "thermal_zone1/temp" dest = "zone1" conversion = "float(3)" - [[inputs.multifile.file]] - file = "thermal_zone2/temp" - dest = "zone2" - conversion = "float(3)" - [[inputs.multifile.file]] - file = "thermal_zone3/temp" - dest = "zone3" - conversion = "float(3)" - [[inputs.multifile.file]] - file = "thermal_zone4/temp" - dest = "zone4" - conversion = "float(3)" diff --git a/ansible/inventory b/ansible/inventory index 501477c..5b24dca 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -18,7 +18,9 @@ all: homepi: ansible_host: homepi.local malabaricus: - ansible_host: malabaricus.vpn.trygvis.io + #ansible_host: malabaricus.vpn.trygvis.io + ansible_host: 192.168.10.181 + ansible_python_interpreter: /usr/bin/python3 conflatorio: ansible_host: conflatorio.vpn.trygvis.io ansible_python_interpreter: /usr/bin/python3 diff --git a/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key b/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key index 6fe02dc..6104a9a 100644 --- a/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key +++ b/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key @@ -1 +1 @@ -spjhTSR22/RyPy7D2AnMLLzzHuasXD6W4J5Xwuo+UTQ= +LjvdPrpPeXyj8qIYgiKkrt7A6C+VmwKgjxYmpr5Jtg0= diff --git a/ansible/plays/malabaricus-base.yml b/ansible/plays/malabaricus-base.yml new file mode 100644 index 0000000..e782fb2 --- /dev/null +++ b/ansible/plays/malabaricus-base.yml @@ -0,0 +1,30 @@ +- hosts: + - malabaricus + tasks: + - import_role: + name: unix-machine + - import_role: + name: lusers + - import_role: + name: superusers + + - become: yes + name: /etc/hostname + copy: + dest: /etc/hostname + content: | + malabaricus + - become: yes + name: /etc/hosts + copy: + dest: /etc/hosts + content: | + 127.0.0.1 localhost malabaricus + ::1 localhost malabaricus ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + + - import_role: + name: docker-host diff --git a/ansible/plays/malabaricus-nextcloud.yml b/ansible/plays/malabaricus-nextcloud.yml new file mode 100644 index 0000000..7e54c76 --- /dev/null +++ b/ansible/plays/malabaricus-nextcloud.yml @@ -0,0 +1,112 @@ +- hosts: + - malabaricus + become: yes + vars: + fpm_version: 7.3 + handlers: + - name: systemctl daemon-reload + become: yes + systemd: + daemon_reload: yes + + - name: systemctl restart fpm + become: yes + systemd: + name: "php{{ fpm_version }}-fpm" + state: restarted + - name: systemctl reload nextcloud-cron.timer + become: yes + systemd: + unit: nextcloud-cron.timer + state: reloaded + roles: + - minio-server + - role: nginx + nginx__template: + - sites-enabled/default + - sites-enabled/minio + - snippets/nextcloud.conf + ipv6: "[::]:80" + server_name: minio.trygvis.io + tasks: + - apt: + name: + - php-imagick + tags: packages,never + - tags: nextcloud + file: + path: /var/www/html/nextcloud/occ + mode: ug=rx,o= + owner: www-data + group: www-data + - tags: nextcloud + copy: + dest: '/etc/php/{{ fpm_version }}/fpm/conf.d/99-nextcloud.ini' + content: | + opcache.enable=1 + opcache.enable_cli=1 + opcache.interned_strings_buffer=8 + opcache.max_accelerated_files=10000 + opcache.memory_consumption=128 + opcache.save_comments=1 + opcache.revalidate_freq=1 + + client_max_body_size 10G; + notify: systemctl restart fpm + - tags: nextcloud + lineinfile: + path: '/etc/php/{{ fpm_version }}/fpm/pool.d/www.conf' + regexp: '^env\[{{ item.key }}\]' + line: 'env[{{ item.key }}] = {{ item.value }}' + with_dict: + HOSTNAME: '$HOSTNAME' + PATH: /usr/sbin:/usr/bin:/sbin:/bin + TMP: /tmp + TMPDIR: /tmp + TEMP: /tmp + notify: systemctl restart fpm + + - tags: nextcloud + register: service + copy: + dest: /etc/systemd/system/nextcloud-cron.service + content: | + [Unit] + Description=Nextcloud cron.php job + + [Service] + User=www-data + ExecStart=/usr/bin/php -f /var/www/html/nextcloud/cron.php + + - tags: nextcloud + register: timer + copy: + dest: /etc/systemd/system/nextcloud-cron.timer + content: | + [Unit] + Description=Run Nextcloud cron.php every 5 minutes + + [Timer] + OnBootSec=5min + OnUnitActiveSec=5min + Unit=nextcloud-cron.service + + [Install] + WantedBy=timers.target + + - name: systemctl daemon-reload + tags: nextcloud + when: timer.changed or service.changed + become: yes + systemd: + daemon_reload: yes + + - name: systemctl enable --now nextcloud-cron.timer + tags: nextcloud + become: yes + systemd: + unit: nextcloud-cron.timer + enabled: yes + state: started + +# TODO: comply with warnings from https://malabaricus.trygvis.io/settings/admin/overview diff --git a/ansible/plays/malabaricus-services.yml b/ansible/plays/malabaricus-services.yml new file mode 100644 index 0000000..b120cf7 --- /dev/null +++ b/ansible/plays/malabaricus-services.yml @@ -0,0 +1,11 @@ +- hosts: + - malabaricus + tasks: + - import_role: + name: docker-host + - import_role: + name: docker-service + tags: docker-service + vars: + service: malabaricus + template: templates/malabaricus/docker-compose.yml diff --git a/ansible/plays/malabaricus.yml b/ansible/plays/malabaricus.yml deleted file mode 100644 index 7e54c76..0000000 --- a/ansible/plays/malabaricus.yml +++ /dev/null @@ -1,112 +0,0 @@ -- hosts: - - malabaricus - become: yes - vars: - fpm_version: 7.3 - handlers: - - name: systemctl daemon-reload - become: yes - systemd: - daemon_reload: yes - - - name: systemctl restart fpm - become: yes - systemd: - name: "php{{ fpm_version }}-fpm" - state: restarted - - name: systemctl reload nextcloud-cron.timer - become: yes - systemd: - unit: nextcloud-cron.timer - state: reloaded - roles: - - minio-server - - role: nginx - nginx__template: - - sites-enabled/default - - sites-enabled/minio - - snippets/nextcloud.conf - ipv6: "[::]:80" - server_name: minio.trygvis.io - tasks: - - apt: - name: - - php-imagick - tags: packages,never - - tags: nextcloud - file: - path: /var/www/html/nextcloud/occ - mode: ug=rx,o= - owner: www-data - group: www-data - - tags: nextcloud - copy: - dest: '/etc/php/{{ fpm_version }}/fpm/conf.d/99-nextcloud.ini' - content: | - opcache.enable=1 - opcache.enable_cli=1 - opcache.interned_strings_buffer=8 - opcache.max_accelerated_files=10000 - opcache.memory_consumption=128 - opcache.save_comments=1 - opcache.revalidate_freq=1 - - client_max_body_size 10G; - notify: systemctl restart fpm - - tags: nextcloud - lineinfile: - path: '/etc/php/{{ fpm_version }}/fpm/pool.d/www.conf' - regexp: '^env\[{{ item.key }}\]' - line: 'env[{{ item.key }}] = {{ item.value }}' - with_dict: - HOSTNAME: '$HOSTNAME' - PATH: /usr/sbin:/usr/bin:/sbin:/bin - TMP: /tmp - TMPDIR: /tmp - TEMP: /tmp - notify: systemctl restart fpm - - - tags: nextcloud - register: service - copy: - dest: /etc/systemd/system/nextcloud-cron.service - content: | - [Unit] - Description=Nextcloud cron.php job - - [Service] - User=www-data - ExecStart=/usr/bin/php -f /var/www/html/nextcloud/cron.php - - - tags: nextcloud - register: timer - copy: - dest: /etc/systemd/system/nextcloud-cron.timer - content: | - [Unit] - Description=Run Nextcloud cron.php every 5 minutes - - [Timer] - OnBootSec=5min - OnUnitActiveSec=5min - Unit=nextcloud-cron.service - - [Install] - WantedBy=timers.target - - - name: systemctl daemon-reload - tags: nextcloud - when: timer.changed or service.changed - become: yes - systemd: - daemon_reload: yes - - - name: systemctl enable --now nextcloud-cron.timer - tags: nextcloud - become: yes - systemd: - unit: nextcloud-cron.timer - enabled: yes - state: started - -# TODO: comply with warnings from https://malabaricus.trygvis.io/settings/admin/overview diff --git a/ansible/plays/templates/malabaricus/docker-compose.yml b/ansible/plays/templates/malabaricus/docker-compose.yml new file mode 100644 index 0000000..e85f147 --- /dev/null +++ b/ansible/plays/templates/malabaricus/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3" +services: + pdb11: + image: postgres:11 + volumes: + - /data:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: mysecretpassword + + diff --git a/ansible/roles/docker-host/defaults/main.yml b/ansible/roles/docker-host/defaults/main.yml new file mode 100644 index 0000000..64fc11d --- /dev/null +++ b/ansible/roles/docker-host/defaults/main.yml @@ -0,0 +1 @@ +docker_host__credentials: [] diff --git a/ansible/roles/docker-host/tasks/main.yml b/ansible/roles/docker-host/tasks/main.yml new file mode 100644 index 0000000..715a917 --- /dev/null +++ b/ansible/roles/docker-host/tasks/main.yml @@ -0,0 +1,28 @@ +- become: yes + tags: never,packages + apt: + name: + - docker.io + - docker-compose + - gnupg2 + - pass + install_recommends: no + +- name: Logging in to docker registries + loop: "{{ docker_host__credentials }}" + become: yes + command: + cmd: docker login -u "{{ item.username }}" --password-stdin "{{ item.registry }}" + stdin: "{{ item.password }}" + no_log: yes + +- name: Create /etc/docker/daemon.json + when: docker_host__daemon_json_content|default("")|length > 0 + become: yes + register: docker_json + copy: + dest: /etc/docker/daemon.json + content: "{{ docker_host__daemon_json_content }}" + +- debug: msg="docker.json changed, you must manually restart docker." + when: docker_json.changed diff --git a/ansible/roles/unix-machine/tasks/main.yml b/ansible/roles/unix-machine/tasks/main.yml index 9e3464f..82d835d 100644 --- a/ansible/roles/unix-machine/tasks/main.yml +++ b/ansible/roles/unix-machine/tasks/main.yml @@ -1,5 +1,5 @@ - name: /etc/apt/apt.conf.d/99force-ipv4 - copy: + file: dest: /etc/apt/apt.conf.d/99force-ipv4 state: absent @@ -9,11 +9,10 @@ - name: packages (early) tags: packages apt: - name: "{{ item }}" + name: + - git + - etckeeper install_recommends: no - with_items: - - git - - etckeeper - name: packages tags: packages -- cgit v1.2.3