feat: add main infra
This commit is contained in:
commit
a195aaeedb
4
ansible.cfg
Normal file
4
ansible.cfg
Normal file
@ -0,0 +1,4 @@
|
||||
[defaults]
|
||||
inventory = hosts
|
||||
host_key_checking = False
|
||||
roles_path = "./roles"
|
5
group_vars/all.yml
Normal file
5
group_vars/all.yml
Normal file
@ -0,0 +1,5 @@
|
||||
ansible_user: root
|
||||
|
||||
main_wireguard_public_key: "c47/vJ9Qu32Fy0hk++wEb1FZdvJI16WN0UcsuhGhJyw="
|
||||
main_wireguard_ip: "49.12.220.104"
|
||||
main_wireguard_port: 51194
|
5
hosts
Normal file
5
hosts
Normal file
@ -0,0 +1,5 @@
|
||||
[bespoke]
|
||||
renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9
|
||||
|
||||
[renovate]
|
||||
renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9
|
2
requirements.yml
Normal file
2
requirements.yml
Normal file
@ -0,0 +1,2 @@
|
||||
collections:
|
||||
- name: community.docker
|
150
roles/bespoke/tasks/main.yaml
Normal file
150
roles/bespoke/tasks/main.yaml
Normal file
@ -0,0 +1,150 @@
|
||||
---
|
||||
- name: install wireguard
|
||||
apt:
|
||||
name: wireguard
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: generate private and public key pair
|
||||
args:
|
||||
creates: /etc/wireguard
|
||||
shell: |
|
||||
mkdir -p /etc/wireguard/
|
||||
cd /etc/wireguard/
|
||||
wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
|
||||
chmod 0400 clank-privatekey
|
||||
chmod 0400 clank-publickey
|
||||
|
||||
- name: read public key
|
||||
command: cat /etc/wireguard/clank-publickey
|
||||
register: wireguard_publickey
|
||||
|
||||
- name: read private key
|
||||
command: cat /etc/wireguard/clank-privatekey
|
||||
register: wireguard_privatekey
|
||||
|
||||
- name: print publickey
|
||||
debug:
|
||||
msg: "{{ wireguard_publickey.stdout_lines[0] }}"
|
||||
|
||||
- name: Generate WireGuard configuration
|
||||
template:
|
||||
src: wireguard.conf.j2
|
||||
dest: /etc/wireguard/wg0.conf
|
||||
vars:
|
||||
interface_address: "{{ wireguard_peer_ip }}"
|
||||
listen_port: " {{ main_wireguard_port }} "
|
||||
private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
|
||||
allowed_ips: "10.0.9.0/24"
|
||||
peer_public_key: "{{ main_wireguard_public_key }}"
|
||||
endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
|
||||
persistent_keepalive: 25
|
||||
|
||||
- name: enable and start wireguard service
|
||||
systemd:
|
||||
name: "wg-quick@wg0"
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: Install prerequisite packages
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg
|
||||
- lsb-release
|
||||
state: present
|
||||
|
||||
- name: Add Docker GPG key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
state: present
|
||||
|
||||
- name: Add Docker repository
|
||||
apt_repository:
|
||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable"
|
||||
state: present
|
||||
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name: docker-ce
|
||||
state: present
|
||||
|
||||
- name: Start and enable Docker service
|
||||
service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Download Docker Compose
|
||||
get_url:
|
||||
url: "https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64"
|
||||
dest: /usr/local/bin/docker-compose
|
||||
mode: 'u=rwx,g=rx,o=rx'
|
||||
|
||||
- name: Set executable permissions for Docker Compose
|
||||
file:
|
||||
path: /usr/local/bin/docker-compose
|
||||
mode: 'u=rwx,g=rx,o=rx'
|
||||
|
||||
- name: install git
|
||||
apt:
|
||||
name:
|
||||
- git
|
||||
- python3
|
||||
- python3-pip
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: Install docker package
|
||||
pip:
|
||||
name:
|
||||
- docker
|
||||
- docker-compose
|
||||
state: present
|
||||
|
||||
# Monitoring
|
||||
|
||||
## node exporter
|
||||
|
||||
- name: clone private git repository
|
||||
git:
|
||||
repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/node-exporter-local.git
|
||||
dest: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local
|
||||
version: main
|
||||
force: yes
|
||||
|
||||
- name: ensure docker compose file exists
|
||||
stat:
|
||||
path: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/docker-compose.yml
|
||||
register: compose_file_stat
|
||||
|
||||
- name: run docker compose
|
||||
docker_compose:
|
||||
project_src: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/
|
||||
when: compose_file_stat.stat.exists
|
||||
|
||||
## container exporter
|
||||
|
||||
- name: clone private git repository
|
||||
git:
|
||||
repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/container-exporter-local.git
|
||||
dest: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local
|
||||
version: main
|
||||
force: yes
|
||||
|
||||
- name: ensure docker compose file exists
|
||||
stat:
|
||||
path: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/docker-compose.yml
|
||||
register: compose_file_stat
|
||||
|
||||
- name: run docker compose
|
||||
docker_compose:
|
||||
project_src: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/
|
||||
when: compose_file_stat.stat.exists
|
11
roles/bespoke/templates/wireguard.conf.j2
Normal file
11
roles/bespoke/templates/wireguard.conf.j2
Normal file
@ -0,0 +1,11 @@
|
||||
[Interface]
|
||||
Address = {{ interface_address }}/32
|
||||
SaveConfig = true
|
||||
ListenPort = {{ listen_port }}
|
||||
PrivateKey = {{ private_key }}
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ peer_public_key }}
|
||||
AllowedIPs = {{ allowed_ips }}
|
||||
Endpoint = {{ endpoint }}
|
||||
PersistentKeepalive = {{ persistent_keepalive }}
|
27
roles/repos/renovate/tasks/main.yml
Normal file
27
roles/repos/renovate/tasks/main.yml
Normal file
@ -0,0 +1,27 @@
|
||||
|
||||
- name: Clone private Git repository
|
||||
git:
|
||||
repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/renovate.git
|
||||
dest: ~/git/git.front.kjuulh.io/kjuulh/renovate
|
||||
version: main
|
||||
force: yes
|
||||
|
||||
- name: Ensure Docker Compose file exists
|
||||
stat:
|
||||
path: ~/git/git.front.kjuulh.io/kjuulh/renovate/docker-compose.yaml
|
||||
register: compose_file_stat
|
||||
|
||||
- name: Ensure .github.env exists
|
||||
stat:
|
||||
path: ~/git/git.front.kjuulh.io/kjuulh/renovate/.github.env
|
||||
register: github_env_stat
|
||||
|
||||
- name: Ensure .env exists
|
||||
stat:
|
||||
path: ~/git/git.front.kjuulh.io/kjuulh/renovate/.env
|
||||
register: env_stat
|
||||
|
||||
- name: Run Docker Compose
|
||||
docker_compose:
|
||||
project_src: ~/git/git.front.kjuulh.io/kjuulh/renovate/
|
||||
when: compose_file_stat.stat.exists and github_env_stat.stat.exists and env_stat.stat.exists
|
18
site.yml
Normal file
18
site.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
- hosts: bespoke
|
||||
gather_facts: yes
|
||||
become: yes
|
||||
tags: bespoke
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
roles:
|
||||
- bespoke
|
||||
|
||||
- hosts: renovate
|
||||
gather_facts: yes
|
||||
become: yes
|
||||
tags: renovate
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
roles:
|
||||
- repos/renovate
|
8
vars.yaml
Normal file
8
vars.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62333662383565386562376137313632373163613130356562656163306235393062316365613930
|
||||
6664333566363335633562326332316666666465623464330a646432376363666534323364663239
|
||||
37616535383163353364313130336430336265633463353333616261356439396535396233643637
|
||||
6165393439353064320a323066336661393831616639653733623530356535383530616137363463
|
||||
30333831383561396363373161303833386465393337376634633336623765396433386465323731
|
||||
39626338353031643665366132643732356637383232376333656266653133616331636132323732
|
||||
366138336432336539663561363133653261
|
Loading…
Reference in New Issue
Block a user