commit a195aaeedb68af77d943a788ad34a17dd747e8ab Author: kjuulh Date: Sat May 13 02:30:08 2023 +0200 feat: add main infra diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..4751c32 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +inventory = hosts +host_key_checking = False +roles_path = "./roles" diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..5530a2a --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,5 @@ +ansible_user: root + +main_wireguard_public_key: "c47/vJ9Qu32Fy0hk++wEb1FZdvJI16WN0UcsuhGhJyw=" +main_wireguard_ip: "49.12.220.104" +main_wireguard_port: 51194 diff --git a/hosts b/hosts new file mode 100644 index 0000000..7db02ca --- /dev/null +++ b/hosts @@ -0,0 +1,5 @@ +[bespoke] +renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9 + +[renovate] +renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9 diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..bfa7410 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,2 @@ +collections: + - name: community.docker diff --git a/roles/bespoke/tasks/main.yaml b/roles/bespoke/tasks/main.yaml new file mode 100644 index 0000000..2eb5628 --- /dev/null +++ b/roles/bespoke/tasks/main.yaml @@ -0,0 +1,150 @@ +--- +- name: install wireguard + apt: + name: wireguard + update_cache: yes + cache_valid_time: 3600 + +- name: generate private and public key pair + args: + creates: /etc/wireguard + shell: | + mkdir -p /etc/wireguard/ + cd /etc/wireguard/ + wg genkey | tee clank-privatekey | wg pubkey > clank-publickey + chmod 0400 clank-privatekey + chmod 0400 clank-publickey + +- name: read public key + command: cat /etc/wireguard/clank-publickey + register: wireguard_publickey + +- name: read private key + command: cat /etc/wireguard/clank-privatekey + register: wireguard_privatekey + +- name: print publickey + debug: + msg: "{{ wireguard_publickey.stdout_lines[0] }}" + +- name: Generate WireGuard configuration + template: + src: wireguard.conf.j2 + dest: /etc/wireguard/wg0.conf + vars: + interface_address: "{{ wireguard_peer_ip }}" + listen_port: " {{ main_wireguard_port }} " + private_key: "{{ wireguard_privatekey.stdout_lines[0] }}" + allowed_ips: "10.0.9.0/24" + peer_public_key: "{{ main_wireguard_public_key }}" + endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}" + persistent_keepalive: 25 + +- name: enable and start wireguard service + systemd: + name: "wg-quick@wg0" + state: started + enabled: yes + + +- name: Update apt cache + apt: + update_cache: yes + +- name: Install prerequisite packages + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + state: present + +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + +- name: Add Docker repository + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable" + state: present + +- name: Install Docker + apt: + name: docker-ce + state: present + +- name: Start and enable Docker service + service: + name: docker + state: started + enabled: yes + +- name: Download Docker Compose + get_url: + url: "https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64" + dest: /usr/local/bin/docker-compose + mode: 'u=rwx,g=rx,o=rx' + +- name: Set executable permissions for Docker Compose + file: + path: /usr/local/bin/docker-compose + mode: 'u=rwx,g=rx,o=rx' + +- name: install git + apt: + name: + - git + - python3 + - python3-pip + update_cache: yes + cache_valid_time: 3600 + +- name: Install docker package + pip: + name: + - docker + - docker-compose + state: present + +# Monitoring + +## node exporter + +- name: clone private git repository + git: + repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/node-exporter-local.git + dest: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local + version: main + force: yes + +- name: ensure docker compose file exists + stat: + path: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/docker-compose.yml + register: compose_file_stat + +- name: run docker compose + docker_compose: + project_src: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/ + when: compose_file_stat.stat.exists + +## container exporter + +- name: clone private git repository + git: + repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/container-exporter-local.git + dest: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local + version: main + force: yes + +- name: ensure docker compose file exists + stat: + path: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/docker-compose.yml + register: compose_file_stat + +- name: run docker compose + docker_compose: + project_src: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/ + when: compose_file_stat.stat.exists diff --git a/roles/bespoke/templates/wireguard.conf.j2 b/roles/bespoke/templates/wireguard.conf.j2 new file mode 100644 index 0000000..6352a72 --- /dev/null +++ b/roles/bespoke/templates/wireguard.conf.j2 @@ -0,0 +1,11 @@ +[Interface] +Address = {{ interface_address }}/32 +SaveConfig = true +ListenPort = {{ listen_port }} +PrivateKey = {{ private_key }} + +[Peer] +PublicKey = {{ peer_public_key }} +AllowedIPs = {{ allowed_ips }} +Endpoint = {{ endpoint }} +PersistentKeepalive = {{ persistent_keepalive }} diff --git a/roles/repos/renovate/tasks/main.yml b/roles/repos/renovate/tasks/main.yml new file mode 100644 index 0000000..15c3019 --- /dev/null +++ b/roles/repos/renovate/tasks/main.yml @@ -0,0 +1,27 @@ + +- name: Clone private Git repository + git: + repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/renovate.git + dest: ~/git/git.front.kjuulh.io/kjuulh/renovate + version: main + force: yes + +- name: Ensure Docker Compose file exists + stat: + path: ~/git/git.front.kjuulh.io/kjuulh/renovate/docker-compose.yaml + register: compose_file_stat + +- name: Ensure .github.env exists + stat: + path: ~/git/git.front.kjuulh.io/kjuulh/renovate/.github.env + register: github_env_stat + +- name: Ensure .env exists + stat: + path: ~/git/git.front.kjuulh.io/kjuulh/renovate/.env + register: env_stat + +- name: Run Docker Compose + docker_compose: + project_src: ~/git/git.front.kjuulh.io/kjuulh/renovate/ + when: compose_file_stat.stat.exists and github_env_stat.stat.exists and env_stat.stat.exists diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..5d590a4 --- /dev/null +++ b/site.yml @@ -0,0 +1,18 @@ +--- +- hosts: bespoke + gather_facts: yes + become: yes + tags: bespoke + vars_files: + - vars.yaml + roles: + - bespoke + +- hosts: renovate + gather_facts: yes + become: yes + tags: renovate + vars_files: + - vars.yaml + roles: + - repos/renovate diff --git a/vars.yaml b/vars.yaml new file mode 100644 index 0000000..0c9d149 --- /dev/null +++ b/vars.yaml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +62333662383565386562376137313632373163613130356562656163306235393062316365613930 +6664333566363335633562326332316666666465623464330a646432376363666534323364663239 +37616535383163353364313130336430336265633463353333616261356439396535396233643637 +6165393439353064320a323066336661393831616639653733623530356535383530616137363463 +30333831383561396363373161303833386465393337376634633336623765396433386465323731 +39626338353031643665366132643732356637383232376333656266653133616331636132323732 +366138336432336539663561363133653261